FreeRDP
Loading...
Searching...
No Matches
connection.c
1/*
2 * FreeRDP: A Remote Desktop Protocol Implementation
3 * Connection Sequence
4 *
5 * Copyright 2011 Marc-Andre Moreau <marcandre.moreau@gmail.com>
6 * Copyright 2015 Thincast Technologies GmbH
7 * Copyright 2015 DI (FH) Martin Haimberger <martin.haimberger@thincast.com>
8 * Copyright 2023 Armin Novak <anovak@thincast.com>
9 * Copyright 2023 Thincast Technologies GmbH
10 *
11 * Licensed under the Apache License, Version 2.0 (the "License");
12 * you may not use this file except in compliance with the License.
13 * You may obtain a copy of the License at
14 *
15 * http://www.apache.org/licenses/LICENSE-2.0
16 *
17 * Unless required by applicable law or agreed to in writing, software
18 * distributed under the License is distributed on an "AS IS" BASIS,
19 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
20 * See the License for the specific language governing permissions and
21 * limitations under the License.
22 */
23
24#include <freerdp/config.h>
25
26#include "settings.h"
27
28#include "info.h"
29#include "input.h"
30#include "rdp.h"
31#include "peer.h"
32
33#include "connection.h"
34#include "transport.h"
35
36#include <winpr/crt.h>
37#include <winpr/crypto.h>
38#include <winpr/ssl.h>
39
40#include <freerdp/log.h>
41#include <freerdp/error.h>
42#include <freerdp/listener.h>
43
44#include "../cache/pointer.h"
45#include "../crypto/crypto.h"
46#include "../crypto/privatekey.h"
47#include "../crypto/certificate.h"
48#include "gateway/arm.h"
49
50#include "utils.h"
51
52#define TAG FREERDP_TAG("core.connection")
53
197static BOOL rdp_set_state(rdpRdp* rdp, CONNECTION_STATE state);
198
199static BOOL rdp_client_reset_codecs(rdpContext* context)
200{
201 rdpSettings* settings = nullptr;
202
203 if (!context || !context->settings)
204 return FALSE;
205
206 settings = context->settings;
207
208 if (!freerdp_settings_get_bool(settings, FreeRDP_DeactivateClientDecoding))
209 {
210 const UINT32 flags = freerdp_settings_get_uint32(settings, FreeRDP_ThreadingFlags);
211 freerdp_client_codecs_free(context->codecs);
212 context->codecs = freerdp_client_codecs_new(flags);
213
214 if (!context->codecs)
215 return FALSE;
216
217 if (!freerdp_client_codecs_prepare(context->codecs,
218 freerdp_settings_get_codecs_flags(settings),
219 settings->DesktopWidth, settings->DesktopHeight))
220 return FALSE;
221
222/* Runtime H264 detection. (only available if dynamic backend loading is defined)
223 * If no backend is available disable it before the channel is loaded.
224 */
225#if defined(WITH_GFX_H264) && defined(WITH_OPENH264_LOADING)
226 if (!context->codecs->h264)
227 {
228 settings->GfxH264 = FALSE;
229 settings->GfxAVC444 = FALSE;
230 settings->GfxAVC444v2 = FALSE;
231 }
232#endif
233 }
234
235 return TRUE;
236}
237
238static BOOL rdp_client_wait_for_activation(rdpRdp* rdp)
239{
240 BOOL timedout = FALSE;
241 WINPR_ASSERT(rdp);
242
243 const rdpSettings* settings = rdp->settings;
244 WINPR_ASSERT(settings);
245
246 UINT64 now = GetTickCount64();
247 UINT64 dueDate = now + freerdp_settings_get_uint32(settings, FreeRDP_TcpAckTimeout);
248
249 for (; (now < dueDate) && !timedout; now = GetTickCount64())
250 {
251 HANDLE events[MAXIMUM_WAIT_OBJECTS] = WINPR_C_ARRAY_INIT;
252 DWORD wstatus = 0;
253 DWORD nevents = freerdp_get_event_handles(rdp->context, events, ARRAYSIZE(events));
254 if (!nevents)
255 {
256 WLog_ERR(TAG, "error retrieving connection events");
257 return FALSE;
258 }
259
260 const UINT64 timeout = (dueDate - now);
261 WINPR_ASSERT(timeout <= UINT32_MAX);
262 wstatus = WaitForMultipleObjectsEx(nevents, events, FALSE, (UINT32)timeout, TRUE);
263 switch (wstatus)
264 {
265 case WAIT_TIMEOUT:
266 /* will make us quit with a timeout */
267 timedout = TRUE;
268 break;
269 case WAIT_ABANDONED:
270 case WAIT_FAILED:
271 return FALSE;
272 case WAIT_IO_COMPLETION:
273 break;
274 case WAIT_OBJECT_0:
275 default:
276 /* handles all WAIT_OBJECT_0 + [0 .. MAXIMUM_WAIT_OBJECTS-1] cases */
277 if (rdp_check_fds(rdp) < 0)
278 {
279 freerdp_set_last_error_if_not(rdp->context,
280 FREERDP_ERROR_CONNECT_TRANSPORT_FAILED);
281 return FALSE;
282 }
283 break;
284 }
285
286 if (rdp_is_active_state(rdp))
287 return TRUE;
288 }
289
290 WLog_ERR(TAG, "Timeout waiting for activation");
291 freerdp_set_last_error_if_not(rdp->context, FREERDP_ERROR_CONNECT_ACTIVATION_TIMEOUT);
292 return FALSE;
293}
301BOOL rdp_client_connect(rdpRdp* rdp)
302{
303 UINT32 SelectedProtocol = 0;
304 BOOL status = 0;
305 /* make sure SSL is initialize for earlier enough for crypto, by taking advantage of winpr SSL
306 * FIPS flag for openssl initialization */
307 DWORD flags = WINPR_SSL_INIT_DEFAULT;
308
309 WINPR_ASSERT(rdp);
310
311 rdpSettings* settings = rdp->settings;
312 WINPR_ASSERT(settings);
313
314 if (!rdp_client_reset_codecs(rdp->context))
315 return FALSE;
316
317 if (settings->FIPSMode)
318 flags |= WINPR_SSL_INIT_ENABLE_FIPS;
319
320 if (!winpr_InitializeSSL(flags))
321 return FALSE;
322
323 rdp_log_build_warnings(rdp);
324
325 /* FIPS Mode forces the following and overrides the following(by happening later
326 * in the command line processing):
327 * 1. Forces the only supported RDP encryption method to be FIPS. */
328 if (settings->FIPSMode || winpr_FIPSMode())
329 {
330 settings->EncryptionMethods = ENCRYPTION_METHOD_FIPS;
331 }
332
333 UINT32 TcpConnectTimeout = freerdp_settings_get_uint32(settings, FreeRDP_TcpConnectTimeout);
334 if (settings->GatewayArmTransport)
335 {
336 if (!arm_resolve_endpoint(rdp->log, rdp->context, TcpConnectTimeout))
337 {
338 WLog_ERR(TAG, "error retrieving ARM configuration");
339 return FALSE;
340 }
341 }
342
343 const char* hostname = settings->ServerHostname;
344 if (!hostname)
345 {
346 WLog_ERR(TAG, "Missing hostname, can not connect to nullptr target");
347 return FALSE;
348 }
349
350 const UINT32 port = settings->ServerPort;
351 WINPR_ASSERT(port <= UINT32_MAX);
352
353 if (!rdp->nego)
354 return FALSE;
355
356 nego_init(rdp->nego);
357 nego_set_target(rdp->nego, hostname, (UINT16)port);
358
359 if (settings->GatewayEnabled)
360 {
361 char* user = nullptr;
362 char* domain = nullptr;
363 size_t user_length = 0;
364
365 if (settings->Username)
366 {
367 user = settings->Username;
368 user_length = strlen(settings->Username);
369 }
370
371 if (settings->Domain)
372 domain = settings->Domain;
373 else
374 domain = settings->ComputerName;
375
376 const size_t domain_length = strlen(domain);
377 const size_t cookie_length = domain_length + 1 + user_length;
378 char* cookie = malloc(cookie_length + 1);
379
380 if (!cookie)
381 return FALSE;
382
383 CopyMemory(cookie, domain, domain_length);
384 WINPR_ASSERT(domain_length <= UINT32_MAX);
385 CharUpperBuffA(cookie, (UINT32)domain_length);
386 cookie[domain_length] = '\\';
387
388 if (settings->Username)
389 CopyMemory(&cookie[domain_length + 1], user, user_length);
390
391 cookie[cookie_length] = '\0';
392 status = nego_set_cookie(rdp->nego, cookie);
393 free(cookie);
394 }
395 else
396 {
397 status = nego_set_cookie(rdp->nego, settings->Username);
398 }
399
400 if (!status)
401 return FALSE;
402
403 nego_set_childsession_enabled(rdp->nego, settings->ConnectChildSession);
404 nego_set_send_preconnection_pdu(rdp->nego, settings->SendPreconnectionPdu);
405 nego_set_preconnection_id(rdp->nego, settings->PreconnectionId);
406 nego_set_preconnection_blob(rdp->nego, settings->PreconnectionBlob);
407 nego_set_negotiation_enabled(rdp->nego, settings->NegotiateSecurityLayer);
408 nego_set_restricted_admin_mode_required(rdp->nego, settings->RestrictedAdminModeRequired);
409 nego_set_RCG_required(rdp->nego, settings->RemoteCredentialGuard);
410 nego_set_gateway_enabled(rdp->nego, settings->GatewayEnabled);
411 nego_set_gateway_bypass_local(rdp->nego, settings->GatewayBypassLocal);
412 nego_enable_rdp(rdp->nego, settings->RdpSecurity);
413 nego_enable_tls(rdp->nego, settings->TlsSecurity);
414 nego_enable_nla(rdp->nego, settings->NlaSecurity);
415 nego_enable_ext(rdp->nego, settings->ExtSecurity);
