FreeRDP/libfreerdp/core/rdp.c

983 lines
22 KiB
C
Raw Normal View History

/**
2012-10-09 07:02:04 +04:00
* FreeRDP: A Remote Desktop Protocol Implementation
* RDP Core
*
* Copyright 2011 Marc-Andre Moreau <marcandre.moreau@gmail.com>
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include <winpr/crt.h>
#include "rdp.h"
#include "info.h"
#include "redirection.h"
#include <freerdp/crypto/per.h>
#ifdef WITH_DEBUG_RDP
static const char* const DATA_PDU_TYPE_STRINGS[] =
{
"?", "?", /* 0x00 - 0x01 */
"Update", /* 0x02 */
"?", "?", "?", "?", "?", "?", "?", "?", /* 0x03 - 0x0A */
"?", "?", "?", "?", "?", "?", "?", "?", "?", /* 0x0B - 0x13 */
"Control", /* 0x14 */
"?", "?", "?", "?", "?", "?", /* 0x15 - 0x1A */
"Pointer", /* 0x1B */
"Input", /* 0x1C */
"?", "?", /* 0x1D - 0x1E */
"Synchronize", /* 0x1F */
"?", /* 0x20 */
"Refresh Rect", /* 0x21 */
"Play Sound", /* 0x22 */
"Suppress Output", /* 0x23 */
"Shutdown Request", /* 0x24 */
"Shutdown Denied", /* 0x25 */
"Save Session Info", /* 0x26 */
"Font List", /* 0x27 */
"Font Map", /* 0x28 */
"Set Keyboard Indicators", /* 0x29 */
"?", /* 0x2A */
"Bitmap Cache Persistent List", /* 0x2B */
"Bitmap Cache Error", /* 0x2C */
"Set Keyboard IME Status", /* 0x2D */
"Offscreen Cache Error", /* 0x2E */
"Set Error Info", /* 0x2F */
"Draw Nine Grid Error", /* 0x30 */
"Draw GDI+ Error", /* 0x31 */
"ARC Status", /* 0x32 */
"?", "?", "?", /* 0x33 - 0x35 */
"Status Info", /* 0x36 */
"Monitor Layout" /* 0x37 */
"?", "?", "?", /* 0x38 - 0x40 */
"?", "?", "?", "?", "?", "?" /* 0x41 - 0x46 */
};
#endif
/**
* Read RDP Security Header.\n
* @msdn{cc240579}
* @param s stream
* @param flags security flags
*/
void rdp_read_security_header(STREAM* s, UINT16* flags)
{
/* Basic Security Header */
stream_read_UINT16(s, *flags); /* flags */
stream_seek(s, 2); /* flagsHi (unused) */
}
/**
* Write RDP Security Header.\n
* @msdn{cc240579}
* @param s stream
* @param flags security flags
*/
void rdp_write_security_header(STREAM* s, UINT16 flags)
{
/* Basic Security Header */
stream_write_UINT16(s, flags); /* flags */
stream_write_UINT16(s, 0); /* flagsHi (unused) */
}
BOOL rdp_read_share_control_header(STREAM* s, UINT16* length, UINT16* type, UINT16* channel_id)
{
/* Share Control Header */
stream_read_UINT16(s, *length); /* totalLength */
2012-02-07 01:31:41 +04:00
if (*length - 2 > stream_get_left(s))
return FALSE;
2012-02-07 01:31:41 +04:00
stream_read_UINT16(s, *type); /* pduType */
*type &= 0x0F; /* type is in the 4 least significant bits */
2011-08-21 11:52:44 +04:00
if (*length > 4)
stream_read_UINT16(s, *channel_id); /* pduSource */
else /* Windows XP can send such short DEACTIVATE_ALL PDUs. */
*channel_id = 0;
return TRUE;
}
void rdp_write_share_control_header(STREAM* s, UINT16 length, UINT16 type, UINT16 channel_id)
{
length -= RDP_PACKET_HEADER_MAX_LENGTH;
/* Share Control Header */
stream_write_UINT16(s, length); /* totalLength */
stream_write_UINT16(s, type | 0x10); /* pduType */
