Merge pull request #5036 from akallabeth/auth_fixes
Refactor NEGO NLA and redirection to use opaque handles
This commit is contained in:
commit
7db6ac063a
@ -45,19 +45,6 @@ extern "C" {
|
||||
#define ERRINFO_RPC_INITIATED_DISCONNECT_BY_USER 0x0000000B
|
||||
#define ERRINFO_LOGOFF_BY_USER 0x0000000C
|
||||
|
||||
/* Protocol-independent codes generated by the Connection Broker */
|
||||
#define ERRINFO_CB_DESTINATION_NOT_FOUND 0x0000400
|
||||
#define ERRINFO_CB_LOADING_DESTINATION 0x0000402
|
||||
#define ERRINFO_CB_REDIRECTING_TO_DESTINATION 0x0000404
|
||||
#define ERRINFO_CB_SESSION_ONLINE_VM_WAKE 0x0000405
|
||||
#define ERRINFO_CB_SESSION_ONLINE_VM_BOOT 0x0000406
|
||||
#define ERRINFO_CB_SESSION_ONLINE_VM_NO_DNS 0x0000407
|
||||
#define ERRINFO_CB_DESTINATION_POOL_NOT_FREE 0x0000408
|
||||
#define ERRINFO_CB_CONNECTION_CANCELLED 0x0000409
|
||||
#define ERRINFO_CB_CONNECTION_ERROR_INVALID_SETTINGS 0x0000410
|
||||
#define ERRINFO_CB_SESSION_ONLINE_VM_BOOT_TIMEOUT 0x0000411
|
||||
#define ERRINFO_CB_SESSION_ONLINE_VM_SESSMON_FAILED 0x0000412
|
||||
|
||||
/* Protocol-independent licensing codes */
|
||||
#define ERRINFO_LICENSE_INTERNAL 0x00000100
|
||||
#define ERRINFO_LICENSE_NO_LICENSE_SERVER 0x00000101
|
||||
@ -71,6 +58,19 @@ extern "C" {
|
||||
#define ERRINFO_LICENSE_CANT_UPGRADE_LICENSE 0x00000109
|
||||
#define ERRINFO_LICENSE_NO_REMOTE_CONNECTIONS 0x0000010A
|
||||
|
||||
/* Protocol-independent codes generated by the Connection Broker */
|
||||
#define ERRINFO_CB_DESTINATION_NOT_FOUND 0x0000400
|
||||
#define ERRINFO_CB_LOADING_DESTINATION 0x0000402
|
||||
#define ERRINFO_CB_REDIRECTING_TO_DESTINATION 0x0000404
|
||||
#define ERRINFO_CB_SESSION_ONLINE_VM_WAKE 0x0000405
|
||||
#define ERRINFO_CB_SESSION_ONLINE_VM_BOOT 0x0000406
|
||||
#define ERRINFO_CB_SESSION_ONLINE_VM_NO_DNS 0x0000407
|
||||
#define ERRINFO_CB_DESTINATION_POOL_NOT_FREE 0x0000408
|
||||
#define ERRINFO_CB_CONNECTION_CANCELLED 0x0000409
|
||||
#define ERRINFO_CB_CONNECTION_ERROR_INVALID_SETTINGS 0x0000410
|
||||
#define ERRINFO_CB_SESSION_ONLINE_VM_BOOT_TIMEOUT 0x0000411
|
||||
#define ERRINFO_CB_SESSION_ONLINE_VM_SESSMON_FAILED 0x0000412
|
||||
|
||||
/* RDP specific codes */
|
||||
#define ERRINFO_UNKNOWN_DATA_PDU_TYPE 0x000010C9
|
||||
#define ERRINFO_UNKNOWN_PDU_TYPE 0x000010CA
|
||||
@ -134,6 +134,7 @@ extern "C" {
|
||||
#define ERRINFO_BAD_MONITOR_DATA 0x00001129
|
||||
#define ERRINFO_VC_DECOMPRESSED_REASSEMBLE_FAILED 0x0000112A
|
||||
#define ERRINFO_VC_DATA_TOO_LONG 0x0000112B
|
||||
#define ERRINFO_BAD_FRAME_ACK_DATA 0x0000112C
|
||||
#define ERRINFO_GRAPHICS_MODE_NOT_SUPPORTED 0x0000112D
|
||||
#define ERRINFO_GRAPHICS_SUBSYSTEM_RESET_FAILED 0x0000112E
|
||||
#define ERRINFO_GRAPHICS_SUBSYSTEM_FAILED 0x0000112F
|
||||
@ -141,6 +142,9 @@ extern "C" {
|
||||
#define ERRINFO_TIMEZONE_KEY_NAME_LENGTH_TOO_LONG 0x00001131
|
||||
#define ERRINFO_DYNAMIC_DST_DISABLED_FIELD_MISSING 0x00001132
|
||||
#define ERRINFO_VC_DECODING_ERROR 0x00001133
|
||||
#define ERRINFO_VIRTUALDESKTOPTOOLARGE 0x00001134
|
||||
#define ERRINFO_MONITORGEOMETRYVALIDATIONFAILED 0x00001135
|
||||
#define ERRINFO_INVALIDMONITORCOUNT 0x00001136
|
||||
#define ERRINFO_UPDATE_SESSION_KEY_FAILED 0x00001191
|
||||
#define ERRINFO_DECRYPT_FAILED 0x00001192
|
||||
#define ERRINFO_ENCRYPT_FAILED 0x00001193
|
||||
|
@ -197,6 +197,7 @@ static BOOL rdp_client_reset_codecs(rdpContext* context)
|
||||
|
||||
BOOL rdp_client_connect(rdpRdp* rdp)
|
||||
{
|
||||
UINT32 SelectedProtocol;
|
||||
BOOL status;
|
||||
rdpSettings* settings = rdp->settings;
|
||||
/* make sure SSL is initialize for earlier enough for crypto, by taking advantage of winpr SSL FIPS flag for openssl initialization */
|
||||
@ -306,7 +307,9 @@ BOOL rdp_client_connect(rdpRdp* rdp)
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
if ((rdp->nego->SelectedProtocol & PROTOCOL_TLS) || (rdp->nego->SelectedProtocol == PROTOCOL_RDP))
|
||||
SelectedProtocol = nego_get_selected_protocol(rdp->nego);
|
||||
|
||||
if ((SelectedProtocol & PROTOCOL_SSL) || (SelectedProtocol == PROTOCOL_RDP))
|
||||
{
|
||||
if ((settings->Username != NULL) && ((settings->Password != NULL) ||
|
||||
(settings->RedirectionPassword != NULL && settings->RedirectionPasswordLength > 0)))
|
||||
@ -1169,6 +1172,8 @@ int rdp_client_transition_to_state(rdpRdp* rdp, int state)
|
||||
|
||||
BOOL rdp_server_accept_nego(rdpRdp* rdp, wStream* s)
|
||||
{
|
||||
UINT32 SelectedProtocol = 0;
|
||||
UINT32 RequestedProtocols;
|
||||
BOOL status;
|
||||
rdpSettings* settings = rdp->settings;
|
||||
rdpNego* nego = rdp->nego;
|
||||
@ -1177,26 +1182,26 @@ BOOL rdp_server_accept_nego(rdpRdp* rdp, wStream* s)
|
||||
if (!nego_read_request(nego, s))
|
||||
return FALSE;
|
||||
|
||||
nego->SelectedProtocol = 0;
|
||||
RequestedProtocols = nego_get_requested_protocols(nego);
|
||||
WLog_INFO(TAG, "Client Security: NLA:%d TLS:%d RDP:%d",
|
||||
(nego->RequestedProtocols & PROTOCOL_NLA) ? 1 : 0,
|
||||
(nego->RequestedProtocols & PROTOCOL_TLS) ? 1 : 0,
|
||||
(nego->RequestedProtocols == PROTOCOL_RDP) ? 1 : 0
|
||||
(RequestedProtocols & PROTOCOL_HYBRID) ? 1 : 0,
|
||||
(RequestedProtocols & PROTOCOL_SSL) ? 1 : 0,
|
||||
(RequestedProtocols == PROTOCOL_RDP) ? 1 : 0
|
||||
);
|
||||
WLog_INFO(TAG, "Server Security: NLA:%"PRId32" TLS:%"PRId32" RDP:%"PRId32"",
|
||||
settings->NlaSecurity, settings->TlsSecurity, settings->RdpSecurity);
|
||||
|
||||
if ((settings->NlaSecurity) && (nego->RequestedProtocols & PROTOCOL_NLA))
|
||||
if ((settings->NlaSecurity) && (RequestedProtocols & PROTOCOL_HYBRID))
|
||||
{
|
||||
nego->SelectedProtocol = PROTOCOL_NLA;
|
||||
SelectedProtocol = PROTOCOL_HYBRID;
|
||||
}
|
||||
else if ((settings->TlsSecurity) && (nego->RequestedProtocols & PROTOCOL_TLS))
|
||||
else if ((settings->TlsSecurity) && (RequestedProtocols & PROTOCOL_SSL))
|
||||
{
|
||||
nego->SelectedProtocol = PROTOCOL_TLS;
|
||||
SelectedProtocol = PROTOCOL_SSL;
|
||||
}
|
||||
else if ((settings->RdpSecurity) && (nego->RequestedProtocols == PROTOCOL_RDP))
|
||||
else if ((settings->RdpSecurity) && (RequestedProtocols == PROTOCOL_RDP))
|
||||
{
|
||||
nego->SelectedProtocol = PROTOCOL_RDP;
|
||||
SelectedProtocol = PROTOCOL_RDP;
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -1204,49 +1209,53 @@ BOOL rdp_server_accept_nego(rdpRdp* rdp, wStream* s)
|
||||
* when here client and server aren't compatible, we select the right
|
||||
* error message to return to the client in the nego failure packet
|
||||
*/
|
||||
nego->SelectedProtocol = PROTOCOL_FAILED_NEGO;
|
||||
SelectedProtocol = PROTOCOL_FAILED_NEGO;
|
||||
|
||||
if (settings->RdpSecurity)
|
||||
{
|
||||
WLog_ERR(TAG, "server supports only Standard RDP Security");
|
||||
nego->SelectedProtocol |= SSL_NOT_ALLOWED_BY_SERVER;
|
||||
SelectedProtocol |= SSL_NOT_ALLOWED_BY_SERVER;
|
||||
}
|
||||
else
|
||||
{
|
||||
if (settings->NlaSecurity && !settings->TlsSecurity)
|
||||
{
|
||||
WLog_WARN(TAG, "server supports only NLA Security");
|
||||
nego->SelectedProtocol |= HYBRID_REQUIRED_BY_SERVER;
|
||||
SelectedProtocol |= HYBRID_REQUIRED_BY_SERVER;
|
||||
}
|
||||
else
|
||||
{
|
||||
WLog_WARN(TAG, "server supports only a SSL based Security (TLS or NLA)");
|
||||
nego->SelectedProtocol |= SSL_REQUIRED_BY_SERVER;
|
||||
SelectedProtocol |= SSL_REQUIRED_BY_SERVER;
|
||||
}
|
||||
}
|
||||
|
||||
WLog_ERR(TAG, "Protocol security negotiation failure");
|
||||
}
|
||||
|
||||
if (!(nego->SelectedProtocol & PROTOCOL_FAILED_NEGO))
|
||||
if (!(SelectedProtocol & PROTOCOL_FAILED_NEGO))
|
||||
{
|
||||
WLog_INFO(TAG, "Negotiated Security: NLA:%d TLS:%d RDP:%d",
|
||||
(nego->SelectedProtocol & PROTOCOL_NLA) ? 1 : 0,
|
||||
(nego->SelectedProtocol & PROTOCOL_TLS) ? 1 : 0,
|
||||
(nego->SelectedProtocol == PROTOCOL_RDP) ? 1 : 0
|
||||
(SelectedProtocol & PROTOCOL_HYBRID) ? 1 : 0,
|
||||
(SelectedProtocol & PROTOCOL_SSL) ? 1 : 0,
|
||||
(SelectedProtocol == PROTOCOL_RDP) ? 1 : 0
|
||||
);
|
||||
}
|
||||
|
||||
if (!nego_set_selected_protocol(nego, SelectedProtocol))
|
||||
return FALSE;
|
||||
|
||||
if (!nego_send_negotiation_response(nego))
|
||||
return FALSE;
|
||||
|
||||
SelectedProtocol = nego_get_selected_protocol(nego);
|
||||
status = FALSE;
|
||||
|
||||
if (nego->SelectedProtocol & PROTOCOL_NLA)
|
||||
if (SelectedProtocol & PROTOCOL_HYBRID)
|
||||
status = transport_accept_nla(rdp->transport);
|
||||
else if (nego->SelectedProtocol & PROTOCOL_TLS)
|
||||
else if (SelectedProtocol & PROTOCOL_SSL)
|
||||
status = transport_accept_tls(rdp->transport);
|
||||
else if (nego->SelectedProtocol == PROTOCOL_RDP) /* 0 */
|
||||
else if (SelectedProtocol == PROTOCOL_RDP) /* 0 */
|
||||
status = transport_accept_rdp(rdp->transport);
|
||||
|
||||
if (!status)
|
||||
|
@ -36,363 +36,376 @@ int connectErrorCode;
|
||||
/* Protocol-independent codes */
|
||||
|
||||
#define ERRINFO_RPC_INITIATED_DISCONNECT_STRING \
|
||||
"The disconnection was initiated by an administrative tool on the server in another session."