416 nego_enable_rdstls(rdp->nego, settings->RdstlsSecurity);
417 nego_enable_aad(rdp->nego, settings->AadSecurity);
418
419 if (settings->MstscCookieMode)
420 settings->CookieMaxLength = MSTSC_COOKIE_MAX_LENGTH;
421
422 nego_set_cookie_max_length(rdp->nego, settings->CookieMaxLength);
423
424 if (settings->LoadBalanceInfo && (settings->LoadBalanceInfoLength > 0))
425 {
426 if (!nego_set_routing_token(rdp->nego, settings->LoadBalanceInfo,
427 settings->LoadBalanceInfoLength))
428 return FALSE;
429 }
430
431 if (!freerdp_settings_get_bool(settings, FreeRDP_TransportDumpReplay))
432 {
433 if (!rdp_client_transition_to_state(rdp, CONNECTION_STATE_NEGO))
434 return FALSE;
435
436 if (!nego_connect(rdp->nego))
437 {
438 if (!freerdp_get_last_error(rdp->context))
439 {
440 freerdp_set_last_error_log(rdp->context,
441 FREERDP_ERROR_SECURITY_NEGO_CONNECT_FAILED);
442 WLog_ERR(TAG, "Error: protocol security negotiation or connection failure");
443 }
444
445 return FALSE;
446 }
447
448 SelectedProtocol = nego_get_selected_protocol(rdp->nego);
449
450 if ((SelectedProtocol & PROTOCOL_SSL) || (SelectedProtocol == PROTOCOL_RDP) ||
451 (SelectedProtocol == PROTOCOL_RDSTLS))
452 {
453 wStream s = WINPR_C_ARRAY_INIT;
454
455 if ((settings->Username != nullptr) &&
456 ((freerdp_settings_get_string(settings, FreeRDP_Password) != nullptr) ||
457 (settings->RedirectionPassword != nullptr &&
458 settings->RedirectionPasswordLength > 0)))
459 settings->AutoLogonEnabled = TRUE;
460
461 if (rdp_recv_callback(rdp->transport, &s, rdp) < 0)
462 return FALSE;
463 }
464
465 if (!transport_set_blocking_mode(rdp->transport, FALSE))
466 return FALSE;
467 }
468 else
469 {
470 if (!rdp_client_transition_to_state(rdp, CONNECTION_STATE_MCS_CREATE_REQUEST))
471 return FALSE;
472 }
473
474 /* everything beyond this point is event-driven and non blocking */
475 if (!transport_set_recv_callbacks(rdp->transport, rdp_recv_callback, rdp))
476 return FALSE;
477
478 return rdp_client_wait_for_activation(rdp);
479}
480
481BOOL rdp_client_disconnect(rdpRdp* rdp)
482{
483 rdpContext* context = nullptr;
484
485 if (!rdp || !rdp->settings || !rdp->context)
486 return FALSE;
487
488 context = rdp->context;
489
490 if (rdp->nego)
491 {
492 if (!nego_disconnect(rdp->nego))
493 return FALSE;
494 }
495
496 if (!transport_disconnect(rdp->transport))
497 return FALSE;
498
499 if (!rdp_reset(rdp))
500 return FALSE;
501
502 if (!rdp_client_transition_to_state(rdp, CONNECTION_STATE_INITIAL))
503 return FALSE;
504
505 if (context->channels)
506 {
507 if (freerdp_channels_disconnect(context->channels, context->instance) != CHANNEL_RC_OK)
508 return FALSE;
509 }
510
511 freerdp_client_codecs_free(context->codecs);
512 context->codecs = nullptr;
513 return TRUE;
514}
515
516BOOL rdp_client_disconnect_and_clear(rdpRdp* rdp)
517{
518 rdpContext* context = nullptr;
519
520 if (!rdp_client_disconnect(rdp))
521 return FALSE;
522
523 WINPR_ASSERT(rdp);
524
525 context = rdp->context;
526 WINPR_ASSERT(context);
527
528 if (freerdp_get_last_error(context) == FREERDP_ERROR_CONNECT_CANCELLED)
529 return FALSE;
530
531 context->LastError = FREERDP_ERROR_SUCCESS;
532 clearChannelError(context);
533 return utils_reset_abort(rdp);
534}
535
536static BOOL rdp_client_reconnect_channels(rdpRdp* rdp, BOOL redirect)
537{
538 BOOL status = FALSE;
539 rdpContext* context = nullptr;
540
541 if (!rdp || !rdp->context || !rdp->context->channels)
542 return FALSE;
543
544 context = rdp->context;
545
546 if (context->instance->ConnectionCallbackState == CLIENT_STATE_INITIAL)
547 return FALSE;
548
549 if (context->instance->ConnectionCallbackState == CLIENT_STATE_PRECONNECT_PASSED)
550 {
551 if (redirect)
552 return TRUE;
553
554 pointer_cache_register_callbacks(context->update);
555
556 if (!IFCALLRESULT(FALSE, context->instance->PostConnect, context->instance))
557 return FALSE;
558
559 context->instance->ConnectionCallbackState = CLIENT_STATE_POSTCONNECT_PASSED;
560 }
561
562 if (context->instance->ConnectionCallbackState == CLIENT_STATE_POSTCONNECT_PASSED)
563 status =
564 (freerdp_channels_post_connect(context->channels, context->instance) == CHANNEL_RC_OK);
565
566 return status;
567}
568
569static BOOL rdp_client_redirect_resolvable(const char* host)
570{
571 struct addrinfo* result = freerdp_tcp_resolve_host(host, -1, 0);
572
573 if (!result)
574 return FALSE;
575
576 freeaddrinfo(result);
577 return TRUE;
578}
579
580static BOOL rdp_client_redirect_try_fqdn(rdpSettings* settings)
581{
582 if (settings->RedirectionFlags & LB_TARGET_FQDN)
583 {
584 if (settings->GatewayEnabled ||
585 rdp_client_redirect_resolvable(settings->RedirectionTargetFQDN))
586 {
587 return (freerdp_settings_set_string(settings, FreeRDP_ServerHostname,
588 settings->RedirectionTargetFQDN));
589 }
590 }
591
592 return FALSE;
593}
594
595static BOOL rdp_client_redirect_try_ip(rdpSettings* settings)
596{
597 if (settings->RedirectionFlags & LB_TARGET_NET_ADDRESS)
598 {
599 return (freerdp_settings_set_string(settings, FreeRDP_ServerHostname,
600 settings->TargetNetAddress));
601 }
602
603 return FALSE;
604}
605
606static BOOL rdp_client_redirect_try_netbios(rdpSettings* settings)
607{
608 if (settings->RedirectionFlags & LB_TARGET_NETBIOS_NAME)
609 {
610 if (settings->GatewayEnabled ||
611 rdp_client_redirect_resolvable(settings->RedirectionTargetNetBiosName))
612 {
613 return (freerdp_settings_set_string(settings, FreeRDP_ServerHostname,
614 settings->RedirectionTargetNetBiosName));
615 }
616 }
617
618 return FALSE;
619}
620
621BOOL rdp_client_redirect(rdpRdp* rdp)
622{
623 BOOL status = 0;
624 rdpSettings* settings = nullptr;
625
626 if (!rdp_client_disconnect_and_clear(rdp))
627 return FALSE;
628
629 /* Only disconnect & close the channels here.
630 * they will be discarded and recreated after the new settings have been applied. */
631 freerdp_channels_disconnect(rdp->context->channels, rdp->context->instance);
632 freerdp_channels_close(rdp->context->channels, rdp->context->instance);
633
634 if (rdp_redirection_apply_settings(rdp) != 0)
635 return FALSE;
636
637 WINPR_ASSERT(rdp);
638
639 settings = rdp->settings;
640 WINPR_ASSERT(settings);
641
642 if ((settings->RedirectionFlags & LB_LOAD_BALANCE_INFO) == 0)
643 {
644 BOOL haveRedirectAddress = FALSE;
645 UINT32 redirectionMask = settings->RedirectionPreferType;
646
647 do
648 {
649 const BOOL tryFQDN = (redirectionMask & 0x01) == 0;
650 const BOOL tryNetAddress = (redirectionMask & 0x02) == 0;
651 const BOOL tryNetbios = (redirectionMask & 0x04) == 0;
652
653 if (tryFQDN && !haveRedirectAddress)
654 haveRedirectAddress = rdp_client_redirect_try_fqdn(settings);
655
656 if (tryNetAddress && !haveRedirectAddress)
657 haveRedirectAddress = rdp_client_redirect_try_ip(settings);
658
659 if (tryNetbios && !haveRedirectAddress)
660 haveRedirectAddress = rdp_client_redirect_try_netbios(settings);
661
662 redirectionMask >>= 3;
663 } while (!haveRedirectAddress && (redirectionMask != 0));
664 }
665
666 if (settings->RedirectionFlags & LB_USERNAME)
667 {
668 if (!freerdp_settings_set_string(
669 settings, FreeRDP_Username,
670 freerdp_settings_get_string(settings, FreeRDP_RedirectionUsername)))
671 return FALSE;
672 }
673
674 if (settings->RedirectionFlags & LB_DOMAIN)
675 {
676 if (!freerdp_settings_set_string(
677 settings, FreeRDP_Domain,
678 freerdp_settings_get_string(settings, FreeRDP_RedirectionDomain)))
679 return FALSE;
680 }
681
682 settings->RdstlsSecurity = ((settings->RedirectionFlags & LB_PASSWORD_IS_PK_ENCRYPTED) != 0);
683
684 WINPR_ASSERT(rdp->context);
685 WINPR_ASSERT(rdp->context->instance);
686 if (!IFCALLRESULT(TRUE, rdp->context->instance->Redirect, rdp->context->instance))
687 return FALSE;
688
689 BOOL ok = utils_reload_channels(rdp->context);
690 if (!ok)
691 return FALSE;
692
693 status = rdp_client_connect(rdp);
694
695 if (status)
696 status = rdp_client_reconnect_channels(rdp, TRUE);
697
698 return status;
699}
700
701BOOL rdp_client_reconnect(rdpRdp* rdp)
702{
703 if (!rdp_client_disconnect_and_clear(rdp))
704 return FALSE;
705