stream_write_UINT16(s, channel_id); /* pduSource */
}
2012-10-09 11:26:39 +04:00
BOOL rdp_read_share_data_header(STREAM* s, UINT16* length, BYTE* type, UINT32* share_id,
BYTE *compressed_type, UINT16 *compressed_len)
{
2011-08-21 18:52:37 +04:00
if (stream_get_left(s) < 12)
return FALSE;
2011-08-21 18:52:37 +04:00
/* Share Data Header */
2012-10-09 11:26:39 +04:00
stream_read_UINT32(s, *share_id); /* shareId (4 bytes) */
stream_seek_BYTE(s); /* pad1 (1 byte) */
stream_seek_BYTE(s); /* streamId (1 byte) */
stream_read_UINT16(s, *length); /* uncompressedLength (2 bytes) */
stream_read_BYTE(s, *type); /* pduType2, Data PDU Type (1 byte) */
stream_read_BYTE(s, *compressed_type); /* compressedType (1 byte) */
stream_read_UINT16(s, *compressed_len); /* compressedLength (2 bytes) */
return TRUE;
}
2012-10-09 11:26:39 +04:00
void rdp_write_share_data_header(STREAM* s, UINT16 length, BYTE type, UINT32 share_id)
{
length -= RDP_PACKET_HEADER_MAX_LENGTH;
length -= RDP_SHARE_CONTROL_HEADER_LENGTH;
length -= RDP_SHARE_DATA_HEADER_LENGTH;
/* Share Data Header */
2012-10-09 11:26:39 +04:00
stream_write_UINT32(s, share_id); /* shareId (4 bytes) */
stream_write_BYTE(s, 0); /* pad1 (1 byte) */
stream_write_BYTE(s, STREAM_LOW); /* streamId (1 byte) */
stream_write_UINT16(s, length); /* uncompressedLength (2 bytes) */
stream_write_BYTE(s, type); /* pduType2, Data PDU Type (1 byte) */
stream_write_BYTE(s, 0); /* compressedType (1 byte) */
stream_write_UINT16(s, 0); /* compressedLength (2 bytes) */
}
static int RdpSecurity_stream_init(rdpRdp* rdp, STREAM* s)
2011-09-13 10:40:27 +04:00
{
if (rdp->do_crypt)
{
stream_seek(s, 12);
if (rdp->settings->EncryptionMethods == ENCRYPTION_METHOD_FIPS)
2011-09-16 03:54:03 +04:00
stream_seek(s, 4);
2011-09-13 10:40:27 +04:00
rdp->sec_flags |= SEC_ENCRYPT;
if (rdp->do_secure_checksum)
rdp->sec_flags |= SEC_SECURE_CHECKSUM;
2011-09-13 10:40:27 +04:00
}
else if (rdp->sec_flags != 0)
{
stream_seek(s, 4);
}
return 0;
}
/**
* Initialize an RDP packet stream.\n
* @param rdp rdp module
* @return
*/
STREAM* rdp_send_stream_init(rdpRdp* rdp)
{
STREAM* s;
2011-09-13 10:40:27 +04:00
s = transport_send_stream_init(rdp->transport, 2048);
stream_seek(s, RDP_PACKET_HEADER_MAX_LENGTH);
RdpSecurity_stream_init(rdp, s);
return s;
}
STREAM* rdp_pdu_init(rdpRdp* rdp)
{
STREAM* s;
s = transport_send_stream_init(rdp->transport, 2048);
stream_seek(s, RDP_PACKET_HEADER_MAX_LENGTH);
RdpSecurity_stream_init(rdp, s);
stream_seek(s, RDP_SHARE_CONTROL_HEADER_LENGTH);
return s;
}
STREAM* rdp_data_pdu_init(rdpRdp* rdp)
{
STREAM* s;
s = transport_send_stream_init(rdp->transport, 2048);
stream_seek(s, RDP_PACKET_HEADER_MAX_LENGTH);
RdpSecurity_stream_init(rdp, s);
stream_seek(s, RDP_SHARE_CONTROL_HEADER_LENGTH);
stream_seek(s, RDP_SHARE_DATA_HEADER_LENGTH);
return s;
}
/**
* Read an RDP packet header.\n
* @param rdp rdp module
* @param s stream
* @param length RDP packet length
