2012-02-26 00:56:49 +04:00
|
|
|
/*
|
2012-10-09 07:02:04 +04:00
|
|
|
* FreeRDP: A Remote Desktop Protocol Implementation
|
2011-07-10 09:48:10 +04:00
|
|
|
* Connection Sequence
|
|
|
|
*
|
|
|
|
* Copyright 2011 Marc-Andre Moreau <marcandre.moreau@gmail.com>
|
|
|
|
*
|
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
* you may not use this file except in compliance with the License.
|
|
|
|
* You may obtain a copy of the License at
|
|
|
|
*
|
|
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
*
|
|
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
* See the License for the specific language governing permissions and
|
|
|
|
* limitations under the License.
|
|
|
|
*/
|
|
|
|
|
2012-08-15 01:09:01 +04:00
|
|
|
#ifdef HAVE_CONFIG_H
|
|
|
|
#include "config.h"
|
|
|
|
#endif
|
|
|
|
|
2012-01-14 01:20:36 +04:00
|
|
|
#include "info.h"
|
|
|
|
#include "input.h"
|
|
|
|
|
|
|
|
#include "connection.h"
|
2012-07-25 12:38:47 +04:00
|
|
|
#include "transport.h"
|
2011-07-10 09:48:10 +04:00
|
|
|
|
2012-10-09 07:42:01 +04:00
|
|
|
#include <winpr/crt.h>
|
|
|
|
|
2012-12-14 09:25:48 +04:00
|
|
|
#include <freerdp/error.h>
|
2012-05-22 00:01:24 +04:00
|
|
|
|
2011-07-10 09:48:10 +04:00
|
|
|
/**
|
2012-02-26 00:56:49 +04:00
|
|
|
* Connection Sequence\n
|
|
|
|
* client server\n
|
|
|
|
* | |\n
|
|
|
|
* |-----------------------X.224 Connection Request PDU--------------------->|\n
|
|
|
|
* |<----------------------X.224 Connection Confirm PDU----------------------|\n
|
|
|
|
* |-------MCS Connect-Initial PDU with GCC Conference Create Request------->|\n
|
|
|
|
* |<-----MCS Connect-Response PDU with GCC Conference Create Response-------|\n
|
|
|
|
* |------------------------MCS Erect Domain Request PDU-------------------->|\n
|
|
|
|
* |------------------------MCS Attach User Request PDU--------------------->|\n
|
|
|
|
* |<-----------------------MCS Attach User Confirm PDU----------------------|\n
|
|
|
|
* |------------------------MCS Channel Join Request PDU-------------------->|\n
|
|
|
|
* |<-----------------------MCS Channel Join Confirm PDU---------------------|\n
|
|
|
|
* |----------------------------Security Exchange PDU----------------------->|\n
|
|
|
|
* |-------------------------------Client Info PDU-------------------------->|\n
|
|
|
|
* |<---------------------License Error PDU - Valid Client-------------------|\n
|
|
|
|
* |<-----------------------------Demand Active PDU--------------------------|\n
|
|
|
|
* |------------------------------Confirm Active PDU------------------------>|\n
|
|
|
|
* |-------------------------------Synchronize PDU-------------------------->|\n
|
|
|
|
* |---------------------------Control PDU - Cooperate---------------------->|\n
|
|
|
|
* |------------------------Control PDU - Request Control------------------->|\n
|
|
|
|
* |--------------------------Persistent Key List PDU(s)-------------------->|\n
|
|
|
|
* |--------------------------------Font List PDU--------------------------->|\n
|
|
|
|
* |<------------------------------Synchronize PDU---------------------------|\n
|
|
|
|
* |<--------------------------Control PDU - Cooperate-----------------------|\n
|
|
|
|
* |<-----------------------Control PDU - Granted Control--------------------|\n
|
|
|
|
* |<-------------------------------Font Map PDU-----------------------------|\n
|
2011-07-10 09:48:10 +04:00
|
|
|
*
|
|
|
|
*/
|
|
|
|
|
2011-07-11 23:58:39 +04:00
|
|
|
/**
|
2012-10-26 02:38:51 +04:00
|
|
|
* Establish RDP Connection based on the settings given in the 'rdp' parameter.
|
2011-07-11 23:58:39 +04:00
|
|
|
* @msdn{cc240452}
|
2011-07-12 02:46:36 +04:00
|
|
|
* @param rdp RDP module
|
2012-10-09 10:31:28 +04:00
|
|
|
* @return true if the connection succeeded. FALSE otherwise.
|
2011-07-11 23:58:39 +04:00
|
|
|
*/
|
|
|
|
|
2012-10-09 10:38:39 +04:00
|
|
|
BOOL rdp_client_connect(rdpRdp* rdp)
|
2011-07-10 09:48:10 +04:00
|
|
|
{
|
2011-12-10 19:54:09 +04:00
|
|
|
rdpSettings* settings = rdp->settings;
|
2011-07-10 09:48:10 +04:00
|
|
|
|
2011-07-12 02:46:36 +04:00
|
|
|
nego_init(rdp->nego);
|
2012-11-08 03:23:25 +04:00
|
|
|
nego_set_target(rdp->nego, settings->ServerHostname, settings->ServerPort);
|
2012-10-26 02:38:51 +04:00
|
|
|
|
2013-07-03 23:07:12 +04:00
|
|
|
if (settings->GatewayEnabled)
|
2012-10-26 02:38:51 +04:00
|
|
|
{
|
2013-07-04 22:42:40 +04:00
|
|
|
char* user;
|
2012-10-26 02:38:51 +04:00
|
|
|
char* domain;
|
|
|
|
char* cookie;
|
2013-07-04 22:42:40 +04:00
|
|
|
int user_length = 0;
|
2012-10-26 02:38:51 +04:00
|
|
|
int domain_length;
|
|
|
|
int cookie_length;
|
|
|
|
|
2013-07-04 22:42:40 +04:00
|
|
|
|
|
|
|
if (settings->Username)
|
|
|
|
{
|
|
|
|
user = settings->Username;
|
|
|
|
user_length = strlen(settings->Username);
|
|
|
|
}
|
2012-10-26 02:38:51 +04:00
|
|
|
|
2012-11-08 00:13:14 +04:00
|
|
|
if (settings->Domain)
|
|
|
|
domain = settings->Domain;
|
2012-10-26 02:38:51 +04:00
|
|
|
else
|
2012-11-08 00:13:14 +04:00
|
|
|
domain = settings->ComputerName;
|
2012-10-26 02:38:51 +04:00
|
|
|
|
|
|
|
domain_length = strlen(domain);
|
|
|
|
|
|
|
|
cookie_length = domain_length + 1 + user_length;
