FreeRDP
Loading...
Searching...
No Matches
connection.c
1/*
2 * FreeRDP: A Remote Desktop Protocol Implementation
3 * Connection Sequence
4 *
5 * Copyright 2011 Marc-Andre Moreau <marcandre.moreau@gmail.com>
6 * Copyright 2015 Thincast Technologies GmbH
7 * Copyright 2015 DI (FH) Martin Haimberger <martin.haimberger@thincast.com>
8 * Copyright 2023 Armin Novak <anovak@thincast.com>
9 * Copyright 2023 Thincast Technologies GmbH
10 *
11 * Licensed under the Apache License, Version 2.0 (the "License");
12 * you may not use this file except in compliance with the License.
13 * You may obtain a copy of the License at
14 *
15 * http://www.apache.org/licenses/LICENSE-2.0
16 *
17 * Unless required by applicable law or agreed to in writing, software
18 * distributed under the License is distributed on an "AS IS" BASIS,
19 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
20 * See the License for the specific language governing permissions and
21 * limitations under the License.
22 */
23
24#include <freerdp/config.h>
25
26#include "settings.h"
27
28#include "info.h"
29#include "input.h"
30#include "rdp.h"
31#include "peer.h"
32
33#include "connection.h"
34#include "transport.h"
35
36#include <winpr/crt.h>
37#include <winpr/crypto.h>
38#include <winpr/ssl.h>
39
40#include <freerdp/log.h>
41#include <freerdp/error.h>
42#include <freerdp/listener.h>
43
44#include "../cache/pointer.h"
45#include "../crypto/crypto.h"
46#include "../crypto/privatekey.h"
47#include "../crypto/certificate.h"
48#include "gateway/arm.h"
49
50#include "utils.h"
51
52#define TAG FREERDP_TAG("core.connection")
53
197static BOOL rdp_set_state(rdpRdp* rdp, CONNECTION_STATE state);
198
199static BOOL rdp_client_reset_codecs(rdpContext* context)
200{
201 rdpSettings* settings = nullptr;
202
203 if (!context || !context->settings)
204 return FALSE;
205
206 settings = context->settings;
207
208 if (!freerdp_settings_get_bool(settings, FreeRDP_DeactivateClientDecoding))
209 {
210 const UINT32 flags = freerdp_settings_get_uint32(settings, FreeRDP_ThreadingFlags);
211 freerdp_client_codecs_free(context->codecs);
212 context->codecs = freerdp_client_codecs_new(flags);
213
214 if (!context->codecs)
215 return FALSE;
216
217 if (!freerdp_client_codecs_prepare(context->codecs,
218 freerdp_settings_get_codecs_flags(settings),
219 settings->DesktopWidth, settings->DesktopHeight))
220 return FALSE;
221
222/* Runtime H264 detection. (only available if dynamic backend loading is defined)
223 * If no backend is available disable it before the channel is loaded.
224 */
225#if defined(WITH_GFX_H264) && defined(WITH_OPENH264_LOADING)
226 if (!context->codecs->h264)
227 {
228 settings->GfxH264 = FALSE;
229 settings->GfxAVC444 = FALSE;
230 settings->GfxAVC444v2 = FALSE;
231 }
232#endif
233 }
234
235 return TRUE;
236}
237
238static BOOL rdp_client_wait_for_activation(rdpRdp* rdp)
239{
240 BOOL timedout = FALSE;
241 WINPR_ASSERT(rdp);
242
243 const rdpSettings* settings = rdp->settings;
244 WINPR_ASSERT(settings);
245
246 UINT64 now = GetTickCount64();
247 UINT64 dueDate = now + freerdp_settings_get_uint32(settings, FreeRDP_TcpAckTimeout);
248
249 for (; (now < dueDate) && !timedout; now = GetTickCount64())
250 {
251 HANDLE events[MAXIMUM_WAIT_OBJECTS] = WINPR_C_ARRAY_INIT;
252 DWORD wstatus = 0;
253 DWORD nevents = freerdp_get_event_handles(rdp->context, events, ARRAYSIZE(events));
254 if (!nevents)
255 {
256 WLog_ERR(TAG, "error retrieving connection events");
257 return FALSE;
258 }
259
260 const UINT64 timeout = (dueDate - now);
261 WINPR_ASSERT(timeout <= UINT32_MAX);
262 wstatus = WaitForMultipleObjectsEx(nevents, events, FALSE, (UINT32)timeout, TRUE);
263 switch (wstatus)
264 {
265 case WAIT_TIMEOUT:
266 /* will make us quit with a timeout */
267 timedout = TRUE;
268 break;
269 case WAIT_ABANDONED:
270 case WAIT_FAILED:
271 return FALSE;
272 case WAIT_IO_COMPLETION:
273 break;
274 case WAIT_OBJECT_0:
275 default:
276 /* handles all WAIT_OBJECT_0 + [0 .. MAXIMUM_WAIT_OBJECTS-1] cases */
277 if (rdp_check_fds(rdp) < 0)
278 {
279 freerdp_set_last_error_if_not(rdp->context,
280 FREERDP_ERROR_CONNECT_TRANSPORT_FAILED);
281 return FALSE;
282 }
283 break;
284 }
285
286 if (rdp_is_active_state(rdp))
287 return TRUE;
288 }
289
290 WLog_ERR(TAG, "Timeout waiting for activation");
291 freerdp_set_last_error_if_not(rdp->context, FREERDP_ERROR_CONNECT_ACTIVATION_TIMEOUT);
292 return FALSE;
293}
301BOOL rdp_client_connect(rdpRdp* rdp)
302{
303 UINT32 SelectedProtocol = 0;
304 BOOL status = 0;
305 /* make sure SSL is initialize for earlier enough for crypto, by taking advantage of winpr SSL
306 * FIPS flag for openssl initialization */
307 DWORD flags = WINPR_SSL_INIT_DEFAULT;
308
309 WINPR_ASSERT(rdp);
310
311 rdpSettings* settings = rdp->settings;
312 WINPR_ASSERT(settings);
313
314 if (!rdp_client_reset_codecs(rdp->context))
315 return FALSE;
316
317 if (settings->FIPSMode)
318 flags |= WINPR_SSL_INIT_ENABLE_FIPS;
319
320 if (!winpr_InitializeSSL(flags))
321 return FALSE;
322
323 rdp_log_build_warnings(rdp);
324
325 /* FIPS Mode forces the following and overrides the following(by happening later
326 * in the command line processing):
327 * 1. Forces the only supported RDP encryption method to be FIPS. */
328 if (settings->FIPSMode || winpr_FIPSMode())
329 {
330 settings->EncryptionMethods = ENCRYPTION_METHOD_FIPS;
331 }
332
333 UINT32 TcpConnectTimeout = freerdp_settings_get_uint32(settings, FreeRDP_TcpConnectTimeout);
334 if (settings->GatewayArmTransport)
335 {
336 if (!arm_resolve_endpoint(rdp->log, rdp->context, TcpConnectTimeout))
337 {
338 WLog_ERR(TAG, "error retrieving ARM configuration");
339 return FALSE;
340 }
341 }
342
343 const char* hostname = settings->ServerHostname;
344 if (!hostname)
345 {
346 WLog_ERR(TAG, "Missing hostname, can not connect to nullptr target");
347 return FALSE;
348 }
349
350 const UINT32 port = settings->ServerPort;
351 WINPR_ASSERT(port <= UINT32_MAX);
352
353 if (!rdp->nego)
354 return FALSE;
355
356 nego_init(rdp->nego);
357 nego_set_target(rdp->nego, hostname, (UINT16)port);
358
359 if (settings->GatewayEnabled)
360 {
361 char* user = nullptr;
362 char* domain = nullptr;
363 size_t user_length = 0;
364
365 if (settings->Username)
366 {
367 user = settings->Username;
368 user_length = strlen(settings->Username);
369 }
370
371 if (settings->Domain)
372 domain = settings->Domain;
373 else
374 domain = settings->ComputerName;
375
376 const size_t domain_length = strlen(domain);
377 const size_t cookie_length = domain_length + 1 + user_length;
378 char* cookie = malloc(cookie_length + 1);
379
380 if (!cookie)
381 return FALSE;
382
383 CopyMemory(cookie, domain, domain_length);
384 WINPR_ASSERT(domain_length <= UINT32_MAX);
385 CharUpperBuffA(cookie, (UINT32)domain_length);
386 cookie[domain_length] = '\\';
387
388 if (settings->Username)
389 CopyMemory(&cookie[domain_length + 1], user, user_length);
390
391 cookie[cookie_length] = '\0';
392 status = nego_set_cookie(rdp->nego, cookie);
393 free(cookie);
394 }
395 else
396 {
397 status = nego_set_cookie(rdp->nego, settings->Username);
398 }
399
400 if (!status)
401 return FALSE;
402
403 nego_set_childsession_enabled(rdp->nego, settings->ConnectChildSession);
404 nego_set_send_preconnection_pdu(rdp->nego, settings->SendPreconnectionPdu);
405 nego_set_preconnection_id(rdp->nego, settings->PreconnectionId);
406 nego_set_preconnection_blob(rdp->nego, settings->PreconnectionBlob);
407 nego_set_negotiation_enabled(rdp->nego, settings->NegotiateSecurityLayer);
408 nego_set_restricted_admin_mode_required(rdp->nego, settings->RestrictedAdminModeRequired);
409 nego_set_RCG_required(rdp->nego, settings->RemoteCredentialGuard);
410 nego_set_gateway_enabled(rdp->nego, settings->GatewayEnabled);
411 nego_set_gateway_bypass_local(rdp->nego, settings->GatewayBypassLocal);
412 nego_enable_rdp(rdp->nego, settings->RdpSecurity);
413 nego_enable_tls(rdp->nego, settings->TlsSecurity);
414 nego_enable_nla(rdp->nego, settings->NlaSecurity);
415 nego_enable_ext(rdp->nego, settings->ExtSecurity);