* @param channel_id channel id
*/
BOOL rdp_read_header(rdpRdp* rdp, STREAM* s, UINT16* length, UINT16* channel_id)
{
UINT16 initiator;
enum DomainMCSPDU MCSPDU;
MCSPDU = (rdp->settings->ServerMode) ? DomainMCSPDU_SendDataRequest : DomainMCSPDU_SendDataIndication;
if (!mcs_read_domain_mcspdu_header(s, &MCSPDU, length))
{
if (MCSPDU != DomainMCSPDU_DisconnectProviderUltimatum)
return FALSE;
}
2012-02-07 01:31:41 +04:00
if (*length - 8 > stream_get_left(s))
return FALSE;
if (MCSPDU == DomainMCSPDU_DisconnectProviderUltimatum)
{
BYTE reason;
(void) per_read_enumerated(s, &reason, 0);
DEBUG_RDP("DisconnectProviderUltimatum from server, reason code 0x%02x\n", reason);
rdp->disconnect = TRUE;
return TRUE;
}
per_read_integer16(s, &initiator, MCS_BASE_CHANNEL_ID); /* initiator (UserId) */
per_read_integer16(s, channel_id, 0); /* channelId */
stream_seek(s, 1); /* dataPriority + Segmentation (0x70) */
per_read_length(s, length); /* userData (OCTET_STRING) */
if (*length > stream_get_left(s))
return FALSE;
return TRUE;
}
/**
* Write an RDP packet header.\n
* @param rdp rdp module
* @param s stream
* @param length RDP packet length
* @param channel_id channel id
*/
void rdp_write_header(rdpRdp* rdp, STREAM* s, UINT16 length, UINT16 channel_id)
{
2011-09-16 03:54:03 +04:00
int body_length;
enum DomainMCSPDU MCSPDU;
MCSPDU = (rdp->settings->ServerMode) ? DomainMCSPDU_SendDataIndication : DomainMCSPDU_SendDataRequest;
if ((rdp->sec_flags & SEC_ENCRYPT) && (rdp->settings->EncryptionMethods == ENCRYPTION_METHOD_FIPS))
2011-09-27 09:30:58 +04:00
{
2011-09-16 03:54:03 +04:00
int pad;
body_length = length - RDP_PACKET_HEADER_MAX_LENGTH - 16;
2011-09-16 03:54:03 +04:00
pad = 8 - (body_length % 8);
if (pad != 8)
length += pad;
}
mcs_write_domain_mcspdu_header(s, MCSPDU, length, 0);
per_write_integer16(s, rdp->mcs->user_id, MCS_BASE_CHANNEL_ID); /* initiator */
per_write_integer16(s, channel_id, 0); /* channelId */
stream_write_BYTE(s, 0x70); /* dataPriority + segmentation */
/*
* We always encode length in two bytes, eventhough we could use
* only one byte if length <= 0x7F. It is just easier that way,
* because we can leave room for fixed-length header, store all
* the data first and then store the header.
*/
length = (length - RDP_PACKET_HEADER_MAX_LENGTH) | 0x8000;
stream_write_UINT16_be(s, length); /* userData (OCTET_STRING) */
}
static UINT32 RdpSecurity_stream_out(rdpRdp* rdp, STREAM* s, int length)
2011-09-13 10:40:27 +04:00
{
BYTE* data;
2012-10-09 11:26:39 +04:00
UINT32 sec_flags;
UINT32 pad = 0;
2011-09-13 10:40:27 +04:00
sec_flags = rdp->sec_flags;
2011-09-13 10:40:27 +04:00
if (sec_flags != 0)
{
rdp_write_security_header(s, sec_flags);
2011-09-13 10:40:27 +04:00
if (sec_flags & SEC_ENCRYPT)
{
if (rdp->settings->EncryptionMethods == ENCRYPTION_METHOD_FIPS)
2011-09-16 03:54:03 +04:00
{
data = s->p + 12;
length = length - (data - s->data);
stream_write_UINT16(s, 0x10); /* length */