706 if (!freerdp_settings_set_bool(rdp->settings, FreeRDP_SessionHasBeenReconnected, TRUE))
707 return FALSE;
708
709 BOOL status = rdp_client_connect(rdp);
710
711 if (status)
712 status = rdp_client_reconnect_channels(rdp, FALSE);
713
714 return status;
715}
716
717static const BYTE fips_ivec[8] = { 0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF };
718
719static BOOL rdp_client_establish_keys(rdpRdp* rdp)
720{
721 wStream* s = nullptr;
722 BOOL ret = FALSE;
723
724 WINPR_ASSERT(rdp);
725 rdpSettings* settings = rdp->settings;
726 BYTE* crypt_client_random = nullptr;
727
728 WINPR_ASSERT(settings);
729 if (!settings->UseRdpSecurityLayer)
730 {
731 /* no RDP encryption */
732 return TRUE;
733 }
734
735 if (!rdp_client_transition_to_state(rdp, CONNECTION_STATE_RDP_SECURITY_COMMENCEMENT))
736 return FALSE;
737
738 /* encrypt client random */
739 if (!freerdp_settings_set_pointer_len(settings, FreeRDP_ClientRandom, nullptr,
740 CLIENT_RANDOM_LENGTH))
741 return FALSE;
742 if (winpr_RAND(settings->ClientRandom, settings->ClientRandomLength) < 0)
743 return FALSE;
744
745 const rdpCertInfo* info = freerdp_certificate_get_info(settings->RdpServerCertificate);
746 if (!info)
747 {
748 WLog_ERR(TAG, "Failed to get rdpCertInfo from RdpServerCertificate");
749 return FALSE;
750 }
751
752 /*
753 * client random must be (bitlen / 8) + 8 - see [MS-RDPBCGR] 5.3.4.1
754 * for details
755 */
756 crypt_client_random = calloc(info->ModulusLength, 1);
757
758 if (!crypt_client_random)
759 return FALSE;
760
761 if (crypto_rsa_public_encrypt(settings->ClientRandom, settings->ClientRandomLength, info,
762 crypt_client_random, info->ModulusLength) < 0)
763 goto end;
764 /* send crypt client random to server */
765 const size_t length = RDP_PACKET_HEADER_MAX_LENGTH + RDP_SECURITY_HEADER_LENGTH + 4ULL +
766 info->ModulusLength + 8ULL;
767 if (length > UINT16_MAX)
768 goto end;
769
770 s = Stream_New(nullptr, length);
771
772 if (!s)
773 {
774 WLog_ERR(TAG, "Stream_New failed!");
775 goto end;
776 }
777
778 {
779 const UINT16 sec_flags = SEC_EXCHANGE_PKT | SEC_LICENSE_ENCRYPT_SC;
780 if (!rdp_write_header(rdp, s, length, MCS_GLOBAL_CHANNEL_ID, sec_flags))
781 goto end;
782 if (!rdp_write_security_header(rdp, s, sec_flags))
783 goto end;
784 }
785
786 Stream_Write_UINT32(s, info->ModulusLength + 8);
787 Stream_Write(s, crypt_client_random, info->ModulusLength);
788 Stream_Zero(s, 8);
789 Stream_SealLength(s);
790
791 {
792 rdpTransport* transport = freerdp_get_transport(rdp->context);
793 const int status = transport_write(transport, s);
794
795 if (status < 0)
796 goto end;
797 }
798
799 rdp->do_crypt_license = TRUE;
800
801 /* now calculate encrypt / decrypt and update keys */
802 if (!security_establish_keys(rdp))
803 goto end;
804
805 rdp->do_crypt = TRUE;
806
807 if (settings->SaltedChecksum)
808 rdp->do_secure_checksum = TRUE;
809
810 if (settings->EncryptionMethods == ENCRYPTION_METHOD_FIPS)
811 {
812 rdp->fips_encrypt =
813 winpr_Cipher_NewEx(WINPR_CIPHER_DES_EDE3_CBC, WINPR_ENCRYPT, rdp->fips_encrypt_key,
814 sizeof(rdp->fips_encrypt_key), fips_ivec, sizeof(fips_ivec));
815
816 if (!rdp->fips_encrypt)
817 {
818 WLog_ERR(TAG, "unable to allocate des3 encrypt key");
819 goto end;
820 }
821
822 rdp->fips_decrypt =
823 winpr_Cipher_NewEx(WINPR_CIPHER_DES_EDE3_CBC, WINPR_DECRYPT, rdp->fips_decrypt_key,
824 sizeof(rdp->fips_decrypt_key), fips_ivec, sizeof(fips_ivec));
825
826 if (!rdp->fips_decrypt)
827 {
828 WLog_ERR(TAG, "unable to allocate des3 decrypt key");
829 goto end;
830 }
831
832 ret = TRUE;
833 goto end;
834 }
835
836 if (!rdp_reset_rc4_encrypt_keys(rdp))
837 goto end;
838 if (!rdp_reset_rc4_decrypt_keys(rdp))
839 goto end;
840
841 ret = TRUE;
842end:
843 Stream_Free(s, TRUE);
844 free(crypt_client_random);
845
846 if (!ret)
847 {
848 winpr_Cipher_Free(rdp->fips_decrypt);
849 winpr_Cipher_Free(rdp->fips_encrypt);
850 rdp->fips_decrypt = nullptr;
851 rdp->fips_encrypt = nullptr;
852
853 rdp_free_rc4_decrypt_keys(rdp);
854 rdp_free_rc4_encrypt_keys(rdp);
855 }
856
857 return ret;
858}
859
860static BOOL rdp_update_client_random(rdpSettings* settings, const BYTE* crypt_random,
861 size_t crypt_random_len)
862{
863 const size_t length = 32;
864 WINPR_ASSERT(settings);
865
866 const rdpPrivateKey* rsa = freerdp_settings_get_pointer(settings, FreeRDP_RdpServerRsaKey);
867 WINPR_ASSERT(rsa);
868
869 const rdpCertInfo* cinfo = freerdp_key_get_info(rsa);
870 WINPR_ASSERT(cinfo);
871
872 if (crypt_random_len != cinfo->ModulusLength + 8)
873 {
874 WLog_ERR(TAG, "invalid encrypted client random length");
875 return FALSE;
876 }
877 if (!freerdp_settings_set_pointer_len(settings, FreeRDP_ClientRandom, nullptr, length))
878 return FALSE;
879
880 BYTE* client_random = freerdp_settings_get_pointer_writable(settings, FreeRDP_ClientRandom);
881 WINPR_ASSERT(client_random);
882 return crypto_rsa_private_decrypt(crypt_random, crypt_random_len - 8, rsa, client_random,
883 length) > 0;
884}
885
886BOOL rdp_server_establish_keys(rdpRdp* rdp, wStream* s)
887{
888 UINT32 rand_len = 0;
889 UINT16 channel_id = 0;
890 UINT16 length = 0;
891 UINT16 sec_flags = 0;
892 BOOL ret = FALSE;
893
894 WINPR_ASSERT(rdp);
895
896 if (!rdp->settings->UseRdpSecurityLayer)
897 {
898 /* No RDP Security. */
899 return TRUE;
900 }
901
902 if (!rdp_read_header(rdp, s, &length, &channel_id))
903 return FALSE;
904
905 if (!rdp_read_security_header(rdp, s, &sec_flags, nullptr))
906 {
907 WLog_Print(rdp->log, WLOG_ERROR, "invalid security header");
908 return FALSE;
909 }
910
911 if ((sec_flags & SEC_EXCHANGE_PKT) == 0)
912 {
913 WLog_Print(rdp->log, WLOG_ERROR, "missing SEC_EXCHANGE_PKT in security header");
914 return FALSE;
915 }
916
917 rdp->do_crypt_license = ((sec_flags & SEC_LICENSE_ENCRYPT_SC) != 0);
918
919 if (!Stream_CheckAndLogRequiredLengthWLog(rdp->log, s, 4))
920 return FALSE;
921
922 Stream_Read_UINT32(s, rand_len);
923
924 /* rand_len already includes 8 bytes of padding */
925 if (!Stream_CheckAndLogRequiredLengthWLog(rdp->log, s, rand_len))
926 return FALSE;
927
928 const BYTE* crypt_random = Stream_ConstPointer(s);
929 if (!Stream_SafeSeek(s, rand_len))
930 goto end;
931 if (!rdp_update_client_random(rdp->settings, crypt_random, rand_len))
932 goto end;
933
934 /* now calculate encrypt / decrypt and update keys */
935 if (!security_establish_keys(rdp))
936 goto end;
937
938 rdp->do_crypt = TRUE;
939
940 if (rdp->settings->EncryptionMethods == ENCRYPTION_METHOD_FIPS)
941 {
942 rdp->fips_encrypt =
943 winpr_Cipher_NewEx(WINPR_CIPHER_DES_EDE3_CBC, WINPR_ENCRYPT, rdp->fips_encrypt_key,
944 sizeof(rdp->fips_encrypt_key), fips_ivec, sizeof(fips_ivec));
945
946 if (!rdp->fips_encrypt)
947 {
948 WLog_Print(rdp->log, WLOG_ERROR, "unable to allocate des3 encrypt key");
949 goto end;
950 }
951
952 rdp->fips_decrypt =
953 winpr_Cipher_NewEx(WINPR_CIPHER_DES_EDE3_CBC, WINPR_DECRYPT, rdp->fips_decrypt_key,
954 sizeof(rdp->fips_decrypt_key), fips_ivec, sizeof(fips_ivec));
955
956 if (!rdp->fips_decrypt)
957 {
958 WLog_Print(rdp->log, WLOG_ERROR, "unable to allocate des3 decrypt key");
959 goto end;
960 }
961
962 ret = TRUE;
963 goto end;
964 }
965
966 if (!rdp_reset_rc4_encrypt_keys(rdp))
967 goto end;
968
969 if (!rdp_reset_rc4_decrypt_keys(rdp))
970 goto end;
971
972 ret = tpkt_ensure_stream_consumed(rdp->log, s, length);
973end:
974
975 if (!ret)
976 {
977 winpr_Cipher_Free(rdp->fips_encrypt);
978 winpr_Cipher_Free(rdp->fips_decrypt);
979 rdp->fips_encrypt = nullptr;
980 rdp->fips_decrypt = nullptr;
981
982 rdp_free_rc4_encrypt_keys(rdp);
983 rdp_free_rc4_decrypt_keys(rdp);
984 }
985
986 return ret;
987}
988
989static BOOL rdp_client_send_client_info_and_change_state(rdpRdp* rdp)
990{
991 WINPR_ASSERT(rdp);
992 if (!rdp_client_establish_keys(rdp))
993 return FALSE;
994 if (!rdp_client_transition_to_state(rdp, CONNECTION_STATE_SECURE_SETTINGS_EXCHANGE))
995 return FALSE;
996 if (!rdp_send_client_info(rdp))
997 return FALSE;
998 if (!rdp_client_transition_to_state(rdp, CONNECTION_STATE_CONNECT_TIME_AUTO_DETECT_REQUEST))
999 return FALSE;
1000 return TRUE;
1001}
1002
1003BOOL rdp_client_skip_mcs_channel_join(rdpRdp* rdp)