416 nego_enable_rdstls(rdp->nego, settings->RdstlsSecurity);
417 nego_enable_aad(rdp->nego, settings->AadSecurity);
418
419 if (settings->MstscCookieMode)
420 settings->CookieMaxLength = MSTSC_COOKIE_MAX_LENGTH;
421
422 nego_set_cookie_max_length(rdp->nego, settings->CookieMaxLength);
423
424 if (settings->LoadBalanceInfo && (settings->LoadBalanceInfoLength > 0))
425 {
426 if (!nego_set_routing_token(rdp->nego, settings->LoadBalanceInfo,
427 settings->LoadBalanceInfoLength))
428 return FALSE;
429 }
430
431 if (!freerdp_settings_get_bool(settings, FreeRDP_TransportDumpReplay))
432 {
433 if (!rdp_client_transition_to_state(rdp, CONNECTION_STATE_NEGO))
434 return FALSE;
435
436 if (!nego_connect(rdp->nego))
437 {
438 if (!freerdp_get_last_error(rdp->context))
439 {
440 freerdp_set_last_error_log(rdp->context,
441 FREERDP_ERROR_SECURITY_NEGO_CONNECT_FAILED);
442 WLog_ERR(TAG, "Error: protocol security negotiation or connection failure");
443 }
444
445 return FALSE;
446 }
447
448 SelectedProtocol = nego_get_selected_protocol(rdp->nego);
449
450 if ((SelectedProtocol & PROTOCOL_SSL) || (SelectedProtocol == PROTOCOL_RDP) ||
451 (SelectedProtocol == PROTOCOL_RDSTLS))
452 {
453 wStream s = WINPR_C_ARRAY_INIT;
454
455 if ((settings->Username != nullptr) &&
456 ((freerdp_settings_get_string(settings, FreeRDP_Password) != nullptr) ||
457 (settings->RedirectionPassword != nullptr &&
458 settings->RedirectionPasswordLength > 0)))
459 settings->AutoLogonEnabled = TRUE;
460
461 if (rdp_recv_callback(rdp->transport, &s, rdp) < 0)
462 return FALSE;
463 }
464
465 if (!transport_set_blocking_mode(rdp->transport, FALSE))
466 return FALSE;
467 }
468 else
469 {
470 if (!rdp_client_transition_to_state(rdp, CONNECTION_STATE_MCS_CREATE_REQUEST))
471 return FALSE;
472 }
473
474 /* everything beyond this point is event-driven and non blocking */
475 if (!transport_set_recv_callbacks(rdp->transport, rdp_recv_callback, rdp))
476 return FALSE;
477
478 return rdp_client_wait_for_activation(rdp);
479}
480
481BOOL rdp_client_disconnect(rdpRdp* rdp)
482{
483 rdpContext* context = nullptr;
484
485 if (!rdp || !rdp->settings || !rdp->context)
486 return FALSE;
487
488 context = rdp->context;
489
490 if (rdp->nego)
491 {
492 if (!nego_disconnect(rdp->nego))
493 return FALSE;
494 }
495
496 if (!transport_disconnect(rdp->transport))
497 return FALSE;
498
499 if (!rdp_reset(rdp))
500 return FALSE;
501
502 if (!rdp_client_transition_to_state(rdp, CONNECTION_STATE_INITIAL))
503 return FALSE;
504
505 if (context->channels)
506 {
507 if (freerdp_channels_disconnect(context->channels, context->instance) != CHANNEL_RC_OK)
508 return FALSE;
509 }
510
511 freerdp_client_codecs_free(context->codecs);
512 context->codecs = nullptr;
513 return TRUE;
514}
515
516BOOL rdp_client_disconnect_and_clear(rdpRdp* rdp)
517{
518 rdpContext* context = nullptr;
519
520 if (!rdp_client_disconnect(rdp))
521 return FALSE;
522
523 WINPR_ASSERT(rdp);
524
525 context = rdp->context;
526 WINPR_ASSERT(context);
527
528 if (freerdp_get_last_error(context) == FREERDP_ERROR_CONNECT_CANCELLED)
529 return FALSE;
530
531 context->LastError = FREERDP_ERROR_SUCCESS;
532 clearChannelError(context);
533 return utils_reset_abort(rdp);
534}
535
536static BOOL rdp_client_reconnect_channels(rdpRdp* rdp, BOOL redirect)
537{
538 BOOL status = FALSE;
539 rdpContext* context = nullptr;
540
541 if (!rdp || !rdp->context || !rdp->context->channels)
542 return FALSE;
543
544 context = rdp->context;
545
546 if (context->instance->ConnectionCallbackState == CLIENT_STATE_INITIAL)
547 return FALSE;
548
549 if (context->instance->ConnectionCallbackState == CLIENT_STATE_PRECONNECT_PASSED)
550 {
551 if (redirect)
552 return TRUE;
553
554 pointer_cache_register_callbacks(context->update);
555
556 if (!IFCALLRESULT(FALSE, context->instance->PostConnect, context->instance))
557 return FALSE;
558
559 context->instance->ConnectionCallbackState = CLIENT_STATE_POSTCONNECT_PASSED;
560 }
561
562 if (context->instance->ConnectionCallbackState == CLIENT_STATE_POSTCONNECT_PASSED)
563 status =
564 (freerdp_channels_post_connect(context->channels, context->instance) == CHANNEL_RC_OK);
565
566 return status;
567}
568
569static BOOL rdp_client_redirect_resolvable(const char* host)
570{
571 struct addrinfo* result = freerdp_tcp_resolve_host(host, -1, 0);
572
573 if (!result)
574 return FALSE;
575
576 freeaddrinfo(result);
577 return TRUE;
578}
579
580static BOOL rdp_client_redirect_try_fqdn(rdpSettings* settings)
581{
582 if (settings->RedirectionFlags & LB_TARGET_FQDN)
583 {
584 if (settings->GatewayEnabled ||
585 rdp_client_redirect_resolvable(settings->RedirectionTargetFQDN))
586 {
587 return (freerdp_settings_set_string(settings, FreeRDP_ServerHostname,
588 settings->RedirectionTargetFQDN));
589 }
590 }
591
592 return FALSE;
593}
594
595static BOOL rdp_client_redirect_try_ip(rdpSettings* settings)
596{
597 if (settings->RedirectionFlags & LB_TARGET_NET_ADDRESS)
598 {
599 return (freerdp_settings_set_string(settings, FreeRDP_ServerHostname,
600 settings->TargetNetAddress));
601 }
602
603 return FALSE;
604}
605
606static BOOL rdp_client_redirect_try_netbios(rdpSettings* settings)
607{
608 if (settings->RedirectionFlags & LB_TARGET_NETBIOS_NAME)
609 {
610 if (settings->GatewayEnabled ||
611 rdp_client_redirect_resolvable(settings->RedirectionTargetNetBiosName))
612 {
613 return (freerdp_settings_set_string(settings, FreeRDP_ServerHostname,
614 settings->RedirectionTargetNetBiosName));
615 }
616 }
617
618 return FALSE;
619}
620
621BOOL rdp_client_redirect(rdpRdp* rdp)
622{
623 BOOL status = 0;
624 rdpSettings* settings = nullptr;
625
626 if (!rdp_client_disconnect_and_clear(rdp))
627 return FALSE;
628
629 /* Only disconnect & close the channels here.
630 * they will be discarded and recreated after the new settings have been applied. */
631 freerdp_channels_disconnect(rdp->context->channels, rdp->context->instance);
632 freerdp_channels_close(rdp->context->channels, rdp->context->instance);
633
634 if (rdp_redirection_apply_settings(rdp) != 0)
635 return FALSE;
636
637 WINPR_ASSERT(rdp);
638
639 settings = rdp->settings;
640 WINPR_ASSERT(settings);
641
642 if ((settings->RedirectionFlags & LB_LOAD_BALANCE_INFO) == 0)
643 {
644 BOOL haveRedirectAddress = FALSE;
645 UINT32 redirectionMask = settings->RedirectionPreferType;
646
647 do
648 {
649 const BOOL tryFQDN = (redirectionMask & 0x01) == 0;
650 const BOOL tryNetAddress = (redirectionMask & 0x02) == 0;
651 const BOOL tryNetbios = (redirectionMask & 0x04) == 0;
652
653 if (tryFQDN && !haveRedirectAddress)
654 haveRedirectAddress = rdp_client_redirect_try_fqdn(settings);
655
656 if (tryNetAddress && !haveRedirectAddress)
657 haveRedirectAddress = rdp_client_redirect_try_ip(settings);
658
659 if (tryNetbios && !haveRedirectAddress)
660 haveRedirectAddress = rdp_client_redirect_try_netbios(settings);
661
662 redirectionMask >>= 3;
663 } while (!haveRedirectAddress && (redirectionMask != 0));
664 }
665
666 if (settings->RedirectionFlags & LB_USERNAME)
667 {
668 if (!freerdp_settings_set_string(
669 settings, FreeRDP_Username,
670 freerdp_settings_get_string(settings, FreeRDP_RedirectionUsername)))
671 return FALSE;
672 }
673
674 if (settings->RedirectionFlags & LB_DOMAIN)
675 {
676 if (!freerdp_settings_set_string(
677 settings, FreeRDP_Domain,
678 freerdp_settings_get_string(settings, FreeRDP_RedirectionDomain)))
679 return FALSE;
680 }
681
682 settings->RdstlsSecurity = ((settings->RedirectionFlags & LB_PASSWORD_IS_PK_ENCRYPTED) != 0);
683
684 WINPR_ASSERT(rdp->context);
685 WINPR_ASSERT(rdp->context->instance);
686 if (!IFCALLRESULT(TRUE, rdp->context->instance->Redirect, rdp->context->instance))
687 return FALSE;
688
689 BOOL ok = utils_reload_channels(rdp->context);
690 if (!ok)
691 return FALSE;
692
693 status = rdp_client_connect(rdp);
694
695 if (status)
696 status = rdp_client_reconnect_channels(rdp, TRUE);
697
698 return status;
699}
700
701BOOL rdp_client_reconnect(rdpRdp* rdp)
702{
703 BOOL status = 0;
704