stream_write_BYTE(s, 0x1); /* TSFIPS_VERSION 1*/
2011-09-16 03:54:03 +04:00
/* handle padding */
pad = 8 - (length % 8);
2011-09-16 03:54:03 +04:00
if (pad == 8)
pad = 0;
if (pad)
memset(data+length, 0, pad);
stream_write_BYTE(s, pad);
2011-09-16 03:54:03 +04:00
security_hmac_signature(data, length, s->p, rdp);
stream_seek(s, 8);
security_fips_encrypt(data, length + pad, rdp);
}
else
{
data = s->p + 8;
length = length - (data - s->data);
if (sec_flags & SEC_SECURE_CHECKSUM)
security_salted_mac_signature(rdp, data, length, TRUE, s->p);
else
security_mac_signature(rdp, data, length, s->p);
2011-09-16 03:54:03 +04:00
stream_seek(s, 8);
security_encrypt(s->p, length, rdp);
}
2011-09-13 10:40:27 +04:00
}
2011-09-13 10:40:27 +04:00
rdp->sec_flags = 0;
}
2011-09-16 03:54:03 +04:00
return pad;
2011-09-13 10:40:27 +04:00
}
2012-10-09 11:26:39 +04:00
static UINT32 rdp_get_sec_bytes(rdpRdp* rdp)
2011-09-13 10:40:27 +04:00
{
2012-10-09 11:26:39 +04:00
UINT32 sec_bytes;
2011-09-13 10:40:27 +04:00
if (rdp->sec_flags & SEC_ENCRYPT)
{
2011-09-13 10:40:27 +04:00
sec_bytes = 12;
if (rdp->settings->EncryptionMethods == ENCRYPTION_METHOD_FIPS)
2011-09-16 03:54:03 +04:00
sec_bytes += 4;
}
else if (rdp->sec_flags != 0)
{
2011-09-13 10:40:27 +04:00
sec_bytes = 4;
}
2011-09-13 10:40:27 +04:00
else
{
2011-09-13 10:40:27 +04:00
sec_bytes = 0;
}
2011-09-13 10:40:27 +04:00
return sec_bytes;
}
/**
* Send an RDP packet.\n
* @param rdp RDP module
* @param s stream
* @param channel_id channel id
*/
BOOL rdp_send(rdpRdp* rdp, STREAM* s, UINT16 channel_id)
{
UINT16 length;
2012-10-09 11:26:39 +04:00
UINT32 sec_bytes;
BYTE* sec_hold;
length = stream_get_length(s);
stream_set_pos(s, 0);
rdp_write_header(rdp, s, length, channel_id);
2011-09-16 03:54:03 +04:00
sec_bytes = rdp_get_sec_bytes(rdp);
2011-09-13 10:40:27 +04:00
sec_hold = s->p;
stream_seek(s, sec_bytes);
s->p = sec_hold;
length += RdpSecurity_stream_out(rdp, s, length);
2012-01-25 19:27:00 +04:00
stream_set_pos(s, length);
if (transport_write(rdp->transport, s) < 0)
return FALSE;
return TRUE;
}
BOOL rdp_send_pdu(rdpRdp* rdp, STREAM* s, UINT16 type, UINT16 channel_id)
{
UINT16 length;
2012-10-09 11:26:39 +04:00
UINT32 sec_bytes;
BYTE* sec_hold;
length = stream_get_length(s);
stream_set_pos(s, 0);
rdp_write_header(rdp, s, length, MCS_GLOBAL_CHANNEL_ID);
2011-09-13 10:40:27 +04:00
2011-09-16 03:54:03 +04:00
sec_bytes = rdp_get_sec_bytes(rdp);
2011-09-13 10:40:27 +04:00
sec_hold = s->p;
stream_seek(s, sec_bytes);
rdp_write_share_control_header(s, length - sec_bytes, type, channel_id);
2011-09-13 10:40:27 +04:00
s->p = sec_hold;
length += RdpSecurity_stream_out(rdp, s, length);
2011-09-13 10:40:27 +04:00
stream_set_pos(s, length);
if (transport_write(rdp->transport, s) < 0)
return FALSE;
return TRUE;
}
BOOL rdp_send_data_pdu(rdpRdp* rdp, STREAM* s, BYTE type, UINT16 channel_id)
{
UINT16 length;
2012-10-09 11:26:39 +04:00
UINT32 sec_bytes;
BYTE* sec_hold;
length = stream_get_length(s);