|
|
|
|
cookie = (char*) malloc(cookie_length + 1);
|
|
|
|
|
|
|
|
CopyMemory(cookie, domain, domain_length);
|
|
|
|
CharUpperBuffA(cookie, domain_length);
|
|
|
|
cookie[domain_length] = '\\';
|
2013-07-04 22:42:40 +04:00
|
|
|
|
|
|
|
if (settings->Username)
|
|
|
|
CopyMemory(&cookie[domain_length + 1], user, user_length);
|
|
|
|
|
|
|
|
cookie[cookie_length] = '\0';
|
2012-10-26 02:38:51 +04:00
|
|
|
|
|
|
|
nego_set_cookie(rdp->nego, cookie);
|
2012-12-13 05:02:56 +04:00
|
|
|
free(cookie);
|
2012-11-15 08:21:00 +04:00
|
|
|
|
|
|
|
settings->RdpSecurity = TRUE;
|
|
|
|
settings->TlsSecurity = FALSE;
|
|
|
|
settings->NlaSecurity = FALSE;
|
|
|
|
settings->ExtSecurity = FALSE;
|
2012-12-21 21:17:07 +04:00
|
|
|
|
|
|
|
//settings->TlsSecurity = TRUE;
|
|
|
|
//settings->NlaSecurity = TRUE;
|
2012-10-26 02:38:51 +04:00
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
2012-11-08 00:13:14 +04:00
|
|
|
nego_set_cookie(rdp->nego, settings->Username);
|
2012-10-26 02:38:51 +04:00
|
|
|
}
|
|
|
|
|
2012-11-08 00:13:14 +04:00
|
|
|
nego_set_send_preconnection_pdu(rdp->nego, settings->SendPreconnectionPdu);
|
|
|
|
nego_set_preconnection_id(rdp->nego, settings->PreconnectionId);
|
|
|
|
nego_set_preconnection_blob(rdp->nego, settings->PreconnectionBlob);
|
2012-07-25 20:46:43 +04:00
|
|
|
|
2012-11-07 20:02:46 +04:00
|
|
|
nego_set_negotiation_enabled(rdp->nego, settings->NegotiateSecurityLayer);
|
2012-09-11 03:01:02 +04:00
|
|
|
|
2012-11-07 20:02:46 +04:00
|
|
|
nego_enable_rdp(rdp->nego, settings->RdpSecurity);
|
|
|
|
nego_enable_tls(rdp->nego, settings->TlsSecurity);
|
|
|
|
nego_enable_nla(rdp->nego, settings->NlaSecurity);
|
|
|
|
nego_enable_ext(rdp->nego, settings->ExtSecurity);
|
2012-11-01 04:38:48 +04:00
|
|
|
|
2012-11-08 00:13:14 +04:00
|
|
|
if (settings->MstscCookieMode)
|
|
|
|
settings->CookieMaxLength = MSTSC_COOKIE_MAX_LENGTH;
|
2012-11-01 04:38:48 +04:00
|
|
|
|
2012-11-08 00:13:14 +04:00
|
|
|
nego_set_cookie_max_length(rdp->nego, settings->CookieMaxLength);
|
2012-03-26 11:04:47 +04:00
|
|
|
|
2013-04-11 19:51:10 +04:00
|
|
|
if (settings->LoadBalanceInfo)
|
|
|
|
nego_set_routing_token(rdp->nego, settings->LoadBalanceInfo, settings->LoadBalanceInfoLength);
|
|
|
|
|
2012-07-25 14:29:49 +04:00
|
|
|
if (!nego_connect(rdp->nego))
|
2012-05-31 18:34:38 +04:00
|
|
|
{
|
2013-03-29 02:06:34 +04:00
|
|
|
fprintf(stderr, "Error: protocol security negotiation or connection failure\n");
|
2012-10-09 10:31:28 +04:00
|
|
|
return FALSE;
|
2011-07-18 07:16:31 +04:00
|
|
|
}
|
|
|
|
|
2012-07-25 14:29:49 +04:00
|
|
|
if ((rdp->nego->selected_protocol & PROTOCOL_TLS) || (rdp->nego->selected_protocol == PROTOCOL_RDP))
|
2011-12-10 19:54:09 +04:00
|
|
|
{
|
2012-11-08 00:13:14 +04:00
|
|
|
if ((settings->Username != NULL) && ((settings->Password != NULL) ||
|
2012-11-08 20:16:54 +04:00
|
|
|
(settings->RedirectionPassword != NULL && settings->RedirectionPasswordLength > 0)))
|
2012-11-08 03:23:25 +04:00
|
|
|
settings->AutoLogonEnabled = TRUE;
|
2011-12-10 19:54:09 +04:00
|
|
|
}
|
|
|
|
|
2012-10-09 10:31:28 +04:00
|
|
|
rdp_set_blocking_mode(rdp, FALSE);
|
2011-08-22 11:03:58 +04:00
|
|
|
rdp->state = CONNECTION_STATE_NEGO;
|
2011-12-19 00:15:48 +04:00
|
|
|
rdp->finalize_sc_pdus = 0;
|
2011-08-22 11:03:58 +04:00
|
|
|
|
2012-07-25 14:29:49 +04:00
|
|
|
if (!mcs_send_connect_initial(rdp->mcs))
|
2011-07-18 10:34:28 +04:00
|
|
|
{
|
2012-05-22 00:01:24 +04:00
|
|
|
if (!connectErrorCode)
|
|
|
|
{
|
2012-04-13 15:16:08 +04:00
|
|
|
connectErrorCode = MCSCONNECTINITIALERROR;
|
|
|
|
}
|
2013-03-29 02:06:34 +04:00
|
|
|
fprintf(stderr, "Error: unable to send MCS Connect Initial\n");
|
2012-10-09 10:31:28 +04:00
|
|
|
return FALSE;
|
2011-07-18 10:34:28 +04:00
|
|
|
}
|
2011-07-10 09:48:10 +04:00
|
|
|
|
2011-08-22 11:03:58 +04:00
|
|
|
while (rdp->state != CONNECTION_STATE_ACTIVE)
|
|
|
|
{
|
|
|
|
if (rdp_check_fds(rdp) < 0)
|
2012-10-09 10:31:28 +04:00
|
|
|
return FALSE;
|
2011-08-22 11:03:58 +04:00
|
|
|
}
|
2012-11-01 04:38:48 +04:00
|
|
|
|
2012-10-09 10:31:28 +04:00
|
|
|
return TRUE;
|
2011-08-22 11:03:58 +04:00
|
|
|
}
|
|
|
|
|
2012-10-09 10:38:39 +04:00
|
|
|
BOOL rdp_client_disconnect(rdpRdp* rdp)
|
2011-09-04 00:36:27 +04:00
|
|
|
{
|
|
|
|
return transport_disconnect(rdp->transport);
|
|
|
|
}
|
|
|
|
|
2012-10-09 10:38:39 +04:00
|
|
|
BOOL rdp_client_redirect(rdpRdp* rdp)
|
2011-09-04 00:36:27 +04:00
|
|
|
{
|
|
|
|
rdpSettings* settings = rdp->settings;
|
|
|
|
rdpRedirection* redirection = rdp->redirection;
|
|
|
|
|
|
|
|
rdp_client_disconnect(rdp);
|
|
|
|
|
2012-03-16 21:12:49 +04:00
|
|
|
/* FIXME: this is a subset of rdp_free */
|
|
|
|
crypto_rc4_free(rdp->rc4_decrypt_key);
|
|
|
|
crypto_rc4_free(rdp->rc4_encrypt_key);
|
|
|
|
crypto_des3_free(rdp->fips_encrypt);
|
|
|
|
crypto_des3_free(rdp->fips_decrypt);
|
|
|
|
crypto_hmac_free(rdp->fips_hmac);
|
2011-09-04 01:02:26 +04:00
|
|
|
mcs_free(rdp->mcs);
|
|
|
|
nego_free(rdp->nego);
|
2011-09-04 01:59:52 +04:00
|
|
|
license_free(rdp->license);
|
2011-09-04 01:02:26 +04:00
|
|
|
transport_free(rdp->transport);
|
2012-03-16 21:12:49 +04:00