705 if (!rdp_client_disconnect_and_clear(rdp))
706 return FALSE;
707
708 status = rdp_client_connect(rdp);
709
710 if (status)
711 status = rdp_client_reconnect_channels(rdp, FALSE);
712
713 return status;
714}
715
716static const BYTE fips_ivec[8] = { 0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF };
717
718static BOOL rdp_client_establish_keys(rdpRdp* rdp)
719{
720 wStream* s = nullptr;
721 BOOL ret = FALSE;
722
723 WINPR_ASSERT(rdp);
724 rdpSettings* settings = rdp->settings;
725 BYTE* crypt_client_random = nullptr;
726
727 WINPR_ASSERT(settings);
728 if (!settings->UseRdpSecurityLayer)
729 {
730 /* no RDP encryption */
731 return TRUE;
732 }
733
734 if (!rdp_client_transition_to_state(rdp, CONNECTION_STATE_RDP_SECURITY_COMMENCEMENT))
735 return FALSE;
736
737 /* encrypt client random */
738 if (!freerdp_settings_set_pointer_len(settings, FreeRDP_ClientRandom, nullptr,
739 CLIENT_RANDOM_LENGTH))
740 return FALSE;
741 if (winpr_RAND(settings->ClientRandom, settings->ClientRandomLength) < 0)
742 return FALSE;
743
744 const rdpCertInfo* info = freerdp_certificate_get_info(settings->RdpServerCertificate);
745 if (!info)
746 {
747 WLog_ERR(TAG, "Failed to get rdpCertInfo from RdpServerCertificate");
748 return FALSE;
749 }
750
751 /*
752 * client random must be (bitlen / 8) + 8 - see [MS-RDPBCGR] 5.3.4.1
753 * for details
754 */
755 crypt_client_random = calloc(info->ModulusLength, 1);
756
757 if (!crypt_client_random)
758 return FALSE;
759
760 if (crypto_rsa_public_encrypt(settings->ClientRandom, settings->ClientRandomLength, info,
761 crypt_client_random, info->ModulusLength) < 0)
762 goto end;
763 /* send crypt client random to server */
764 const size_t length = RDP_PACKET_HEADER_MAX_LENGTH + RDP_SECURITY_HEADER_LENGTH + 4ULL +
765 info->ModulusLength + 8ULL;
766 if (length > UINT16_MAX)
767 goto end;
768
769 s = Stream_New(nullptr, length);
770
771 if (!s)
772 {
773 WLog_ERR(TAG, "Stream_New failed!");
774 goto end;
775 }
776
777 {
778 const UINT16 sec_flags = SEC_EXCHANGE_PKT | SEC_LICENSE_ENCRYPT_SC;
779 if (!rdp_write_header(rdp, s, length, MCS_GLOBAL_CHANNEL_ID, sec_flags))
780 goto end;
781 if (!rdp_write_security_header(rdp, s, sec_flags))
782 goto end;
783 }
784
785 Stream_Write_UINT32(s, info->ModulusLength + 8);
786 Stream_Write(s, crypt_client_random, info->ModulusLength);
787 Stream_Zero(s, 8);
788 Stream_SealLength(s);
789
790 {
791 rdpTransport* transport = freerdp_get_transport(rdp->context);
792 const int status = transport_write(transport, s);
793
794 if (status < 0)
795 goto end;
796 }
797
798 rdp->do_crypt_license = TRUE;
799
800 /* now calculate encrypt / decrypt and update keys */
801 if (!security_establish_keys(rdp))
802 goto end;
803
804 rdp->do_crypt = TRUE;
805
806 if (settings->SaltedChecksum)
807 rdp->do_secure_checksum = TRUE;
808
809 if (settings->EncryptionMethods == ENCRYPTION_METHOD_FIPS)
810 {
811 rdp->fips_encrypt =
812 winpr_Cipher_NewEx(WINPR_CIPHER_DES_EDE3_CBC, WINPR_ENCRYPT, rdp->fips_encrypt_key,
813 sizeof(rdp->fips_encrypt_key), fips_ivec, sizeof(fips_ivec));
814
815 if (!rdp->fips_encrypt)
816 {
817 WLog_ERR(TAG, "unable to allocate des3 encrypt key");
818 goto end;
819 }
820
821 rdp->fips_decrypt =
822 winpr_Cipher_NewEx(WINPR_CIPHER_DES_EDE3_CBC, WINPR_DECRYPT, rdp->fips_decrypt_key,
823 sizeof(rdp->fips_decrypt_key), fips_ivec, sizeof(fips_ivec));
824
825 if (!rdp->fips_decrypt)
826 {
827 WLog_ERR(TAG, "unable to allocate des3 decrypt key");
828 goto end;
829 }
830
831 ret = TRUE;
832 goto end;
833 }
834
835 if (!rdp_reset_rc4_encrypt_keys(rdp))
836 goto end;
837 if (!rdp_reset_rc4_decrypt_keys(rdp))
838 goto end;
839
840 ret = TRUE;
841end:
842 Stream_Free(s, TRUE);
843 free(crypt_client_random);
844
845 if (!ret)
846 {
847 winpr_Cipher_Free(rdp->fips_decrypt);
848 winpr_Cipher_Free(rdp->fips_encrypt);
849 rdp->fips_decrypt = nullptr;
850 rdp->fips_encrypt = nullptr;
851
852 rdp_free_rc4_decrypt_keys(rdp);
853 rdp_free_rc4_encrypt_keys(rdp);
854 }
855
856 return ret;
857}
858
859static BOOL rdp_update_client_random(rdpSettings* settings, const BYTE* crypt_random,
860 size_t crypt_random_len)
861{
862 const size_t length = 32;
863 WINPR_ASSERT(settings);
864
865 const rdpPrivateKey* rsa = freerdp_settings_get_pointer(settings, FreeRDP_RdpServerRsaKey);
866 WINPR_ASSERT(rsa);
867
868 const rdpCertInfo* cinfo = freerdp_key_get_info(rsa);
869 WINPR_ASSERT(cinfo);
870
871 if (crypt_random_len != cinfo->ModulusLength + 8)
872 {
873 WLog_ERR(TAG, "invalid encrypted client random length");
874 return FALSE;
875 }
876 if (!freerdp_settings_set_pointer_len(settings, FreeRDP_ClientRandom, nullptr, length))
877 return FALSE;
878
879 BYTE* client_random = freerdp_settings_get_pointer_writable(settings, FreeRDP_ClientRandom);
880 WINPR_ASSERT(client_random);
881 return crypto_rsa_private_decrypt(crypt_random, crypt_random_len - 8, rsa, client_random,
882 length) > 0;
883}
884
885BOOL rdp_server_establish_keys(rdpRdp* rdp, wStream* s)
886{
887 UINT32 rand_len = 0;
888 UINT16 channel_id = 0;
889 UINT16 length = 0;
890 UINT16 sec_flags = 0;
891 BOOL ret = FALSE;
892
893 WINPR_ASSERT(rdp);
894
895 if (!rdp->settings->UseRdpSecurityLayer)
896 {
897 /* No RDP Security. */
898 return TRUE;
899 }
900
901 if (!rdp_read_header(rdp, s, &length, &channel_id))
902 return FALSE;
903
904 if (!rdp_read_security_header(rdp, s, &sec_flags, nullptr))
905 {
906 WLog_Print(rdp->log, WLOG_ERROR, "invalid security header");
907 return FALSE;
908 }
909
910 if ((sec_flags & SEC_EXCHANGE_PKT) == 0)
911 {
912 WLog_Print(rdp->log, WLOG_ERROR, "missing SEC_EXCHANGE_PKT in security header");
913 return FALSE;
914 }
915
916 rdp->do_crypt_license = ((sec_flags & SEC_LICENSE_ENCRYPT_SC) != 0);
917
918 if (!Stream_CheckAndLogRequiredLengthWLog(rdp->log, s, 4))
919 return FALSE;
920
921 Stream_Read_UINT32(s, rand_len);
922
923 /* rand_len already includes 8 bytes of padding */
924 if (!Stream_CheckAndLogRequiredLengthWLog(rdp->log, s, rand_len))
925 return FALSE;
926
927 const BYTE* crypt_random = Stream_ConstPointer(s);
928 if (!Stream_SafeSeek(s, rand_len))
929 goto end;
930 if (!rdp_update_client_random(rdp->settings, crypt_random, rand_len))
931 goto end;
932
933 /* now calculate encrypt / decrypt and update keys */
934 if (!security_establish_keys(rdp))
935 goto end;
936
937 rdp->do_crypt = TRUE;
938
939 if (rdp->settings->EncryptionMethods == ENCRYPTION_METHOD_FIPS)
940 {
941 rdp->fips_encrypt =
942 winpr_Cipher_NewEx(WINPR_CIPHER_DES_EDE3_CBC, WINPR_ENCRYPT, rdp->fips_encrypt_key,
943 sizeof(rdp->fips_encrypt_key), fips_ivec, sizeof(fips_ivec));
944
945 if (!rdp->fips_encrypt)
946 {
947 WLog_Print(rdp->log, WLOG_ERROR, "unable to allocate des3 encrypt key");
948 goto end;
949 }
950
951 rdp->fips_decrypt =
952 winpr_Cipher_NewEx(WINPR_CIPHER_DES_EDE3_CBC, WINPR_DECRYPT, rdp->fips_decrypt_key,
953 sizeof(rdp->fips_decrypt_key), fips_ivec, sizeof(fips_ivec));
954
955 if (!rdp->fips_decrypt)
956 {
957 WLog_Print(rdp->log, WLOG_ERROR, "unable to allocate des3 decrypt key");
958 goto end;
959 }
960
961 ret = TRUE;
962 goto end;
963 }
964
965 if (!rdp_reset_rc4_encrypt_keys(rdp))
966 goto end;
967
968 if (!rdp_reset_rc4_decrypt_keys(rdp))
969 goto end;
970
971 ret = tpkt_ensure_stream_consumed(rdp->log, s, length);
972end:
973
974 if (!ret)
975 {
976 winpr_Cipher_Free(rdp->fips_encrypt);
977 winpr_Cipher_Free(rdp->fips_decrypt);
978 rdp->fips_encrypt = nullptr;
979 rdp->fips_decrypt = nullptr;
980
981 rdp_free_rc4_encrypt_keys(rdp);
982 rdp_free_rc4_decrypt_keys(rdp);
983 }
984
985 return ret;
986}
987
988static BOOL rdp_client_send_client_info_and_change_state(rdpRdp* rdp)
989{
990 WINPR_ASSERT(rdp);
991 if (!rdp_client_establish_keys(rdp))
992 return FALSE;
993 if (!rdp_client_transition_to_state(rdp, CONNECTION_STATE_SECURE_SETTINGS_EXCHANGE))
994 return FALSE;
995 if (!rdp_send_client_info(rdp))
996 return FALSE;
997 if (!rdp_client_transition_to_state(rdp, CONNECTION_STATE_CONNECT_TIME_AUTO_DETECT_REQUEST))
998 return FALSE;
999 return TRUE;
1000}
1001