stream_set_pos(s, 0);
rdp_write_header(rdp, s, length, MCS_GLOBAL_CHANNEL_ID);
2011-09-13 10:40:27 +04:00
2011-09-16 03:54:03 +04:00
sec_bytes = rdp_get_sec_bytes(rdp);
2011-09-13 10:40:27 +04:00
sec_hold = s->p;
stream_seek(s, sec_bytes);
rdp_write_share_control_header(s, length - sec_bytes, PDU_TYPE_DATA, channel_id);
rdp_write_share_data_header(s, length - sec_bytes, type, rdp->settings->ShareId);
2011-09-13 10:40:27 +04:00
s->p = sec_hold;
length += RdpSecurity_stream_out(rdp, s, length);
2011-09-13 10:40:27 +04:00
stream_set_pos(s, length);
if (transport_write(rdp->transport, s) < 0)
return FALSE;
return TRUE;
}
void rdp_recv_set_error_info_data_pdu(rdpRdp* rdp, STREAM* s)
2011-07-22 00:20:41 +04:00
{
2012-10-09 11:26:39 +04:00
stream_read_UINT32(s, rdp->errorInfo); /* errorInfo (4 bytes) */
2011-07-22 00:20:41 +04:00
if (rdp->errorInfo != ERRINFO_SUCCESS)
rdp_print_errinfo(rdp->errorInfo);
2011-07-22 00:20:41 +04:00
}
BOOL rdp_recv_data_pdu(rdpRdp* rdp, STREAM* s)
2011-07-22 00:20:41 +04:00
{
BYTE type;
UINT16 length;
2012-10-09 11:26:39 +04:00
UINT32 share_id;
BYTE compressed_type;
UINT16 compressed_len;
2012-10-09 11:26:39 +04:00
UINT32 roff;
UINT32 rlen;
STREAM* comp_stream;
2011-07-22 00:20:41 +04:00
rdp_read_share_data_header(s, &length, &type, &share_id, &compressed_type, &compressed_len);
2011-07-22 00:20:41 +04:00
comp_stream = s;
if (compressed_type & PACKET_COMPRESSED)
{
2012-03-30 07:57:26 +04:00
if (decompress_rdp(rdp->mppc_dec, s->p, compressed_len - 18, compressed_type, &roff, &rlen))
{
comp_stream = stream_new(0);
2012-03-30 07:57:26 +04:00
comp_stream->data = rdp->mppc_dec->history_buf + roff;
comp_stream->p = comp_stream->data;
comp_stream->size = rlen;
}
else
{
printf("decompress_rdp() failed\n");
return FALSE;
}
stream_seek(s, compressed_len - 18);
}
#ifdef WITH_DEBUG_RDP
2012-03-22 17:34:08 +04:00
/* if (type != DATA_PDU_TYPE_UPDATE) */
DEBUG_RDP("recv %s Data PDU (0x%02X), length:%d",
type < ARRAYSIZE(DATA_PDU_TYPE_STRINGS) ? DATA_PDU_TYPE_STRINGS[type] : "???", type, length);
#endif
2011-07-22 00:20:41 +04:00
switch (type)
{
case DATA_PDU_TYPE_UPDATE:
if (!update_recv(rdp->update, comp_stream))
return FALSE;
break;
case DATA_PDU_TYPE_CONTROL:
rdp_recv_server_control_pdu(rdp, comp_stream);
break;
case DATA_PDU_TYPE_POINTER:
update_recv_pointer(rdp->update, comp_stream);
break;
case DATA_PDU_TYPE_INPUT:
break;
case DATA_PDU_TYPE_SYNCHRONIZE:
rdp_recv_synchronize_pdu(rdp, comp_stream);
break;
case DATA_PDU_TYPE_REFRESH_RECT:
break;
case DATA_PDU_TYPE_PLAY_SOUND:
update_recv_play_sound(rdp->update, comp_stream);
break;
case DATA_PDU_TYPE_SUPPRESS_OUTPUT:
break;
case DATA_PDU_TYPE_SHUTDOWN_REQUEST:
break;
case DATA_PDU_TYPE_SHUTDOWN_DENIED:
break;
case DATA_PDU_TYPE_SAVE_SESSION_INFO:
rdp_recv_save_session_info(rdp, comp_stream);
break;
case DATA_PDU_TYPE_FONT_LIST:
break;
case DATA_PDU_TYPE_FONT_MAP:
rdp_recv_font_map_pdu(rdp, comp_stream);
break;