|
||||
"The disconnection was initiated by an administrative tool on the server in another session."
|
||||
|
||||
#define ERRINFO_RPC_INITIATED_LOGOFF_STRING \
|
||||
"The disconnection was due to a forced logoff initiated by an administrative tool on the server in another session."
|
||||
"The disconnection was due to a forced logoff initiated by an administrative tool on the server in another session."
|
||||
|
||||
#define ERRINFO_IDLE_TIMEOUT_STRING \
|
||||
"The idle session limit timer on the server has elapsed."
|
||||
"The idle session limit timer on the server has elapsed."
|
||||
|
||||
#define ERRINFO_LOGON_TIMEOUT_STRING \
|
||||
"The active session limit timer on the server has elapsed."
|
||||
"The active session limit timer on the server has elapsed."
|
||||
|
||||
#define ERRINFO_DISCONNECTED_BY_OTHER_CONNECTION_STRING \
|
||||
"Another user connected to the server, forcing the disconnection of the current connection."
|
||||
"Another user connected to the server, forcing the disconnection of the current connection."
|
||||
|
||||
#define ERRINFO_OUT_OF_MEMORY_STRING \
|
||||
"The server ran out of available memory resources."
|
||||
"The server ran out of available memory resources."
|
||||
|
||||
#define ERRINFO_SERVER_DENIED_CONNECTION_STRING \
|
||||
"The server denied the connection."
|
||||
"The server denied the connection."
|
||||
|
||||
#define ERRINFO_SERVER_INSUFFICIENT_PRIVILEGES_STRING \
|
||||
"The user cannot connect to the server due to insufficient access privileges."
|
||||
"The user cannot connect to the server due to insufficient access privileges."
|
||||
|
||||
#define ERRINFO_SERVER_FRESH_CREDENTIALS_REQUIRED_STRING \
|
||||
"The server does not accept saved user credentials and requires that the user enter their credentials for each connection."
|
||||
"The server does not accept saved user credentials and requires that the user enter their credentials for each connection."
|
||||
|
||||
#define ERRINFO_RPC_INITIATED_DISCONNECT_BY_USER_STRING \
|
||||
"The disconnection was initiated by an administrative tool on the server running in the user's session."
|
||||
"The disconnection was initiated by an administrative tool on the server running in the user's session."
|
||||
|
||||
#define ERRINFO_LOGOFF_BY_USER_STRING \
|
||||
"The disconnection was initiated by the user logging off their session on the server."
|
||||
"The disconnection was initiated by the user logging off their session on the server."
|
||||
|
||||
/* Protocol-independent codes generated by the Connection Broker */
|
||||
|
||||
#define ERRINFO_CB_DESTINATION_NOT_FOUND_STRING \
|
||||
"The target endpoint could not be found."
|
||||
"The target endpoint could not be found."
|
||||
|
||||
#define ERRINFO_CB_LOADING_DESTINATION_STRING \
|
||||
"The target endpoint to which the client is being redirected is disconnecting from the Connection Broker."
|
||||
"The target endpoint to which the client is being redirected is disconnecting from the Connection Broker."
|
||||
|
||||
#define ERRINFO_CB_REDIRECTING_TO_DESTINATION_STRING \
|
||||
"An error occurred while the connection was being redirected to the target endpoint."
|
||||
"An error occurred while the connection was being redirected to the target endpoint."
|
||||
|
||||
#define ERRINFO_CB_SESSION_ONLINE_VM_WAKE_STRING \
|
||||
"An error occurred while the target endpoint (a virtual machine) was being awakened."
|
||||
"An error occurred while the target endpoint (a virtual machine) was being awakened."
|
||||
|
||||
#define ERRINFO_CB_SESSION_ONLINE_VM_BOOT_STRING \
|
||||
"An error occurred while the target endpoint (a virtual machine) was being started."
|
||||
"An error occurred while the target endpoint (a virtual machine) was being started."
|
||||
|
||||
#define ERRINFO_CB_SESSION_ONLINE_VM_NO_DNS_STRING \
|
||||
"The IP address of the target endpoint (a virtual machine) cannot be determined."
|
||||
"The IP address of the target endpoint (a virtual machine) cannot be determined."
|
||||
|
||||
#define ERRINFO_CB_DESTINATION_POOL_NOT_FREE_STRING \
|
||||
"There are no available endpoints in the pool managed by the Connection Broker."
|
||||
"There are no available endpoints in the pool managed by the Connection Broker."
|
||||
|
||||
#define ERRINFO_CB_CONNECTION_CANCELLED_STRING \
|
||||
"Processing of the connection has been cancelled."
|
||||
"Processing of the connection has been cancelled."
|
||||
|
||||
#define ERRINFO_CB_CONNECTION_ERROR_INVALID_SETTINGS_STRING \
|
||||
"The settings contained in the routingToken field of the X.224 Connection Request PDU (section 2.2.1.1) cannot be validated."
|
||||
"The settings contained in the routingToken field of the X.224 Connection Request PDU (section 2.2.1.1) cannot be validated."
|
||||
|
||||
#define ERRINFO_CB_SESSION_ONLINE_VM_BOOT_TIMEOUT_STRING \
|
||||
"A time-out occurred while the target endpoint (a virtual machine) was being started."
|
||||
"A time-out occurred while the target endpoint (a virtual machine) was being started."
|
||||
|
||||
#define ERRINFO_CB_SESSION_ONLINE_VM_SESSMON_FAILED_STRING \
|
||||
"A session monitoring error occurred while the target endpoint (a virtual machine) was being started."
|
||||
"A session monitoring error occurred while the target endpoint (a virtual machine) was being started."
|
||||
|
||||
/* Protocol-independent licensing codes */
|
||||
|
||||
#define ERRINFO_LICENSE_INTERNAL_STRING \
|
||||
"An internal error has occurred in the Terminal Services licensing component."
|
||||
"An internal error has occurred in the Terminal Services licensing component."
|
||||
|
||||
#define ERRINFO_LICENSE_NO_LICENSE_SERVER_STRING \
|
||||
"A Remote Desktop License Server ([MS-RDPELE] section 1.1) could not be found to provide a license."
|
||||
"A Remote Desktop License Server ([MS-RDPELE] section 1.1) could not be found to provide a license."
|
||||
|
||||
#define ERRINFO_LICENSE_NO_LICENSE_STRING \
|
||||
"There are no Client Access Licenses ([MS-RDPELE] section 1.1) available for the target remote computer."
|
||||
"There are no Client Access Licenses ([MS-RDPELE] section 1.1) available for the target remote computer."
|
||||
|
||||
#define ERRINFO_LICENSE_BAD_CLIENT_MSG_STRING \
|
||||
"The remote computer received an invalid licensing message from the client."
|
||||
"The remote computer received an invalid licensing message from the client."
|
||||
|
||||
#define ERRINFO_LICENSE_HWID_DOESNT_MATCH_LICENSE_STRING \
|
||||
"The Client Access License ([MS-RDPELE] section 1.1) stored by the client has been modified."
|
||||
"The Client Access License ([MS-RDPELE] section 1.1) stored by the client has been modified."
|
||||
|
||||
#define ERRINFO_LICENSE_BAD_CLIENT_LICENSE_STRING \
|
||||
"The Client Access License ([MS-RDPELE] section 1.1) stored by the client is in an invalid format."
|
||||
"The Client Access License ([MS-RDPELE] section 1.1) stored by the client is in an invalid format."
|
||||
|
||||
#define ERRINFO_LICENSE_CANT_FINISH_PROTOCOL_STRING \
|
||||
"Network problems have caused the licensing protocol ([MS-RDPELE] section 1.3.3) to be terminated."
|
||||
"Network problems have caused the licensing protocol ([MS-RDPELE] section 1.3.3) to be terminated."
|
||||
|
||||
#define ERRINFO_LICENSE_CLIENT_ENDED_PROTOCOL_STRING \
|
||||
"The client prematurely ended the licensing protocol ([MS-RDPELE] section 1.3.3)."
|
||||
"The client prematurely ended the licensing protocol ([MS-RDPELE] section 1.3.3)."
|
||||
|
||||
#define ERRINFO_LICENSE_BAD_CLIENT_ENCRYPTION_STRING \
|
||||
"A licensing message ([MS-RDPELE] sections 2.2 and 5.1) was incorrectly encrypted."
|
||||
"A licensing message ([MS-RDPELE] sections 2.2 and 5.1) was incorrectly encrypted."
|
||||
|
||||
#define ERRINFO_LICENSE_CANT_UPGRADE_LICENSE_STRING \
|
||||
"The Client Access License ([MS-RDPELE] section 1.1) stored by the client could not be upgraded or renewed."
|
||||
"The Client Access License ([MS-RDPELE] section 1.1) stored by the client could not be upgraded or renewed."
|
||||
|
||||
#define ERRINFO_LICENSE_NO_REMOTE_CONNECTIONS_STRING \
|
||||
"The remote computer is not licensed to accept remote connections."
|
||||
"The remote computer is not licensed to accept remote connections."
|
||||
|
||||
/* RDP specific codes */
|
||||
|
||||
#define ERRINFO_UNKNOWN_DATA_PDU_TYPE_STRING \
|
||||
"Unknown pduType2 field in a received Share Data Header (section 2.2.8.1.1.1.2)."
|
||||
"Unknown pduType2 field in a received Share Data Header (section 2.2.8.1.1.1.2)."
|
||||
|
||||
#define ERRINFO_UNKNOWN_PDU_TYPE_STRING \
|
||||
"Unknown pduType field in a received Share Control Header (section 2.2.8.1.1.1.1)."
|
||||
"Unknown pduType field in a received Share Control Header (section 2.2.8.1.1.1.1)."
|
||||
|
||||
#define ERRINFO_DATA_PDU_SEQUENCE_STRING \
|
||||
"An out-of-sequence Slow-Path Data PDU (section 2.2.8.1.1.1.1) has been received."
|
||||
"An out-of-sequence Slow-Path Data PDU (section 2.2.8.1.1.1.1) has been received."
|
||||
|
||||
#define ERRINFO_CONTROL_PDU_SEQUENCE_STRING \
|
||||
"An out-of-sequence Slow-Path Non-Data PDU (section 2.2.8.1.1.1.1) has been received."
|
||||
"An out-of-sequence Slow-Path Non-Data PDU (section 2.2.8.1.1.1.1) has been received."
|
||||
|
||||
#define ERRINFO_INVALID_CONTROL_PDU_ACTION_STRING \
|
||||
"A Control PDU (sections 2.2.1.15 and 2.2.1.16) has been received with an invalid action field."
|
||||
"A Control PDU (sections 2.2.1.15 and 2.2.1.16) has been received with an invalid action field."
|
||||
|
||||
#define ERRINFO_INVALID_INPUT_PDU_TYPE_STRING \
|
||||
"(a) A Slow-Path Input Event (section 2.2.8.1.1.3.1.1) has been received with an invalid messageType field.\n" \
|
||||
"(b) A Fast-Path Input Event (section 2.2.8.1.2.2) has been received with an invalid eventCode field."
|
||||
"(a) A Slow-Path Input Event (section 2.2.8.1.1.3.1.1) has been received with an invalid messageType field.\n" \
|
||||
"(b) A Fast-Path Input Event (section 2.2.8.1.2.2) has been received with an invalid eventCode field."
|
||||
|
||||
#define ERRINFO_INVALID_INPUT_PDU_MOUSE_STRING \
|
||||
"(a) A Slow-Path Mouse Event (section 2.2.8.1.1.3.1.1.3) or Extended Mouse Event " \
|
||||
"(section 2.2.8.1.1.3.1.1.4) has been received with an invalid pointerFlags field.\n" \
|
||||
"(b) A Fast-Path Mouse Event (section 2.2.8.1.2.2.3) or Fast-Path Extended Mouse Event " \
|
||||
"(section 2.2.8.1.2.2.4) has been received with an invalid pointerFlags field."
|
||||
"(a) A Slow-Path Mouse Event (section 2.2.8.1.1.3.1.1.3) or Extended Mouse Event " \
|
||||
"(section 2.2.8.1.1.3.1.1.4) has been received with an invalid pointerFlags field.\n" \
|
||||
"(b) A Fast-Path Mouse Event (section 2.2.8.1.2.2.3) or Fast-Path Extended Mouse Event " \
|
||||
"(section 2.2.8.1.2.2.4) has been received with an invalid pointerFlags field."
|
||||
|
||||
#define ERRINFO_INVALID_REFRESH_RECT_PDU_STRING \
|
||||
"An invalid Refresh Rect PDU (section 2.2.11.2) has been received."
|
||||
"An invalid Refresh Rect PDU (section 2.2.11.2) has been received."