1002BOOL rdp_client_skip_mcs_channel_join(rdpRdp* rdp)
1003{
1004 WINPR_ASSERT(rdp);
1005
1006 rdpMcs* mcs = rdp->mcs;
1007 WINPR_ASSERT(mcs);
1008
1009 mcs->userChannelJoined = TRUE;
1010 mcs->globalChannelJoined = TRUE;
1011 mcs->messageChannelJoined = TRUE;
1012
1013 for (UINT32 i = 0; i < mcs->channelCount; i++)
1014 {
1015 rdpMcsChannel* cur = &mcs->channels[i];
1016 WLog_DBG(TAG, " %s [%" PRIu16 "]", cur->Name, cur->ChannelId);
1017 cur->joined = TRUE;
1018 }
1019
1020 return rdp_client_send_client_info_and_change_state(rdp);
1021}
1022
1023static BOOL rdp_client_join_channel(rdpRdp* rdp, UINT16 ChannelId)
1024{
1025 WINPR_ASSERT(rdp);
1026
1027 rdpMcs* mcs = rdp->mcs;
1028 if (!rdp_client_transition_to_state(rdp, CONNECTION_STATE_MCS_CHANNEL_JOIN_REQUEST))
1029 return FALSE;
1030 if (!mcs_send_channel_join_request(mcs, ChannelId))
1031 return FALSE;
1032 if (!rdp_client_transition_to_state(rdp, CONNECTION_STATE_MCS_CHANNEL_JOIN_RESPONSE))
1033 return FALSE;
1034 return TRUE;
1035}
1036
1037BOOL rdp_client_connect_mcs_channel_join_confirm(rdpRdp* rdp, wStream* s)
1038{
1039 UINT16 channelId = 0;
1040 BOOL allJoined = TRUE;
1041
1042 WINPR_ASSERT(rdp);
1043 rdpMcs* mcs = rdp->mcs;
1044
1045 if (!mcs_recv_channel_join_confirm(mcs, s, &channelId))
1046 return FALSE;
1047
1048 if (!mcs->userChannelJoined)
1049 {
1050 if (channelId != mcs->userId)
1051 {
1052 WLog_ERR(TAG, "expected user channel id %" PRIu16 ", but received %" PRIu16,
1053 mcs->userId, channelId);
1054 return FALSE;
1055 }
1056
1057 mcs->userChannelJoined = TRUE;
1058 if (!rdp_client_join_channel(rdp, MCS_GLOBAL_CHANNEL_ID))
1059 return FALSE;
1060 }
1061 else if (!mcs->globalChannelJoined)
1062 {
1063 if (channelId != MCS_GLOBAL_CHANNEL_ID)
1064 {
1065 WLog_ERR(TAG, "expected uglobalser channel id %d, but received %" PRIu16,
1066 MCS_GLOBAL_CHANNEL_ID, channelId);
1067 return FALSE;
1068 }
1069 mcs->globalChannelJoined = TRUE;
1070
1071 if (mcs->messageChannelId != 0)
1072 {
1073 if (!rdp_client_join_channel(rdp, mcs->messageChannelId))
1074 return FALSE;
1075 allJoined = FALSE;
1076 }
1077 else
1078 {
1079 if (mcs->channelCount > 0)
1080 {
1081 const rdpMcsChannel* cur = &mcs->channels[0];
1082 if (!rdp_client_join_channel(rdp, cur->ChannelId))
1083 return FALSE;
1084 allJoined = FALSE;
1085 }
1086 }
1087 }
1088 else if ((mcs->messageChannelId != 0) && !mcs->messageChannelJoined)
1089 {
1090 if (channelId != mcs->messageChannelId)
1091 {
1092 WLog_ERR(TAG, "expected messageChannelId=%" PRIu16 ", got %" PRIu16,
1093 mcs->messageChannelId, channelId);
1094 return FALSE;
1095 }
1096
1097 mcs->messageChannelJoined = TRUE;
1098
1099 if (mcs->channelCount > 0)
1100 {
1101 const rdpMcsChannel* cur = &mcs->channels[0];
1102 if (!rdp_client_join_channel(rdp, cur->ChannelId))
1103 return FALSE;
1104 allJoined = FALSE;
1105 }
1106 }
1107 else
1108 {
1109 UINT32 i = 0;
1110 for (; i < mcs->channelCount; i++)
1111 {
1112 rdpMcsChannel* cur = &mcs->channels[i];
1113 if (cur->joined)
1114 continue;
1115
1116 if (cur->ChannelId != channelId)
1117 {
1118 WLog_ERR(TAG, "expected channel id %d, but received %" PRIu16,
1119 MCS_GLOBAL_CHANNEL_ID, channelId);
1120 return FALSE;
1121 }
1122 cur->joined = TRUE;
1123 break;
1124 }
1125
1126 if (i + 1 < mcs->channelCount)
1127 {
1128 const rdpMcsChannel* cur = &mcs->channels[i + 1];
1129 if (!rdp_client_join_channel(rdp, cur->ChannelId))
1130 return FALSE;
1131 allJoined = FALSE;
1132 }
1133 }
1134
1135 if (mcs->userChannelJoined && mcs->globalChannelJoined && allJoined)
1136 {
1137 if (!rdp_client_send_client_info_and_change_state(rdp))
1138 return FALSE;
1139 }
1140
1141 return TRUE;
1142}
1143
1144state_run_t rdp_handle_message_channel(rdpRdp* rdp, wStream* s, UINT16 channelId, UINT16 length)
1145{
1146 WINPR_ASSERT(rdp);
1147 WINPR_ASSERT(rdp->mcs);
1148
1149 if (!rdp->mcs->messageChannelJoined)
1150 {
1151 WLog_Print(rdp->log, WLOG_WARN, "MCS message channel not joined!");
1152 return STATE_RUN_FAILED;
1153 }
1154 const UINT16 messageChannelId = rdp->mcs->messageChannelId;
1155 if (messageChannelId == 0)
1156 {
1157 WLog_Print(rdp->log, WLOG_WARN, "MCS message channel id == 0");
1158 return STATE_RUN_FAILED;
1159 }
1160
1161 if ((channelId != messageChannelId) && (channelId != MCS_GLOBAL_CHANNEL_ID))
1162 {
1163 WLog_Print(rdp->log, WLOG_WARN,
1164 "MCS message channel expected id=[%" PRIu16 "|%d], got %" PRIu16,
1165 messageChannelId, MCS_GLOBAL_CHANNEL_ID, channelId);
1166 return STATE_RUN_FAILED;
1167 }
1168
1169 UINT16 securityFlags = 0;
1170 if (!rdp_read_security_header(rdp, s, &securityFlags, &length))
1171 return STATE_RUN_FAILED;
1172
1173 if (securityFlags & SEC_ENCRYPT)
1174 {
1175 if (!rdp_decrypt(rdp, s, &length, securityFlags))
1176 return STATE_RUN_FAILED;
1177 }
1178
1179 const state_run_t rc = rdp_recv_message_channel_pdu(rdp, s, securityFlags);
1180 if (state_run_success(rc))
1181 {
1182 if (!tpkt_ensure_stream_consumed(rdp->log, s, length))
1183 return STATE_RUN_FAILED;
1184 }
1185 return rc;
1186}
1187
1188BOOL rdp_client_connect_auto_detect(rdpRdp* rdp, wStream* s, DWORD logLevel)
1189{
1190 BOOL res = TRUE;
1191 WINPR_ASSERT(rdp);
1192 WINPR_ASSERT(rdp->mcs);
1193
1194 size_t pos = Stream_GetPosition(s);
1195 UINT16 length = 0;
1196 UINT16 channelId = 0;
1197
1198 if (!rdp_read_header(rdp, s, &length, &channelId))
1199 res = FALSE;
1200 else
1201 {
1202 const UINT16 messageChannelId = rdp->mcs->messageChannelId;
1203 /* If the MCS message channel has been joined... */
1204
1205 /* Process any MCS message channel PDUs. */
1206 if (rdp->mcs->messageChannelJoined && (channelId == messageChannelId))
1207 {
1208 const state_run_t rc = rdp_handle_message_channel(rdp, s, channelId, length);
1209 res = state_run_success(rc);
1210 pos = Stream_GetPosition(s);
1211 }
1212 else
1213 {
1214 wLog* log = WLog_Get(TAG);
1215 WLog_Print(log, logLevel, "expected messageChannelId=%" PRIu16 ", got %" PRIu16,
1216 messageChannelId, channelId);
1217 res = FALSE;
1218 }
1219 }
1220
1221 if (!Stream_SetPosition(s, pos))
1222 res = FALSE;
1223 return res;
1224}
1225
1226state_run_t rdp_client_connect_license(rdpRdp* rdp, wStream* s)
1227{
1228 state_run_t status = STATE_RUN_FAILED;
1229 LICENSE_STATE state = LICENSE_STATE_ABORTED;
1230 UINT16 length = 0;
1231 UINT16 channelId = 0;
1232 UINT16 securityFlags = 0;
1233
1234 WINPR_ASSERT(rdp);
1235 if (!rdp_read_header(rdp, s, &length, &channelId))
1236 return STATE_RUN_FAILED;
1237
1238 /* there might be autodetect messages mixed in between licensing messages.
1239 * that has been observed with 2k12 R2 and 2k19
1240 */
1241 const UINT16 messageChannelId = rdp->mcs->messageChannelId;
1242 if (rdp->mcs->messageChannelJoined && (channelId == messageChannelId))
1243 {
1244 return rdp_handle_message_channel(rdp, s, channelId, length);
1245 }
1246
1247 if (!rdp_read_security_header(rdp, s, &securityFlags, &length))
1248 return STATE_RUN_FAILED;
1249
1250 if (securityFlags & SEC_ENCRYPT)
1251 {
1252 if (!rdp_decrypt(rdp, s, &length, securityFlags))
1253 return STATE_RUN_FAILED;
1254 }
1255
1256 if (channelId != MCS_GLOBAL_CHANNEL_ID)
1257 WLog_WARN(TAG, "unexpected message for channel %u, expected %d", channelId,
1258 MCS_GLOBAL_CHANNEL_ID);
1259
1260 if ((securityFlags & SEC_LICENSE_PKT) == 0)
1261 {
1262 char buffer[512] = WINPR_C_ARRAY_INIT;
1263 char lbuffer[32] = WINPR_C_ARRAY_INIT;
1264 WLog_ERR(TAG, "securityFlags=%s, missing required flag %s",
1265 rdp_security_flag_string(securityFlags, buffer, sizeof(buffer)),
1266 rdp_security_flag_string(SEC_LICENSE_PKT, lbuffer, sizeof(lbuffer)));
1267 return STATE_RUN_FAILED;
1268 }
1269
1270 status = license_recv(rdp->license, s);
1271
1272 if (state_run_failed(status))
1273 return status;
1274
1275 state = license_get_state(rdp->license);
1276 switch (state)
1277 {
1278 case LICENSE_STATE_ABORTED:
1279 WLog_ERR(TAG, "license connection sequence aborted.");
1280 return STATE_RUN_FAILED;
1281 case LICENSE_STATE_COMPLETED:
1282 if (rdp->settings->MultitransportFlags)
1283 {
1284 if (!rdp_client_transition_to_state(