case DATA_PDU_TYPE_SET_KEYBOARD_INDICATORS:
break;
case DATA_PDU_TYPE_BITMAP_CACHE_PERSISTENT_LIST:
break;
case DATA_PDU_TYPE_BITMAP_CACHE_ERROR:
break;
case DATA_PDU_TYPE_SET_KEYBOARD_IME_STATUS:
break;
case DATA_PDU_TYPE_OFFSCREEN_CACHE_ERROR:
break;
2011-07-22 00:20:41 +04:00
case DATA_PDU_TYPE_SET_ERROR_INFO:
rdp_recv_set_error_info_data_pdu(rdp, comp_stream);
2011-07-22 00:20:41 +04:00
break;
case DATA_PDU_TYPE_DRAW_NINEGRID_ERROR:
break;
case DATA_PDU_TYPE_DRAW_GDIPLUS_ERROR:
break;
case DATA_PDU_TYPE_ARC_STATUS:
break;
case DATA_PDU_TYPE_STATUS_INFO:
break;
case DATA_PDU_TYPE_MONITOR_LAYOUT:
break;
2011-07-22 00:20:41 +04:00
default:
break;
}
if (comp_stream != s)
{
stream_detach(comp_stream);
stream_free(comp_stream);
}
return TRUE;
2011-07-22 00:20:41 +04:00
}
BOOL rdp_recv_out_of_sequence_pdu(rdpRdp* rdp, STREAM* s)
{
UINT16 type;
UINT16 length;
UINT16 channelId;
rdp_read_share_control_header(s, &length, &type, &channelId);
if (type == PDU_TYPE_DATA)
{
return rdp_recv_data_pdu(rdp, s);
}
else if (type == PDU_TYPE_SERVER_REDIRECTION)
{
rdp_recv_enhanced_security_redirection_packet(rdp, s);
return TRUE;
}
else
{
return FALSE;
}
}
2011-09-05 22:02:52 +04:00
/**
* Decrypt an RDP packet.\n
* @param rdp RDP module
* @param s stream
* @param length int
*/
BOOL rdp_decrypt(rdpRdp* rdp, STREAM* s, int length, UINT16 securityFlags)
2011-09-05 22:02:52 +04:00
{
BYTE cmac[8];
BYTE wmac[8];
2011-09-15 01:14:50 +04:00
if (rdp->settings->EncryptionMethods == ENCRYPTION_METHOD_FIPS)
2011-09-16 03:54:03 +04:00
{
UINT16 len;
BYTE version, pad;
BYTE* sig;
2011-09-16 03:54:03 +04:00
stream_read_UINT16(s, len); /* 0x10 */
stream_read_BYTE(s, version); /* 0x1 */
stream_read_BYTE(s, pad);
2011-09-16 03:54:03 +04:00
sig = s->p;
stream_seek(s, 8); /* signature */
length -= 12;
2011-09-16 03:54:03 +04:00
if (!security_fips_decrypt(s->p, length, rdp))
2011-09-16 03:54:03 +04:00
{
printf("FATAL: cannot decrypt\n");
return FALSE; /* TODO */
2011-09-16 03:54:03 +04:00
}
if (!security_fips_check_signature(s->p, length - pad, sig, rdp))
2011-09-16 03:54:03 +04:00
{
printf("FATAL: invalid packet signature\n");
return FALSE; /* TODO */
2011-09-16 03:54:03 +04:00
}
2011-09-27 09:30:58 +04:00
/* is this what needs adjusting? */
2011-09-16 03:54:03 +04:00
s->size -= pad;
return TRUE;
2011-09-16 03:54:03 +04:00
}
stream_read(s, wmac, sizeof(wmac));
length -= sizeof(wmac);
security_decrypt(s->p, length, rdp);
if (securityFlags & SEC_SECURE_CHECKSUM)
security_salted_mac_signature(rdp, s->p, length, FALSE, cmac);
else
security_mac_signature(rdp, s->p, length, cmac);
2012-01-25 19:26:32 +04:00
if (memcmp(wmac, cmac, sizeof(wmac)) != 0)
{
printf("WARNING: invalid packet signature\n");
/*
* Because Standard RDP Security is totally broken,
* and cannot protect against MITM, don't treat signature
* verification failure as critical. This at least enables
* us to work with broken RDP clients and servers that
* generate invalid signatures.