|
|
|
|
2012-11-08 00:13:14 +04:00
|
|
|
free(settings->ServerRandom);
|
|
|
|
free(settings->ServerCertificate);
|
2012-11-08 03:23:25 +04:00
|
|
|
free(settings->ClientAddress);
|
2012-03-16 21:12:49 +04:00
|
|
|
|
2011-09-04 01:02:26 +04:00
|
|
|
rdp->transport = transport_new(settings);
|
2011-09-04 01:59:52 +04:00
|
|
|
rdp->license = license_new(rdp);
|
2011-09-04 01:02:26 +04:00
|
|
|
rdp->nego = nego_new(rdp->transport);
|
|
|
|
rdp->mcs = mcs_new(rdp->transport);
|
|
|
|
|
2011-09-04 00:36:27 +04:00
|
|
|
rdp->transport->layer = TRANSPORT_LAYER_TCP;
|
2012-11-08 00:13:14 +04:00
|
|
|
settings->RedirectedSessionId = redirection->sessionID;
|
2011-09-04 00:36:27 +04:00
|
|
|
|
2011-09-04 02:21:21 +04:00
|
|
|
if (redirection->flags & LB_LOAD_BALANCE_INFO)
|
2011-12-10 19:54:09 +04:00
|
|
|
{
|
2012-09-24 12:40:32 +04:00
|
|
|
nego_set_routing_token(rdp->nego, redirection->LoadBalanceInfo, redirection->LoadBalanceInfoLength);
|
2011-12-10 19:54:09 +04:00
|
|
|
}
|
2012-01-29 23:49:54 +04:00
|
|
|
else
|
2011-12-10 19:54:09 +04:00
|
|
|
{
|
2012-01-29 23:49:54 +04:00
|
|
|
if (redirection->flags & LB_TARGET_NET_ADDRESS)
|
|
|
|
{
|
2012-11-08 03:23:25 +04:00
|
|
|
free(settings->ServerHostname);
|
|
|
|
settings->ServerHostname = _strdup(redirection->targetNetAddress.ascii);
|
2012-01-29 23:49:54 +04:00
|
|
|
}
|
|
|
|
else if (redirection->flags & LB_TARGET_FQDN)
|
|
|
|
{
|
2012-11-08 03:23:25 +04:00
|
|
|
free(settings->ServerHostname);
|
|
|
|
settings->ServerHostname = _strdup(redirection->targetFQDN.ascii);
|
2012-01-29 23:49:54 +04:00
|
|
|
}
|
|
|
|
else if (redirection->flags & LB_TARGET_NETBIOS_NAME)
|
|
|
|
{
|
2012-11-08 03:23:25 +04:00
|
|
|
free(settings->ServerHostname);
|
|
|
|
settings->ServerHostname = _strdup(redirection->targetNetBiosName.ascii);
|
2012-01-29 23:49:54 +04:00
|
|
|
}
|
2011-11-24 19:45:34 +04:00
|
|
|
}
|
2011-09-04 00:36:27 +04:00
|
|
|
|
2011-12-10 19:54:09 +04:00
|
|
|
if (redirection->flags & LB_USERNAME)
|
|
|
|
{
|
2012-11-08 00:13:14 +04:00
|
|
|
free(settings->Username);
|
|
|
|
settings->Username = _strdup(redirection->username.ascii);
|
2011-11-24 19:45:34 +04:00
|
|
|
}
|
2011-09-04 00:36:27 +04:00
|
|
|
|
2011-12-10 19:54:09 +04:00
|
|
|
if (redirection->flags & LB_DOMAIN)
|
|
|
|
{
|
2012-11-08 00:13:14 +04:00
|
|
|
free(settings->Domain);
|
|
|
|
settings->Domain = _strdup(redirection->domain.ascii);
|
2011-11-24 19:45:34 +04:00
|
|
|
}
|
2011-09-04 00:36:27 +04:00
|
|
|
|
2011-12-21 23:59:31 +04:00
|
|
|
if (redirection->flags & LB_PASSWORD)
|
|
|
|
{
|
2012-11-08 20:16:54 +04:00
|
|
|
settings->RedirectionPassword = redirection->PasswordCookie;
|
|
|
|
settings->RedirectionPasswordLength = redirection->PasswordCookieLength;
|
2011-12-21 23:59:31 +04:00
|
|
|
}
|
|
|
|
|
2011-09-04 00:36:27 +04:00
|
|
|
return rdp_client_connect(rdp);
|
|
|
|
}
|
|
|
|
|
2012-10-09 10:38:39 +04:00
|
|
|
static BOOL rdp_client_establish_keys(rdpRdp* rdp)
|
2011-09-05 22:02:52 +04:00
|
|
|
{
|
2012-10-09 11:01:37 +04:00
|
|
|
BYTE* mod;
|
|
|
|
BYTE* exp;
|
2013-03-21 23:19:33 +04:00
|
|
|
wStream* s;
|
2012-11-08 20:16:54 +04:00
|
|
|
UINT32 length;
|
|
|
|
UINT32 key_len;
|
|
|
|
BYTE crypt_client_random[256 + 8];
|
|
|
|
BYTE client_random[CLIENT_RANDOM_LENGTH];
|
2011-09-05 22:02:52 +04:00
|
|
|
|
2012-11-08 08:29:24 +04:00
|
|
|
if (rdp->settings->DisableEncryption == FALSE)
|
2011-09-05 22:02:52 +04:00
|
|
|
{
|
|
|
|
/* no RDP encryption */
|
2012-10-09 10:31:28 +04:00
|
|
|
return TRUE;
|
2011-09-05 22:02:52 +04:00
|
|
|
}
|
|
|
|
|
2011-09-13 10:40:27 +04:00
|
|
|
/* encrypt client random */
|
2013-05-15 21:17:29 +04:00
|
|
|
ZeroMemory(crypt_client_random, sizeof(crypt_client_random));
|
2012-01-25 19:32:56 +04:00
|
|
|
crypto_nonce(client_random, sizeof(client_random));
|
2012-11-08 08:29:24 +04:00
|
|
|
key_len = rdp->settings->RdpServerCertificate->cert_info.ModulusLength;
|
|
|
|
mod = rdp->settings->RdpServerCertificate->cert_info.Modulus;
|
|
|
|
exp = rdp->settings->RdpServerCertificate->cert_info.exponent;
|
2012-01-25 19:32:56 +04:00
|
|
|
crypto_rsa_public_encrypt(client_random, sizeof(client_random), key_len, mod, exp, crypt_client_random);
|
2011-09-13 10:40:27 +04:00
|
|
|
|
|
|
|
/* send crypt client random to server */
|
2012-01-25 14:12:37 +04:00
|
|
|
length = RDP_PACKET_HEADER_MAX_LENGTH + RDP_SECURITY_HEADER_LENGTH + 4 + key_len + 8;
|
2013-05-15 21:17:29 +04:00
|
|
|
s = Stream_New(NULL, length);
|
2012-11-08 08:29:24 +04:00
|
|
|
|
2012-01-23 21:20:10 +04:00
|
|
|
rdp_write_header(rdp, s, length, MCS_GLOBAL_CHANNEL_ID);
|
|
|
|
rdp_write_security_header(s, SEC_EXCHANGE_PKT);
|
2011-09-13 10:40:27 +04:00
|
|
|
length = key_len + 8;
|
2012-11-08 08:29:24 +04:00
|
|
|
|
2013-05-09 00:09:16 +04:00
|
|
|
Stream_Write_UINT32(s, length);
|
|
|
|
Stream_Write(s, crypt_client_random, length);
|
2013-05-15 20:14:26 +04:00
|
|
|
Stream_SealLength(s);
|
2012-11-08 08:29:24 +04:00
|
|
|
|
2011-09-13 10:40:27 +04:00
|
|
|
if (transport_write(rdp->mcs->transport, s) < 0)
|
|
|
|
{
|
2012-10-09 10:31:28 +04:00
|
|
|
return FALSE;
|
2011-09-13 10:40:27 +04:00
|
|
|
}
|
|
|
|
|