|
||||
|
||||
#define ERRINFO_CREATE_USER_DATA_FAILED_STRING \
|
||||
"The server failed to construct the GCC Conference Create Response user data (section 2.2.1.4)."
|
||||
"The server failed to construct the GCC Conference Create Response user data (section 2.2.1.4)."
|
||||
|
||||
#define ERRINFO_CONNECT_FAILED_STRING \
|
||||
"Processing during the Channel Connection phase of the RDP Connection Sequence " \
|
||||
"(see section 1.3.1.1 for an overview of the RDP Connection Sequence phases) has failed."
|
||||
"Processing during the Channel Connection phase of the RDP Connection Sequence " \
|
||||
"(see section 1.3.1.1 for an overview of the RDP Connection Sequence phases) has failed."
|
||||
|
||||
#define ERRINFO_CONFIRM_ACTIVE_HAS_WRONG_SHAREID_STRING \
|
||||
"A Confirm Active PDU (section 2.2.1.13.2) was received from the client with an invalid shareId field."
|
||||
"A Confirm Active PDU (section 2.2.1.13.2) was received from the client with an invalid shareId field."
|
||||
|
||||
#define ERRINFO_CONFIRM_ACTIVE_HAS_WRONG_ORIGINATOR_STRING \
|
||||
"A Confirm Active PDU (section 2.2.1.13.2) was received from the client with an invalid originatorId field."
|
||||
"A Confirm Active PDU (section 2.2.1.13.2) was received from the client with an invalid originatorId field."
|
||||
|
||||
#define ERRINFO_PERSISTENT_KEY_PDU_BAD_LENGTH_STRING \
|
||||
"There is not enough data to process a Persistent Key List PDU (section 2.2.1.17)."
|
||||
"There is not enough data to process a Persistent Key List PDU (section 2.2.1.17)."
|
||||
|
||||
#define ERRINFO_PERSISTENT_KEY_PDU_ILLEGAL_FIRST_STRING \
|
||||
"A Persistent Key List PDU (section 2.2.1.17) marked as PERSIST_PDU_FIRST (0x01) was received after the reception " \
|
||||
"of a prior Persistent Key List PDU also marked as PERSIST_PDU_FIRST."
|
||||
"A Persistent Key List PDU (section 2.2.1.17) marked as PERSIST_PDU_FIRST (0x01) was received after the reception " \
|
||||
"of a prior Persistent Key List PDU also marked as PERSIST_PDU_FIRST."
|
||||
|
||||
#define ERRINFO_PERSISTENT_KEY_PDU_TOO_MANY_TOTAL_KEYS_STRING \
|
||||
"A Persistent Key List PDU (section 2.2.1.17) was received which specified a total number of bitmap cache entries larger than 262144."
|
||||
"A Persistent Key List PDU (section 2.2.1.17) was received which specified a total number of bitmap cache entries larger than 262144."
|
||||
|
||||
#define ERRINFO_PERSISTENT_KEY_PDU_TOO_MANY_CACHE_KEYS_STRING \
|
||||
"A Persistent Key List PDU (section 2.2.1.17) was received which specified an invalid total number of keys for a bitmap cache " \
|
||||
"(the number of entries that can be stored within each bitmap cache is specified in the Revision 1 or 2 Bitmap Cache Capability Set " \
|
||||
"(section 2.2.7.1.4) that is sent from client to server)."
|
||||
"A Persistent Key List PDU (section 2.2.1.17) was received which specified an invalid total number of keys for a bitmap cache " \
|
||||
"(the number of entries that can be stored within each bitmap cache is specified in the Revision 1 or 2 Bitmap Cache Capability Set " \
|
||||
"(section 2.2.7.1.4) that is sent from client to server)."
|
||||
|
||||
#define ERRINFO_INPUT_PDU_BAD_LENGTH_STRING \
|
||||
"There is not enough data to process Input Event PDU Data (section 2.2.8.1.1.3.1) or a Fast-Path Input Event PDU (section 2.2.8.1.2)." \
|
||||
"There is not enough data to process Input Event PDU Data (section 2.2.8.1.1.3.1) or a Fast-Path Input Event PDU (section 2.2.8.1.2)." \
|
||||
|
||||
#define ERRINFO_BITMAP_CACHE_ERROR_PDU_BAD_LENGTH_STRING \
|
||||
"There is not enough data to process the shareDataHeader, NumInfoBlocks, " \
|
||||
"Pad1, and Pad2 fields of the Bitmap Cache Error PDU Data ([MS-RDPEGDI] section 2.2.2.3.1.1)."
|
||||
"There is not enough data to process the shareDataHeader, NumInfoBlocks, " \
|
||||
"Pad1, and Pad2 fields of the Bitmap Cache Error PDU Data ([MS-RDPEGDI] section 2.2.2.3.1.1)."
|
||||
|
||||
#define ERRINFO_SECURITY_DATA_TOO_SHORT_STRING \
|
||||
"(a) The dataSignature field of the Fast-Path Input Event PDU (section 2.2.8.1.2) does not contain enough data.\n" \
|
||||
"(b) The fipsInformation and dataSignature fields of the Fast-Path Input Event PDU (section 2.2.8.1.2) do not contain enough data."
|
||||
"(a) The dataSignature field of the Fast-Path Input Event PDU (section 2.2.8.1.2) does not contain enough data.\n" \
|
||||
"(b) The fipsInformation and dataSignature fields of the Fast-Path Input Event PDU (section 2.2.8.1.2) do not contain enough data."
|
||||
|
||||
#define ERRINFO_VCHANNEL_DATA_TOO_SHORT_STRING \
|
||||
"(a) There is not enough data in the Client Network Data (section 2.2.1.3.4) to read the virtual channel configuration data.\n" \
|
||||
"(b) There is not enough data to read a complete Channel PDU Header (section 2.2.6.1.1)."
|
||||
"(a) There is not enough data in the Client Network Data (section 2.2.1.3.4) to read the virtual channel configuration data.\n" \
|
||||
"(b) There is not enough data to read a complete Channel PDU Header (section 2.2.6.1.1)."
|
||||
|
||||
#define ERRINFO_SHARE_DATA_TOO_SHORT_STRING \
|
||||
"(a) There is not enough data to process Control PDU Data (section 2.2.1.15.1).\n" \
|
||||
"(b) There is not enough data to read a complete Share Control Header (section 2.2.8.1.1.1.1).\n" \
|
||||
"(c) There is not enough data to read a complete Share Data Header (section 2.2.8.1.1.1.2) of a Slow-Path Data PDU (section 2.2.8.1.1.1.1).\n" \
|
||||
"(d) There is not enough data to process Font List PDU Data (section 2.2.1.18.1)."
|
||||
"(a) There is not enough data to process Control PDU Data (section 2.2.1.15.1).\n" \
|
||||
"(b) There is not enough data to read a complete Share Control Header (section 2.2.8.1.1.1.1).\n" \
|
||||
"(c) There is not enough data to read a complete Share Data Header (section 2.2.8.1.1.1.2) of a Slow-Path Data PDU (section 2.2.8.1.1.1.1).\n" \
|
||||
"(d) There is not enough data to process Font List PDU Data (section 2.2.1.18.1)."
|
||||
|
||||
#define ERRINFO_BAD_SUPPRESS_OUTPUT_PDU_STRING \
|
||||
"(a) There is not enough data to process Suppress Output PDU Data (section 2.2.11.3.1).\n" \
|
||||
"(b) The allowDisplayUpdates field of the Suppress Output PDU Data (section 2.2.11.3.1) is invalid."
|
||||
"(a) There is not enough data to process Suppress Output PDU Data (section 2.2.11.3.1).\n" \
|
||||
"(b) The allowDisplayUpdates field of the Suppress Output PDU Data (section 2.2.11.3.1) is invalid."
|
||||
|
||||
#define ERRINFO_CONFIRM_ACTIVE_PDU_TOO_SHORT_STRING \
|
||||
"(a) There is not enough data to read the shareControlHeader, shareId, originatorId, lengthSourceDescriptor, " \
|
||||
"and lengthCombinedCapabilities fields of the Confirm Active PDU Data (section 2.2.1.13.2.1).\n" \
|
||||
"(b) There is not enough data to read the sourceDescriptor, numberCapabilities, pad2Octets, and capabilitySets " \
|
||||
"fields of the Confirm Active PDU Data (section 2.2.1.13.2.1)."
|
||||
"(a) There is not enough data to read the shareControlHeader, shareId, originatorId, lengthSourceDescriptor, " \
|
||||
"and lengthCombinedCapabilities fields of the Confirm Active PDU Data (section 2.2.1.13.2.1).\n" \
|
||||
"(b) There is not enough data to read the sourceDescriptor, numberCapabilities, pad2Octets, and capabilitySets " \
|
||||
"fields of the Confirm Active PDU Data (section 2.2.1.13.2.1)."
|
||||
|
||||
#define ERRINFO_CAPABILITY_SET_TOO_SMALL_STRING \
|
||||
"There is not enough data to read the capabilitySetType and the lengthCapability fields in a received Capability Set (section 2.2.1.13.1.1.1)."
|
||||
"There is not enough data to read the capabilitySetType and the lengthCapability fields in a received Capability Set (section 2.2.1.13.1.1.1)."
|
||||
|
||||
#define ERRINFO_CAPABILITY_SET_TOO_LARGE_STRING \
|
||||
"A Capability Set (section 2.2.1.13.1.1.1) has been received with a lengthCapability " \
|
||||
"field that contains a value greater than the total length of the data received."
|
||||
"A Capability Set (section 2.2.1.13.1.1.1) has been received with a lengthCapability " \
|
||||
"field that contains a value greater than the total length of the data received."
|
||||
|
||||
#define ERRINFO_NO_CURSOR_CACHE_STRING \
|
||||
"(a) Both the colorPointerCacheSize and pointerCacheSize fields in the Pointer Capability Set (section 2.2.7.1.5) are set to zero.\n" \
|
||||
"(b) The pointerCacheSize field in the Pointer Capability Set (section 2.2.7.1.5) is not present, and the colorPointerCacheSize field is set to zero."
|
||||
"(a) Both the colorPointerCacheSize and pointerCacheSize fields in the Pointer Capability Set (section 2.2.7.1.5) are set to zero.\n" \
|
||||
"(b) The pointerCacheSize field in the Pointer Capability Set (section 2.2.7.1.5) is not present, and the colorPointerCacheSize field is set to zero."
|
||||
|
||||
#define ERRINFO_BAD_CAPABILITIES_STRING \
|
||||
"The capabilities received from the client in the Confirm Active PDU (section 2.2.1.13.2) were not accepted by the server."
|
||||
"The capabilities received from the client in the Confirm Active PDU (section 2.2.1.13.2) were not accepted by the server."
|
||||
|
||||
#define ERRINFO_VIRTUAL_CHANNEL_DECOMPRESSION_STRING \
|
||||
"An error occurred while using the bulk compressor (section 3.1.8 and [MS-RDPEGDI] section 3.1.8) to decompress a Virtual Channel PDU (section 2.2.6.1)"
|
||||
"An error occurred while using the bulk compressor (section 3.1.8 and [MS-RDPEGDI] section 3.1.8) to decompress a Virtual Channel PDU (section 2.2.6.1)"
|
||||
|
||||
#define ERRINFO_INVALID_VC_COMPRESSION_TYPE_STRING \
|
||||
"An invalid bulk compression package was specified in the flags field of the Channel PDU Header (section 2.2.6.1.1)."
|
||||
"An invalid bulk compression package was specified in the flags field of the Channel PDU Header (section 2.2.6.1.1)."
|
||||
|
||||
#define ERRINFO_INVALID_CHANNEL_ID_STRING \
|
||||
"An invalid MCS channel ID was specified in the mcsPdu field of the Virtual Channel PDU (section 2.2.6.1)."
|
||||
"An invalid MCS channel ID was specified in the mcsPdu field of the Virtual Channel PDU (section 2.2.6.1)."
|
||||
|
||||
#define ERRINFO_VCHANNELS_TOO_MANY_STRING \
|
||||
"The client requested more than the maximum allowed 31 static virtual channels in the Client Network Data (section 2.2.1.3.4)."
|
||||
"The client requested more than the maximum allowed 31 static virtual channels in the Client Network Data (section 2.2.1.3.4)."
|
||||
|
||||
#define ERRINFO_REMOTEAPP_NOT_ENABLED_STRING \
|
||||
"The INFO_RAIL flag (0x00008000) MUST be set in the flags field of the Info Packet (section 2.2.1.11.1.1) " \
|
||||
"as the session on the remote server can only host remote applications."
|
||||
"The INFO_RAIL flag (0x00008000) MUST be set in the flags field of the Info Packet (section 2.2.1.11.1.1) " \
|
||||
"as the session on the remote server can only host remote applications."
|
||||
|
||||
#define ERRINFO_CACHE_CAP_NOT_SET_STRING \
|
||||
"The client sent a Persistent Key List PDU (section 2.2.1.17) without including the prerequisite Revision 2 Bitmap Cache " \
|
||||
"Capability Set (section 2.2.7.1.4.2) in the Confirm Active PDU (section 2.2.1.13.2)."