*/
//return FALSE;
}
return TRUE;
2011-09-05 22:02:52 +04:00
}
/**
* Process an RDP packet.\n
* @param rdp RDP module
* @param s stream
*/
static BOOL rdp_recv_tpkt_pdu(rdpRdp* rdp, STREAM* s)
{
UINT16 length;
UINT16 pduType;
UINT16 pduLength;
UINT16 pduSource;
UINT16 channelId;
UINT16 securityFlags;
BYTE* nextp;
if (!rdp_read_header(rdp, s, &length, &channelId))
{
printf("Incorrect RDP header.\n");
return FALSE;
}
if (rdp->settings->DisableEncryption)
2011-09-05 22:02:52 +04:00
{
rdp_read_security_header(s, &securityFlags);
if (securityFlags & (SEC_ENCRYPT | SEC_REDIRECTION_PKT))
2011-09-05 22:02:52 +04:00
{
if (!rdp_decrypt(rdp, s, length - 4, securityFlags))
2011-09-05 22:02:52 +04:00
{
printf("rdp_decrypt failed\n");
return FALSE;
2011-09-05 22:02:52 +04:00
}
}
if (securityFlags & SEC_REDIRECTION_PKT)
{
/*
* [MS-RDPBCGR] 2.2.13.2.1
* - no share control header, nor the 2 byte pad
*/
s->p -= 2;
rdp_recv_enhanced_security_redirection_packet(rdp, s);
return TRUE;
}
2011-09-05 22:02:52 +04:00
}
if (channelId != MCS_GLOBAL_CHANNEL_ID)
{
freerdp_channel_process(rdp->instance, s, channelId);
}
else
{
while (stream_get_left(s) > 3)
{
stream_get_mark(s, nextp);
rdp_read_share_control_header(s, &pduLength, &pduType, &pduSource);
nextp += pduLength;
rdp->settings->PduSource = pduSource;
switch (pduType)
{
case PDU_TYPE_DATA:
if (!rdp_recv_data_pdu(rdp, s))
{
printf("rdp_recv_data_pdu failed\n");
return FALSE;
}
break;
case PDU_TYPE_DEACTIVATE_ALL:
if (!rdp_recv_deactivate_all(rdp, s))
return FALSE;
break;
case PDU_TYPE_SERVER_REDIRECTION:
rdp_recv_enhanced_security_redirection_packet(rdp, s);
break;
default:
printf("incorrect PDU type: 0x%04X\n", pduType);
break;
}
stream_set_mark(s, nextp);
}
}
return TRUE;
}
static BOOL rdp_recv_fastpath_pdu(rdpRdp* rdp, STREAM* s)
{
UINT16 length;
2011-09-27 09:30:58 +04:00
rdpFastPath* fastpath;
2011-09-27 09:30:58 +04:00
fastpath = rdp->fastpath;
length = fastpath_read_header_rdp(fastpath, s);
2012-01-25 19:27:00 +04:00
if ((length == 0) || (length > stream_get_left(s)))
{
printf("incorrect FastPath PDU header length %d\n", length);
return FALSE;
}
2011-09-27 09:30:58 +04:00
if (fastpath->encryptionFlags & FASTPATH_OUTPUT_ENCRYPTED)
2011-09-15 01:14:50 +04:00
{
rdp_decrypt(rdp, s, length, (fastpath->encryptionFlags & FASTPATH_OUTPUT_SECURE_CHECKSUM) ? SEC_SECURE_CHECKSUM : 0);
2011-09-15 01:14:50 +04:00
}
2011-08-23 09:05:58 +04:00
return fastpath_recv_updates(rdp->fastpath, s);
}
static BOOL rdp_recv_pdu(rdpRdp* rdp, STREAM* s)
{
if (tpkt_verify_header(s))
2011-08-23 08:58:10 +04:00
return rdp_recv_tpkt_pdu(rdp, s);
else
2011-08-23 08:58:10 +04:00
return rdp_recv_fastpath_pdu(rdp, s);
}
/**
* Receive an RDP packet.\n
* @param rdp RDP module
*/
void rdp_recv(rdpRdp* rdp)
{
STREAM* s;
s = transport_recv_stream_init(rdp->transport, 4096);
transport_read(rdp->transport, s);
2011-08-23 08:58:10 +04:00
rdp_recv_pdu(rdp, s);
}
static BOOL rdp_recv_callback(rdpTransport* transport, STREAM* s, void* extra)
{
rdpRdp* rdp = (rdpRdp*) extra;
switch (rdp->state)