2013-05-15 21:17:29 +04:00
|
|
|
Stream_Free(s, TRUE);
|
|
|
|
|
2011-09-27 09:30:58 +04:00
|
|
|
/* now calculate encrypt / decrypt and update keys */
|
2011-09-24 10:09:29 +04:00
|
|
|
if (!security_establish_keys(client_random, rdp))
|
2011-09-13 10:40:27 +04:00
|
|
|
{
|
2012-10-09 10:31:28 +04:00
|
|
|
return FALSE;
|
2011-09-13 10:40:27 +04:00
|
|
|
}
|
|
|
|
|
2012-10-09 10:31:28 +04:00
|
|
|
rdp->do_crypt = TRUE;
|
2013-05-15 21:17:29 +04:00
|
|
|
|
2012-11-08 00:13:14 +04:00
|
|
|
if (rdp->settings->SaltedChecksum)
|
2012-10-09 10:31:28 +04:00
|
|
|
rdp->do_secure_checksum = TRUE;
|
2011-09-16 03:54:03 +04:00
|
|
|
|
2012-11-08 08:29:24 +04:00
|
|
|
if (rdp->settings->EncryptionMethods == ENCRYPTION_METHOD_FIPS)
|
2011-09-16 03:54:03 +04:00
|
|
|
{
|
2012-10-09 11:01:37 +04:00
|
|
|
BYTE fips_ivec[8] = { 0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF };
|
2011-09-24 10:09:29 +04:00
|
|
|
rdp->fips_encrypt = crypto_des3_encrypt_init(rdp->fips_encrypt_key, fips_ivec);
|
|
|
|
rdp->fips_decrypt = crypto_des3_decrypt_init(rdp->fips_decrypt_key, fips_ivec);
|
2011-09-16 03:54:03 +04:00
|
|
|
|
|
|
|
rdp->fips_hmac = crypto_hmac_new();
|
2012-10-09 10:31:28 +04:00
|
|
|
return TRUE;
|
2011-09-16 03:54:03 +04:00
|
|
|
}
|
|
|
|
|
2011-09-24 10:09:29 +04:00
|
|
|
rdp->rc4_decrypt_key = crypto_rc4_init(rdp->decrypt_key, rdp->rc4_key_len);
|
|
|
|
rdp->rc4_encrypt_key = crypto_rc4_init(rdp->encrypt_key, rdp->rc4_key_len);
|
2011-09-13 10:40:27 +04:00
|
|
|
|
2012-10-09 10:31:28 +04:00
|
|
|
return TRUE;
|
2012-01-25 19:57:23 +04:00
|
|
|
}
|
|
|
|
|
2013-03-21 23:19:33 +04:00
|
|
|
static BOOL rdp_server_establish_keys(rdpRdp* rdp, wStream* s)
|
2012-01-25 19:57:23 +04:00
|
|
|
{
|
2012-10-09 11:01:37 +04:00
|
|
|
BYTE client_random[64]; /* Should be only 32 after successful decryption, but on failure might take up to 64 bytes. */
|
|
|
|
BYTE crypt_client_random[256 + 8];
|
2012-10-09 11:26:39 +04:00
|
|
|
UINT32 rand_len, key_len;
|
2012-10-09 11:01:37 +04:00
|
|
|
UINT16 channel_id, length, sec_flags;
|
|
|
|
BYTE* mod;
|
|
|
|
BYTE* priv_exp;
|
2012-01-25 19:57:23 +04:00
|
|
|
|
2012-11-08 08:29:24 +04:00
|
|
|
if (rdp->settings->DisableEncryption == FALSE)
|
2012-01-25 19:57:23 +04:00
|
|
|
{
|
|
|
|
/* No RDP Security. */
|
2012-10-09 10:31:28 +04:00
|
|
|
return TRUE;
|
2012-01-25 19:57:23 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
if (!rdp_read_header(rdp, s, &length, &channel_id))
|
|
|
|
{
|
2013-03-29 02:06:34 +04:00
|
|
|
fprintf(stderr, "rdp_server_establish_keys: invalid RDP header\n");
|
2012-10-09 10:31:28 +04:00
|
|
|
return FALSE;
|
2012-01-25 19:57:23 +04:00
|
|
|
}
|
2012-09-24 12:40:32 +04:00
|
|
|
|
2013-01-15 02:40:34 +04:00
|
|
|
if (!rdp_read_security_header(s, &sec_flags))
|
|
|
|
return FALSE;
|
2012-09-24 12:40:32 +04:00
|
|
|
|
2012-01-25 19:57:23 +04:00
|
|
|
if ((sec_flags & SEC_EXCHANGE_PKT) == 0)
|
|
|
|
{
|
2013-03-29 02:06:34 +04:00
|
|
|
fprintf(stderr, "rdp_server_establish_keys: missing SEC_EXCHANGE_PKT in security header\n");
|
2012-10-09 10:31:28 +04:00
|
|
|
return FALSE;
|
2012-01-25 19:57:23 +04:00
|
|
|
}
|
2012-09-24 12:40:32 +04:00
|
|
|
|
2013-04-30 06:35:15 +04:00
|
|
|
if(Stream_GetRemainingLength(s) < 4)
|
2013-01-15 02:40:34 +04:00
|
|
|
return FALSE;
|
2013-05-09 00:09:16 +04:00
|
|
|
Stream_Read_UINT32(s, rand_len);
|
2013-04-30 06:35:15 +04:00
|
|
|
if(Stream_GetRemainingLength(s) < rand_len + 8) /* include 8 bytes of padding */
|
2013-01-15 02:40:34 +04:00
|
|
|
return FALSE;
|
|
|
|
|
2012-11-08 08:29:24 +04:00
|
|
|
key_len = rdp->settings->RdpServerRsaKey->ModulusLength;
|
2012-09-24 12:40:32 +04:00
|
|
|
|
2012-01-25 19:57:23 +04:00
|
|
|
if (rand_len != key_len + 8)
|
|
|
|
{
|
2013-03-29 02:06:34 +04:00
|
|
|
fprintf(stderr, "rdp_server_establish_keys: invalid encrypted client random length\n");
|
2012-10-09 10:31:28 +04:00
|
|
|
return FALSE;
|
2012-01-25 19:57:23 +04:00
|
|
|
}
|
2012-09-24 12:40:32 +04:00
|
|
|
|
2012-01-25 19:57:23 +04:00
|
|
|
memset(crypt_client_random, 0, sizeof(crypt_client_random));
|
2013-05-09 00:09:16 +04:00
|
|
|
Stream_Read(s, crypt_client_random, rand_len);
|
2012-01-25 19:57:23 +04:00
|
|
|
/* 8 zero bytes of padding */
|
2013-04-30 06:35:15 +04:00
|
|
|
Stream_Seek(s, 8);
|
2012-11-08 08:29:24 +04:00
|
|
|
mod = rdp->settings->RdpServerRsaKey->Modulus;
|
|
|
|
priv_exp = rdp->settings->RdpServerRsaKey->PrivateExponent;
|
2012-01-25 19:57:23 +04:00
|
|
|
crypto_rsa_private_decrypt(crypt_client_random, rand_len - 8, key_len, mod, priv_exp, client_random);
|
|
|
|
|
|
|
|
/* now calculate encrypt / decrypt and update keys */
|
|
|
|
if (!security_establish_keys(client_random, rdp))
|
|
|
|
{
|
2012-10-09 10:31:28 +04:00
|
|
|
return FALSE;
|
2012-01-25 19:57:23 +04:00
|
|
|
}
|
|
|
|
|
2012-10-09 10:31:28 +04:00
|
|
|
rdp->do_crypt = TRUE;
|
2012-11-08 00:13:14 +04:00
|
|
|
if (rdp->settings->SaltedChecksum)
|
2012-10-09 10:31:28 +04:00
|
|
|
rdp->do_secure_checksum = TRUE;
|
2012-01-25 19:57:23 +04:00
|
|
|
|
2012-11-08 08:29:24 +04:00
|
|
|
if (rdp->settings->EncryptionMethods == ENCRYPTION_METHOD_FIPS)
|
2012-01-25 19:57:23 +04:00
|
|