|
||||
"The client sent a Persistent Key List PDU (section 2.2.1.17) without including the prerequisite Revision 2 Bitmap Cache " \
|
||||
"Capability Set (section 2.2.7.1.4.2) in the Confirm Active PDU (section 2.2.1.13.2)."
|
||||
|
||||
#define ERRINFO_BITMAP_CACHE_ERROR_PDU_BAD_LENGTH2_STRING \
|
||||
"The NumInfoBlocks field in the Bitmap Cache Error PDU Data is inconsistent with the amount of data in the " \
|
||||
"Info field ([MS-RDPEGDI] section 2.2.2.3.1.1)."
|
||||
"The NumInfoBlocks field in the Bitmap Cache Error PDU Data is inconsistent with the amount of data in the " \
|
||||
"Info field ([MS-RDPEGDI] section 2.2.2.3.1.1)."
|
||||
|
||||
#define ERRINFO_OFFSCREEN_CACHE_ERROR_PDU_BAD_LENGTH_STRING \
|
||||
"There is not enough data to process an Offscreen Bitmap Cache Error PDU ([MS-RDPEGDI] section 2.2.2.3.2)."
|
||||
"There is not enough data to process an Offscreen Bitmap Cache Error PDU ([MS-RDPEGDI] section 2.2.2.3.2)."
|
||||
|
||||
#define ERRINFO_DRAWNINEGRID_CACHE_ERROR_PDU_BAD_LENGTH_STRING \
|
||||
"There is not enough data to process a DrawNineGrid Cache Error PDU ([MS-RDPEGDI] section 2.2.2.3.3)."
|
||||
"There is not enough data to process a DrawNineGrid Cache Error PDU ([MS-RDPEGDI] section 2.2.2.3.3)."
|
||||
|
||||
#define ERRINFO_GDIPLUS_PDU_BAD_LENGTH_STRING \
|
||||
"There is not enough data to process a GDI+ Error PDU ([MS-RDPEGDI] section 2.2.2.3.4)."
|
||||
"There is not enough data to process a GDI+ Error PDU ([MS-RDPEGDI] section 2.2.2.3.4)."
|
||||
|
||||
#define ERRINFO_SECURITY_DATA_TOO_SHORT2_STRING \
|
||||
"There is not enough data to read a Basic Security Header (section 2.2.8.1.1.2.1)."
|
||||
"There is not enough data to read a Basic Security Header (section 2.2.8.1.1.2.1)."
|
||||
|
||||
#define ERRINFO_SECURITY_DATA_TOO_SHORT3_STRING \
|
||||
"There is not enough data to read a Non-FIPS Security Header (section 2.2.8.1.1.2.2) or FIPS Security Header (section 2.2.8.1.1.2.3)."
|
||||
"There is not enough data to read a Non-FIPS Security Header (section 2.2.8.1.1.2.2) or FIPS Security Header (section 2.2.8.1.1.2.3)."
|
||||
|
||||
#define ERRINFO_SECURITY_DATA_TOO_SHORT4_STRING \
|
||||
"There is not enough data to read the basicSecurityHeader and length fields of the Security Exchange PDU Data (section 2.2.1.10.1)."
|
||||
"There is not enough data to read the basicSecurityHeader and length fields of the Security Exchange PDU Data (section 2.2.1.10.1)."
|
||||
|
||||
#define ERRINFO_SECURITY_DATA_TOO_SHORT5_STRING \
|
||||
"There is not enough data to read the CodePage, flags, cbDomain, cbUserName, cbPassword, cbAlternateShell, " \
|
||||
"cbWorkingDir, Domain, UserName, Password, AlternateShell, and WorkingDir fields in the Info Packet (section 2.2.1.11.1.1)."
|
||||
"There is not enough data to read the CodePage, flags, cbDomain, cbUserName, cbPassword, cbAlternateShell, " \
|
||||
"cbWorkingDir, Domain, UserName, Password, AlternateShell, and WorkingDir fields in the Info Packet (section 2.2.1.11.1.1)."
|
||||
|
||||
#define ERRINFO_SECURITY_DATA_TOO_SHORT6_STRING \
|
||||
"There is not enough data to read the CodePage, flags, cbDomain, cbUserName, cbPassword, cbAlternateShell, " \
|
||||
"and cbWorkingDir fields in the Info Packet (section 2.2.1.11.1.1)."
|
||||
"There is not enough data to read the CodePage, flags, cbDomain, cbUserName, cbPassword, cbAlternateShell, " \
|
||||
"and cbWorkingDir fields in the Info Packet (section 2.2.1.11.1.1)."
|
||||
|
||||
#define ERRINFO_SECURITY_DATA_TOO_SHORT7_STRING \
|
||||
"There is not enough data to read the clientAddressFamily and cbClientAddress fields in the Extended Info Packet (section 2.2.1.11.1.1.1)."
|
||||
"There is not enough data to read the clientAddressFamily and cbClientAddress fields in the Extended Info Packet (section 2.2.1.11.1.1.1)."
|
||||
|
||||
#define ERRINFO_SECURITY_DATA_TOO_SHORT8_STRING \
|
||||
"There is not enough data to read the clientAddress field in the Extended Info Packet (section 2.2.1.11.1.1.1)."
|
||||
"There is not enough data to read the clientAddress field in the Extended Info Packet (section 2.2.1.11.1.1.1)."
|
||||
|
||||
#define ERRINFO_SECURITY_DATA_TOO_SHORT9_STRING \
|
||||
"There is not enough data to read the cbClientDir field in the Extended Info Packet (section 2.2.1.11.1.1.1)."
|
||||
"There is not enough data to read the cbClientDir field in the Extended Info Packet (section 2.2.1.11.1.1.1)."
|
||||
|
||||
#define ERRINFO_SECURITY_DATA_TOO_SHORT10_STRING \
|
||||
"There is not enough data to read the clientDir field in the Extended Info Packet (section 2.2.1.11.1.1.1)."
|
||||
"There is not enough data to read the clientDir field in the Extended Info Packet (section 2.2.1.11.1.1.1)."
|
||||
|
||||
#define ERRINFO_SECURITY_DATA_TOO_SHORT11_STRING \
|
||||
"There is not enough data to read the clientTimeZone field in the Extended Info Packet (section 2.2.1.11.1.1.1)."
|
||||
"There is not enough data to read the clientTimeZone field in the Extended Info Packet (section 2.2.1.11.1.1.1)."
|
||||
|
||||
#define ERRINFO_SECURITY_DATA_TOO_SHORT12_STRING \
|
||||
"There is not enough data to read the clientSessionId field in the Extended Info Packet (section 2.2.1.11.1.1.1)."
|
||||
"There is not enough data to read the clientSessionId field in the Extended Info Packet (section 2.2.1.11.1.1.1)."
|
||||
|
||||
#define ERRINFO_SECURITY_DATA_TOO_SHORT13_STRING \
|
||||
"There is not enough data to read the performanceFlags field in the Extended Info Packet (section 2.2.1.11.1.1.1)."
|
||||
"There is not enough data to read the performanceFlags field in the Extended Info Packet (section 2.2.1.11.1.1.1)."
|
||||
|
||||
#define ERRINFO_SECURITY_DATA_TOO_SHORT14_STRING \
|
||||
"There is not enough data to read the cbAutoReconnectLen field in the Extended Info Packet (section 2.2.1.11.1.1.1)."
|
||||
"There is not enough data to read the cbAutoReconnectLen field in the Extended Info Packet (section 2.2.1.11.1.1.1)."
|
||||
|
||||
#define ERRINFO_SECURITY_DATA_TOO_SHORT15_STRING \
|
||||
"There is not enough data to read the autoReconnectCookie field in the Extended Info Packet (section 2.2.1.11.1.1.1)."
|
||||
"There is not enough data to read the autoReconnectCookie field in the Extended Info Packet (section 2.2.1.11.1.1.1)."
|
||||
|
||||
#define ERRINFO_SECURITY_DATA_TOO_SHORT16_STRING \
|
||||
"The cbAutoReconnectLen field in the Extended Info Packet (section 2.2.1.11.1.1.1) contains a value " \
|
||||
"which is larger than the maximum allowed length of 128 bytes."
|
||||
"The cbAutoReconnectLen field in the Extended Info Packet (section 2.2.1.11.1.1.1) contains a value " \
|
||||
"which is larger than the maximum allowed length of 128 bytes."
|
||||
|
||||
#define ERRINFO_SECURITY_DATA_TOO_SHORT17_STRING \
|
||||
"There is not enough data to read the clientAddressFamily and cbClientAddress fields in the Extended Info Packet (section 2.2.1.11.1.1.1)."
|
||||
"There is not enough data to read the clientAddressFamily and cbClientAddress fields in the Extended Info Packet (section 2.2.1.11.1.1.1)."
|
||||
|
||||
#define ERRINFO_SECURITY_DATA_TOO_SHORT18_STRING \
|
||||
"There is not enough data to read the clientAddress field in the Extended Info Packet (section 2.2.1.11.1.1.1)."
|
||||
"There is not enough data to read the clientAddress field in the Extended Info Packet (section 2.2.1.11.1.1.1)."
|
||||
|
||||
#define ERRINFO_SECURITY_DATA_TOO_SHORT19_STRING \
|
||||
"There is not enough data to read the cbClientDir field in the Extended Info Packet (section 2.2.1.11.1.1.1)."
|
||||
"There is not enough data to read the cbClientDir field in the Extended Info Packet (section 2.2.1.11.1.1.1)."
|
||||
|
||||
#define ERRINFO_SECURITY_DATA_TOO_SHORT20_STRING \
|
||||
"There is not enough data to read the clientDir field in the Extended Info Packet (section 2.2.1.11.1.1.1)."
|
||||
"There is not enough data to read the clientDir field in the Extended Info Packet (section 2.2.1.11.1.1.1)."
|
||||
|
||||
#define ERRINFO_SECURITY_DATA_TOO_SHORT21_STRING \
|
||||
"There is not enough data to read the clientTimeZone field in the Extended Info Packet (section 2.2.1.11.1.1.1)."
|
||||
"There is not enough data to read the clientTimeZone field in the Extended Info Packet (section 2.2.1.11.1.1.1)."
|
||||
|
||||
#define ERRINFO_SECURITY_DATA_TOO_SHORT22_STRING \
|
||||
"There is not enough data to read the clientSessionId field in the Extended Info Packet (section 2.2.1.11.1.1.1)."
|
||||
"There is not enough data to read the clientSessionId field in the Extended Info Packet (section 2.2.1.11.1.1.1)."
|
||||
|
||||
#define ERRINFO_SECURITY_DATA_TOO_SHORT23_STRING \
|
||||
"There is not enough data to read the Client Info PDU Data (section 2.2.1.11.1)."
|
||||
"There is not enough data to read the Client Info PDU Data (section 2.2.1.11.1)."
|
||||
|
||||
#define ERRINFO_BAD_MONITOR_DATA_STRING \
|
||||
"The monitorCount field in the Client Monitor Data (section 2.2.1.3.6) is invalid."
|
||||
"The monitorCount field in the Client Monitor Data (section 2.2.1.3.6) is invalid."
|
||||
|
||||
#define ERRINFO_VC_DECOMPRESSED_REASSEMBLE_FAILED_STRING \
|
||||
"The server-side decompression buffer is invalid, or the size of the decompressed VC data exceeds " \
|
||||
"the chunking size specified in the Virtual Channel Capability Set (section 2.2.7.1.10)."
|
||||
"The server-side decompression buffer is invalid, or the size of the decompressed VC data exceeds " \
|
||||
"the chunking size specified in the Virtual Channel Capability Set (section 2.2.7.1.10)."
|
||||
|
||||
#define ERRINFO_VC_DATA_TOO_LONG_STRING \
|
||||
"The size of a received Virtual Channel PDU (section 2.2.6.1) exceeds the chunking size specified " \
|
||||
"in the Virtual Channel Capability Set (section 2.2.7.1.10)."
|
||||
"The size of a received Virtual Channel PDU (section 2.2.6.1) exceeds the chunking size specified " \
|
||||
"in the Virtual Channel Capability Set (section 2.2.7.1.10)."
|
||||
|
||||
#define ERRINFO_BAD_FRAME_ACK_DATA_STRING \
|
||||
"There is not enough data to read a TS_FRAME_ACKNOWLEDGE_PDU ([MS-RDPRFX] section 2.2.3.1)."
|
||||
|
||||
#define ERRINFO_GRAPHICS_MODE_NOT_SUPPORTED_STRING \
|
||||
"The graphics mode requested by the client is not supported by the server."
|
||||
"The graphics mode requested by the client is not supported by the server."
|
||||
|
||||
#define ERRINFO_GRAPHICS_SUBSYSTEM_RESET_FAILED_STRING \
|
||||
"The server-side graphics subsystem failed to reset."
|
||||
"The server-side graphics subsystem failed to reset."