1004{
1005 WINPR_ASSERT(rdp);
1006
1007 rdpMcs* mcs = rdp->mcs;
1008 WINPR_ASSERT(mcs);
1009
1010 mcs->userChannelJoined = TRUE;
1011 mcs->globalChannelJoined = TRUE;
1012 mcs->messageChannelJoined = TRUE;
1013
1014 for (UINT32 i = 0; i < mcs->channelCount; i++)
1015 {
1016 rdpMcsChannel* cur = &mcs->channels[i];
1017 WLog_DBG(TAG, " %s [%" PRIu16 "]", cur->Name, cur->ChannelId);
1018 cur->joined = TRUE;
1019 }
1020
1021 return rdp_client_send_client_info_and_change_state(rdp);
1022}
1023
1024static BOOL rdp_client_join_channel(rdpRdp* rdp, UINT16 ChannelId)
1025{
1026 WINPR_ASSERT(rdp);
1027
1028 rdpMcs* mcs = rdp->mcs;
1029 if (!rdp_client_transition_to_state(rdp, CONNECTION_STATE_MCS_CHANNEL_JOIN_REQUEST))
1030 return FALSE;
1031 if (!mcs_send_channel_join_request(mcs, ChannelId))
1032 return FALSE;
1033 if (!rdp_client_transition_to_state(rdp, CONNECTION_STATE_MCS_CHANNEL_JOIN_RESPONSE))
1034 return FALSE;
1035 return TRUE;
1036}
1037
1038BOOL rdp_client_connect_mcs_channel_join_confirm(rdpRdp* rdp, wStream* s)
1039{
1040 UINT16 channelId = 0;
1041 BOOL allJoined = TRUE;
1042
1043 WINPR_ASSERT(rdp);
1044 rdpMcs* mcs = rdp->mcs;
1045
1046 if (!mcs_recv_channel_join_confirm(mcs, s, &channelId))
1047 return FALSE;
1048
1049 if (!mcs->userChannelJoined)
1050 {
1051 if (channelId != mcs->userId)
1052 {
1053 WLog_ERR(TAG, "expected user channel id %" PRIu16 ", but received %" PRIu16,
1054 mcs->userId, channelId);
1055 return FALSE;
1056 }
1057
1058 mcs->userChannelJoined = TRUE;
1059 if (!rdp_client_join_channel(rdp, MCS_GLOBAL_CHANNEL_ID))
1060 return FALSE;
1061 }
1062 else if (!mcs->globalChannelJoined)
1063 {
1064 if (channelId != MCS_GLOBAL_CHANNEL_ID)
1065 {
1066 WLog_ERR(TAG, "expected uglobalser channel id %d, but received %" PRIu16,
1067 MCS_GLOBAL_CHANNEL_ID, channelId);
1068 return FALSE;
1069 }
1070 mcs->globalChannelJoined = TRUE;
1071
1072 if (mcs->messageChannelId != 0)
1073 {
1074 if (!rdp_client_join_channel(rdp, mcs->messageChannelId))
1075 return FALSE;
1076 allJoined = FALSE;
1077 }
1078 else
1079 {
1080 if (mcs->channelCount > 0)
1081 {
1082 const rdpMcsChannel* cur = &mcs->channels[0];
1083 if (!rdp_client_join_channel(rdp, cur->ChannelId))
1084 return FALSE;
1085 allJoined = FALSE;
1086 }
1087 }
1088 }
1089 else if ((mcs->messageChannelId != 0) && !mcs->messageChannelJoined)
1090 {
1091 if (channelId != mcs->messageChannelId)
1092 {
1093 WLog_ERR(TAG, "expected messageChannelId=%" PRIu16 ", got %" PRIu16,
1094 mcs->messageChannelId, channelId);
1095 return FALSE;
1096 }
1097
1098 mcs->messageChannelJoined = TRUE;
1099
1100 if (mcs->channelCount > 0)
1101 {
1102 const rdpMcsChannel* cur = &mcs->channels[0];
1103 if (!rdp_client_join_channel(rdp, cur->ChannelId))
1104 return FALSE;
1105 allJoined = FALSE;
1106 }
1107 }
1108 else
1109 {
1110 UINT32 i = 0;
1111 for (; i < mcs->channelCount; i++)
1112 {
1113 rdpMcsChannel* cur = &mcs->channels[i];
1114 if (cur->joined)
1115 continue;
1116
1117 if (cur->ChannelId != channelId)
1118 {
1119 WLog_ERR(TAG, "expected channel id %d, but received %" PRIu16,
1120 MCS_GLOBAL_CHANNEL_ID, channelId);
1121 return FALSE;
1122 }
1123 cur->joined = TRUE;
1124 break;
1125 }
1126
1127 if (i + 1 < mcs->channelCount)
1128 {
1129 const rdpMcsChannel* cur = &mcs->channels[i + 1];
1130 if (!rdp_client_join_channel(rdp, cur->ChannelId))
1131 return FALSE;
1132 allJoined = FALSE;
1133 }
1134 }
1135
1136 if (mcs->userChannelJoined && mcs->globalChannelJoined && allJoined)
1137 {
1138 if (!rdp_client_send_client_info_and_change_state(rdp))
1139 return FALSE;
1140 }
1141
1142 return TRUE;
1143}
1144
1145state_run_t rdp_handle_message_channel(rdpRdp* rdp, wStream* s, UINT16 channelId, UINT16 length)
1146{
1147 WINPR_ASSERT(rdp);
1148 WINPR_ASSERT(rdp->mcs);
1149
1150 if (!rdp->mcs->messageChannelJoined)
1151 {
1152 WLog_Print(rdp->log, WLOG_WARN, "MCS message channel not joined!");
1153 return STATE_RUN_FAILED;
1154 }
1155 const UINT16 messageChannelId = rdp->mcs->messageChannelId;
1156 if (messageChannelId == 0)
1157 {
1158 WLog_Print(rdp->log, WLOG_WARN, "MCS message channel id == 0");
1159 return STATE_RUN_FAILED;
1160 }
1161
1162 if ((channelId != messageChannelId) && (channelId != MCS_GLOBAL_CHANNEL_ID))
1163 {
1164 WLog_Print(rdp->log, WLOG_WARN,
1165 "MCS message channel expected id=[%" PRIu16 "|%d], got %" PRIu16,
1166 messageChannelId, MCS_GLOBAL_CHANNEL_ID, channelId);
1167 return STATE_RUN_FAILED;
1168 }
1169
1170 UINT16 securityFlags = 0;
1171 if (!rdp_read_security_header(rdp, s, &securityFlags, &length))
1172 return STATE_RUN_FAILED;
1173
1174 if (securityFlags & SEC_ENCRYPT)
1175 {
1176 if (!rdp_decrypt(rdp, s, &length, securityFlags))
1177 return STATE_RUN_FAILED;
1178 }
1179
1180 const state_run_t rc = rdp_recv_message_channel_pdu(rdp, s, securityFlags);
1181 if (state_run_success(rc))
1182 {
1183 if (!tpkt_ensure_stream_consumed(rdp->log, s, length))
1184 return STATE_RUN_FAILED;
1185 }
1186 return rc;
1187}
1188
1189BOOL rdp_client_connect_auto_detect(rdpRdp* rdp, wStream* s, DWORD logLevel)
1190{
1191 BOOL res = TRUE;
1192 WINPR_ASSERT(rdp);
1193 WINPR_ASSERT(rdp->mcs);
1194
1195 size_t pos = Stream_GetPosition(s);
1196 UINT16 length = 0;
1197 UINT16 channelId = 0;
1198
1199 if (!rdp_read_header(rdp, s, &length, &channelId))
1200 res = FALSE;
1201 else
1202 {
1203 const UINT16 messageChannelId = rdp->mcs->messageChannelId;
1204 /* If the MCS message channel has been joined... */
1205
1206 /* Process any MCS message channel PDUs. */
1207 if (rdp->mcs->messageChannelJoined && (channelId == messageChannelId))
1208 {
1209 const state_run_t rc = rdp_handle_message_channel(rdp, s, channelId, length);
1210 res = state_run_success(rc);
1211 pos = Stream_GetPosition(s);
1212 }
1213 else
1214 {
1215 wLog* log = WLog_Get(TAG);
1216 WLog_Print(log, logLevel, "expected messageChannelId=%" PRIu16 ", got %" PRIu16,
1217 messageChannelId, channelId);
1218 res = FALSE;
1219 }
1220 }
1221
1222 if (!Stream_SetPosition(s, pos))
1223 res = FALSE;
1224 return res;
1225}
1226
1227state_run_t rdp_client_connect_license(rdpRdp* rdp, wStream* s)
1228{
1229 state_run_t status = STATE_RUN_FAILED;
1230 LICENSE_STATE state = LICENSE_STATE_ABORTED;
1231 UINT16 length = 0;
1232 UINT16 channelId = 0;
1233 UINT16 securityFlags = 0;
1234
1235 WINPR_ASSERT(rdp);
1236 if (!rdp_read_header(rdp, s, &length, &channelId))
1237 return STATE_RUN_FAILED;
1238
1239 /* there might be autodetect messages mixed in between licensing messages.
1240 * that has been observed with 2k12 R2 and 2k19
1241 */
1242 const UINT16 messageChannelId = rdp->mcs->messageChannelId;
1243 if (rdp->mcs->messageChannelJoined && (channelId == messageChannelId))
1244 {
1245 return rdp_handle_message_channel(rdp, s, channelId, length);
1246 }
1247
1248 if (!rdp_read_security_header(rdp, s, &securityFlags, &length))
1249 return STATE_RUN_FAILED;
1250
1251 if (securityFlags & SEC_ENCRYPT)
1252 {
1253 if (!rdp_decrypt(rdp, s, &length, securityFlags))
1254 return STATE_RUN_FAILED;
1255 }
1256
1257 if (channelId != MCS_GLOBAL_CHANNEL_ID)
1258 WLog_WARN(TAG, "unexpected message for channel %u, expected %d", channelId,
1259 MCS_GLOBAL_CHANNEL_ID);
1260
1261 if ((securityFlags & SEC_LICENSE_PKT) == 0)
1262 {
1263 char buffer[512] = WINPR_C_ARRAY_INIT;
1264 char lbuffer[32] = WINPR_C_ARRAY_INIT;
1265 WLog_ERR(TAG, "securityFlags=%s, missing required flag %s",
1266 rdp_security_flag_string(securityFlags, buffer, sizeof(buffer)),
1267 rdp_security_flag_string(SEC_LICENSE_PKT, lbuffer, sizeof(lbuffer)));
1268 return STATE_RUN_FAILED;
1269 }
1270
1271 status = license_recv(rdp->license, s);
1272
1273 if (state_run_failed(status))
1274 return status;
1275
1276 state = license_get_state(rdp->license);
1277 switch (state)
1278 {
1279 case LICENSE_STATE_ABORTED:
1280 WLog_ERR(TAG, "license connection sequence aborted.");
1281 return STATE_RUN_FAILED;
1282 case LICENSE_STATE_COMPLETED:
1283 if (rdp->settings->MultitransportFlags)
1284 {
1285 if (!rdp_client_transition_to_state(
1286 rdp, CONNECTION_STATE_MULTITRANSPORT_BOOTSTRAPPING_REQUEST))