|
{
|
2012-10-09 11:01:37 +04:00
|
|
|
BYTE fips_ivec[8] = { 0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF };
|
2012-01-25 19:57:23 +04:00
|
|
|
rdp->fips_encrypt = crypto_des3_encrypt_init(rdp->fips_encrypt_key, fips_ivec);
|
|
|
|
rdp->fips_decrypt = crypto_des3_decrypt_init(rdp->fips_decrypt_key, fips_ivec);
|
|
|
|
|
|
|
|
rdp->fips_hmac = crypto_hmac_new();
|
2012-10-09 10:31:28 +04:00
|
|
|
return TRUE;
|
2012-01-25 19:57:23 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
rdp->rc4_decrypt_key = crypto_rc4_init(rdp->decrypt_key, rdp->rc4_key_len);
|
|
|
|
rdp->rc4_encrypt_key = crypto_rc4_init(rdp->encrypt_key, rdp->rc4_key_len);
|
|
|
|
|
2012-10-09 10:31:28 +04:00
|
|
|
return TRUE;
|
2011-09-05 22:02:52 +04:00
|
|
|
}
|
|
|
|
|
2013-03-21 23:19:33 +04:00
|
|
|
BOOL rdp_client_connect_mcs_connect_response(rdpRdp* rdp, wStream* s)
|
2011-08-22 11:03:58 +04:00
|
|
|
{
|
2011-08-23 09:05:58 +04:00
|
|
|
if (!mcs_recv_connect_response(rdp->mcs, s))
|
2011-09-05 22:02:52 +04:00
|
|
|
{
|
2013-03-29 02:06:34 +04:00
|
|
|
fprintf(stderr, "rdp_client_connect_mcs_connect_response: mcs_recv_connect_response failed\n");
|
2012-10-09 10:31:28 +04:00
|
|
|
return FALSE;
|
2011-09-05 22:02:52 +04:00
|
|
|
}
|
2012-09-24 12:40:32 +04:00
|
|
|
|
2011-08-22 11:03:58 +04:00
|
|
|
if (!mcs_send_erect_domain_request(rdp->mcs))
|
2012-10-09 10:31:28 +04:00
|
|
|
return FALSE;
|
2012-09-24 12:40:32 +04:00
|
|
|
|
2011-08-22 11:03:58 +04:00
|
|
|
if (!mcs_send_attach_user_request(rdp->mcs))
|
2012-10-09 10:31:28 +04:00
|
|
|
return FALSE;
|
2011-08-22 11:03:58 +04:00
|
|
|
|
|
|
|
rdp->state = CONNECTION_STATE_MCS_ATTACH_USER;
|
|
|
|
|
2012-10-09 10:31:28 +04:00
|
|
|
return TRUE;
|
2011-08-22 11:03:58 +04:00
|
|
|
}
|
|
|
|
|
2013-03-21 23:19:33 +04:00
|
|
|
BOOL rdp_client_connect_mcs_attach_user_confirm(rdpRdp* rdp, wStream* s)
|
2011-08-22 11:03:58 +04:00
|
|
|
{
|
2011-08-23 09:05:58 +04:00
|
|
|
if (!mcs_recv_attach_user_confirm(rdp->mcs, s))
|
2012-10-09 10:31:28 +04:00
|
|
|
return FALSE;
|
2011-08-22 11:03:58 +04:00
|
|
|
|
|
|
|
if (!mcs_send_channel_join_request(rdp->mcs, rdp->mcs->user_id))
|
2012-10-09 10:31:28 +04:00
|
|
|
return FALSE;
|
2011-08-22 11:03:58 +04:00
|
|
|
|
|
|
|
rdp->state = CONNECTION_STATE_MCS_CHANNEL_JOIN;
|
|
|
|
|
2012-10-09 10:31:28 +04:00
|
|
|
return TRUE;
|
2011-08-22 11:03:58 +04:00
|
|
|
}
|
|
|
|
|
2013-03-21 23:19:33 +04:00
|
|
|
BOOL rdp_client_connect_mcs_channel_join_confirm(rdpRdp* rdp, wStream* s)
|
2011-08-22 11:03:58 +04:00
|
|
|
{
|
|
|
|
int i;
|
2012-10-09 11:01:37 +04:00
|
|
|
UINT16 channel_id;
|
2012-10-09 10:38:39 +04:00
|
|
|
BOOL all_joined = TRUE;
|
2011-08-22 11:03:58 +04:00
|
|
|
|
2011-08-23 09:05:58 +04:00
|
|
|
if (!mcs_recv_channel_join_confirm(rdp->mcs, s, &channel_id))
|
2012-10-09 10:31:28 +04:00
|
|
|
return FALSE;
|
2011-08-22 11:03:58 +04:00
|
|
|
|
|
|
|
if (!rdp->mcs->user_channel_joined)
|
|
|
|
{
|
|
|
|
if (channel_id != rdp->mcs->user_id)
|
2012-10-09 10:31:28 +04:00
|
|
|
return FALSE;
|
2013-02-15 05:39:56 +04:00
|
|
|
|
2012-10-09 10:31:28 +04:00
|
|
|
rdp->mcs->user_channel_joined = TRUE;
|
2011-08-22 11:03:58 +04:00
|
|
|
|
|
|
|
if (!mcs_send_channel_join_request(rdp->mcs, MCS_GLOBAL_CHANNEL_ID))
|
2012-10-09 10:31:28 +04:00
|
|
|
return FALSE;
|
2011-08-22 11:03:58 +04:00
|
|
|
}
|
|
|
|
else if (!rdp->mcs->global_channel_joined)
|
|
|
|
{
|
|
|
|
if (channel_id != MCS_GLOBAL_CHANNEL_ID)
|
2012-10-09 10:31:28 +04:00
|
|
|
return FALSE;
|
2013-02-15 05:39:56 +04:00
|
|
|
|
2012-10-09 10:31:28 +04:00
|
|
|
rdp->mcs->global_channel_joined = TRUE;
|
2011-08-22 11:03:58 +04:00
|
|
|
|
2012-11-08 08:29:24 +04:00
|
|
|
if (rdp->settings->ChannelCount > 0)
|
2011-08-22 11:03:58 +04:00
|
|
|
{
|
2012-11-08 08:29:24 +04:00
|
|
|
if (!mcs_send_channel_join_request(rdp->mcs, rdp->settings->ChannelDefArray[0].ChannelId))
|
2012-10-09 10:31:28 +04:00
|
|
|
return FALSE;
|
2011-08-22 11:03:58 +04:00
|
|
|
|
2012-10-09 10:31:28 +04:00
|
|
|
all_joined = FALSE;
|
2011-08-22 11:03:58 +04:00
|
|
|
}
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
2012-11-08 08:29:24 +04:00
|
|
|
for (i = 0; i < rdp->settings->ChannelCount; i++)
|
2011-08-22 11:03:58 +04:00
|
|
|
{
|
2012-11-08 08:29:24 +04:00
|
|
|
if (rdp->settings->ChannelDefArray[i].joined)
|
2011-08-22 11:03:58 +04:00
|
|
|
continue;
|
|
|
|
|
2012-11-08 08:29:24 +04:00
|
|
|
if (rdp->settings->ChannelDefArray[i].ChannelId != channel_id)
|
2012-10-09 10:31:28 +04:00
|
|
|
return FALSE;
|
2011-07-12 09:16:59 +04:00
|
|
|
|
2012-11-08 08:29:24 +04:00
|
|
|
rdp->settings->ChannelDefArray[i].joined = TRUE;
|
2011-08-22 11:03:58 +04:00
|
|
|
break;
|
|
|
|
}
|
2013-02-15 05:39:56 +04:00
|
|
|
|
2012-11-08 08:29:24 +04:00
|
|
|
if (i + 1 < rdp->settings->ChannelCount)
|
2011-08-22 11:03:58 +04:00
|
|
|
{
|
2012-11-08 08:29:24 +04:00
|
|
|
if (!mcs_send_channel_join_request(rdp->mcs, rdp->settings->ChannelDefArray[i + 1].ChannelId))
|
2012-10-09 10:31:28 +04:00
|
|
|
return FALSE;
|
2011-08-22 11:03:58 +04:00
|
|
|
|
2012-10-09 10:31:28 +04:00
|
|
|
all_joined = FALSE;
|