|
||||
|
||||
#define ERRINFO_GRAPHICS_SUBSYSTEM_FAILED_STRING \
|
||||
"The server-side graphics subsystem is in an error state and unable to continue graphics encoding."
|
||||
"The server-side graphics subsystem is in an error state and unable to continue graphics encoding."
|
||||
|
||||
#define ERRINFO_TIMEZONE_KEY_NAME_LENGTH_TOO_SHORT_STRING \
|
||||
"There is not enough data to read the cbDynamicDSTTimeZoneKeyName field in the Extended Info Packet (section 2.2.1.11.1.1.1)."
|
||||
"There is not enough data to read the cbDynamicDSTTimeZoneKeyName field in the Extended Info Packet (section 2.2.1.11.1.1.1)."
|
||||
|
||||
#define ERRINFO_TIMEZONE_KEY_NAME_LENGTH_TOO_LONG_STRING \
|
||||
"The length reported in the cbDynamicDSTTimeZoneKeyName field of the Extended Info Packet (section 2.2.1.11.1.1.1) is too long."
|
||||
"The length reported in the cbDynamicDSTTimeZoneKeyName field of the Extended Info Packet (section 2.2.1.11.1.1.1) is too long."
|
||||
|
||||
#define ERRINFO_DYNAMIC_DST_DISABLED_FIELD_MISSING_STRING \
|
||||
"The dynamicDaylightTimeDisabled field is not present in the Extended Info Packet (section 2.2.1.11.1.1.1)."
|
||||
"The dynamicDaylightTimeDisabled field is not present in the Extended Info Packet (section 2.2.1.11.1.1.1)."
|
||||
|
||||
#define ERRINFO_VC_DECODING_ERROR_STRING \
|
||||
"An error occurred when processing dynamic virtual channel data ([MS-RDPEDYC] section 3.3.5)."
|
||||
"An error occurred when processing dynamic virtual channel data ([MS-RDPEDYC] section 3.3.5)."
|
||||
|
||||
#define ERRINFO_VIRTUALDESKTOPTOOLARGE_STRING \
|
||||
"The width or height of the virtual desktop defined by the monitor layout in the Client Monitor Data " \
|
||||
"(section 2.2.1.3.6) is larger than the maximum allowed value of 32,766."
|
||||
|
||||
#define ERRINFO_MONITORGEOMETRYVALIDATIONFAILED_STRING \
|
||||
"The monitor geometry defined by the Client Monitor Data (section 2.2.1.3.6) is invalid."
|
||||
|
||||
#define ERRINFO_INVALIDMONITORCOUNT_STRING \
|
||||
"The monitorCount field in the Client Monitor Data(section 2.2.1.3.6) is too large."
|
||||
|
||||
#define ERRINFO_UPDATE_SESSION_KEY_FAILED_STRING \
|
||||
"An attempt to update the session keys while using Standard RDP Security mechanisms (section 5.3.7) failed."
|
||||
"An attempt to update the session keys while using Standard RDP Security mechanisms (section 5.3.7) failed."
|
||||
|
||||
#define ERRINFO_DECRYPT_FAILED_STRING \
|
||||
"(a) Decryption using Standard RDP Security mechanisms (section 5.3.6) failed.\n" \
|
||||
"(b) Session key creation using Standard RDP Security mechanisms (section 5.3.5) failed."
|
||||
"(a) Decryption using Standard RDP Security mechanisms (section 5.3.6) failed.\n" \
|
||||
"(b) Session key creation using Standard RDP Security mechanisms (section 5.3.5) failed."
|
||||
|
||||
#define ERRINFO_ENCRYPT_FAILED_STRING \
|
||||
"Encryption using Standard RDP Security mechanisms (section 5.3.6) failed."
|
||||
"Encryption using Standard RDP Security mechanisms (section 5.3.6) failed."
|
||||
|
||||
#define ERRINFO_ENCRYPTION_PACKAGE_MISMATCH_STRING \
|
||||
"Failed to find a usable Encryption Method (section 5.3.2) in the encryptionMethods field of the Client Security Data (section 2.2.1.4.3)."
|
||||
"Failed to find a usable Encryption Method (section 5.3.2) in the encryptionMethods field of the Client Security Data (section 2.2.1.4.3)."
|
||||
|
||||
#define ERRINFO_DECRYPT_FAILED2_STRING \
|
||||
"Unencrypted data was encountered in a protocol stream which is meant to be encrypted with Standard RDP Security mechanisms (section 5.3.6)."
|
||||
"Unencrypted data was encountered in a protocol stream which is meant to be encrypted with Standard RDP Security mechanisms (section 5.3.6)."
|
||||
|
||||
#define ERRINFO_PEER_DISCONNECTED_STRING \
|
||||
"The peer connection was lost."
|
||||
"The peer connection was lost."
|
||||
|
||||
/* Special codes */
|
||||
#define ERRINFO_SUCCESS_STRING "Success."
|
||||
@ -400,131 +413,134 @@ int connectErrorCode;
|
||||
|
||||
static const ERRINFO ERRINFO_CODES[] =
|
||||
{
|
||||
ERRINFO_DEFINE(SUCCESS),
|
||||
ERRINFO_DEFINE(SUCCESS),
|
||||
|
||||
/* Protocol-independent codes */
|
||||
ERRINFO_DEFINE(RPC_INITIATED_DISCONNECT),
|
||||
ERRINFO_DEFINE(RPC_INITIATED_LOGOFF),
|
||||
ERRINFO_DEFINE(IDLE_TIMEOUT),
|
||||
ERRINFO_DEFINE(LOGON_TIMEOUT),
|
||||
ERRINFO_DEFINE(DISCONNECTED_BY_OTHER_CONNECTION),
|
||||
ERRINFO_DEFINE(OUT_OF_MEMORY),
|
||||
ERRINFO_DEFINE(SERVER_DENIED_CONNECTION),
|
||||
ERRINFO_DEFINE(SERVER_INSUFFICIENT_PRIVILEGES),
|
||||
ERRINFO_DEFINE(SERVER_FRESH_CREDENTIALS_REQUIRED),
|
||||
ERRINFO_DEFINE(RPC_INITIATED_DISCONNECT_BY_USER),
|
||||
ERRINFO_DEFINE(LOGOFF_BY_USER),
|
||||
/* Protocol-independent codes */
|
||||
ERRINFO_DEFINE(RPC_INITIATED_DISCONNECT),
|
||||
ERRINFO_DEFINE(RPC_INITIATED_LOGOFF),
|
||||
ERRINFO_DEFINE(IDLE_TIMEOUT),
|
||||
ERRINFO_DEFINE(LOGON_TIMEOUT),
|
||||
ERRINFO_DEFINE(DISCONNECTED_BY_OTHER_CONNECTION),
|
||||
ERRINFO_DEFINE(OUT_OF_MEMORY),
|
||||
ERRINFO_DEFINE(SERVER_DENIED_CONNECTION),
|
||||
ERRINFO_DEFINE(SERVER_INSUFFICIENT_PRIVILEGES),
|
||||
ERRINFO_DEFINE(SERVER_FRESH_CREDENTIALS_REQUIRED),
|
||||
ERRINFO_DEFINE(RPC_INITIATED_DISCONNECT_BY_USER),
|
||||
ERRINFO_DEFINE(LOGOFF_BY_USER),
|
||||
|
||||
/* Protocol-independent codes generated by the Connection Broker */
|
||||
ERRINFO_DEFINE(CB_DESTINATION_NOT_FOUND),
|
||||
ERRINFO_DEFINE(CB_LOADING_DESTINATION),
|
||||
ERRINFO_DEFINE(CB_REDIRECTING_TO_DESTINATION),
|
||||
ERRINFO_DEFINE(CB_SESSION_ONLINE_VM_WAKE),
|
||||
ERRINFO_DEFINE(CB_SESSION_ONLINE_VM_BOOT),
|
||||
ERRINFO_DEFINE(CB_SESSION_ONLINE_VM_NO_DNS),
|
||||
ERRINFO_DEFINE(CB_DESTINATION_POOL_NOT_FREE),
|
||||
ERRINFO_DEFINE(CB_CONNECTION_CANCELLED),
|
||||
ERRINFO_DEFINE(CB_CONNECTION_ERROR_INVALID_SETTINGS),
|
||||
ERRINFO_DEFINE(CB_SESSION_ONLINE_VM_BOOT_TIMEOUT),
|
||||
ERRINFO_DEFINE(CB_SESSION_ONLINE_VM_SESSMON_FAILED),
|
||||
/* Protocol-independent licensing codes */
|
||||
ERRINFO_DEFINE(LICENSE_INTERNAL),
|
||||
ERRINFO_DEFINE(LICENSE_NO_LICENSE_SERVER),
|
||||
ERRINFO_DEFINE(LICENSE_NO_LICENSE),
|
||||
ERRINFO_DEFINE(LICENSE_BAD_CLIENT_MSG),
|
||||
ERRINFO_DEFINE(LICENSE_HWID_DOESNT_MATCH_LICENSE),
|
||||
ERRINFO_DEFINE(LICENSE_BAD_CLIENT_LICENSE),
|
||||
ERRINFO_DEFINE(LICENSE_CANT_FINISH_PROTOCOL),
|
||||
ERRINFO_DEFINE(LICENSE_CLIENT_ENDED_PROTOCOL),
|
||||
ERRINFO_DEFINE(LICENSE_BAD_CLIENT_ENCRYPTION),
|
||||
ERRINFO_DEFINE(LICENSE_CANT_UPGRADE_LICENSE),
|
||||
ERRINFO_DEFINE(LICENSE_NO_REMOTE_CONNECTIONS),
|
||||
|
||||
/* Protocol-independent licensing codes */
|
||||
ERRINFO_DEFINE(LICENSE_INTERNAL),
|
||||
ERRINFO_DEFINE(LICENSE_NO_LICENSE_SERVER),
|
||||
ERRINFO_DEFINE(LICENSE_NO_LICENSE),
|
||||
ERRINFO_DEFINE(LICENSE_BAD_CLIENT_MSG),
|
||||
ERRINFO_DEFINE(LICENSE_HWID_DOESNT_MATCH_LICENSE),
|
||||
ERRINFO_DEFINE(LICENSE_BAD_CLIENT_LICENSE),
|
||||
ERRINFO_DEFINE(LICENSE_CANT_FINISH_PROTOCOL),
|
||||
ERRINFO_DEFINE(LICENSE_CLIENT_ENDED_PROTOCOL),
|
||||
ERRINFO_DEFINE(LICENSE_BAD_CLIENT_ENCRYPTION),
|
||||
ERRINFO_DEFINE(LICENSE_CANT_UPGRADE_LICENSE),
|
||||
ERRINFO_DEFINE(LICENSE_NO_REMOTE_CONNECTIONS),
|
||||
/* Protocol-independent codes generated by the Connection Broker */
|
||||
ERRINFO_DEFINE(CB_DESTINATION_NOT_FOUND),
|
||||
ERRINFO_DEFINE(CB_LOADING_DESTINATION),
|
||||
ERRINFO_DEFINE(CB_REDIRECTING_TO_DESTINATION),
|
||||
ERRINFO_DEFINE(CB_SESSION_ONLINE_VM_WAKE),
|
||||
ERRINFO_DEFINE(CB_SESSION_ONLINE_VM_BOOT),
|
||||
ERRINFO_DEFINE(CB_SESSION_ONLINE_VM_NO_DNS),
|
||||
ERRINFO_DEFINE(CB_DESTINATION_POOL_NOT_FREE),
|
||||
ERRINFO_DEFINE(CB_CONNECTION_CANCELLED),
|
||||
ERRINFO_DEFINE(CB_CONNECTION_ERROR_INVALID_SETTINGS),
|
||||
ERRINFO_DEFINE(CB_SESSION_ONLINE_VM_BOOT_TIMEOUT),
|
||||
ERRINFO_DEFINE(CB_SESSION_ONLINE_VM_SESSMON_FAILED),
|
||||
|
||||
/* RDP specific codes */
|
||||
ERRINFO_DEFINE(UNKNOWN_DATA_PDU_TYPE),
|
||||
ERRINFO_DEFINE(UNKNOWN_PDU_TYPE),
|
||||
ERRINFO_DEFINE(DATA_PDU_SEQUENCE),
|
||||
ERRINFO_DEFINE(CONTROL_PDU_SEQUENCE),
|
||||
ERRINFO_DEFINE(INVALID_CONTROL_PDU_ACTION),
|
||||
ERRINFO_DEFINE(INVALID_INPUT_PDU_TYPE),
|
||||
ERRINFO_DEFINE(INVALID_INPUT_PDU_MOUSE),
|
||||
ERRINFO_DEFINE(INVALID_REFRESH_RECT_PDU),
|
||||
ERRINFO_DEFINE(CREATE_USER_DATA_FAILED),
|
||||
ERRINFO_DEFINE(CONNECT_FAILED),
|
||||
ERRINFO_DEFINE(CONFIRM_ACTIVE_HAS_WRONG_SHAREID),
|
||||
ERRINFO_DEFINE(CONFIRM_ACTIVE_HAS_WRONG_ORIGINATOR),
|
||||
ERRINFO_DEFINE(PERSISTENT_KEY_PDU_BAD_LENGTH),
|
||||
ERRINFO_DEFINE(PERSISTENT_KEY_PDU_ILLEGAL_FIRST),
|
||||
ERRINFO_DEFINE(PERSISTENT_KEY_PDU_TOO_MANY_TOTAL_KEYS),
|
||||
ERRINFO_DEFINE(PERSISTENT_KEY_PDU_TOO_MANY_CACHE_KEYS),
|
||||
ERRINFO_DEFINE(INPUT_PDU_BAD_LENGTH),
|
||||
ERRINFO_DEFINE(BITMAP_CACHE_ERROR_PDU_BAD_LENGTH),
|
||||
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT),