1287 return STATE_RUN_FAILED;
1288 }
1289 else
1290 {
1291 if (!rdp_client_transition_to_state(
1292 rdp, CONNECTION_STATE_CAPABILITIES_EXCHANGE_DEMAND_ACTIVE))
1293 return STATE_RUN_FAILED;
1294 }
1295 return STATE_RUN_SUCCESS;
1296 default:
1297 return STATE_RUN_SUCCESS;
1298 }
1299}
1300
1301state_run_t rdp_client_connect_demand_active(rdpRdp* rdp, wStream* s)
1302{
1303 UINT16 length = 0;
1304 UINT16 channelId = 0;
1305 UINT16 pduType = 0;
1306 UINT16 pduSource = 0;
1307
1308 WINPR_ASSERT(rdp);
1309 WINPR_ASSERT(s);
1310 WINPR_ASSERT(rdp->settings);
1311
1312 if (!rdp_recv_get_active_header(rdp, s, &channelId, &length))
1313 return STATE_RUN_FAILED;
1314
1315 if (freerdp_shall_disconnect_context(rdp->context))
1316 return STATE_RUN_QUIT_SESSION;
1317
1318 if (rdp->mcs->messageChannelId && (channelId == rdp->mcs->messageChannelId))
1319 {
1320 rdp->inPackets++;
1321 return rdp_handle_message_channel(rdp, s, channelId, length);
1322 }
1323
1324 if (!rdp_handle_optional_rdp_decryption(rdp, s, &length, nullptr))
1325 return STATE_RUN_FAILED;
1326
1327 if (!rdp_read_share_control_header(rdp, s, nullptr, nullptr, &pduType, &pduSource))
1328 return STATE_RUN_FAILED;
1329
1330 switch (pduType)
1331 {
1332 case PDU_TYPE_DEMAND_ACTIVE:
1333 if (!rdp_recv_demand_active(rdp, s, pduSource, length))
1334 return STATE_RUN_FAILED;
1335 return STATE_RUN_ACTIVE;
1336 default:
1337 return rdp_recv_out_of_sequence_pdu(rdp, s, pduType, length);
1338 }
1339}
1340
1341state_run_t rdp_client_connect_finalize(rdpRdp* rdp)
1342{
1343 WINPR_ASSERT(rdp);
1350 if (!rdp_client_transition_to_state(rdp, CONNECTION_STATE_FINALIZATION_SYNC))
1351 return STATE_RUN_FAILED;
1352
1353 if (!rdp_send_client_synchronize_pdu(rdp))
1354 return STATE_RUN_FAILED;
1355
1356 if (!rdp_client_transition_to_state(rdp, CONNECTION_STATE_FINALIZATION_COOPERATE))
1357 return STATE_RUN_FAILED;
1358 if (!rdp_send_client_control_pdu(rdp, CTRLACTION_COOPERATE))
1359 return STATE_RUN_FAILED;
1360
1361 if (!rdp_client_transition_to_state(rdp, CONNECTION_STATE_FINALIZATION_REQUEST_CONTROL))
1362 return STATE_RUN_FAILED;
1363 if (!rdp_send_client_control_pdu(rdp, CTRLACTION_REQUEST_CONTROL))
1364 return STATE_RUN_FAILED;
1365
1373 if (!rdp_finalize_is_flag_set(rdp, FINALIZE_DEACTIVATE_REACTIVATE) &&
1374 freerdp_settings_get_bool(rdp->settings, FreeRDP_BitmapCachePersistEnabled))
1375 {
1376 if (!rdp_client_transition_to_state(rdp, CONNECTION_STATE_FINALIZATION_PERSISTENT_KEY_LIST))
1377 return STATE_RUN_FAILED;
1378 if (!rdp_send_client_persistent_key_list_pdu(rdp))
1379 return STATE_RUN_FAILED;
1380 }
1381
1382 if (!rdp_client_transition_to_state(rdp, CONNECTION_STATE_FINALIZATION_FONT_LIST))
1383 return STATE_RUN_FAILED;
1384 if (!rdp_send_client_font_list_pdu(rdp, FONTLIST_FIRST | FONTLIST_LAST))
1385 return STATE_RUN_FAILED;
1386
1387 if (!rdp_client_transition_to_state(rdp, CONNECTION_STATE_FINALIZATION_CLIENT_SYNC))
1388 return STATE_RUN_FAILED;
1389 return STATE_RUN_SUCCESS;
1390}
1391
1392BOOL rdp_client_transition_to_state(rdpRdp* rdp, CONNECTION_STATE state)
1393{
1394 const char* name = rdp_state_string(state);
1395
1396 WINPR_ASSERT(rdp);
1397 WLog_Print(rdp->log, WLOG_DEBUG, "%s --> %s", rdp_get_state_string(rdp), name);
1398
1399 if (!rdp_set_state(rdp, state))
1400 return FALSE;
1401
1402 switch (state)
1403 {
1404 case CONNECTION_STATE_FINALIZATION_SYNC:
1405 case CONNECTION_STATE_FINALIZATION_COOPERATE:
1406 case CONNECTION_STATE_FINALIZATION_REQUEST_CONTROL:
1407 case CONNECTION_STATE_FINALIZATION_PERSISTENT_KEY_LIST:
1408 case CONNECTION_STATE_FINALIZATION_FONT_LIST:
1409 update_reset_state(rdp->update);
1410 break;
1411
1412 case CONNECTION_STATE_CAPABILITIES_EXCHANGE_CONFIRM_ACTIVE:
1413 {
1414 ActivatedEventArgs activatedEvent = WINPR_C_ARRAY_INIT;
1415 rdpContext* context = rdp->context;
1416 EventArgsInit(&activatedEvent, "libfreerdp");
1417 activatedEvent.firstActivation =
1418 !rdp_finalize_is_flag_set(rdp, FINALIZE_DEACTIVATE_REACTIVATE);
1419 if (PubSub_OnActivated(rdp->pubSub, context, &activatedEvent) < 0)
1420 return FALSE;
1421 }
1422
1423 break;
1424
1425 default:
1426 break;
1427 }
1428
1429 {
1430 ConnectionStateChangeEventArgs stateEvent = WINPR_C_ARRAY_INIT;
1431 rdpContext* context = rdp->context;
1432 EventArgsInit(&stateEvent, "libfreerdp");
1433 stateEvent.state = WINPR_ASSERTING_INT_CAST(int32_t, rdp_get_state(rdp));
1434 stateEvent.active = rdp_is_active_state(rdp);
1435 if (PubSub_OnConnectionStateChange(rdp->pubSub, context, &stateEvent) < 0)
1436 return FALSE;
1437 }
1438
1439 return TRUE;
1440}
1441
1442BOOL rdp_server_accept_nego(rdpRdp* rdp, wStream* s)
1443{
1444 UINT32 SelectedProtocol = 0;
1445 UINT32 RequestedProtocols = 0;
1446 BOOL status = 0;
1447 rdpSettings* settings = nullptr;
1448 rdpNego* nego = nullptr;
1449
1450 WINPR_ASSERT(rdp);
1451 WINPR_ASSERT(s);
1452
1453 settings = rdp->settings;
1454 WINPR_ASSERT(settings);
1455
1456 nego = rdp->nego;
1457 WINPR_ASSERT(nego);
1458
1459 if (!transport_set_blocking_mode(rdp->transport, TRUE))
1460 return FALSE;
1461
1462 if (!nego_read_request(nego, s))
1463 return FALSE;
1464
1465 RequestedProtocols = nego_get_requested_protocols(nego);
1466 WLog_DBG(TAG, "Client Security: RDSTLS:%d NLA:%d TLS:%d RDP:%d",
1467 (RequestedProtocols & PROTOCOL_RDSTLS) ? 1 : 0,
1468 (RequestedProtocols & PROTOCOL_HYBRID) ? 1 : 0,
1469 (RequestedProtocols & PROTOCOL_SSL) ? 1 : 0,
1470 (RequestedProtocols == PROTOCOL_RDP) ? 1 : 0);
1471 WLog_DBG(TAG,
1472 "Server Security: RDSTLS:%" PRId32 " NLA:%" PRId32 " TLS:%" PRId32 " RDP:%" PRId32 "",
1473 settings->RdstlsSecurity, settings->NlaSecurity, settings->TlsSecurity,
1474 settings->RdpSecurity);
1475
1476 if ((settings->RdstlsSecurity) && (RequestedProtocols & PROTOCOL_RDSTLS))
1477 {
1478 SelectedProtocol = PROTOCOL_RDSTLS;
1479 }
1480 else if ((settings->NlaSecurity) && (RequestedProtocols & PROTOCOL_HYBRID))
1481 {
1482 SelectedProtocol = PROTOCOL_HYBRID;
1483 }
1484 else if ((settings->TlsSecurity) && (RequestedProtocols & PROTOCOL_SSL))
1485 {
1486 SelectedProtocol = PROTOCOL_SSL;
1487 }
1488 else if ((settings->RdpSecurity) && (RequestedProtocols == PROTOCOL_RDP))
1489 {
1490 SelectedProtocol = PROTOCOL_RDP;
1491 }
1492 else
1493 {
1494 /*
1495 * when here client and server aren't compatible, we select the right
1496 * error message to return to the client in the nego failure packet
1497 */
1498 SelectedProtocol = PROTOCOL_FAILED_NEGO;
1499
1500 if (settings->RdpSecurity)
1501 {
1502 WLog_ERR(TAG, "server supports only Standard RDP Security");
1503 SelectedProtocol |= SSL_NOT_ALLOWED_BY_SERVER;
1504 }
1505 else
1506 {
1507 if (settings->NlaSecurity && !settings->TlsSecurity)
1508 {
1509 WLog_WARN(TAG, "server supports only NLA Security");
1510 SelectedProtocol |= HYBRID_REQUIRED_BY_SERVER;
1511 }
1512 else
1513 {
1514 WLog_WARN(TAG, "server supports only a SSL based Security (TLS or NLA)");
1515 SelectedProtocol |= SSL_REQUIRED_BY_SERVER;
1516 }
1517 }
1518
1519 WLog_ERR(TAG, "Protocol security negotiation failure");
1520 }
1521
1522 if (!(SelectedProtocol & PROTOCOL_FAILED_NEGO))
1523 {
1524 WLog_DBG(TAG, "Negotiated Security: RDSTLS:%d NLA:%d TLS:%d RDP:%d",
1525 (SelectedProtocol & PROTOCOL_RDSTLS) ? 1 : 0,
1526 (SelectedProtocol & PROTOCOL_HYBRID) ? 1 : 0,
1527 (SelectedProtocol & PROTOCOL_SSL) ? 1 : 0,
1528 (SelectedProtocol == PROTOCOL_RDP) ? 1 : 0);
1529 }
1530
1531 if (!nego_set_selected_protocol(nego, SelectedProtocol))
1532 return FALSE;
1533
1534 if (!nego_send_negotiation_response(nego))
1535 return FALSE;
1536
1537 SelectedProtocol = nego_get_selected_protocol(nego);
1538 status = FALSE;
1539
1540 if (freerdp_settings_get_bool(rdp->settings, FreeRDP_VmConnectMode) &&
1541 SelectedProtocol != PROTOCOL_RDP)
1542 /* When behind a Hyper-V proxy, security != RDP is handled by the host. */
1543 status = TRUE;
1544 else if (SelectedProtocol & PROTOCOL_RDSTLS)
1545 status = transport_accept_rdstls(rdp->transport);
1546 else if (SelectedProtocol & PROTOCOL_HYBRID)
1547 status = transport_accept_nla(rdp->transport);