2011-08-22 11:03:58 +04:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (rdp->mcs->user_channel_joined && rdp->mcs->global_channel_joined && all_joined)
|
2011-07-18 10:34:28 +04:00
|
|
|
{
|
2012-01-23 21:20:10 +04:00
|
|
|
if (!rdp_client_establish_keys(rdp))
|
2012-10-09 10:31:28 +04:00
|
|
|
return FALSE;
|
2013-02-15 05:39:56 +04:00
|
|
|
|
2011-08-22 11:03:58 +04:00
|
|
|
if (!rdp_send_client_info(rdp))
|
2012-10-09 10:31:28 +04:00
|
|
|
return FALSE;
|
2013-02-15 05:39:56 +04:00
|
|
|
|
2011-08-22 11:03:58 +04:00
|
|
|
rdp->state = CONNECTION_STATE_LICENSE;
|
|
|
|
}
|
|
|
|
|
2012-10-09 10:31:28 +04:00
|
|
|
return TRUE;
|
2011-08-22 11:03:58 +04:00
|
|
|
}
|
|
|
|
|
2013-03-21 23:19:33 +04:00
|
|
|
BOOL rdp_client_connect_license(rdpRdp* rdp, wStream* s)
|
2011-08-22 11:03:58 +04:00
|
|
|
{
|
2011-08-23 09:05:58 +04:00
|
|
|
if (!license_recv(rdp->license, s))
|
2012-10-09 10:31:28 +04:00
|
|
|
return FALSE;
|
2011-08-22 11:03:58 +04:00
|
|
|
|
|
|
|
if (rdp->license->state == LICENSE_STATE_ABORTED)
|
|
|
|
{
|
2013-03-29 02:06:34 +04:00
|
|
|
fprintf(stderr, "license connection sequence aborted.\n");
|
2012-10-09 10:31:28 +04:00
|
|
|
return FALSE;
|
2011-07-18 10:34:28 +04:00
|
|
|
}
|
|
|
|
|
2011-08-22 11:03:58 +04:00
|
|
|
if (rdp->license->state == LICENSE_STATE_COMPLETED)
|
|
|
|
{
|
|
|
|
rdp->state = CONNECTION_STATE_CAPABILITY;
|
|
|
|
}
|
|
|
|
|
2012-10-09 10:31:28 +04:00
|
|
|
return TRUE;
|
2011-08-22 11:03:58 +04:00
|
|
|
}
|
|
|
|
|
2013-03-21 23:19:33 +04:00
|
|
|
BOOL rdp_client_connect_demand_active(rdpRdp* rdp, wStream* s)
|
2011-08-22 11:03:58 +04:00
|
|
|
{
|
2012-10-09 11:01:37 +04:00
|
|
|
BYTE* mark;
|
|
|
|
UINT16 width;
|
|
|
|
UINT16 height;
|
2011-09-06 12:22:08 +04:00
|
|
|
|
2012-11-07 19:33:06 +04:00
|
|
|
width = rdp->settings->DesktopWidth;
|
|
|
|
height = rdp->settings->DesktopHeight;
|
2011-09-03 05:34:51 +04:00
|
|
|
|
2013-05-09 00:27:21 +04:00
|
|
|
Stream_GetPointer(s, mark);
|
2011-09-03 05:34:51 +04:00
|
|
|
|
2011-08-23 09:05:58 +04:00
|
|
|
if (!rdp_recv_demand_active(rdp, s))
|
2011-09-03 05:34:51 +04:00
|
|
|
{
|
2013-04-05 22:53:22 +04:00
|
|
|
UINT16 channelId;
|
2013-05-09 00:27:21 +04:00
|
|
|
Stream_SetPointer(s, mark);
|
2013-04-05 22:53:22 +04:00
|
|
|
rdp_recv_get_active_header(rdp, s, &channelId);
|
2013-04-30 06:35:15 +04:00
|
|
|
/* Was Stream_Seek(s, RDP_PACKET_HEADER_MAX_LENGTH);
|
2013-04-05 22:53:22 +04:00
|
|
|
* but the headers aren't always that length,
|
|
|
|
* so that could result in a bad offset.
|
|
|
|
*/
|
2011-09-03 05:34:51 +04:00
|
|
|
|
2012-10-09 10:31:28 +04:00
|
|
|
if (rdp_recv_out_of_sequence_pdu(rdp, s) != TRUE)
|
|
|
|
return FALSE;
|
2011-09-05 00:49:22 +04:00
|
|
|
|
2012-10-09 10:31:28 +04:00
|
|
|
return TRUE;
|
2011-09-03 05:34:51 +04:00
|
|
|
}
|
2011-08-22 11:03:58 +04:00
|
|
|
|
2012-02-07 01:37:18 +04:00
|
|
|
if (rdp->disconnect)
|
2012-10-09 10:31:28 +04:00
|
|
|
return TRUE;
|
2012-02-07 01:37:18 +04:00
|
|
|
|
2011-08-22 11:03:58 +04:00
|
|
|
if (!rdp_send_confirm_active(rdp))
|
2012-10-09 10:31:28 +04:00
|
|
|
return FALSE;
|
2011-08-22 11:03:58 +04:00
|
|
|
|
2012-01-14 01:20:36 +04:00
|
|
|
input_register_client_callbacks(rdp->input);
|
|
|
|
|
2011-09-06 12:22:08 +04:00
|
|
|
/**
|
|
|
|
* The server may request a different desktop size during Deactivation-Reactivation sequence.
|
|
|
|
* In this case, the UI should be informed and do actual window resizing at this point.
|
|
|
|
*/
|
2012-11-07 19:33:06 +04:00
|
|
|
if (width != rdp->settings->DesktopWidth || height != rdp->settings->DesktopHeight)
|
2011-09-06 12:22:08 +04:00
|
|
|
{
|
2011-11-22 04:41:49 +04:00
|
|
|
IFCALL(rdp->update->DesktopResize, rdp->update->context);
|
2011-09-06 12:22:08 +04:00
|
|
|
}
|
|
|
|
|
2011-12-19 00:15:48 +04:00
|
|
|
rdp->state = CONNECTION_STATE_FINALIZATION;
|
|
|
|
update_reset_state(rdp->update);
|
|
|
|
|
2013-01-15 02:40:34 +04:00
|
|
|
return rdp_client_connect_finalize(rdp);
|
2011-12-19 00:15:48 +04:00
|
|
|
}
|
|
|
|
|
2012-10-09 10:38:39 +04:00
|
|
|
BOOL rdp_client_connect_finalize(rdpRdp* rdp)
|
2011-12-19 00:15:48 +04:00
|
|
|
{
|
2011-08-22 11:03:58 +04:00
|
|
|
/**
|
|
|
|
* [MS-RDPBCGR] 1.3.1.1 - 8.
|
|
|
|
* The client-to-server PDUs sent during this phase have no dependencies on any of the server-to-
|
|
|
|
* client PDUs; they may be sent as a single batch, provided that sequencing is maintained.
|
|
|
|
*/
|
2011-08-25 00:54:32 +04:00
|
|
|
|
2011-08-22 11:03:58 +04:00
|
|
|
if (!rdp_send_client_synchronize_pdu(rdp))
|
2012-10-09 10:31:28 +04:00
|
|
|
return FALSE;
|
2011-08-22 11:03:58 +04:00
|
|
|
if (!rdp_send_client_control_pdu(rdp, CTRLACTION_COOPERATE))
|
2012-10-09 10:31:28 +04:00
|
|
|
return FALSE;
|
2011-08-22 11:03:58 +04:00
|
|
|
if (!rdp_send_client_control_pdu(rdp, CTRLACTION_REQUEST_CONTROL))
|
2012-10-09 10:31:28 +04:00
|
|
|
return FALSE;
|
2013-06-13 22:24:17 +04:00
|
|
|
/**
|
|
|
|
* [MS-RDPBCGR] 2.2.1.17
|
|
|
|
* Client persistent key list must be sent if a bitmap is
|
|
|
|
* stored in persistent bitmap cache or the server has advertised support for bitmap
|
|
|
|
* host cache and a deactivation reactivation sequence is *not* in progress.