|
||||
ERRINFO_DEFINE(VCHANNEL_DATA_TOO_SHORT ),
|
||||
ERRINFO_DEFINE(SHARE_DATA_TOO_SHORT),
|
||||
ERRINFO_DEFINE(BAD_SUPPRESS_OUTPUT_PDU),
|
||||
ERRINFO_DEFINE(CONFIRM_ACTIVE_PDU_TOO_SHORT),
|
||||
ERRINFO_DEFINE(CAPABILITY_SET_TOO_SMALL),
|
||||
ERRINFO_DEFINE(CAPABILITY_SET_TOO_LARGE),
|
||||
ERRINFO_DEFINE(NO_CURSOR_CACHE),
|
||||
ERRINFO_DEFINE(BAD_CAPABILITIES),
|
||||
ERRINFO_DEFINE(VIRTUAL_CHANNEL_DECOMPRESSION),
|
||||
ERRINFO_DEFINE(INVALID_VC_COMPRESSION_TYPE),
|
||||
ERRINFO_DEFINE(INVALID_CHANNEL_ID),
|
||||
ERRINFO_DEFINE(VCHANNELS_TOO_MANY),
|
||||
ERRINFO_DEFINE(REMOTEAPP_NOT_ENABLED),
|
||||
ERRINFO_DEFINE(CACHE_CAP_NOT_SET),
|
||||
ERRINFO_DEFINE(BITMAP_CACHE_ERROR_PDU_BAD_LENGTH2),
|
||||
ERRINFO_DEFINE(OFFSCREEN_CACHE_ERROR_PDU_BAD_LENGTH),
|
||||
ERRINFO_DEFINE(DRAWNINEGRID_CACHE_ERROR_PDU_BAD_LENGTH),
|
||||
ERRINFO_DEFINE(GDIPLUS_PDU_BAD_LENGTH),
|
||||
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT2),
|
||||
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT3),
|
||||
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT4),
|
||||
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT5),
|
||||
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT6),
|
||||
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT7),
|
||||
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT8),
|
||||
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT9),
|
||||
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT10),
|
||||
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT11),
|
||||
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT12),
|
||||
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT13),
|
||||
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT14),
|
||||
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT15),
|
||||
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT16),
|
||||
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT17),
|
||||
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT18),
|
||||
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT19),
|
||||
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT20),
|
||||
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT21),
|
||||
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT22),
|
||||
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT23),
|
||||
ERRINFO_DEFINE(BAD_MONITOR_DATA),
|
||||
ERRINFO_DEFINE(VC_DECOMPRESSED_REASSEMBLE_FAILED),
|
||||
ERRINFO_DEFINE(VC_DATA_TOO_LONG),
|
||||
ERRINFO_DEFINE(GRAPHICS_MODE_NOT_SUPPORTED),
|
||||
ERRINFO_DEFINE(GRAPHICS_SUBSYSTEM_RESET_FAILED),
|
||||
ERRINFO_DEFINE(GRAPHICS_SUBSYSTEM_FAILED),
|
||||
ERRINFO_DEFINE(TIMEZONE_KEY_NAME_LENGTH_TOO_SHORT),
|
||||
ERRINFO_DEFINE(TIMEZONE_KEY_NAME_LENGTH_TOO_LONG),
|
||||
ERRINFO_DEFINE(DYNAMIC_DST_DISABLED_FIELD_MISSING),
|
||||
ERRINFO_DEFINE(VC_DECODING_ERROR),
|
||||
ERRINFO_DEFINE(UPDATE_SESSION_KEY_FAILED),
|
||||
ERRINFO_DEFINE(DECRYPT_FAILED),
|
||||
ERRINFO_DEFINE(ENCRYPT_FAILED),
|
||||
ERRINFO_DEFINE(ENCRYPTION_PACKAGE_MISMATCH),
|
||||
ERRINFO_DEFINE(DECRYPT_FAILED2),
|
||||
ERRINFO_DEFINE(PEER_DISCONNECTED),
|
||||
/* RDP specific codes */
|
||||
ERRINFO_DEFINE(UNKNOWN_DATA_PDU_TYPE),
|
||||
ERRINFO_DEFINE(UNKNOWN_PDU_TYPE),
|
||||
ERRINFO_DEFINE(DATA_PDU_SEQUENCE),
|
||||
ERRINFO_DEFINE(CONTROL_PDU_SEQUENCE),
|
||||
ERRINFO_DEFINE(INVALID_CONTROL_PDU_ACTION),
|
||||
ERRINFO_DEFINE(INVALID_INPUT_PDU_TYPE),
|
||||
ERRINFO_DEFINE(INVALID_INPUT_PDU_MOUSE),
|
||||
ERRINFO_DEFINE(INVALID_REFRESH_RECT_PDU),
|
||||
ERRINFO_DEFINE(CREATE_USER_DATA_FAILED),
|
||||
ERRINFO_DEFINE(CONNECT_FAILED),
|
||||
ERRINFO_DEFINE(CONFIRM_ACTIVE_HAS_WRONG_SHAREID),
|
||||
ERRINFO_DEFINE(CONFIRM_ACTIVE_HAS_WRONG_ORIGINATOR),
|
||||
ERRINFO_DEFINE(PERSISTENT_KEY_PDU_BAD_LENGTH),
|
||||
ERRINFO_DEFINE(PERSISTENT_KEY_PDU_ILLEGAL_FIRST),
|
||||
ERRINFO_DEFINE(PERSISTENT_KEY_PDU_TOO_MANY_TOTAL_KEYS),
|
||||
ERRINFO_DEFINE(PERSISTENT_KEY_PDU_TOO_MANY_CACHE_KEYS),
|
||||
ERRINFO_DEFINE(INPUT_PDU_BAD_LENGTH),
|
||||
ERRINFO_DEFINE(BITMAP_CACHE_ERROR_PDU_BAD_LENGTH),
|
||||
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT),
|
||||
ERRINFO_DEFINE(VCHANNEL_DATA_TOO_SHORT),
|
||||
ERRINFO_DEFINE(SHARE_DATA_TOO_SHORT),
|
||||
ERRINFO_DEFINE(BAD_SUPPRESS_OUTPUT_PDU),
|
||||
ERRINFO_DEFINE(CONFIRM_ACTIVE_PDU_TOO_SHORT),
|
||||
ERRINFO_DEFINE(CAPABILITY_SET_TOO_SMALL),
|
||||
ERRINFO_DEFINE(CAPABILITY_SET_TOO_LARGE),
|
||||
ERRINFO_DEFINE(NO_CURSOR_CACHE),
|
||||
ERRINFO_DEFINE(BAD_CAPABILITIES),
|
||||
ERRINFO_DEFINE(VIRTUAL_CHANNEL_DECOMPRESSION),
|
||||
ERRINFO_DEFINE(INVALID_VC_COMPRESSION_TYPE),
|
||||
ERRINFO_DEFINE(INVALID_CHANNEL_ID),
|
||||
ERRINFO_DEFINE(VCHANNELS_TOO_MANY),
|
||||
ERRINFO_DEFINE(REMOTEAPP_NOT_ENABLED),
|
||||
ERRINFO_DEFINE(CACHE_CAP_NOT_SET),
|
||||
ERRINFO_DEFINE(BITMAP_CACHE_ERROR_PDU_BAD_LENGTH2),
|
||||
ERRINFO_DEFINE(OFFSCREEN_CACHE_ERROR_PDU_BAD_LENGTH),
|
||||
ERRINFO_DEFINE(DRAWNINEGRID_CACHE_ERROR_PDU_BAD_LENGTH),
|
||||
ERRINFO_DEFINE(GDIPLUS_PDU_BAD_LENGTH),
|
||||
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT2),
|
||||
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT3),
|
||||
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT4),
|
||||
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT5),
|
||||
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT6),
|
||||
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT7),
|
||||
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT8),
|
||||
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT9),
|
||||
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT10),
|
||||
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT11),
|
||||
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT12),
|
||||
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT13),
|
||||
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT14),
|
||||
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT15),
|
||||
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT16),
|
||||
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT17),
|
||||
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT18),
|
||||
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT19),
|
||||
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT20),
|
||||
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT21),
|
||||
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT22),
|
||||
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT23),
|
||||
ERRINFO_DEFINE(BAD_MONITOR_DATA),
|
||||
ERRINFO_DEFINE(VC_DECOMPRESSED_REASSEMBLE_FAILED),
|
||||
ERRINFO_DEFINE(VC_DATA_TOO_LONG),
|
||||
ERRINFO_DEFINE(BAD_FRAME_ACK_DATA),
|
||||
ERRINFO_DEFINE(GRAPHICS_MODE_NOT_SUPPORTED),
|
||||
ERRINFO_DEFINE(GRAPHICS_SUBSYSTEM_RESET_FAILED),
|
||||
ERRINFO_DEFINE(GRAPHICS_SUBSYSTEM_FAILED),
|
||||
ERRINFO_DEFINE(TIMEZONE_KEY_NAME_LENGTH_TOO_SHORT),
|
||||
ERRINFO_DEFINE(TIMEZONE_KEY_NAME_LENGTH_TOO_LONG),
|
||||
ERRINFO_DEFINE(DYNAMIC_DST_DISABLED_FIELD_MISSING),
|
||||
ERRINFO_DEFINE(VC_DECODING_ERROR),
|
||||
ERRINFO_DEFINE(VIRTUALDESKTOPTOOLARGE),
|
||||
ERRINFO_DEFINE(MONITORGEOMETRYVALIDATIONFAILED),
|
||||
ERRINFO_DEFINE(INVALIDMONITORCOUNT),
|
||||
ERRINFO_DEFINE(UPDATE_SESSION_KEY_FAILED),
|
||||
ERRINFO_DEFINE(DECRYPT_FAILED),
|
||||
ERRINFO_DEFINE(ENCRYPT_FAILED),
|
||||
ERRINFO_DEFINE(ENCRYPTION_PACKAGE_MISMATCH),
|
||||
ERRINFO_DEFINE(DECRYPT_FAILED2),
|
||||
ERRINFO_DEFINE(PEER_DISCONNECTED),
|
||||
|
||||
ERRINFO_DEFINE(NONE)
|
||||
ERRINFO_DEFINE(NONE)
|
||||
};
|
||||
|
||||
const char* freerdp_get_error_info_string(UINT32 code)
|
||||
{
|
||||
const ERRINFO* errInfo;
|
||||
|
||||
errInfo = &ERRINFO_CODES[0];
|
||||
|
||||
while (errInfo->code != ERRINFO_NONE)
|
||||
@ -543,7 +559,6 @@ const char* freerdp_get_error_info_string(UINT32 code)
|
||||
const char* freerdp_get_error_info_name(UINT32 code)
|
||||
{
|
||||
const ERRINFO* errInfo;
|
||||
|
||||
errInfo = &ERRINFO_CODES[0];
|
||||
|
||||
while (errInfo->code != ERRINFO_NONE)
|
||||
@ -562,7 +577,6 @@ const char* freerdp_get_error_info_name(UINT32 code)
|
||||
void rdp_print_errinfo(UINT32 code)
|
||||
{
|
||||
const ERRINFO* errInfo;
|
||||
|
||||
errInfo = &ERRINFO_CODES[0];
|
||||
|
||||
while (errInfo->code != ERRINFO_NONE)
|
||||
|
@ -36,6 +36,35 @@
|
||||
|
||||
#define TAG FREERDP_TAG("core.nego")
|
||||
|
||||
struct rdp_nego
|
||||
{
|
||||
UINT16 port;
|
||||
UINT32 flags;
|
||||
const char* hostname;
|
||||
char* cookie;
|
||||
BYTE* RoutingToken;
|
||||
DWORD RoutingTokenLength;
|
||||
BOOL SendPreconnectionPdu;
|
||||
UINT32 PreconnectionId;
|
||||
char* PreconnectionBlob;
|
||||
|
||||
NEGO_STATE state;
|
||||
BOOL TcpConnected;
|
||||
BOOL SecurityConnected;
|
||||
UINT32 CookieMaxLength;
|
||||
|
||||
BOOL sendNegoData;
|
||||
UINT32 SelectedProtocol;
|
||||
UINT32 RequestedProtocols;
|
||||
BOOL NegotiateSecurityLayer;