1285 rdp, CONNECTION_STATE_MULTITRANSPORT_BOOTSTRAPPING_REQUEST))
1286 return STATE_RUN_FAILED;
1287 }
1288 else
1289 {
1290 if (!rdp_client_transition_to_state(
1291 rdp, CONNECTION_STATE_CAPABILITIES_EXCHANGE_DEMAND_ACTIVE))
1292 return STATE_RUN_FAILED;
1293 }
1294 return STATE_RUN_SUCCESS;
1295 default:
1296 return STATE_RUN_SUCCESS;
1297 }
1298}
1299
1300state_run_t rdp_client_connect_demand_active(rdpRdp* rdp, wStream* s)
1301{
1302 UINT16 length = 0;
1303 UINT16 channelId = 0;
1304 UINT16 pduType = 0;
1305 UINT16 pduSource = 0;
1306
1307 WINPR_ASSERT(rdp);
1308 WINPR_ASSERT(s);
1309 WINPR_ASSERT(rdp->settings);
1310
1311 if (!rdp_recv_get_active_header(rdp, s, &channelId, &length))
1312 return STATE_RUN_FAILED;
1313
1314 if (freerdp_shall_disconnect_context(rdp->context))
1315 return STATE_RUN_QUIT_SESSION;
1316
1317 if (rdp->mcs->messageChannelId && (channelId == rdp->mcs->messageChannelId))
1318 {
1319 rdp->inPackets++;
1320 return rdp_handle_message_channel(rdp, s, channelId, length);
1321 }
1322
1323 if (!rdp_handle_optional_rdp_decryption(rdp, s, &length, nullptr))
1324 return STATE_RUN_FAILED;
1325
1326 if (!rdp_read_share_control_header(rdp, s, nullptr, nullptr, &pduType, &pduSource))
1327 return STATE_RUN_FAILED;
1328
1329 switch (pduType)
1330 {
1331 case PDU_TYPE_DEMAND_ACTIVE:
1332 if (!rdp_recv_demand_active(rdp, s, pduSource, length))
1333 return STATE_RUN_FAILED;
1334 return STATE_RUN_ACTIVE;
1335 default:
1336 return rdp_recv_out_of_sequence_pdu(rdp, s, pduType, length);
1337 }
1338}
1339
1340state_run_t rdp_client_connect_finalize(rdpRdp* rdp)
1341{
1342 WINPR_ASSERT(rdp);
1349 if (!rdp_client_transition_to_state(rdp, CONNECTION_STATE_FINALIZATION_SYNC))
1350 return STATE_RUN_FAILED;
1351
1352 if (!rdp_send_client_synchronize_pdu(rdp))
1353 return STATE_RUN_FAILED;
1354
1355 if (!rdp_client_transition_to_state(rdp, CONNECTION_STATE_FINALIZATION_COOPERATE))
1356 return STATE_RUN_FAILED;
1357 if (!rdp_send_client_control_pdu(rdp, CTRLACTION_COOPERATE))
1358 return STATE_RUN_FAILED;
1359
1360 if (!rdp_client_transition_to_state(rdp, CONNECTION_STATE_FINALIZATION_REQUEST_CONTROL))
1361 return STATE_RUN_FAILED;
1362 if (!rdp_send_client_control_pdu(rdp, CTRLACTION_REQUEST_CONTROL))
1363 return STATE_RUN_FAILED;
1364
1372 if (!rdp_finalize_is_flag_set(rdp, FINALIZE_DEACTIVATE_REACTIVATE) &&
1373 freerdp_settings_get_bool(rdp->settings, FreeRDP_BitmapCachePersistEnabled))
1374 {
1375 if (!rdp_client_transition_to_state(rdp, CONNECTION_STATE_FINALIZATION_PERSISTENT_KEY_LIST))
1376 return STATE_RUN_FAILED;
1377 if (!rdp_send_client_persistent_key_list_pdu(rdp))
1378 return STATE_RUN_FAILED;
1379 }
1380
1381 if (!rdp_client_transition_to_state(rdp, CONNECTION_STATE_FINALIZATION_FONT_LIST))
1382 return STATE_RUN_FAILED;
1383 if (!rdp_send_client_font_list_pdu(rdp, FONTLIST_FIRST | FONTLIST_LAST))
1384 return STATE_RUN_FAILED;
1385
1386 if (!rdp_client_transition_to_state(rdp, CONNECTION_STATE_FINALIZATION_CLIENT_SYNC))
1387 return STATE_RUN_FAILED;
1388 return STATE_RUN_SUCCESS;
1389}
1390
1391BOOL rdp_client_transition_to_state(rdpRdp* rdp, CONNECTION_STATE state)
1392{
1393 const char* name = rdp_state_string(state);
1394
1395 WINPR_ASSERT(rdp);
1396 WLog_Print(rdp->log, WLOG_DEBUG, "%s --> %s", rdp_get_state_string(rdp), name);
1397
1398 if (!rdp_set_state(rdp, state))
1399 return FALSE;
1400
1401 switch (state)
1402 {
1403 case CONNECTION_STATE_FINALIZATION_SYNC:
1404 case CONNECTION_STATE_FINALIZATION_COOPERATE:
1405 case CONNECTION_STATE_FINALIZATION_REQUEST_CONTROL:
1406 case CONNECTION_STATE_FINALIZATION_PERSISTENT_KEY_LIST:
1407 case CONNECTION_STATE_FINALIZATION_FONT_LIST:
1408 update_reset_state(rdp->update);
1409 break;
1410
1411 case CONNECTION_STATE_CAPABILITIES_EXCHANGE_CONFIRM_ACTIVE:
1412 {
1413 ActivatedEventArgs activatedEvent = WINPR_C_ARRAY_INIT;
1414 rdpContext* context = rdp->context;
1415 EventArgsInit(&activatedEvent, "libfreerdp");
1416 activatedEvent.firstActivation =
1417 !rdp_finalize_is_flag_set(rdp, FINALIZE_DEACTIVATE_REACTIVATE);
1418 if (PubSub_OnActivated(rdp->pubSub, context, &activatedEvent) < 0)
1419 return FALSE;
1420 }
1421
1422 break;
1423
1424 default:
1425 break;
1426 }
1427
1428 {
1429 ConnectionStateChangeEventArgs stateEvent = WINPR_C_ARRAY_INIT;
1430 rdpContext* context = rdp->context;
1431 EventArgsInit(&stateEvent, "libfreerdp");
1432 stateEvent.state = WINPR_ASSERTING_INT_CAST(int32_t, rdp_get_state(rdp));
1433 stateEvent.active = rdp_is_active_state(rdp);
1434 if (PubSub_OnConnectionStateChange(rdp->pubSub, context, &stateEvent) < 0)
1435 return FALSE;
1436 }
1437
1438 return TRUE;
1439}
1440
1441BOOL rdp_server_accept_nego(rdpRdp* rdp, wStream* s)
1442{
1443 UINT32 SelectedProtocol = 0;
1444 UINT32 RequestedProtocols = 0;
1445 BOOL status = 0;
1446 rdpSettings* settings = nullptr;
1447 rdpNego* nego = nullptr;
1448
1449 WINPR_ASSERT(rdp);
1450 WINPR_ASSERT(s);
1451
1452 settings = rdp->settings;
1453 WINPR_ASSERT(settings);
1454
1455 nego = rdp->nego;
1456 WINPR_ASSERT(nego);
1457
1458 if (!transport_set_blocking_mode(rdp->transport, TRUE))
1459 return FALSE;
1460
1461 if (!nego_read_request(nego, s))
1462 return FALSE;
1463
1464 RequestedProtocols = nego_get_requested_protocols(nego);
1465 WLog_DBG(TAG, "Client Security: RDSTLS:%d NLA:%d TLS:%d RDP:%d",
1466 (RequestedProtocols & PROTOCOL_RDSTLS) ? 1 : 0,
1467 (RequestedProtocols & PROTOCOL_HYBRID) ? 1 : 0,
1468 (RequestedProtocols & PROTOCOL_SSL) ? 1 : 0,
1469 (RequestedProtocols == PROTOCOL_RDP) ? 1 : 0);
1470 WLog_DBG(TAG,
1471 "Server Security: RDSTLS:%" PRId32 " NLA:%" PRId32 " TLS:%" PRId32 " RDP:%" PRId32 "",
1472 settings->RdstlsSecurity, settings->NlaSecurity, settings->TlsSecurity,
1473 settings->RdpSecurity);
1474
1475 if ((settings->RdstlsSecurity) && (RequestedProtocols & PROTOCOL_RDSTLS))
1476 {
1477 SelectedProtocol = PROTOCOL_RDSTLS;
1478 }
1479 else if ((settings->NlaSecurity) && (RequestedProtocols & PROTOCOL_HYBRID))
1480 {
1481 SelectedProtocol = PROTOCOL_HYBRID;
1482 }
1483 else if ((settings->TlsSecurity) && (RequestedProtocols & PROTOCOL_SSL))
1484 {
1485 SelectedProtocol = PROTOCOL_SSL;
1486 }
1487 else if ((settings->RdpSecurity) && (RequestedProtocols == PROTOCOL_RDP))
1488 {
1489 SelectedProtocol = PROTOCOL_RDP;
1490 }
1491 else
1492 {
1493 /*
1494 * when here client and server aren't compatible, we select the right
1495 * error message to return to the client in the nego failure packet
1496 */
1497 SelectedProtocol = PROTOCOL_FAILED_NEGO;
1498
1499 if (settings->RdpSecurity)
1500 {
1501 WLog_ERR(TAG, "server supports only Standard RDP Security");
1502 SelectedProtocol |= SSL_NOT_ALLOWED_BY_SERVER;
1503 }
1504 else
1505 {
1506 if (settings->NlaSecurity && !settings->TlsSecurity)
1507 {
1508 WLog_WARN(TAG, "server supports only NLA Security");
1509 SelectedProtocol |= HYBRID_REQUIRED_BY_SERVER;
1510 }
1511 else
1512 {
1513 WLog_WARN(TAG, "server supports only a SSL based Security (TLS or NLA)");
1514 SelectedProtocol |= SSL_REQUIRED_BY_SERVER;
1515 }
1516 }
1517
1518 WLog_ERR(TAG, "Protocol security negotiation failure");
1519 }
1520
1521 if (!(SelectedProtocol & PROTOCOL_FAILED_NEGO))
1522 {
1523 WLog_DBG(TAG, "Negotiated Security: RDSTLS:%d NLA:%d TLS:%d RDP:%d",
1524 (SelectedProtocol & PROTOCOL_RDSTLS) ? 1 : 0,
1525 (SelectedProtocol & PROTOCOL_HYBRID) ? 1 : 0,
1526 (SelectedProtocol & PROTOCOL_SSL) ? 1 : 0,
1527 (SelectedProtocol == PROTOCOL_RDP) ? 1 : 0);
1528 }
1529
1530 if (!nego_set_selected_protocol(nego, SelectedProtocol))
1531 return FALSE;
1532
1533 if (!nego_send_negotiation_response(nego))
1534 return FALSE;
1535
1536 SelectedProtocol = nego_get_selected_protocol(nego);
1537 status = FALSE;
1538
1539 if (freerdp_settings_get_bool(rdp->settings, FreeRDP_VmConnectMode) &&
1540 SelectedProtocol != PROTOCOL_RDP)
1541 /* When behind a Hyper-V proxy, security != RDP is handled by the host. */
1542 status = TRUE;
1543 else if (SelectedProtocol & PROTOCOL_RDSTLS)
1544 status = transport_accept_rdstls(rdp->transport);