|
|
|
|
*/
|
|
|
|
if (!rdp->deactivation_reactivation && rdp->settings->BitmapCachePersistEnabled)
|
|
|
|
if (!rdp_send_client_persistent_key_list_pdu(rdp))
|
|
|
|
return FALSE;
|
2011-08-22 11:03:58 +04:00
|
|
|
if (!rdp_send_client_font_list_pdu(rdp, FONTLIST_FIRST | FONTLIST_LAST))
|
2012-10-09 10:31:28 +04:00
|
|
|
return FALSE;
|
2011-08-22 11:03:58 +04:00
|
|
|
|
2012-10-09 10:31:28 +04:00
|
|
|
return TRUE;
|
2011-07-24 00:40:33 +04:00
|
|
|
}
|
|
|
|
|
2013-03-21 23:19:33 +04:00
|
|
|
BOOL rdp_server_accept_nego(rdpRdp* rdp, wStream* s)
|
2011-08-19 05:54:43 +04:00
|
|
|
{
|
2012-10-09 10:38:39 +04:00
|
|
|
BOOL status;
|
2012-06-20 04:10:49 +04:00
|
|
|
rdpSettings* settings = rdp->settings;
|
2011-08-19 09:35:29 +04:00
|
|
|
|
2012-10-09 10:31:28 +04:00
|
|
|
transport_set_blocking_mode(rdp->transport, TRUE);
|
2011-08-19 09:35:29 +04:00
|
|
|
|
2011-08-22 11:03:58 +04:00
|
|
|
if (!nego_read_request(rdp->nego, s))
|
2012-10-09 10:31:28 +04:00
|
|
|
return FALSE;
|
2012-01-25 20:08:10 +04:00
|
|
|
|
|
|
|
rdp->nego->selected_protocol = 0;
|
2011-08-19 05:54:43 +04:00
|
|
|
|
2013-03-29 02:06:34 +04:00
|
|
|
fprintf(stderr, "Client Security: NLA:%d TLS:%d RDP:%d\n",
|
2012-06-20 04:10:49 +04:00
|
|
|
(rdp->nego->requested_protocols & PROTOCOL_NLA) ? 1 : 0,
|
|
|
|
(rdp->nego->requested_protocols & PROTOCOL_TLS) ? 1 : 0,
|
|
|
|
(rdp->nego->requested_protocols == PROTOCOL_RDP) ? 1: 0);
|
|
|
|
|
2013-03-29 02:06:34 +04:00
|
|
|
fprintf(stderr, "Server Security: NLA:%d TLS:%d RDP:%d\n",
|
2012-11-07 20:02:46 +04:00
|
|
|
settings->NlaSecurity, settings->TlsSecurity, settings->RdpSecurity);
|
2012-06-18 23:56:40 +04:00
|
|
|
|
2012-11-07 20:02:46 +04:00
|
|
|
if ((settings->NlaSecurity) && (rdp->nego->requested_protocols & PROTOCOL_NLA))
|
2011-08-19 05:54:43 +04:00
|
|
|
{
|
2012-06-20 04:10:49 +04:00
|
|
|
rdp->nego->selected_protocol = PROTOCOL_NLA;
|
2011-08-19 05:54:43 +04:00
|
|
|
}
|
2012-11-07 20:02:46 +04:00
|
|
|
else if ((settings->TlsSecurity) && (rdp->nego->requested_protocols & PROTOCOL_TLS))
|
2011-08-19 05:54:43 +04:00
|
|
|
{
|
2012-06-20 04:10:49 +04:00
|
|
|
rdp->nego->selected_protocol = PROTOCOL_TLS;
|
2011-08-19 05:54:43 +04:00
|
|
|
}
|
2012-11-07 20:02:46 +04:00
|
|
|
else if ((settings->RdpSecurity) && (rdp->nego->selected_protocol == PROTOCOL_RDP))
|
2012-01-25 20:08:10 +04:00
|
|
|
{
|
|
|
|
rdp->nego->selected_protocol = PROTOCOL_RDP;
|
|
|
|
}
|
|
|
|
else
|
2012-06-20 04:10:49 +04:00
|
|
|
{
|
2013-03-29 02:06:34 +04:00
|
|
|
fprintf(stderr, "Protocol security negotiation failure\n");
|
2012-06-20 04:10:49 +04:00
|
|
|
}
|
|
|
|
|
2013-03-29 02:06:34 +04:00
|
|
|
fprintf(stderr, "Negotiated Security: NLA:%d TLS:%d RDP:%d\n",
|
2012-06-20 04:10:49 +04:00
|
|
|
(rdp->nego->selected_protocol & PROTOCOL_NLA) ? 1 : 0,
|
|
|
|
(rdp->nego->selected_protocol & PROTOCOL_TLS) ? 1 : 0,
|
|
|
|
(rdp->nego->selected_protocol == PROTOCOL_RDP) ? 1: 0);
|
2011-08-19 05:54:43 +04:00
|
|
|
|
2011-09-16 19:16:16 +04:00
|
|
|
if (!nego_send_negotiation_response(rdp->nego))
|
2012-10-09 10:31:28 +04:00
|
|
|
return FALSE;
|
2011-08-19 05:54:43 +04:00
|
|
|
|
2012-10-09 10:31:28 +04:00
|
|
|
status = FALSE;
|
2011-08-19 09:35:29 +04:00
|
|
|
if (rdp->nego->selected_protocol & PROTOCOL_NLA)
|
2012-02-14 07:27:59 +04:00
|
|
|
status = transport_accept_nla(rdp->transport);
|
2011-08-19 09:35:29 +04:00
|
|
|
else if (rdp->nego->selected_protocol & PROTOCOL_TLS)
|
2012-02-14 07:27:59 +04:00
|
|
|
status = transport_accept_tls(rdp->transport);
|
2012-01-17 20:52:12 +04:00
|
|
|
else if (rdp->nego->selected_protocol == PROTOCOL_RDP) /* 0 */
|
2012-02-14 07:27:59 +04:00
|
|
|
status = transport_accept_rdp(rdp->transport);
|
2011-08-19 09:35:29 +04:00
|
|
|
|
2012-02-14 07:27:59 +04:00
|
|
|
if (!status)
|
2012-10-09 10:31:28 +04:00
|
|
|
return FALSE;
|
2011-08-19 09:35:29 +04:00
|
|
|
|
2012-10-09 10:31:28 +04:00
|
|
|
transport_set_blocking_mode(rdp->transport, FALSE);
|
2011-08-19 09:35:29 +04:00
|
|
|
|
2011-08-19 05:54:43 +04:00
|
|
|
rdp->state = CONNECTION_STATE_NEGO;
|
|
|
|
|
2012-10-09 10:31:28 +04:00
|
|
|
return TRUE;
|
2011-08-19 05:54:43 +04:00
|
|
|
}
|
|
|
|
|
2013-03-21 23:19:33 +04:00
|
|
|
BOOL rdp_server_accept_mcs_connect_initial(rdpRdp* rdp, wStream* s)
|
2011-08-19 13:39:37 +04:00
|
|
|
{
|
2011-08-19 14:11:33 +04:00
|
|
|
int i;
|
|
|
|
|
2011-08-23 09:05:58 +04:00
|
|
|
if (!mcs_recv_connect_initial(rdp->mcs, s))
|
2012-10-09 10:31:28 +04:00
|
|
|
return FALSE;
|
2011-08-19 13:39:37 +04:00
|
|
|
|
2013-03-29 02:06:34 +04:00
|
|
|
fprintf(stderr, "Accepted client: %s\n", rdp->settings->ClientHostname);
|
|
|
|
fprintf(stderr, "Accepted channels:");
|
2012-09-17 05:05:51 +04:00
|
|
|
|
2012-11-08 08:29:24 +04:00
|
|
|
for (i = 0; i < rdp->settings->ChannelCount; i++)
|
2011-08-19 14:11:33 +04:00
|
|
|
{
|
2013-03-29 02:06:34 +04:00
|
|
|
fprintf(stderr, " %s", rdp->settings->ChannelDefArray[i].Name);
|
2011-08-19 14:11:33 +04:00
|
|
|
}
|
2013-03-29 02:06:34 +04:00
|
|
|
fprintf(stderr, "\n");
|
2011-08-19 14:11:33 +04:00
|
|
|
|
2011-08-19 19:56:47 +04:00
|
|
|
if (!mcs_send_connect_response(rdp->mcs))
|
2012-10-09 10:31:28 +04:00
|
|
|
return FALSE;
|
2011-08-19 19:56:47 +04:00
|
|
|
|
|
|
|
rdp->state = CONNECTION_STATE_MCS_CONNECT;
|
|
|
|
|
2012-10-09 10:31:28 +04:00
|
|
|
return TRUE;
|