|
||||
BOOL EnabledProtocols[16];
|
||||
BOOL RestrictedAdminModeRequired;
|
||||
BOOL GatewayEnabled;
|
||||
BOOL GatewayBypassLocal;
|
||||
|
||||
rdpTransport* transport;
|
||||
};
|
||||
|
||||
static const char* const NEGO_STATE_STRINGS[] =
|
||||
{
|
||||
"NEGO_STATE_INITIAL",
|
||||
@ -82,15 +111,15 @@ BOOL nego_connect(rdpNego* nego)
|
||||
|
||||
if (nego->state == NEGO_STATE_INITIAL)
|
||||
{
|
||||
if (nego->EnabledProtocols[PROTOCOL_EXT])
|
||||
if (nego->EnabledProtocols[PROTOCOL_HYBRID_EX])
|
||||
{
|
||||
nego->state = NEGO_STATE_EXT;
|
||||
}
|
||||
else if (nego->EnabledProtocols[PROTOCOL_NLA])
|
||||
else if (nego->EnabledProtocols[PROTOCOL_HYBRID])
|
||||
{
|
||||
nego->state = NEGO_STATE_NLA;
|
||||
}
|
||||
else if (nego->EnabledProtocols[PROTOCOL_TLS])
|
||||
else if (nego->EnabledProtocols[PROTOCOL_SSL])
|
||||
{
|
||||
nego->state = NEGO_STATE_TLS;
|
||||
}
|
||||
@ -109,26 +138,26 @@ BOOL nego_connect(rdpNego* nego)
|
||||
{
|
||||
WLog_DBG(TAG, "Security Layer Negotiation is disabled");
|
||||
/* attempt only the highest enabled protocol (see nego_attempt_*) */
|
||||
nego->EnabledProtocols[PROTOCOL_NLA] = FALSE;
|
||||
nego->EnabledProtocols[PROTOCOL_TLS] = FALSE;
|
||||
nego->EnabledProtocols[PROTOCOL_HYBRID] = FALSE;
|
||||
nego->EnabledProtocols[PROTOCOL_SSL] = FALSE;
|
||||
nego->EnabledProtocols[PROTOCOL_RDP] = FALSE;
|
||||
nego->EnabledProtocols[PROTOCOL_EXT] = FALSE;
|
||||
nego->EnabledProtocols[PROTOCOL_HYBRID_EX] = FALSE;
|
||||
|
||||
if (nego->state == NEGO_STATE_EXT)
|
||||
{
|
||||
nego->EnabledProtocols[PROTOCOL_EXT] = TRUE;
|
||||
nego->EnabledProtocols[PROTOCOL_NLA] = TRUE;
|
||||
nego->SelectedProtocol = PROTOCOL_EXT;
|
||||
nego->EnabledProtocols[PROTOCOL_HYBRID_EX] = TRUE;
|
||||
nego->EnabledProtocols[PROTOCOL_HYBRID] = TRUE;
|
||||
nego->SelectedProtocol = PROTOCOL_HYBRID_EX;
|
||||
}
|
||||
else if (nego->state == NEGO_STATE_NLA)
|
||||
{
|
||||
nego->EnabledProtocols[PROTOCOL_NLA] = TRUE;
|
||||
nego->SelectedProtocol = PROTOCOL_NLA;
|
||||
nego->EnabledProtocols[PROTOCOL_HYBRID] = TRUE;
|
||||
nego->SelectedProtocol = PROTOCOL_HYBRID;
|
||||
}
|
||||
else if (nego->state == NEGO_STATE_TLS)
|
||||
{
|
||||
nego->EnabledProtocols[PROTOCOL_TLS] = TRUE;
|
||||
nego->SelectedProtocol = PROTOCOL_TLS;
|
||||
nego->EnabledProtocols[PROTOCOL_SSL] = TRUE;
|
||||
nego->SelectedProtocol = PROTOCOL_SSL;
|
||||
}
|
||||
else if (nego->state == NEGO_STATE_RDP)
|
||||
{
|
||||
@ -218,14 +247,14 @@ BOOL nego_security_connect(rdpNego* nego)
|
||||
}
|
||||
else if (!nego->SecurityConnected)
|
||||
{
|
||||
if (nego->SelectedProtocol == PROTOCOL_NLA)
|
||||
if (nego->SelectedProtocol == PROTOCOL_HYBRID)
|
||||
{
|
||||
WLog_DBG(TAG, "nego_security_connect with PROTOCOL_NLA");
|
||||
WLog_DBG(TAG, "nego_security_connect with PROTOCOL_HYBRID");
|
||||
nego->SecurityConnected = transport_connect_nla(nego->transport);
|
||||
}
|
||||
else if (nego->SelectedProtocol == PROTOCOL_TLS)
|
||||
else if (nego->SelectedProtocol == PROTOCOL_SSL)
|
||||
{
|
||||
WLog_DBG(TAG, "nego_security_connect with PROTOCOL_TLS");
|
||||
WLog_DBG(TAG, "nego_security_connect with PROTOCOL_SSL");
|
||||
nego->SecurityConnected = transport_connect_tls(nego->transport);
|
||||
}
|
||||
else if (nego->SelectedProtocol == PROTOCOL_RDP)
|
||||
@ -378,7 +407,7 @@ BOOL nego_send_preconnection_pdu(rdpNego* nego)
|
||||
|
||||
static void nego_attempt_ext(rdpNego* nego)
|
||||
{
|
||||
nego->RequestedProtocols = PROTOCOL_NLA | PROTOCOL_TLS | PROTOCOL_EXT;
|
||||
nego->RequestedProtocols = PROTOCOL_HYBRID | PROTOCOL_SSL | PROTOCOL_HYBRID_EX;
|
||||
WLog_DBG(TAG, "Attempting NLA extended security");
|
||||
|
||||
if (!nego_transport_connect(nego))
|
||||
@ -405,9 +434,9 @@ static void nego_attempt_ext(rdpNego* nego)
|
||||
{
|
||||
nego_transport_disconnect(nego);
|
||||
|
||||
if (nego->EnabledProtocols[PROTOCOL_NLA])
|
||||
if (nego->EnabledProtocols[PROTOCOL_HYBRID])
|
||||
nego->state = NEGO_STATE_NLA;
|
||||
else if (nego->EnabledProtocols[PROTOCOL_TLS])
|
||||
else if (nego->EnabledProtocols[PROTOCOL_SSL])
|
||||
nego->state = NEGO_STATE_TLS;
|
||||
else if (nego->EnabledProtocols[PROTOCOL_RDP])
|
||||
nego->state = NEGO_STATE_RDP;
|
||||
@ -423,7 +452,7 @@ static void nego_attempt_ext(rdpNego* nego)
|
||||
|
||||
static void nego_attempt_nla(rdpNego* nego)
|
||||
{
|
||||
nego->RequestedProtocols = PROTOCOL_NLA | PROTOCOL_TLS;
|
||||
nego->RequestedProtocols = PROTOCOL_HYBRID | PROTOCOL_SSL;
|
||||
WLog_DBG(TAG, "Attempting NLA security");
|
||||
|
||||
if (!nego_transport_connect(nego))
|
||||
@ -450,7 +479,7 @@ static void nego_attempt_nla(rdpNego* nego)
|
||||
{
|
||||
nego_transport_disconnect(nego);
|
||||
|
||||
if (nego->EnabledProtocols[PROTOCOL_TLS])
|
||||
if (nego->EnabledProtocols[PROTOCOL_SSL])
|
||||
nego->state = NEGO_STATE_TLS;
|
||||
else if (nego->EnabledProtocols[PROTOCOL_RDP])
|
||||
nego->state = NEGO_STATE_RDP;
|
||||
@ -466,7 +495,7 @@ static void nego_attempt_nla(rdpNego* nego)
|
||||
|
||||
static void nego_attempt_tls(rdpNego* nego)
|
||||
{
|
||||
nego->RequestedProtocols = PROTOCOL_TLS;
|
||||
nego->RequestedProtocols = PROTOCOL_SSL;
|
||||
WLog_DBG(TAG, "Attempting TLS security");
|
||||
|
||||
if (!nego_transport_connect(nego))
|
||||
@ -600,14 +629,14 @@ int nego_recv(rdpTransport* transport, wStream* s, void* extra)
|
||||
|
||||
if (nego->SelectedProtocol)
|
||||
{
|
||||
if ((nego->SelectedProtocol == PROTOCOL_NLA) &&
|
||||
(!nego->EnabledProtocols[PROTOCOL_NLA]))
|
||||
if ((nego->SelectedProtocol == PROTOCOL_HYBRID) &&
|
||||
(!nego->EnabledProtocols[PROTOCOL_HYBRID]))
|
||||
{
|
||||
nego->state = NEGO_STATE_FAIL;
|
||||
}
|
||||
|
||||
if ((nego->SelectedProtocol == PROTOCOL_TLS) &&
|
||||
(!nego->EnabledProtocols[PROTOCOL_TLS]))
|
||||
if ((nego->SelectedProtocol == PROTOCOL_SSL) &&
|
||||
(!nego->EnabledProtocols[PROTOCOL_SSL]))
|
||||
{
|
||||
nego->state = NEGO_STATE_FAIL;
|
||||
}
|
||||
@ -803,11 +832,12 @@ void nego_send(rdpNego* nego)
|
||||
|
||||
BOOL nego_send_negotiation_request(rdpNego* nego)
|
||||
{
|
||||
BOOL rc = FALSE;
|
||||
wStream* s;
|
||||
int length;
|
||||
size_t length;
|
||||
size_t bm, em;
|
||||
BYTE flags = 0;
|
||||
int cookie_length;
|
||||
size_t cookie_length;
|
||||
s = Stream_New(NULL, 512);
|
||||
|
||||
if (!s)
|
||||
@ -845,7 +875,7 @@ BOOL nego_send_negotiation_request(rdpNego* nego)
|
||||
{
|
||||
cookie_length = strlen(nego->cookie);
|
||||
|
||||
if (cookie_length > (int) nego->CookieMaxLength)
|
||||
if (cookie_length > nego->CookieMaxLength)
|
||||
cookie_length = nego->CookieMaxLength;
|
||||
|
||||
Stream_Write(s, "Cookie: mstshash=", 17);
|
||||
@ -870,21 +900,19 @@ BOOL nego_send_negotiation_request(rdpNego* nego)
|
||||
length += 8;
|
||||
}
|
||||
|
||||
if ((length < 5) || (length > UINT16_MAX))
|
||||
goto fail;
|
||||
|
||||
em = Stream_GetPosition(s);
|
||||
Stream_SetPosition(s, bm);
|
||||
tpkt_write_header(s, length);
|
||||
tpdu_write_connection_request(s, length - 5);
|
||||
tpkt_write_header(s, (UINT16)length);
|
||||
tpdu_write_connection_request(s, (UINT16)length - 5);
|
||||
Stream_SetPosition(s, em);
|
||||
Stream_SealLength(s);
|
||||
|
||||
if (transport_write(nego->transport, s) < 0)
|
||||
{
|
||||
Stream_Free(s, TRUE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
rc = (transport_write(nego->transport, s) >= 0);
|
||||
fail:
|
||||
Stream_Free(s, TRUE);
|
||||
return TRUE;
|
||||
return rc;
|
||||
}
|
||||
|
||||
/**
|
||||
@ -983,7 +1011,7 @@ void nego_process_negotiation_failure(rdpNego* nego, wStream* s)
|
||||
|
||||
BOOL nego_send_negotiation_response(rdpNego* nego)
|
||||
{
|
||||
int length;
|
||||
UINT16 length;
|
||||
size_t bm, em;
|
||||
BOOL status;
|
||||
wStream* s;
|
||||
@ -1085,7 +1113,7 @@ BOOL nego_send_negotiation_response(rdpNego* nego)
|
||||
return FALSE;
|
||||
}
|
||||
}
|
||||
else if (settings->SelectedProtocol == PROTOCOL_TLS)
|
||||
else if (settings->SelectedProtocol == PROTOCOL_SSL)
|
||||
{
|
||||
settings->TlsSecurity = TRUE;
|
||||
settings->NlaSecurity = FALSE;
|
||||
@ -1093,7 +1121,7 @@ BOOL nego_send_negotiation_response(rdpNego* nego)
|
||||
settings->UseRdpSecurityLayer = FALSE;
|
||||
settings->EncryptionLevel = ENCRYPTION_LEVEL_NONE;
|
||||
}
|
||||
else if (settings->SelectedProtocol == PROTOCOL_NLA)
|
||||
else if (settings->SelectedProtocol == PROTOCOL_HYBRID)
|
||||
{
|
||||
settings->TlsSecurity = TRUE;
|
||||
settings->NlaSecurity = TRUE;
|
||||
@ -1160,10 +1188,14 @@ void nego_free(rdpNego* nego)
|
||||
* @param port
|
||||
*/
|
||||
|
||||
void nego_set_target(rdpNego* nego, char* hostname, int port)
|
||||
BOOL nego_set_target(rdpNego* nego, const char* hostname, UINT16 port)
|
||||
{
|
||||
if (!nego || !hostname)
|
||||
return FALSE;
|
||||
|
||||
nego->hostname = hostname;
|
||||
nego->port = port;