1545 else if (SelectedProtocol & PROTOCOL_HYBRID)
1546 status = transport_accept_nla(rdp->transport);
1547 else if (SelectedProtocol & PROTOCOL_SSL)
1548 status = transport_accept_tls(rdp->transport);
1549 else if (SelectedProtocol == PROTOCOL_RDP) /* 0 */
1550 status = transport_accept_rdp(rdp->transport);
1551
1552 if (!status)
1553 return FALSE;
1554
1555 return transport_set_blocking_mode(rdp->transport, FALSE);
1556}
1557
1558static BOOL rdp_update_encryption_level(rdpSettings* settings)
1559{
1560 WINPR_ASSERT(settings);
1561
1562 UINT32 EncryptionLevel = freerdp_settings_get_uint32(settings, FreeRDP_EncryptionLevel);
1563 UINT32 EncryptionMethods = freerdp_settings_get_uint32(settings, FreeRDP_EncryptionMethods);
1564
1575 if (!settings->UseRdpSecurityLayer)
1576 {
1577 /* TLS/NLA is used: disable rdp style encryption */
1578 EncryptionLevel = ENCRYPTION_LEVEL_NONE;
1579 }
1580 else
1581 {
1582 /* verify server encryption level value */
1583 switch (EncryptionLevel)
1584 {
1585 case ENCRYPTION_LEVEL_NONE:
1586 WLog_INFO(TAG, "Active rdp encryption level: NONE");
1587 break;
1588
1589 case ENCRYPTION_LEVEL_FIPS:
1590 WLog_INFO(TAG, "Active rdp encryption level: FIPS Compliant");
1591 break;
1592
1593 case ENCRYPTION_LEVEL_HIGH:
1594 WLog_INFO(TAG, "Active rdp encryption level: HIGH");
1595 break;
1596
1597 case ENCRYPTION_LEVEL_LOW:
1598 WLog_INFO(TAG, "Active rdp encryption level: LOW");
1599 break;
1600
1601 case ENCRYPTION_LEVEL_CLIENT_COMPATIBLE:
1602 WLog_INFO(TAG, "Active rdp encryption level: CLIENT-COMPATIBLE");
1603 break;
1604
1605 default:
1606 WLog_ERR(TAG, "Invalid server encryption level 0x%08" PRIX32 "", EncryptionLevel);
1607 WLog_ERR(TAG, "Switching to encryption level CLIENT-COMPATIBLE");
1608 EncryptionLevel = ENCRYPTION_LEVEL_CLIENT_COMPATIBLE;
1609 }
1610 }
1611
1612 /* choose rdp encryption method based on server level and client methods */
1613 switch (EncryptionLevel)
1614 {
1615 case ENCRYPTION_LEVEL_NONE:
1616 /* The only valid method is NONE in this case */
1617 EncryptionMethods = ENCRYPTION_METHOD_NONE;
1618 break;
1619
1620 case ENCRYPTION_LEVEL_FIPS:
1621
1622 /* The only valid method is FIPS in this case */
1623 if (!(EncryptionMethods & ENCRYPTION_METHOD_FIPS))
1624 {
1625 WLog_WARN(TAG, "client does not support FIPS as required by server configuration");
1626 }
1627
1628 EncryptionMethods = ENCRYPTION_METHOD_FIPS;
1629 break;
1630
1631 case ENCRYPTION_LEVEL_HIGH:
1632
1633 /* Maximum key strength supported by the server must be used (128 bit)*/
1634 if (!(EncryptionMethods & ENCRYPTION_METHOD_128BIT))
1635 {
1636 WLog_WARN(TAG, "client does not support 128 bit encryption method as required by "
1637 "server configuration");
1638 }
1639
1640 EncryptionMethods = ENCRYPTION_METHOD_128BIT;
1641 break;
1642
1643 case ENCRYPTION_LEVEL_LOW:
1644 case ENCRYPTION_LEVEL_CLIENT_COMPATIBLE:
1645
1646 /* Maximum key strength supported by the client must be used */
1647 if (EncryptionMethods & ENCRYPTION_METHOD_128BIT)
1648 EncryptionMethods = ENCRYPTION_METHOD_128BIT;
1649 else if (EncryptionMethods & ENCRYPTION_METHOD_56BIT)
1650 EncryptionMethods = ENCRYPTION_METHOD_56BIT;
1651 else if (EncryptionMethods & ENCRYPTION_METHOD_40BIT)
1652 EncryptionMethods = ENCRYPTION_METHOD_40BIT;
1653 else if (EncryptionMethods & ENCRYPTION_METHOD_FIPS)
1654 EncryptionMethods = ENCRYPTION_METHOD_FIPS;
1655 else
1656 {
1657 WLog_WARN(TAG, "client has not announced any supported encryption methods");
1658 EncryptionMethods = ENCRYPTION_METHOD_128BIT;
1659 }
1660
1661 break;
1662
1663 default:
1664 WLog_ERR(TAG, "internal error: unknown encryption level");
1665 return FALSE;
1666 }
1667
1668 /* log selected encryption method */
1669 if (settings->UseRdpSecurityLayer)
1670 {
1671 switch (EncryptionMethods)
1672 {
1673 case ENCRYPTION_METHOD_NONE:
1674 WLog_INFO(TAG, "Selected rdp encryption method: NONE");
1675 break;
1676
1677 case ENCRYPTION_METHOD_40BIT:
1678 WLog_INFO(TAG, "Selected rdp encryption method: 40BIT");
1679 break;
1680
1681 case ENCRYPTION_METHOD_56BIT:
1682 WLog_INFO(TAG, "Selected rdp encryption method: 56BIT");
1683 break;
1684
1685 case ENCRYPTION_METHOD_128BIT:
1686 WLog_INFO(TAG, "Selected rdp encryption method: 128BIT");
1687 break;
1688
1689 case ENCRYPTION_METHOD_FIPS:
1690 WLog_INFO(TAG, "Selected rdp encryption method: FIPS");
1691 break;
1692
1693 default:
1694 WLog_ERR(TAG, "internal error: unknown encryption method");
1695 return FALSE;
1696 }
1697 }
1698
1699 if (!freerdp_settings_set_uint32(settings, FreeRDP_EncryptionLevel, EncryptionLevel))
1700 return FALSE;
1701 if (!freerdp_settings_set_uint32(settings, FreeRDP_EncryptionMethods, EncryptionMethods))
1702 return FALSE;
1703 return TRUE;
1704}
1705
1706BOOL rdp_server_accept_mcs_connect_initial(rdpRdp* rdp, wStream* s)
1707{
1708 WINPR_ASSERT(rdp);
1709 WINPR_ASSERT(s);
1710
1711 rdpMcs* mcs = rdp->mcs;
1712 WINPR_ASSERT(mcs);
1713
1714 WINPR_ASSERT(rdp_get_state(rdp) == CONNECTION_STATE_MCS_CREATE_REQUEST);
1715 if (!mcs_recv_connect_initial(mcs, s))
1716 return FALSE;
1717 WINPR_ASSERT(rdp->settings);
1718
1719 if (!mcs_server_apply_to_settings(mcs, rdp->settings))
1720 return FALSE;
1721
1722 WLog_DBG(TAG, "Accepted client: %s", rdp->settings->ClientHostname);
1723 WLog_DBG(TAG, "Accepted channels:");
1724
1725 WINPR_ASSERT(mcs->channels || (mcs->channelCount == 0));
1726 for (UINT32 i = 0; i < mcs->channelCount; i++)
1727 {
1728 ADDIN_ARGV* arg = nullptr;
1729 rdpMcsChannel* cur = &mcs->channels[i];
1730 const char* params[1] = { cur->Name };
1731 WLog_DBG(TAG, " %s [%" PRIu16 "]", cur->Name, cur->ChannelId);
1732 arg = freerdp_addin_argv_new(ARRAYSIZE(params), params);
1733 if (!arg)
1734 return FALSE;
1735
1736 if (!freerdp_static_channel_collection_add(rdp->settings, arg))
1737 {
1738 freerdp_addin_argv_free(arg);
1739 return FALSE;
1740 }
1741 }
1742
1743 if (!rdp_server_transition_to_state(rdp, CONNECTION_STATE_MCS_CREATE_RESPONSE))
1744 return FALSE;
1745 if (!rdp_update_encryption_level(rdp->settings))
1746 return FALSE;
1747 if (!mcs_send_connect_response(mcs))
1748 return FALSE;
1749 if (!rdp_server_transition_to_state(rdp, CONNECTION_STATE_MCS_ERECT_DOMAIN))
1750 return FALSE;
1751
1752 return TRUE;
1753}
1754
1755BOOL rdp_server_accept_mcs_erect_domain_request(rdpRdp* rdp, wStream* s)
1756{
1757 WINPR_ASSERT(rdp);
1758 WINPR_ASSERT(s);
1759 WINPR_ASSERT(rdp_get_state(rdp) == CONNECTION_STATE_MCS_ERECT_DOMAIN);
1760
1761 if (!mcs_recv_erect_domain_request(rdp->mcs, s))
1762 return FALSE;
1763
1764 return rdp_server_transition_to_state(rdp, CONNECTION_STATE_MCS_ATTACH_USER);
1765}
1766
1767static BOOL rdp_server_skip_mcs_channel_join(rdpRdp* rdp)
1768{
1769 WINPR_ASSERT(rdp);
1770
1771 rdpMcs* mcs = rdp->mcs;
1772 WINPR_ASSERT(mcs);
1773
1774 mcs->userChannelJoined = TRUE;
1775 mcs->globalChannelJoined = TRUE;
1776 mcs->messageChannelJoined = TRUE;
1777
1778 for (UINT32 i = 0; i < mcs->channelCount; i++)
1779 {
1780 rdpMcsChannel* cur = &mcs->channels[i];
1781 WLog_DBG(TAG, " %s [%" PRIu16 "]", cur->Name, cur->ChannelId);
1782 cur->joined = TRUE;
1783 }
1784 return rdp_server_transition_to_state(rdp, CONNECTION_STATE_RDP_SECURITY_COMMENCEMENT);
1785}
1786
1787BOOL rdp_server_accept_mcs_attach_user_request(rdpRdp* rdp, wStream* s)
1788{
1789 if (!mcs_recv_attach_user_request(rdp->mcs, s))
1790 return FALSE;
1791
1792 if (!rdp_server_transition_to_state(rdp, CONNECTION_STATE_MCS_ATTACH_USER_CONFIRM))
1793 return FALSE;
1794
1795 if (!mcs_send_attach_user_confirm(rdp->mcs))
1796 return FALSE;
1797
1798 if (freerdp_settings_get_bool(rdp->settings, FreeRDP_SupportSkipChannelJoin))
1799 return rdp_server_skip_mcs_channel_join(rdp);
1800 return rdp_server_transition_to_state(rdp, CONNECTION_STATE_MCS_CHANNEL_JOIN_REQUEST);
1801}
1802
1803BOOL rdp_server_accept_mcs_channel_join_request(rdpRdp* rdp, wStream* s)
1804{
1805 UINT16 channelId = 0;
1806 BOOL allJoined = TRUE;
1807 rdpMcs* mcs = nullptr;
1808
1809 WINPR_ASSERT(rdp);
1810 WINPR_ASSERT(rdp->context);
1811
1812 mcs = rdp->mcs;