{
case CONNECTION_STATE_NEGO:
if (!rdp_client_connect_mcs_connect_response(rdp, s))
return FALSE;
break;
case CONNECTION_STATE_MCS_ATTACH_USER:
if (!rdp_client_connect_mcs_attach_user_confirm(rdp, s))
return FALSE;
break;
case CONNECTION_STATE_MCS_CHANNEL_JOIN:
if (!rdp_client_connect_mcs_channel_join_confirm(rdp, s))
return FALSE;
break;
case CONNECTION_STATE_LICENSE:
if (!rdp_client_connect_license(rdp, s))
return FALSE;
break;
case CONNECTION_STATE_CAPABILITY:
if (!rdp_client_connect_demand_active(rdp, s))
2011-09-15 01:14:50 +04:00
{
printf("rdp_client_connect_demand_active failed\n");
return FALSE;
2011-09-15 01:14:50 +04:00
}
break;
case CONNECTION_STATE_FINALIZATION:
if (!rdp_recv_pdu(rdp, s))
return FALSE;
if (rdp->finalize_sc_pdus == FINALIZE_SC_COMPLETE)
rdp->state = CONNECTION_STATE_ACTIVE;
break;
case CONNECTION_STATE_ACTIVE:
2011-08-23 08:58:10 +04:00
if (!rdp_recv_pdu(rdp, s))
return FALSE;
break;
default:
printf("Invalid state %d\n", rdp->state);
return FALSE;
}
return TRUE;
}
int rdp_send_channel_data(rdpRdp* rdp, int channel_id, BYTE* data, int size)
{
return freerdp_channel_send(rdp, channel_id, data, size);
}
/**
* Set non-blocking mode information.
* @param rdp RDP module
* @param blocking blocking mode
*/
void rdp_set_blocking_mode(rdpRdp* rdp, BOOL blocking)
{
rdp->transport->recv_callback = rdp_recv_callback;
rdp->transport->recv_extra = rdp;
transport_set_blocking_mode(rdp->transport, blocking);
}
int rdp_check_fds(rdpRdp* rdp)
{
return transport_check_fds(&(rdp->transport));
}
/**
* Instantiate new RDP module.
* @return new RDP module
*/
rdpRdp* rdp_new(freerdp* instance)
{
rdpRdp* rdp;
rdp = (rdpRdp*) malloc(sizeof(rdpRdp));
if (rdp != NULL)
{
ZeroMemory(rdp, sizeof(rdpRdp));
rdp->instance = instance;
rdp->settings = freerdp_settings_new((void*) instance);
if (instance != NULL)
instance->settings = rdp->settings;
rdp->extension = extension_new(instance);
rdp->transport = transport_new(rdp->settings);
rdp->license = license_new(rdp);
rdp->input = input_new(rdp);
rdp->update = update_new(rdp);
rdp->fastpath = fastpath_new(rdp);
rdp->nego = nego_new(rdp->transport);
rdp->mcs = mcs_new(rdp->transport);
rdp->redirection = redirection_new();
2012-03-30 07:57:26 +04:00
rdp->mppc_dec = mppc_dec_new();
rdp->mppc_enc = mppc_enc_new(PROTO_RDP_50);
}
return rdp;
}
/**
* Free RDP module.
* @param rdp RDP module to be freed
*/
void rdp_free(rdpRdp* rdp)
{
if (rdp != NULL)
{
crypto_rc4_free(rdp->rc4_decrypt_key);
crypto_rc4_free(rdp->rc4_encrypt_key);
crypto_des3_free(rdp->fips_encrypt);
crypto_des3_free(rdp->fips_decrypt);
crypto_hmac_free(rdp->fips_hmac);
freerdp_settings_free(rdp->settings);
extension_free(rdp->extension);
transport_free(rdp->transport);
license_free(rdp->license);
input_free(rdp->input);
update_free(rdp->update);
fastpath_free(rdp->fastpath);
2011-08-25 09:45:43 +04:00
nego_free(rdp->nego);
mcs_free(rdp->mcs);
redirection_free(rdp->redirection);
2012-03-30 07:57:26 +04:00
mppc_dec_free(rdp->mppc_dec);
mppc_enc_free(rdp->mppc_enc);
free(rdp);
}
}