2011-08-19 13:39:37 +04:00
|
|
|
}
|
|
|
|
|
2013-03-21 23:19:33 +04:00
|
|
|
BOOL rdp_server_accept_mcs_erect_domain_request(rdpRdp* rdp, wStream* s)
|
2011-08-19 22:03:48 +04:00
|
|
|
{
|
2011-08-23 09:05:58 +04:00
|
|
|
if (!mcs_recv_erect_domain_request(rdp->mcs, s))
|
2012-10-09 10:31:28 +04:00
|
|
|
return FALSE;
|
2011-08-19 22:03:48 +04:00
|
|
|
|
|
|
|
rdp->state = CONNECTION_STATE_MCS_ERECT_DOMAIN;
|
|
|
|
|
2012-10-09 10:31:28 +04:00
|
|
|
return TRUE;
|
2011-08-19 22:03:48 +04:00
|
|
|
}
|
|
|
|
|
2013-03-21 23:19:33 +04:00
|
|
|
BOOL rdp_server_accept_mcs_attach_user_request(rdpRdp* rdp, wStream* s)
|
2011-08-19 22:03:48 +04:00
|
|
|
{
|
2011-08-23 09:05:58 +04:00
|
|
|
if (!mcs_recv_attach_user_request(rdp->mcs, s))
|
2012-10-09 10:31:28 +04:00
|
|
|
return FALSE;
|
2011-08-19 22:03:48 +04:00
|
|
|
|
|
|
|
if (!mcs_send_attach_user_confirm(rdp->mcs))
|
2012-10-09 10:31:28 +04:00
|
|
|
return FALSE;
|
2011-08-19 22:03:48 +04:00
|
|
|
|
|
|
|
rdp->state = CONNECTION_STATE_MCS_ATTACH_USER;
|
|
|
|
|
2012-10-09 10:31:28 +04:00
|
|
|
return TRUE;
|
2011-08-19 22:03:48 +04:00
|
|
|
}
|
|
|
|
|
2013-03-21 23:19:33 +04:00
|
|
|
BOOL rdp_server_accept_mcs_channel_join_request(rdpRdp* rdp, wStream* s)
|
2011-08-20 10:05:03 +04:00
|
|
|
{
|
|
|
|
int i;
|
2012-10-09 11:01:37 +04:00
|
|
|
UINT16 channel_id;
|
2012-10-09 10:38:39 +04:00
|
|
|
BOOL all_joined = TRUE;
|
2011-08-20 10:05:03 +04:00
|
|
|
|
2011-08-23 09:05:58 +04:00
|
|
|
if (!mcs_recv_channel_join_request(rdp->mcs, s, &channel_id))
|
2012-10-09 10:31:28 +04:00
|
|
|
return FALSE;
|
2011-08-20 10:05:03 +04:00
|
|
|
|
|
|
|
if (!mcs_send_channel_join_confirm(rdp->mcs, channel_id))
|
2012-10-09 10:31:28 +04:00
|
|
|
return FALSE;
|
2011-08-20 10:05:03 +04:00
|
|
|
|
|
|
|
if (channel_id == rdp->mcs->user_id)
|
2012-10-09 10:31:28 +04:00
|
|
|
rdp->mcs->user_channel_joined = TRUE;
|
2011-08-20 10:05:03 +04:00
|
|
|
else if (channel_id == MCS_GLOBAL_CHANNEL_ID)
|
2012-10-09 10:31:28 +04:00
|
|
|
rdp->mcs->global_channel_joined = TRUE;
|
2011-08-20 10:05:03 +04:00
|
|
|
|
2012-11-08 08:29:24 +04:00
|
|
|
for (i = 0; i < rdp->settings->ChannelCount; i++)
|
2011-08-20 10:05:03 +04:00
|
|
|
{
|
2012-11-08 08:29:24 +04:00
|
|
|
if (rdp->settings->ChannelDefArray[i].ChannelId == channel_id)
|
|
|
|
rdp->settings->ChannelDefArray[i].joined = TRUE;
|
2011-08-20 10:05:03 +04:00
|
|
|
|
2012-11-08 08:29:24 +04:00
|
|
|
if (!rdp->settings->ChannelDefArray[i].joined)
|
2012-10-09 10:31:28 +04:00
|
|
|
all_joined = FALSE;
|
2011-08-20 10:05:03 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
if (rdp->mcs->user_channel_joined && rdp->mcs->global_channel_joined && all_joined)
|
2011-08-22 11:03:58 +04:00
|
|
|
rdp->state = CONNECTION_STATE_MCS_CHANNEL_JOIN;
|
2011-08-20 10:05:03 +04:00
|
|
|
|
2012-10-09 10:31:28 +04:00
|
|
|
return TRUE;
|
2011-08-20 10:05:03 +04:00
|
|
|
}
|
|
|
|
|
2013-03-21 23:19:33 +04:00
|
|
|
BOOL rdp_server_accept_client_keys(rdpRdp* rdp, wStream* s)
|
2012-01-25 20:08:10 +04:00
|
|
|
{
|
|
|
|
|
|
|
|
if (!rdp_server_establish_keys(rdp, s))
|
2012-10-09 10:31:28 +04:00
|
|
|
return FALSE;
|
2012-01-25 20:08:10 +04:00
|
|
|
|
|
|
|
rdp->state = CONNECTION_STATE_ESTABLISH_KEYS;
|
|
|
|
|
2012-10-09 10:31:28 +04:00
|
|
|
return TRUE;
|
2012-01-25 20:08:10 +04:00
|
|
|
}
|
|
|
|
|
2013-03-21 23:19:33 +04:00
|
|
|
BOOL rdp_server_accept_client_info(rdpRdp* rdp, wStream* s)
|
2011-08-20 14:22:14 +04:00
|
|
|
{
|
2012-01-25 20:08:10 +04:00
|
|
|
|
2011-08-23 08:58:10 +04:00
|
|
|
if (!rdp_recv_client_info(rdp, s))
|
2012-10-09 10:31:28 +04:00
|
|
|
return FALSE;
|
2011-08-20 14:22:14 +04:00
|
|
|
|
2011-08-20 17:41:40 +04:00
|
|
|
if (!license_send_valid_client_error_packet(rdp->license))
|
2012-10-09 10:31:28 +04:00
|
|
|
return FALSE;
|
2011-08-20 17:41:40 +04:00
|
|
|
|
2011-08-20 19:09:46 +04:00
|
|
|
rdp->state = CONNECTION_STATE_LICENSE;
|
|
|
|
|
2012-10-09 10:31:28 +04:00
|
|
|
return TRUE;
|
2011-08-20 14:22:14 +04:00
|
|
|
}
|
|
|
|
|
2013-03-21 23:19:33 +04:00
|
|
|
BOOL rdp_server_accept_confirm_active(rdpRdp* rdp, wStream* s)
|
2011-08-21 11:52:44 +04:00
|
|
|
{
|
2011-08-23 09:05:58 +04:00
|
|
|
if (!rdp_recv_confirm_active(rdp, s))
|
2012-10-09 10:31:28 +04:00
|
|
|
return FALSE;
|
2011-08-21 11:52:44 +04:00
|
|
|
|
|
|
|
rdp->state = CONNECTION_STATE_ACTIVE;
|
2011-09-21 01:01:38 +04:00
|
|
|
update_reset_state(rdp->update);
|
2011-08-21 11:52:44 +04:00
|
|
|
|
2011-08-21 17:48:42 +04:00
|
|
|
if (!rdp_send_server_synchronize_pdu(rdp))
|
2012-10-09 10:31:28 +04:00
|
|
|
return FALSE;
|
2011-08-21 17:48:42 +04:00
|
|
|
|
|
|
|
if (!rdp_send_server_control_cooperate_pdu(rdp))
|
2012-10-09 10:31:28 +04:00
|
|
|
return FALSE;
|
2011-08-21 17:48:42 +04:00
|
|
|
|
2012-10-09 10:31:28 +04:00
|
|
|
return TRUE;
|
2011-08-21 11:52:44 +04:00
|
|
|
}
|
|
|
|
|
2012-10-09 10:38:39 +04:00
|
|
|
BOOL rdp_server_reactivate(rdpRdp* rdp)
|
2011-09-06 13:19:16 +04:00
|
|
|
{
|
|
|
|
if (!rdp_send_deactivate_all(rdp))
|
2012-10-09 10:31:28 +04:00
|
|
|
return FALSE;
|
2011-09-06 13:19:16 +04:00
|
|
|
|
|
|
|
rdp->state = CONNECTION_STATE_LICENSE;
|
|
|
|
|
|
|
|
if (!rdp_send_demand_active(rdp))
|
2012-10-09 10:31:28 +04:00
|
|
|
return FALSE;
|
2011-09-06 13:19:16 +04:00
|
|
|
|
2012-10-09 10:31:28 +04:00
|
|
|
return TRUE;
|
2011-09-06 13:19:16 +04:00
|
|
|
}
|
|
|
|
|