1813 WINPR_ASSERT(mcs);
1814
1815 WINPR_ASSERT(rdp_get_state(rdp) == CONNECTION_STATE_MCS_CHANNEL_JOIN_REQUEST);
1816
1817 if (!mcs_recv_channel_join_request(mcs, rdp->settings, s, &channelId))
1818 return FALSE;
1819
1820 if (!rdp_server_transition_to_state(rdp, CONNECTION_STATE_MCS_CHANNEL_JOIN_RESPONSE))
1821 return FALSE;
1822
1823 if (!mcs_send_channel_join_confirm(mcs, channelId))
1824 return FALSE;
1825
1826 if (channelId == mcs->userId)
1827 mcs->userChannelJoined = TRUE;
1828 if (channelId == MCS_GLOBAL_CHANNEL_ID)
1829 mcs->globalChannelJoined = TRUE;
1830 if (channelId == mcs->messageChannelId)
1831 mcs->messageChannelJoined = TRUE;
1832
1833 for (UINT32 i = 0; i < mcs->channelCount; i++)
1834 {
1835 rdpMcsChannel* cur = &mcs->channels[i];
1836 WLog_DBG(TAG, " %s [%" PRIu16 "]", cur->Name, cur->ChannelId);
1837 if (cur->ChannelId == channelId)
1838 cur->joined = TRUE;
1839
1840 if (!cur->joined)
1841 allJoined = FALSE;
1842 }
1843
1844 CONNECTION_STATE rc = CONNECTION_STATE_INITIAL;
1845 if ((mcs->userChannelJoined) && (mcs->globalChannelJoined) &&
1846 (mcs->messageChannelId == 0 || mcs->messageChannelJoined) && allJoined)
1847 rc = CONNECTION_STATE_RDP_SECURITY_COMMENCEMENT;
1848 else
1849 rc = CONNECTION_STATE_MCS_CHANNEL_JOIN_REQUEST;
1850
1851 return rdp_server_transition_to_state(rdp, rc);
1852}
1853
1854static BOOL rdp_server_send_sync(rdpRdp* rdp)
1855{
1856 WINPR_ASSERT(rdp);
1857
1858 if (!rdp_server_transition_to_state(rdp, CONNECTION_STATE_FINALIZATION_CLIENT_SYNC))
1859 return FALSE;
1860 if (!rdp_send_server_synchronize_pdu(rdp))
1861 return FALSE;
1862 if (!rdp_server_transition_to_state(rdp, CONNECTION_STATE_FINALIZATION_CLIENT_COOPERATE))
1863 return FALSE;
1864 if (!rdp_send_server_control_cooperate_pdu(rdp))
1865 return FALSE;
1866 if (!rdp_finalize_reset_flags(rdp, FALSE))
1867 return FALSE;
1868 return rdp_server_transition_to_state(rdp, CONNECTION_STATE_FINALIZATION_SYNC);
1869}
1870
1871BOOL rdp_server_accept_confirm_active(rdpRdp* rdp, wStream* s, UINT16 pduLength)
1872{
1873 WINPR_ASSERT(rdp);
1874 WINPR_ASSERT(rdp->context);
1875 WINPR_ASSERT(rdp->settings);
1876 WINPR_ASSERT(s);
1877
1878 freerdp_peer* peer = rdp->context->peer;
1879 WINPR_ASSERT(peer);
1880
1881 if (rdp_get_state(rdp) != CONNECTION_STATE_CAPABILITIES_EXCHANGE_CONFIRM_ACTIVE)
1882 {
1883 if (freerdp_settings_get_bool(rdp->settings, FreeRDP_TransportDumpReplay))
1884 rdp_finalize_set_flag(rdp, FINALIZE_DEACTIVATE_REACTIVATE);
1885 else
1886 {
1887 WLog_WARN(TAG, "Invalid state, got %s, expected %s", rdp_get_state_string(rdp),
1888 rdp_state_string(CONNECTION_STATE_CAPABILITIES_EXCHANGE_CONFIRM_ACTIVE));
1889 return FALSE;
1890 }
1891 }
1892
1893 if (!rdp_recv_confirm_active(rdp, s, pduLength))
1894 return FALSE;
1895
1896 if (peer->ClientCapabilities && !peer->ClientCapabilities(peer))
1897 {
1898 WLog_WARN(TAG, "peer->ClientCapabilities failed");
1899 return FALSE;
1900 }
1901
1902 if (rdp->settings->SaltedChecksum)
1903 rdp->do_secure_checksum = TRUE;
1904
1905 return rdp_server_send_sync(rdp);
1906}
1907
1908BOOL rdp_server_reactivate(rdpRdp* rdp)
1909{
1910 freerdp_peer* client = nullptr;
1911
1912 if (rdp->context && rdp->context->peer)
1913 client = rdp->context->peer;
1914
1915 if (client)
1916 client->activated = FALSE;
1917
1918 if (!rdp_send_deactivate_all(rdp))
1919 return FALSE;
1920
1921 rdp_finalize_set_flag(rdp, FINALIZE_DEACTIVATE_REACTIVATE);
1922 if (!rdp_server_transition_to_state(rdp, CONNECTION_STATE_CAPABILITIES_EXCHANGE_DEMAND_ACTIVE))
1923 return FALSE;
1924
1925 state_run_t rc = rdp_peer_handle_state_demand_active(client);
1926 return state_run_success(rc);
1927}
1928
1929static BOOL rdp_is_active_peer_state(CONNECTION_STATE state)
1930{
1931 /* [MS-RDPBCGR] 1.3.1.1 Connection Sequence states:
1932 * 'upon receipt of the Font List PDU the server can start sending graphics
1933 * output to the client'
1934 */
1935 switch (state)
1936 {
1937 case CONNECTION_STATE_FINALIZATION_CLIENT_SYNC:
1938 case CONNECTION_STATE_FINALIZATION_CLIENT_COOPERATE:
1939 case CONNECTION_STATE_FINALIZATION_CLIENT_GRANTED_CONTROL:
1940 case CONNECTION_STATE_FINALIZATION_CLIENT_FONT_MAP:
1941 case CONNECTION_STATE_ACTIVE:
1942 return TRUE;
1943 default:
1944 return FALSE;
1945 }
1946}
1947
1948static BOOL rdp_is_active_client_state(CONNECTION_STATE state)
1949{
1950 /* [MS-RDPBCGR] 1.3.1.1 Connection Sequence states:
1951 * 'Once the client has sent the Confirm Active PDU, it can start sending
1952 * mouse and keyboard input to the server'
1953 */
1954 switch (state)
1955 {
1956 case CONNECTION_STATE_FINALIZATION_SYNC:
1957 case CONNECTION_STATE_FINALIZATION_COOPERATE:
1958 case CONNECTION_STATE_FINALIZATION_REQUEST_CONTROL:
1959 case CONNECTION_STATE_FINALIZATION_PERSISTENT_KEY_LIST:
1960 case CONNECTION_STATE_FINALIZATION_FONT_LIST:
1961 case CONNECTION_STATE_FINALIZATION_CLIENT_SYNC:
1962 case CONNECTION_STATE_FINALIZATION_CLIENT_COOPERATE:
1963 case CONNECTION_STATE_FINALIZATION_CLIENT_GRANTED_CONTROL:
1964 case CONNECTION_STATE_FINALIZATION_CLIENT_FONT_MAP:
1965 case CONNECTION_STATE_ACTIVE:
1966 return TRUE;
1967 default:
1968 return FALSE;
1969 }
1970}
1971
1972BOOL rdp_is_active_state(const rdpRdp* rdp)
1973{
1974 WINPR_ASSERT(rdp);
1975 WINPR_ASSERT(rdp->context);
1976
1977 const CONNECTION_STATE state = rdp_get_state(rdp);
1978 if (freerdp_settings_get_bool(rdp->context->settings, FreeRDP_ServerMode))
1979 return rdp_is_active_peer_state(state);
1980 else
1981 return rdp_is_active_client_state(state);
1982}
1983
1984BOOL rdp_server_transition_to_state(rdpRdp* rdp, CONNECTION_STATE state)
1985{
1986 BOOL status = FALSE;
1987 freerdp_peer* client = nullptr;
1988 const CONNECTION_STATE cstate = rdp_get_state(rdp);
1989
1990 if (cstate >= CONNECTION_STATE_RDP_SECURITY_COMMENCEMENT)
1991 {
1992 WINPR_ASSERT(rdp->context);
1993 client = rdp->context->peer;
1994 }
1995
1996 if (!rdp_is_active_peer_state(cstate))
1997 {
1998 if (client)
1999 client->activated = FALSE;
2000 }
2001
2002 WLog_Print(rdp->log, WLOG_DEBUG, "%s --> %s", rdp_get_state_string(rdp),
2003 rdp_state_string(state));
2004 if (!rdp_set_state(rdp, state))
2005 goto fail;
2006
2007 status = TRUE;
2008fail:
2009 return status;
2010}
2011
2012const char* rdp_client_connection_state_string(UINT state)
2013{
2014 switch (state)
2015 {
2016 case CLIENT_STATE_INITIAL:
2017 return "CLIENT_STATE_INITIAL";
2018 case CLIENT_STATE_PRECONNECT_PASSED:
2019 return "CLIENT_STATE_PRECONNECT_PASSED";
2020 case CLIENT_STATE_POSTCONNECT_PASSED:
2021 return "CLIENT_STATE_POSTCONNECT_PASSED";
2022 default:
2023 return "UNKNOWN";
2024 }
2025}
2026
2027const char* rdp_state_string(CONNECTION_STATE state)
2028{
2029 switch (state)
2030 {
2031 case CONNECTION_STATE_INITIAL:
2032 return "CONNECTION_STATE_INITIAL";
2033 case CONNECTION_STATE_NEGO:
2034 return "CONNECTION_STATE_NEGO";
2035 case CONNECTION_STATE_NLA:
2036 return "CONNECTION_STATE_NLA";
2037 case CONNECTION_STATE_AAD:
2038 return "CONNECTION_STATE_AAD";
2039 case CONNECTION_STATE_MCS_CREATE_REQUEST:
2040 return "CONNECTION_STATE_MCS_CREATE_REQUEST";
2041 case CONNECTION_STATE_MCS_CREATE_RESPONSE:
2042 return "CONNECTION_STATE_MCS_CREATE_RESPONSE";
2043 case CONNECTION_STATE_MCS_ERECT_DOMAIN:
2044 return "CONNECTION_STATE_MCS_ERECT_DOMAIN";
2045 case CONNECTION_STATE_MCS_ATTACH_USER:
2046 return "CONNECTION_STATE_MCS_ATTACH_USER";
2047 case CONNECTION_STATE_MCS_ATTACH_USER_CONFIRM:
2048 return "CONNECTION_STATE_MCS_ATTACH_USER_CONFIRM";
2049 case CONNECTION_STATE_MCS_CHANNEL_JOIN_REQUEST:
2050 return "CONNECTION_STATE_MCS_CHANNEL_JOIN_REQUEST";
2051 case CONNECTION_STATE_MCS_CHANNEL_JOIN_RESPONSE:
2052 return "CONNECTION_STATE_MCS_CHANNEL_JOIN_RESPONSE";
2053 case CONNECTION_STATE_RDP_SECURITY_COMMENCEMENT:
2054 return "CONNECTION_STATE_RDP_SECURITY_COMMENCEMENT";
2055 case CONNECTION_STATE_SECURE_SETTINGS_EXCHANGE:
2056 return "CONNECTION_STATE_SECURE_SETTINGS_EXCHANGE";
2057 case CONNECTION_STATE_CONNECT_TIME_AUTO_DETECT_REQUEST:
2058 return "CONNECTION_STATE_CONNECT_TIME_AUTO_DETECT_REQUEST";