1548 else if (SelectedProtocol & PROTOCOL_SSL)
1549 status = transport_accept_tls(rdp->transport);
1550 else if (SelectedProtocol == PROTOCOL_RDP) /* 0 */
1551 status = transport_accept_rdp(rdp->transport);
1552
1553 if (!status)
1554 return FALSE;
1555
1556 return transport_set_blocking_mode(rdp->transport, FALSE);
1557}
1558
1559static BOOL rdp_update_encryption_level(rdpSettings* settings)
1560{
1561 WINPR_ASSERT(settings);
1562
1563 UINT32 EncryptionLevel = freerdp_settings_get_uint32(settings, FreeRDP_EncryptionLevel);
1564 UINT32 EncryptionMethods = freerdp_settings_get_uint32(settings, FreeRDP_EncryptionMethods);
1565
1576 if (!settings->UseRdpSecurityLayer)
1577 {
1578 /* TLS/NLA is used: disable rdp style encryption */
1579 EncryptionLevel = ENCRYPTION_LEVEL_NONE;
1580 }
1581 else
1582 {
1583 /* verify server encryption level value */
1584 switch (EncryptionLevel)
1585 {
1586 case ENCRYPTION_LEVEL_NONE:
1587 WLog_INFO(TAG, "Active rdp encryption level: NONE");
1588 break;
1589
1590 case ENCRYPTION_LEVEL_FIPS:
1591 WLog_INFO(TAG, "Active rdp encryption level: FIPS Compliant");
1592 break;
1593
1594 case ENCRYPTION_LEVEL_HIGH:
1595 WLog_INFO(TAG, "Active rdp encryption level: HIGH");
1596 break;
1597
1598 case ENCRYPTION_LEVEL_LOW:
1599 WLog_INFO(TAG, "Active rdp encryption level: LOW");
1600 break;
1601
1602 case ENCRYPTION_LEVEL_CLIENT_COMPATIBLE:
1603 WLog_INFO(TAG, "Active rdp encryption level: CLIENT-COMPATIBLE");
1604 break;
1605
1606 default:
1607 WLog_ERR(TAG, "Invalid server encryption level 0x%08" PRIX32 "", EncryptionLevel);
1608 WLog_ERR(TAG, "Switching to encryption level CLIENT-COMPATIBLE");
1609 EncryptionLevel = ENCRYPTION_LEVEL_CLIENT_COMPATIBLE;
1610 }
1611 }
1612
1613 /* choose rdp encryption method based on server level and client methods */
1614 switch (EncryptionLevel)
1615 {
1616 case ENCRYPTION_LEVEL_NONE:
1617 /* The only valid method is NONE in this case */
1618 EncryptionMethods = ENCRYPTION_METHOD_NONE;
1619 break;
1620
1621 case ENCRYPTION_LEVEL_FIPS:
1622
1623 /* The only valid method is FIPS in this case */
1624 if (!(EncryptionMethods & ENCRYPTION_METHOD_FIPS))
1625 {
1626 WLog_WARN(TAG, "client does not support FIPS as required by server configuration");
1627 }
1628
1629 EncryptionMethods = ENCRYPTION_METHOD_FIPS;
1630 break;
1631
1632 case ENCRYPTION_LEVEL_HIGH:
1633
1634 /* Maximum key strength supported by the server must be used (128 bit)*/
1635 if (!(EncryptionMethods & ENCRYPTION_METHOD_128BIT))
1636 {
1637 WLog_WARN(TAG, "client does not support 128 bit encryption method as required by "
1638 "server configuration");
1639 }
1640
1641 EncryptionMethods = ENCRYPTION_METHOD_128BIT;
1642 break;
1643
1644 case ENCRYPTION_LEVEL_LOW:
1645 case ENCRYPTION_LEVEL_CLIENT_COMPATIBLE:
1646
1647 /* Maximum key strength supported by the client must be used */
1648 if (EncryptionMethods & ENCRYPTION_METHOD_128BIT)
1649 EncryptionMethods = ENCRYPTION_METHOD_128BIT;
1650 else if (EncryptionMethods & ENCRYPTION_METHOD_56BIT)
1651 EncryptionMethods = ENCRYPTION_METHOD_56BIT;
1652 else if (EncryptionMethods & ENCRYPTION_METHOD_40BIT)
1653 EncryptionMethods = ENCRYPTION_METHOD_40BIT;
1654 else if (EncryptionMethods & ENCRYPTION_METHOD_FIPS)
1655 EncryptionMethods = ENCRYPTION_METHOD_FIPS;
1656 else
1657 {
1658 WLog_WARN(TAG, "client has not announced any supported encryption methods");
1659 EncryptionMethods = ENCRYPTION_METHOD_128BIT;
1660 }
1661
1662 break;
1663
1664 default:
1665 WLog_ERR(TAG, "internal error: unknown encryption level");
1666 return FALSE;
1667 }
1668
1669 /* log selected encryption method */
1670 if (settings->UseRdpSecurityLayer)
1671 {
1672 switch (EncryptionMethods)
1673 {
1674 case ENCRYPTION_METHOD_NONE:
1675 WLog_INFO(TAG, "Selected rdp encryption method: NONE");
1676 break;
1677
1678 case ENCRYPTION_METHOD_40BIT:
1679 WLog_INFO(TAG, "Selected rdp encryption method: 40BIT");
1680 break;
1681
1682 case ENCRYPTION_METHOD_56BIT:
1683 WLog_INFO(TAG, "Selected rdp encryption method: 56BIT");
1684 break;
1685
1686 case ENCRYPTION_METHOD_128BIT:
1687 WLog_INFO(TAG, "Selected rdp encryption method: 128BIT");
1688 break;
1689
1690 case ENCRYPTION_METHOD_FIPS:
1691 WLog_INFO(TAG, "Selected rdp encryption method: FIPS");
1692 break;
1693
1694 default:
1695 WLog_ERR(TAG, "internal error: unknown encryption method");
1696 return FALSE;
1697 }
1698 }
1699
1700 if (!freerdp_settings_set_uint32(settings, FreeRDP_EncryptionLevel, EncryptionLevel))
1701 return FALSE;
1702 if (!freerdp_settings_set_uint32(settings, FreeRDP_EncryptionMethods, EncryptionMethods))
1703 return FALSE;
1704 return TRUE;
1705}
1706
1707BOOL rdp_server_accept_mcs_connect_initial(rdpRdp* rdp, wStream* s)
1708{
1709 WINPR_ASSERT(rdp);
1710 WINPR_ASSERT(s);
1711
1712 rdpMcs* mcs = rdp->mcs;
1713 WINPR_ASSERT(mcs);
1714
1715 WINPR_ASSERT(rdp_get_state(rdp) == CONNECTION_STATE_MCS_CREATE_REQUEST);
1716 if (!mcs_recv_connect_initial(mcs, s))
1717 return FALSE;
1718 WINPR_ASSERT(rdp->settings);
1719
1720 if (!mcs_server_apply_to_settings(mcs, rdp->settings))
1721 return FALSE;
1722
1723 WLog_DBG(TAG, "Accepted client: %s", rdp->settings->ClientHostname);
1724 WLog_DBG(TAG, "Accepted channels:");
1725
1726 WINPR_ASSERT(mcs->channels || (mcs->channelCount == 0));
1727 for (UINT32 i = 0; i < mcs->channelCount; i++)
1728 {
1729 ADDIN_ARGV* arg = nullptr;
1730 rdpMcsChannel* cur = &mcs->channels[i];
1731 const char* params[1] = { cur->Name };
1732 WLog_DBG(TAG, " %s [%" PRIu16 "]", cur->Name, cur->ChannelId);
1733 arg = freerdp_addin_argv_new(ARRAYSIZE(params), params);
1734 if (!arg)
1735 return FALSE;
1736
1737 if (!freerdp_static_channel_collection_add(rdp->settings, arg))
1738 {
1739 freerdp_addin_argv_free(arg);
1740 return FALSE;
1741 }
1742 }
1743
1744 if (!rdp_server_transition_to_state(rdp, CONNECTION_STATE_MCS_CREATE_RESPONSE))
1745 return FALSE;
1746 if (!rdp_update_encryption_level(rdp->settings))
1747 return FALSE;
1748 if (!mcs_send_connect_response(mcs))
1749 return FALSE;
1750 if (!rdp_server_transition_to_state(rdp, CONNECTION_STATE_MCS_ERECT_DOMAIN))
1751 return FALSE;
1752
1753 return TRUE;
1754}
1755
1756BOOL rdp_server_accept_mcs_erect_domain_request(rdpRdp* rdp, wStream* s)
1757{
1758 WINPR_ASSERT(rdp);
1759 WINPR_ASSERT(s);
1760 WINPR_ASSERT(rdp_get_state(rdp) == CONNECTION_STATE_MCS_ERECT_DOMAIN);
1761
1762 if (!mcs_recv_erect_domain_request(rdp->mcs, s))
1763 return FALSE;
1764
1765 return rdp_server_transition_to_state(rdp, CONNECTION_STATE_MCS_ATTACH_USER);
1766}
1767
1768static BOOL rdp_server_skip_mcs_channel_join(rdpRdp* rdp)
1769{
1770 WINPR_ASSERT(rdp);
1771
1772 rdpMcs* mcs = rdp->mcs;
1773 WINPR_ASSERT(mcs);
1774
1775 mcs->userChannelJoined = TRUE;
1776 mcs->globalChannelJoined = TRUE;
1777 mcs->messageChannelJoined = TRUE;
1778
1779 for (UINT32 i = 0; i < mcs->channelCount; i++)
1780 {
1781 rdpMcsChannel* cur = &mcs->channels[i];
1782 WLog_DBG(TAG, " %s [%" PRIu16 "]", cur->Name, cur->ChannelId);
1783 cur->joined = TRUE;
1784 }
1785 return rdp_server_transition_to_state(rdp, CONNECTION_STATE_RDP_SECURITY_COMMENCEMENT);
1786}
1787
1788BOOL rdp_server_accept_mcs_attach_user_request(rdpRdp* rdp, wStream* s)
1789{
1790 if (!mcs_recv_attach_user_request(rdp->mcs, s))
1791 return FALSE;
1792
1793 if (!rdp_server_transition_to_state(rdp, CONNECTION_STATE_MCS_ATTACH_USER_CONFIRM))
1794 return FALSE;
1795
1796 if (!mcs_send_attach_user_confirm(rdp->mcs))
1797 return FALSE;
1798
1799 if (freerdp_settings_get_bool(rdp->settings, FreeRDP_SupportSkipChannelJoin))
1800 return rdp_server_skip_mcs_channel_join(rdp);
1801 return rdp_server_transition_to_state(rdp, CONNECTION_STATE_MCS_CHANNEL_JOIN_REQUEST);
1802}
1803
1804BOOL rdp_server_accept_mcs_channel_join_request(rdpRdp* rdp, wStream* s)
1805{
1806 UINT16 channelId = 0;
1807 BOOL allJoined = TRUE;
1808 rdpMcs* mcs = nullptr;
1809
1810 WINPR_ASSERT(rdp);
1811 WINPR_ASSERT(rdp->context);
1812
1813 mcs = rdp->mcs;
1814 WINPR_ASSERT(mcs);
1815
1816 WINPR_ASSERT(rdp_get_state(rdp) == CONNECTION_STATE_MCS_CHANNEL_JOIN_REQUEST);
1817
1818 if (!mcs_recv_channel_join_request(mcs, rdp->settings, s, &channelId))
1819 return FALSE;
1820
1821 if (!rdp_server_transition_to_state(rdp, CONNECTION_STATE_MCS_CHANNEL_JOIN_RESPONSE))
1822 return FALSE;
1823
1824 if (!mcs_send_channel_join_confirm(mcs, channelId))
1825 return FALSE;
1826
1827 if (channelId == mcs->userId)
1828 mcs->userChannelJoined = TRUE;
1829 if (channelId == MCS_GLOBAL_CHANNEL_ID)
1830 mcs->globalChannelJoined = TRUE;
1831 if (channelId == mcs->messageChannelId)
1832 mcs->messageChannelJoined = TRUE;
1833
1834 for (UINT32 i = 0; i < mcs->channelCount; i++)
1835 {
1836 rdpMcsChannel* cur = &mcs->channels[i];
1837 WLog_DBG(TAG, " %s [%" PRIu16 "]", cur->Name, cur->ChannelId);
1838 if (cur->ChannelId == channelId)
1839 cur->joined = TRUE;
1840
1841 if (!cur->joined)
1842 allJoined = FALSE;
1843 }
1844
1845 CONNECTION_STATE rc = CONNECTION_STATE_INITIAL;
1846 if ((mcs->userChannelJoined) && (mcs->globalChannelJoined) &&
1847 (mcs->messageChannelId == 0 || mcs->messageChannelJoined) && allJoined)
1848 rc = CONNECTION_STATE_RDP_SECURITY_COMMENCEMENT;
1849 else
1850 rc = CONNECTION_STATE_MCS_CHANNEL_JOIN_REQUEST;
1851
1852 return rdp_server_transition_to_state(rdp, rc);
1853}
1854
1855static BOOL rdp_server_send_sync(rdpRdp* rdp)
1856{
1857 WINPR_ASSERT(rdp);
1858
1859 if (!rdp_server_transition_to_state(rdp, CONNECTION_STATE_FINALIZATION_CLIENT_SYNC))
1860 return FALSE;
1861 if (!rdp_send_server_synchronize_pdu(rdp))
1862 return FALSE;
1863 if (!rdp_server_transition_to_state(rdp, CONNECTION_STATE_FINALIZATION_CLIENT_COOPERATE))
1864 return FALSE;
1865 if (!rdp_send_server_control_cooperate_pdu(rdp))
1866 return FALSE;
1867 if (!rdp_finalize_reset_flags(rdp, FALSE))
1868 return FALSE;
1869 return rdp_server_transition_to_state(rdp, CONNECTION_STATE_FINALIZATION_SYNC);
1870}
1871
1872BOOL rdp_server_accept_confirm_active(rdpRdp* rdp, wStream* s, UINT16 pduLength)
1873{
1874 WINPR_ASSERT(rdp);
1875 WINPR_ASSERT(rdp->context);
1876 WINPR_ASSERT(rdp->settings);
1877 WINPR_ASSERT(s);
1878
1879 freerdp_peer* peer = rdp->context->peer;
1880 WINPR_ASSERT(peer);
1881
1882 if (rdp_get_state(rdp) != CONNECTION_STATE_CAPABILITIES_EXCHANGE_CONFIRM_ACTIVE)
1883 {
1884 if (freerdp_settings_get_bool(rdp->settings, FreeRDP_TransportDumpReplay))
1885 rdp_finalize_set_flag(rdp, FINALIZE_DEACTIVATE_REACTIVATE);
1886 else
1887 {
1888 WLog_WARN(TAG, "Invalid state, got %s, expected %s", rdp_get_state_string(rdp),
1889 rdp_state_string(CONNECTION_STATE_CAPABILITIES_EXCHANGE_CONFIRM_ACTIVE));
1890 return FALSE;
1891 }
1892 }
1893
1894 if (!rdp_recv_confirm_active(rdp, s, pduLength))
1895 return FALSE;
1896
1897 if (peer->ClientCapabilities && !peer->ClientCapabilities(peer))
1898 {
1899 WLog_WARN(TAG, "peer->ClientCapabilities failed");
1900 return FALSE;
1901 }
1902
1903 if (rdp->settings->SaltedChecksum)
1904 rdp->do_secure_checksum = TRUE;
1905
1906 return rdp_server_send_sync(rdp);
1907}
1908
1909BOOL rdp_server_reactivate(rdpRdp* rdp)
1910{
1911 freerdp_peer* client = nullptr;
1912
1913 if (rdp->context && rdp->context->peer)
1914 client = rdp->context->peer;
1915
1916 if (client)
1917 client->activated = FALSE;
1918
1919 if (!rdp_send_deactivate_all(rdp))
1920 return FALSE;
1921
1922 rdp_finalize_set_flag(rdp, FINALIZE_DEACTIVATE_REACTIVATE);
1923 if (!rdp_server_transition_to_state(rdp, CONNECTION_STATE_CAPABILITIES_EXCHANGE_DEMAND_ACTIVE))
1924 return FALSE;
1925
1926 state_run_t rc = rdp_peer_handle_state_demand_active(client);
1927 return state_run_success(rc);
1928}
1929
1930static BOOL rdp_is_active_peer_state(CONNECTION_STATE state)
1931{
1932 /* [MS-RDPBCGR] 1.3.1.1 Connection Sequence states:
1933 * 'upon receipt of the Font List PDU the server can start sending graphics
1934 * output to the client'
1935 */
1936 switch (state)
1937 {
1938 case CONNECTION_STATE_FINALIZATION_CLIENT_SYNC:
1939 case CONNECTION_STATE_FINALIZATION_CLIENT_COOPERATE:
1940 case CONNECTION_STATE_FINALIZATION_CLIENT_GRANTED_CONTROL:
1941 case CONNECTION_STATE_FINALIZATION_CLIENT_FONT_MAP:
1942 case CONNECTION_STATE_ACTIVE:
1943 return TRUE;
1944 default:
1945 return FALSE;
1946 }
1947}
1948
1949static BOOL rdp_is_active_client_state(CONNECTION_STATE state)
1950{
1951 /* [MS-RDPBCGR] 1.3.1.1 Connection Sequence states:
1952 * 'Once the client has sent the Confirm Active PDU, it can start sending
1953 * mouse and keyboard input to the server'
1954 */
1955 switch (state)
1956 {
1957 case CONNECTION_STATE_FINALIZATION_SYNC:
1958 case CONNECTION_STATE_FINALIZATION_COOPERATE:
1959 case CONNECTION_STATE_FINALIZATION_REQUEST_CONTROL:
1960 case CONNECTION_STATE_FINALIZATION_PERSISTENT_KEY_LIST:
1961 case CONNECTION_STATE_FINALIZATION_FONT_LIST:
1962 case CONNECTION_STATE_FINALIZATION_CLIENT_SYNC:
1963 case CONNECTION_STATE_FINALIZATION_CLIENT_COOPERATE:
1964 case CONNECTION_STATE_FINALIZATION_CLIENT_GRANTED_CONTROL:
1965 case CONNECTION_STATE_FINALIZATION_CLIENT_FONT_MAP:
1966 case CONNECTION_STATE_ACTIVE:
1967 return TRUE;
1968 default:
1969 return FALSE;
1970 }
1971}
1972
1973BOOL rdp_is_active_state(const rdpRdp* rdp)
1974{
1975 WINPR_ASSERT(rdp);
1976 WINPR_ASSERT(rdp->context);
1977
1978 const CONNECTION_STATE state = rdp_get_state(rdp);
1979 if (freerdp_settings_get_bool(rdp->context->settings, FreeRDP_ServerMode))
1980 return rdp_is_active_peer_state(state);
1981 else
1982 return rdp_is_active_client_state(state);
1983}
1984
1985BOOL rdp_server_transition_to_state(rdpRdp* rdp, CONNECTION_STATE state)
1986{
1987 BOOL status = FALSE;
1988 freerdp_peer* client = nullptr;
1989 const CONNECTION_STATE cstate = rdp_get_state(rdp);
1990
1991 if (cstate >= CONNECTION_STATE_RDP_SECURITY_COMMENCEMENT)
1992 {
1993 WINPR_ASSERT(rdp->context);
1994 client = rdp->context->peer;
1995 }
1996
1997 if (!rdp_is_active_peer_state(cstate))
1998 {
1999 if (client)
2000 client->activated = FALSE;
2001 }
2002
2003 WLog_Print(rdp->log, WLOG_DEBUG, "%s --> %s", rdp_get_state_string(rdp),
2004 rdp_state_string(state));
2005 if (!rdp_set_state(rdp, state))
2006 goto fail;
2007
2008 status = TRUE;
2009fail:
2010 return status;
2011}
2012
2013const char* rdp_client_connection_state_string(UINT state)
2014{
2015 switch (state)
2016 {
2017 case CLIENT_STATE_INITIAL:
2018 return "CLIENT_STATE_INITIAL";
2019 case CLIENT_STATE_PRECONNECT_PASSED:
2020 return "CLIENT_STATE_PRECONNECT_PASSED";
2021 case CLIENT_STATE_POSTCONNECT_PASSED:
2022 return "CLIENT_STATE_POSTCONNECT_PASSED";
2023 default:
2024 return "UNKNOWN";
2025 }
2026}
2027
2028const char* rdp_state_string(CONNECTION_STATE state)
2029{
2030 switch (state)
2031 {
2032 case CONNECTION_STATE_INITIAL:
2033 return "CONNECTION_STATE_INITIAL";
2034 case CONNECTION_STATE_NEGO:
2035 return "CONNECTION_STATE_NEGO";
2036 case CONNECTION_STATE_NLA:
2037 return "CONNECTION_STATE_NLA";
2038 case CONNECTION_STATE_AAD:
2039 return "CONNECTION_STATE_AAD";
2040 case CONNECTION_STATE_MCS_CREATE_REQUEST:
2041 return "CONNECTION_STATE_MCS_CREATE_REQUEST";
2042 case CONNECTION_STATE_MCS_CREATE_RESPONSE:
2043 return "CONNECTION_STATE_MCS_CREATE_RESPONSE";
2044 case CONNECTION_STATE_MCS_ERECT_DOMAIN:
2045 return "CONNECTION_STATE_MCS_ERECT_DOMAIN";
2046 case CONNECTION_STATE_MCS_ATTACH_USER:
2047 return "CONNECTION_STATE_MCS_ATTACH_USER";
2048 case CONNECTION_STATE_MCS_ATTACH_USER_CONFIRM:
2049 return "CONNECTION_STATE_MCS_ATTACH_USER_CONFIRM";
2050 case CONNECTION_STATE_MCS_CHANNEL_JOIN_REQUEST:
2051 return "CONNECTION_STATE_MCS_CHANNEL_JOIN_REQUEST";
2052 case CONNECTION_STATE_MCS_CHANNEL_JOIN_RESPONSE:
2053 return "CONNECTION_STATE_MCS_CHANNEL_JOIN_RESPONSE";
2054 case CONNECTION_STATE_RDP_SECURITY_COMMENCEMENT:
2055 return "CONNECTION_STATE_RDP_SECURITY_COMMENCEMENT";
2056 case CONNECTION_STATE_SECURE_SETTINGS_EXCHANGE:
2057 return "CONNECTION_STATE_SECURE_SETTINGS_EXCHANGE";
2058 case CONNECTION_STATE_CONNECT_TIME_AUTO_DETECT_REQUEST:
2059 return "CONNECTION_STATE_CONNECT_TIME_AUTO_DETECT_REQUEST";
2060 case CONNECTION_STATE_CONNECT_TIME_AUTO_DETECT_RESPONSE:
2061 return "CONNECTION_STATE_CONNECT_TIME_AUTO_DETECT_RESPONSE";