2059 case CONNECTION_STATE_CONNECT_TIME_AUTO_DETECT_RESPONSE:
2060 return "CONNECTION_STATE_CONNECT_TIME_AUTO_DETECT_RESPONSE";
2061 case CONNECTION_STATE_LICENSING:
2062 return "CONNECTION_STATE_LICENSING";
2063 case CONNECTION_STATE_MULTITRANSPORT_BOOTSTRAPPING_REQUEST:
2064 return "CONNECTION_STATE_MULTITRANSPORT_BOOTSTRAPPING_REQUEST";
2065 case CONNECTION_STATE_MULTITRANSPORT_BOOTSTRAPPING_RESPONSE:
2066 return "CONNECTION_STATE_MULTITRANSPORT_BOOTSTRAPPING_RESPONSE";
2067 case CONNECTION_STATE_CAPABILITIES_EXCHANGE_DEMAND_ACTIVE:
2068 return "CONNECTION_STATE_CAPABILITIES_EXCHANGE_DEMAND_ACTIVE";
2069 case CONNECTION_STATE_CAPABILITIES_EXCHANGE_MONITOR_LAYOUT:
2070 return "CONNECTION_STATE_CAPABILITIES_EXCHANGE_MONITOR_LAYOUT";
2071 case CONNECTION_STATE_CAPABILITIES_EXCHANGE_CONFIRM_ACTIVE:
2072 return "CONNECTION_STATE_CAPABILITIES_EXCHANGE_CONFIRM_ACTIVE";
2073 case CONNECTION_STATE_FINALIZATION_SYNC:
2074 return "CONNECTION_STATE_FINALIZATION_SYNC";
2075 case CONNECTION_STATE_FINALIZATION_COOPERATE:
2076 return "CONNECTION_STATE_FINALIZATION_COOPERATE";
2077 case CONNECTION_STATE_FINALIZATION_REQUEST_CONTROL:
2078 return "CONNECTION_STATE_FINALIZATION_REQUEST_CONTROL";
2079 case CONNECTION_STATE_FINALIZATION_PERSISTENT_KEY_LIST:
2080 return "CONNECTION_STATE_FINALIZATION_PERSISTENT_KEY_LIST";
2081 case CONNECTION_STATE_FINALIZATION_FONT_LIST:
2082 return "CONNECTION_STATE_FINALIZATION_FONT_LIST";
2083 case CONNECTION_STATE_FINALIZATION_CLIENT_SYNC:
2084 return "CONNECTION_STATE_FINALIZATION_CLIENT_SYNC";
2085 case CONNECTION_STATE_FINALIZATION_CLIENT_COOPERATE:
2086 return "CONNECTION_STATE_FINALIZATION_CLIENT_COOPERATE";
2087 case CONNECTION_STATE_FINALIZATION_CLIENT_GRANTED_CONTROL:
2088 return "CONNECTION_STATE_FINALIZATION_CLIENT_GRANTED_CONTROL";
2089 case CONNECTION_STATE_FINALIZATION_CLIENT_FONT_MAP:
2090 return "CONNECTION_STATE_FINALIZATION_CLIENT_FONT_MAP";
2091 case CONNECTION_STATE_ACTIVE:
2092 return "CONNECTION_STATE_ACTIVE";
2093 default:
2094 return "UNKNOWN";
2095 }
2096}
2097
2098CONNECTION_STATE rdp_get_state(const rdpRdp* rdp)
2099{
2100 WINPR_ASSERT(rdp);
2101 return rdp->state;
2102}
2103
2104BOOL rdp_set_state(rdpRdp* rdp, CONNECTION_STATE state)
2105{
2106 WINPR_ASSERT(rdp);
2107 rdp->state = state;
2108 return TRUE;
2109}
2110
2111const char* rdp_get_state_string(const rdpRdp* rdp)
2112{
2113 CONNECTION_STATE state = rdp_get_state(rdp);
2114 return rdp_state_string(state);
2115}
2116
2117BOOL rdp_channels_from_mcs(rdpSettings* settings, const rdpRdp* rdp)
2118{
2119 const rdpMcs* mcs = nullptr;
2120
2121 WINPR_ASSERT(rdp);
2122
2123 mcs = rdp->mcs;
2124 WINPR_ASSERT(mcs);
2125
2126 if (!freerdp_settings_set_pointer_len(settings, FreeRDP_ChannelDefArray, nullptr,
2127 CHANNEL_MAX_COUNT))
2128 return FALSE;
2129
2130 for (UINT32 x = 0; x < mcs->channelCount; x++)
2131 {
2132 const rdpMcsChannel* mchannel = &mcs->channels[x];
2133 CHANNEL_DEF cur = WINPR_C_ARRAY_INIT;
2134
2135 memcpy(cur.name, mchannel->Name, sizeof(cur.name));
2136 cur.options = mchannel->options;
2137 if (!freerdp_settings_set_pointer_array(settings, FreeRDP_ChannelDefArray, x, &cur))
2138 return FALSE;
2139 }
2140
2141 return freerdp_settings_set_uint32(settings, FreeRDP_ChannelCount, mcs->channelCount);
2142}
2143
2144/* Here we are in client state CONFIRM_ACTIVE.
2145 *
2146 * This means:
2147 * 1. send the CONFIRM_ACTIVE PDU to the server
2148 * 2. register callbacks, the server can now start sending stuff
2149 */
2150state_run_t rdp_client_connect_confirm_active(rdpRdp* rdp, WINPR_ATTR_UNUSED wStream* s)
2151{
2152 WINPR_ASSERT(rdp);
2153 WINPR_ASSERT(rdp->settings);
2154 WINPR_ASSERT(s);
2155
2156 const UINT32 width = rdp->settings->DesktopWidth;
2157 const UINT32 height = rdp->settings->DesktopHeight;
2158
2159 if (!rdp_send_confirm_active(rdp))
2160 return STATE_RUN_FAILED;
2161
2162 if (!input_register_client_callbacks(rdp->input))
2163 {
2164 WLog_ERR(TAG, "error registering client callbacks");
2165 return STATE_RUN_FAILED;
2166 }
2167
2172 const BOOL deactivate_reactivate =
2173 rdp->was_deactivated && ((rdp->deactivated_width != rdp->settings->DesktopWidth) ||
2174 (rdp->deactivated_height != rdp->settings->DesktopHeight));
2175 const BOOL resolution_change =
2176 ((width != rdp->settings->DesktopWidth) || (height != rdp->settings->DesktopHeight));
2177 if (deactivate_reactivate || resolution_change)
2178 {
2179 BOOL status = TRUE;
2180 WLog_DBG(TAG, "new size %" PRIu32 "x%" PRIu32, rdp->settings->DesktopWidth,
2181 rdp->settings->DesktopHeight);
2182
2183 IFCALLRET(rdp->update->DesktopResize, status, rdp->update->context);
2184
2185 if (!status)
2186 {
2187 WLog_ERR(TAG, "client desktop resize callback failed");
2188 return STATE_RUN_FAILED;
2189 }
2190 }
2191
2192 WINPR_ASSERT(rdp->context);
2193 if (freerdp_shall_disconnect_context(rdp->context))
2194 return STATE_RUN_SUCCESS;
2195
2196 state_run_t status = STATE_RUN_SUCCESS;
2197 if (!rdp->settings->SupportMonitorLayoutPdu)
2198 status = rdp_client_connect_finalize(rdp);
2199 else
2200 {
2201 if (!rdp_client_transition_to_state(rdp,
2202 CONNECTION_STATE_CAPABILITIES_EXCHANGE_MONITOR_LAYOUT))
2203 status = STATE_RUN_FAILED;
2204 }
2205 if (!rdp_finalize_reset_flags(rdp, FALSE))
2206 status = STATE_RUN_FAILED;
2207 return status;
2208}
2209
2210BOOL rdp_handle_optional_rdp_decryption(rdpRdp* rdp, wStream* s, UINT16* length,
2211 UINT16* pSecurityFlags)
2212{
2213 BOOL rc = FALSE;
2214 WINPR_ASSERT(rdp);
2215 WINPR_ASSERT(rdp->settings);
2216
2217 UINT16 securityFlags = 0;
2218 if (rdp->settings->UseRdpSecurityLayer)
2219 {
2220 if (!rdp_read_security_header(rdp, s, &securityFlags, length))
2221 goto fail;
2222
2223 if (securityFlags & SEC_ENCRYPT)
2224 {
2225 if (!rdp_decrypt(rdp, s, length, securityFlags))
2226 goto fail;
2227 }
2228 }
2229
2230 rc = TRUE;
2231
2232fail:
2233 if (pSecurityFlags)
2234 *pSecurityFlags = securityFlags;
2235 return rc;
2236}
freerdp_settings_get_pointer
WINPR_ATTR_NODISCARD FREERDP_API const void * freerdp_settings_get_pointer(const rdpSettings *settings, FreeRDP_Settings_Keys_Pointer id)
Returns a immutable pointer settings value.
Definition common/settings.c:1475
freerdp_settings_get_string
WINPR_ATTR_NODISCARD FREERDP_API const char * freerdp_settings_get_string(const rdpSettings *settings, FreeRDP_Settings_Keys_String id)
Returns a immutable string settings value.
freerdp_settings_get_pointer_writable
WINPR_ATTR_NODISCARD FREERDP_API void * freerdp_settings_get_pointer_writable(rdpSettings *settings, FreeRDP_Settings_Keys_Pointer id)
Returns a mutable pointer settings value.
Definition settings_getters.c:4092
freerdp_settings_get_codecs_flags
WINPR_ATTR_NODISCARD FREERDP_API UINT32 freerdp_settings_get_codecs_flags(const rdpSettings *settings)
helper function to get a mask of supported codec flags.
Definition common/settings.c:2064
freerdp_settings_set_uint32
WINPR_ATTR_NODISCARD FREERDP_API BOOL freerdp_settings_set_uint32(rdpSettings *settings, FreeRDP_Settings_Keys_UInt32 id, UINT32 val)
Sets a UINT32 settings value.
freerdp_settings_set_pointer_len
WINPR_ATTR_NODISCARD FREERDP_API BOOL freerdp_settings_set_pointer_len(rdpSettings *settings, FreeRDP_Settings_Keys_Pointer id, const void *data, size_t len)
Set a pointer to value data.
Definition common/settings.c:1487
freerdp_settings_get_uint32
WINPR_ATTR_NODISCARD FREERDP_API UINT32 freerdp_settings_get_uint32(const rdpSettings *settings, FreeRDP_Settings_Keys_UInt32 id)
Returns a UINT32 settings value.
freerdp_settings_set_string
WINPR_ATTR_NODISCARD FREERDP_API BOOL freerdp_settings_set_string(rdpSettings *settings, FreeRDP_Settings_Keys_String id, const char *val)
Sets a string settings value. The param is copied.
Definition settings_getters.c:3733
freerdp_settings_get_bool
WINPR_ATTR_NODISCARD FREERDP_API BOOL freerdp_settings_get_bool(const rdpSettings *settings, FreeRDP_Settings_Keys_Bool id)
Returns a boolean settings value.
ADDIN_ARGV
Definition settings_types.h:375
CHANNEL_DEF
Definition wtsapi.h:78