2062 case CONNECTION_STATE_LICENSING:
2063 return "CONNECTION_STATE_LICENSING";
2064 case CONNECTION_STATE_MULTITRANSPORT_BOOTSTRAPPING_REQUEST:
2065 return "CONNECTION_STATE_MULTITRANSPORT_BOOTSTRAPPING_REQUEST";
2066 case CONNECTION_STATE_MULTITRANSPORT_BOOTSTRAPPING_RESPONSE:
2067 return "CONNECTION_STATE_MULTITRANSPORT_BOOTSTRAPPING_RESPONSE";
2068 case CONNECTION_STATE_CAPABILITIES_EXCHANGE_DEMAND_ACTIVE:
2069 return "CONNECTION_STATE_CAPABILITIES_EXCHANGE_DEMAND_ACTIVE";
2070 case CONNECTION_STATE_CAPABILITIES_EXCHANGE_MONITOR_LAYOUT:
2071 return "CONNECTION_STATE_CAPABILITIES_EXCHANGE_MONITOR_LAYOUT";
2072 case CONNECTION_STATE_CAPABILITIES_EXCHANGE_CONFIRM_ACTIVE:
2073 return "CONNECTION_STATE_CAPABILITIES_EXCHANGE_CONFIRM_ACTIVE";
2074 case CONNECTION_STATE_FINALIZATION_SYNC:
2075 return "CONNECTION_STATE_FINALIZATION_SYNC";
2076 case CONNECTION_STATE_FINALIZATION_COOPERATE:
2077 return "CONNECTION_STATE_FINALIZATION_COOPERATE";
2078 case CONNECTION_STATE_FINALIZATION_REQUEST_CONTROL:
2079 return "CONNECTION_STATE_FINALIZATION_REQUEST_CONTROL";
2080 case CONNECTION_STATE_FINALIZATION_PERSISTENT_KEY_LIST:
2081 return "CONNECTION_STATE_FINALIZATION_PERSISTENT_KEY_LIST";
2082 case CONNECTION_STATE_FINALIZATION_FONT_LIST:
2083 return "CONNECTION_STATE_FINALIZATION_FONT_LIST";
2084 case CONNECTION_STATE_FINALIZATION_CLIENT_SYNC:
2085 return "CONNECTION_STATE_FINALIZATION_CLIENT_SYNC";
2086 case CONNECTION_STATE_FINALIZATION_CLIENT_COOPERATE:
2087 return "CONNECTION_STATE_FINALIZATION_CLIENT_COOPERATE";
2088 case CONNECTION_STATE_FINALIZATION_CLIENT_GRANTED_CONTROL:
2089 return "CONNECTION_STATE_FINALIZATION_CLIENT_GRANTED_CONTROL";
2090 case CONNECTION_STATE_FINALIZATION_CLIENT_FONT_MAP:
2091 return "CONNECTION_STATE_FINALIZATION_CLIENT_FONT_MAP";
2092 case CONNECTION_STATE_ACTIVE:
2093 return "CONNECTION_STATE_ACTIVE";
2094 default:
2095 return "UNKNOWN";
2096 }
2097}
2098
2099CONNECTION_STATE rdp_get_state(const rdpRdp* rdp)
2100{
2101 WINPR_ASSERT(rdp);
2102 return rdp->state;
2103}
2104
2105BOOL rdp_set_state(rdpRdp* rdp, CONNECTION_STATE state)
2106{
2107 WINPR_ASSERT(rdp);
2108 rdp->state = state;
2109 return TRUE;
2110}
2111
2112const char* rdp_get_state_string(const rdpRdp* rdp)
2113{
2114 CONNECTION_STATE state = rdp_get_state(rdp);
2115 return rdp_state_string(state);
2116}
2117
2118BOOL rdp_channels_from_mcs(rdpSettings* settings, const rdpRdp* rdp)
2119{
2120 const rdpMcs* mcs = nullptr;
2121
2122 WINPR_ASSERT(rdp);
2123
2124 mcs = rdp->mcs;
2125 WINPR_ASSERT(mcs);
2126
2127 if (!freerdp_settings_set_pointer_len(settings, FreeRDP_ChannelDefArray, nullptr,
2128 CHANNEL_MAX_COUNT))
2129 return FALSE;
2130
2131 for (UINT32 x = 0; x < mcs->channelCount; x++)
2132 {
2133 const rdpMcsChannel* mchannel = &mcs->channels[x];
2134 CHANNEL_DEF cur = WINPR_C_ARRAY_INIT;
2135
2136 memcpy(cur.name, mchannel->Name, sizeof(cur.name));
2137 cur.options = mchannel->options;
2138 if (!freerdp_settings_set_pointer_array(settings, FreeRDP_ChannelDefArray, x, &cur))
2139 return FALSE;
2140 }
2141
2142 return freerdp_settings_set_uint32(settings, FreeRDP_ChannelCount, mcs->channelCount);
2143}
2144
2145/* Here we are in client state CONFIRM_ACTIVE.
2146 *
2147 * This means:
2148 * 1. send the CONFIRM_ACTIVE PDU to the server
2149 * 2. register callbacks, the server can now start sending stuff
2150 */
2151state_run_t rdp_client_connect_confirm_active(rdpRdp* rdp, WINPR_ATTR_UNUSED wStream* s)
2152{
2153 WINPR_ASSERT(rdp);
2154 WINPR_ASSERT(rdp->settings);
2155 WINPR_ASSERT(s);
2156
2157 const UINT32 width = rdp->settings->DesktopWidth;
2158 const UINT32 height = rdp->settings->DesktopHeight;
2159
2160 if (!rdp_send_confirm_active(rdp))
2161 return STATE_RUN_FAILED;
2162
2163 if (!input_register_client_callbacks(rdp->input))
2164 {
2165 WLog_ERR(TAG, "error registering client callbacks");
2166 return STATE_RUN_FAILED;
2167 }
2168
2173 const BOOL deactivate_reactivate =
2174 rdp->was_deactivated && ((rdp->deactivated_width != rdp->settings->DesktopWidth) ||
2175 (rdp->deactivated_height != rdp->settings->DesktopHeight));
2176 const BOOL resolution_change =
2177 ((width != rdp->settings->DesktopWidth) || (height != rdp->settings->DesktopHeight));
2178 if (deactivate_reactivate || resolution_change)
2179 {
2180 BOOL status = TRUE;
2181 WLog_DBG(TAG, "new size %" PRIu32 "x%" PRIu32, rdp->settings->DesktopWidth,
2182 rdp->settings->DesktopHeight);
2183
2184 IFCALLRET(rdp->update->DesktopResize, status, rdp->update->context);
2185
2186 if (!status)
2187 {
2188 WLog_ERR(TAG, "client desktop resize callback failed");
2189 return STATE_RUN_FAILED;
2190 }
2191 }
2192
2193 WINPR_ASSERT(rdp->context);
2194 if (freerdp_shall_disconnect_context(rdp->context))
2195 return STATE_RUN_SUCCESS;
2196
2197 state_run_t status = STATE_RUN_SUCCESS;
2198 if (!rdp->settings->SupportMonitorLayoutPdu)
2199 status = rdp_client_connect_finalize(rdp);
2200 else
2201 {
2202 if (!rdp_client_transition_to_state(rdp,
2203 CONNECTION_STATE_CAPABILITIES_EXCHANGE_MONITOR_LAYOUT))
2204 status = STATE_RUN_FAILED;
2205 }
2206 if (!rdp_finalize_reset_flags(rdp, FALSE))
2207 status = STATE_RUN_FAILED;
2208 return status;
2209}
2210
2211BOOL rdp_handle_optional_rdp_decryption(rdpRdp* rdp, wStream* s, UINT16* length,
2212 UINT16* pSecurityFlags)
2213{
2214 BOOL rc = FALSE;
2215 WINPR_ASSERT(rdp);
2216 WINPR_ASSERT(rdp->settings);
2217
2218 UINT16 securityFlags = 0;
2219 if (rdp->settings->UseRdpSecurityLayer)
2220 {
2221 if (!rdp_read_security_header(rdp, s, &securityFlags, length))
2222 goto fail;
2223
2224 if (securityFlags & SEC_ENCRYPT)
2225 {
2226 if (!rdp_decrypt(rdp, s, length, securityFlags))
2227 goto fail;
2228 }
2229 }
2230
2231 rc = TRUE;
2232
2233fail:
2234 if (pSecurityFlags)
2235 *pSecurityFlags = securityFlags;
2236 return rc;
2237}
freerdp_settings_get_pointer
WINPR_ATTR_NODISCARD FREERDP_API const void * freerdp_settings_get_pointer(const rdpSettings *settings, FreeRDP_Settings_Keys_Pointer id)
Returns a immutable pointer settings value.
Definition common/settings.c:1475
freerdp_settings_get_string
WINPR_ATTR_NODISCARD FREERDP_API const char * freerdp_settings_get_string(const rdpSettings *settings, FreeRDP_Settings_Keys_String id)
Returns a immutable string settings value.
freerdp_settings_set_bool
WINPR_ATTR_NODISCARD FREERDP_API BOOL freerdp_settings_set_bool(rdpSettings *settings, FreeRDP_Settings_Keys_Bool id, BOOL val)
Sets a BOOL settings value.
freerdp_settings_get_pointer_writable
WINPR_ATTR_NODISCARD FREERDP_API void * freerdp_settings_get_pointer_writable(rdpSettings *settings, FreeRDP_Settings_Keys_Pointer id)
Returns a mutable pointer settings value.
Definition settings_getters.c:4113
freerdp_settings_get_codecs_flags
WINPR_ATTR_NODISCARD FREERDP_API UINT32 freerdp_settings_get_codecs_flags(const rdpSettings *settings)
helper function to get a mask of supported codec flags.
Definition common/settings.c:2064
freerdp_settings_set_uint32
WINPR_ATTR_NODISCARD FREERDP_API BOOL freerdp_settings_set_uint32(rdpSettings *settings, FreeRDP_Settings_Keys_UInt32 id, UINT32 val)
Sets a UINT32 settings value.
freerdp_settings_set_pointer_len
WINPR_ATTR_NODISCARD FREERDP_API BOOL freerdp_settings_set_pointer_len(rdpSettings *settings, FreeRDP_Settings_Keys_Pointer id, const void *data, size_t len)
Set a pointer to value data.
Definition common/settings.c:1487
freerdp_settings_get_uint32
WINPR_ATTR_NODISCARD FREERDP_API UINT32 freerdp_settings_get_uint32(const rdpSettings *settings, FreeRDP_Settings_Keys_UInt32 id)
Returns a UINT32 settings value.
freerdp_settings_set_string
WINPR_ATTR_NODISCARD FREERDP_API BOOL freerdp_settings_set_string(rdpSettings *settings, FreeRDP_Settings_Keys_String id, const char *val)
Sets a string settings value. The param is copied.
Definition settings_getters.c:3754
freerdp_settings_get_bool
WINPR_ATTR_NODISCARD FREERDP_API BOOL freerdp_settings_get_bool(const rdpSettings *settings, FreeRDP_Settings_Keys_Bool id)
Returns a boolean settings value.
ADDIN_ARGV
Definition settings_types.h:375
CHANNEL_DEF
Definition wtsapi.h:78