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
/**
|
||||
@ -1221,7 +1253,7 @@ void nego_enable_rdp(rdpNego* nego, BOOL enable_rdp)
|
||||
void nego_enable_tls(rdpNego* nego, BOOL enable_tls)
|
||||
{
|
||||
WLog_DBG(TAG, "Enabling TLS security: %s", enable_tls ? "TRUE" : "FALSE");
|
||||
nego->EnabledProtocols[PROTOCOL_TLS] = enable_tls;
|
||||
nego->EnabledProtocols[PROTOCOL_SSL] = enable_tls;
|
||||
}
|
||||
|
||||
/**
|
||||
@ -1233,7 +1265,7 @@ void nego_enable_tls(rdpNego* nego, BOOL enable_tls)
|
||||
void nego_enable_nla(rdpNego* nego, BOOL enable_nla)
|
||||
{
|
||||
WLog_DBG(TAG, "Enabling NLA security: %s", enable_nla ? "TRUE" : "FALSE");
|
||||
nego->EnabledProtocols[PROTOCOL_NLA] = enable_nla;
|
||||
nego->EnabledProtocols[PROTOCOL_HYBRID] = enable_nla;
|
||||
}
|
||||
|
||||
/**
|
||||
@ -1245,7 +1277,7 @@ void nego_enable_nla(rdpNego* nego, BOOL enable_nla)
|
||||
void nego_enable_ext(rdpNego* nego, BOOL enable_ext)
|
||||
{
|
||||
WLog_DBG(TAG, "Enabling NLA extended security: %s", enable_ext ? "TRUE" : "FALSE");
|
||||
nego->EnabledProtocols[PROTOCOL_EXT] = enable_ext;
|
||||
nego->EnabledProtocols[PROTOCOL_HYBRID_EX] = enable_ext;
|
||||
}
|
||||
|
||||
/**
|
||||
@ -1339,3 +1371,72 @@ void nego_set_preconnection_blob(rdpNego* nego, char* PreconnectionBlob)
|
||||
{
|
||||
nego->PreconnectionBlob = PreconnectionBlob;
|
||||
}
|
||||
|
||||
UINT32 nego_get_selected_protocol(rdpNego* nego)
|
||||
{
|
||||
if (!nego)
|
||||
return 0;
|
||||
|
||||
return nego->SelectedProtocol;
|
||||
}
|
||||
|
||||
BOOL nego_set_selected_protocol(rdpNego* nego, UINT32 SelectedProtocol)
|
||||
{
|
||||
if (!nego)
|
||||
return FALSE;
|
||||
|
||||
nego->SelectedProtocol = SelectedProtocol;
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
UINT32 nego_get_requested_protocols(rdpNego* nego)
|
||||
{
|
||||
if (!nego)
|
||||
return 0;
|
||||
|
||||
return nego->RequestedProtocols;
|
||||
}
|
||||
|
||||
|
||||
BOOL nego_set_requested_protocols(rdpNego* nego, UINT32 RequestedProtocols)
|
||||
{
|
||||
if (!nego)
|
||||
return FALSE;
|
||||
|
||||
nego->RequestedProtocols = RequestedProtocols;
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
NEGO_STATE nego_get_state(rdpNego* nego)
|
||||
{
|
||||
if (!nego)
|
||||
return NEGO_STATE_FAIL;
|
||||
|
||||
return nego->state;
|
||||
}
|
||||
|
||||
BOOL nego_set_state(rdpNego* nego, NEGO_STATE state)
|
||||
{
|
||||
if (!nego)
|
||||
return FALSE;
|
||||
|
||||
nego->state = state;
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
SEC_WINNT_AUTH_IDENTITY* nego_get_identity(rdpNego* nego)
|
||||
{
|
||||
if (!nego)
|
||||
return NULL;
|
||||
|
||||
return nla_get_identity(nego->transport->nla);
|
||||
}
|
||||
|
||||
void nego_free_nla(rdpNego* nego)
|
||||
{
|
||||
if (!nego || !nego->transport)
|
||||
return;
|
||||
|
||||
nla_free(nego->transport->nla);
|
||||
nego->transport->nla = NULL;
|
||||
}
|
||||
|
@ -29,12 +29,14 @@
|
||||
|
||||
#include <winpr/stream.h>
|
||||
|
||||
/* Protocol Security Negotiation Protocols */
|
||||
#define PROTOCOL_RDP 0x00000000
|
||||
#define PROTOCOL_TLS 0x00000001
|
||||
#define PROTOCOL_NLA 0x00000002
|
||||
#define PROTOCOL_RDS 0x00000004
|
||||
#define PROTOCOL_EXT 0x00000008
|
||||
/* Protocol Security Negotiation Protocols
|
||||
* [MS-RDPBCGR] 2.2.1.1.1 RDP Negotiation Request (RDP_NEG_REQ)
|
||||
*/
|
||||
#define PROTOCOL_RDP 0x00000000
|
||||
#define PROTOCOL_SSL 0x00000001
|
||||
#define PROTOCOL_HYBRID 0x00000002
|
||||
#define PROTOCOL_RDSTLS 0x00000004
|
||||
#define PROTOCOL_HYBRID_EX 0x00000008
|
||||
|
||||
#define PROTOCOL_FAILED_NEGO 0x80000000 /* only used internally, not on the wire */
|
||||
|
||||
@ -90,34 +92,6 @@ enum RDP_NEG_MSG
|
||||
#define REDIRECTED_AUTHENTICATION_MODE_REQUIRED 0x02
|
||||
#define CORRELATION_INFO_PRESENT 0x08
|
||||
|
||||
struct rdp_nego
|
||||
{
|
||||
int port;
|
||||
UINT32 flags;
|
||||
char* hostname;
|
||||
char* cookie;
|
||||
BYTE* RoutingToken;
|
||||
DWORD RoutingTokenLength;
|
||||
BOOL SendPreconnectionPdu;
|
||||
UINT32 PreconnectionId;
|
||||
char* PreconnectionBlob;
|
||||
|
||||
NEGO_STATE state;
|
||||
BOOL TcpConnected;
|
||||
BOOL SecurityConnected;
|
||||
UINT32 CookieMaxLength;
|
||||
|
||||
BOOL sendNegoData;
|
||||
UINT32 SelectedProtocol;
|
||||
UINT32 RequestedProtocols;
|
||||
BOOL NegotiateSecurityLayer;
|
||||
BYTE EnabledProtocols[16];
|
||||
BOOL RestrictedAdminModeRequired;
|
||||
BOOL GatewayEnabled;
|
||||
BOOL GatewayBypassLocal;
|
||||
|
||||
rdpTransport* transport;
|
||||
};
|
||||
typedef struct rdp_nego rdpNego;
|
||||
|
||||
FREERDP_LOCAL BOOL nego_connect(rdpNego* nego);
|
||||
@ -133,7 +107,7 @@ FREERDP_LOCAL rdpNego* nego_new(rdpTransport* transport);
|
||||
FREERDP_LOCAL void nego_free(rdpNego* nego);
|
||||
|
||||
FREERDP_LOCAL void nego_init(rdpNego* nego);
|
||||
FREERDP_LOCAL void nego_set_target(rdpNego* nego, char* hostname, int port);
|
||||
FREERDP_LOCAL BOOL nego_set_target(rdpNego* nego, const char* hostname, UINT16 port);
|
||||
FREERDP_LOCAL void nego_set_negotiation_enabled(rdpNego* nego,
|
||||
BOOL NegotiateSecurityLayer);
|
||||
FREERDP_LOCAL void nego_set_restricted_admin_mode_required(rdpNego* nego,
|
||||
@ -157,4 +131,17 @@ FREERDP_LOCAL void nego_set_preconnection_id(rdpNego* nego,
|
||||
FREERDP_LOCAL void nego_set_preconnection_blob(rdpNego* nego,
|
||||
char* PreconnectionBlob);
|
||||
|
||||
FREERDP_LOCAL UINT32 nego_get_selected_protocol(rdpNego* nego);
|
||||
FREERDP_LOCAL BOOL nego_set_selected_protocol(rdpNego* nego, UINT32 SelectedProtocol);
|
||||
|
||||
FREERDP_LOCAL UINT32 nego_get_requested_protocols(rdpNego* nego);
|
||||
FREERDP_LOCAL BOOL nego_set_requested_protocols(rdpNego* nego, UINT32 RequestedProtocols);
|
||||
|
||||
FREERDP_LOCAL BOOL nego_set_state(rdpNego* nego, NEGO_STATE state);
|
||||
FREERDP_LOCAL NEGO_STATE nego_get_state(rdpNego* nego);
|
||||
|
||||
FREERDP_LOCAL SEC_WINNT_AUTH_IDENTITY* nego_get_identity(rdpNego* nego);
|
||||
|
||||
FREERDP_LOCAL void nego_free_nla(rdpNego* nego);
|
||||
|
||||
#endif /* FREERDP_LIB_CORE_NEGO_H */
|
||||
|
@ -99,6 +99,53 @@
|
||||
|
||||
#define TERMSRV_SPN_PREFIX "TERMSRV/"
|
||||
|
||||
|
||||
struct rdp_nla
|
||||
{
|
||||
BOOL server;
|
||||
NLA_STATE state;
|
||||
int sendSeqNum;
|
||||
int recvSeqNum;
|
||||
freerdp* instance;
|
||||
CtxtHandle context;
|
||||
LPTSTR SspiModule;
|
||||
char* SamFile;
|
||||
rdpSettings* settings;
|
||||
rdpTransport* transport;
|
||||
UINT32 cbMaxToken;
|
||||
#if defined(UNICODE)
|
||||
SEC_WCHAR* packageName;
|
||||
#else
|
||||
SEC_CHAR* packageName;
|
||||
#endif
|
||||
UINT32 version;
|
||||
UINT32 peerVersion;
|
||||
UINT32 errorCode;
|
||||
ULONG fContextReq;
|
||||
ULONG pfContextAttr;
|
||||
BOOL haveContext;
|
||||
BOOL haveInputBuffer;
|
||||
BOOL havePubKeyAuth;
|
||||
SECURITY_STATUS status;
|
||||
CredHandle credentials;
|
||||
TimeStamp expiration;
|
||||
PSecPkgInfo pPackageInfo;
|
||||
SecBuffer inputBuffer;
|
||||
SecBuffer outputBuffer;
|
||||
SecBufferDesc inputBufferDesc;
|
||||
SecBufferDesc outputBufferDesc;
|
||||
SecBuffer negoToken;
|
||||
SecBuffer pubKeyAuth;
|
||||
SecBuffer authInfo;
|
||||
SecBuffer ClientNonce;
|
||||
SecBuffer PublicKey;
|
||||
SecBuffer tsCredentials;
|
||||
LPTSTR ServicePrincipalName;
|
||||
SEC_WINNT_AUTH_IDENTITY* identity;
|
||||
PSecurityFunctionTable table;
|
||||
SecPkgContext_Sizes ContextSizes;
|
||||
};
|
||||
|
||||
static BOOL nla_send(rdpNla* nla);
|
||||
static int nla_recv(rdpNla* nla);
|
||||
static void nla_buffer_print(rdpNla* nla);
|
||||
@ -2387,3 +2434,37 @@ void nla_free(rdpNla* nla)
|
||||
nla_identity_free(nla->identity);
|
||||
free(nla);
|
||||
}
|
||||
|
||||
SEC_WINNT_AUTH_IDENTITY* nla_get_identity(rdpNla* nla)
|
||||
{
|
||||
if (!nla)
|
||||
return NULL;
|
||||
|
||||
return nla->identity;
|
||||
}
|
||||
|
||||
NLA_STATE nla_get_state(rdpNla* nla)
|
||||
{
|
||||
if (!nla)
|
||||
return NLA_STATE_FINAL;
|
||||
|
||||
return nla->state;
|
||||
}
|
||||
|
||||
BOOL nla_set_state(rdpNla* nla, NLA_STATE state)
|
||||
{
|
||||
if (!nla)
|
||||
return FALSE;
|
||||
|
||||
nla->state = state;
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
BOOL nla_set_service_principal(rdpNla* nla, LPSTR principal)
|
||||
{
|
||||
if (!nla || !principal)
|
||||
return FALSE;
|
||||
|
||||
nla->ServicePrincipalName = principal;
|
||||
return TRUE;
|
||||
}
|
||||
|
@ -47,52 +47,6 @@ enum _NLA_STATE
|
||||
};
|
||||
typedef enum _NLA_STATE NLA_STATE;
|
||||
|
||||
struct rdp_nla
|
||||
{
|
||||
BOOL server;
|
||||
NLA_STATE state;
|
||||
int sendSeqNum;
|
||||
int recvSeqNum;
|
||||
freerdp* instance;
|
||||
CtxtHandle context;
|
||||
LPTSTR SspiModule;
|
||||
char* SamFile;
|
||||
rdpSettings* settings;
|
||||
rdpTransport* transport;
|
||||
UINT32 cbMaxToken;
|
||||
#if defined(UNICODE)
|
||||
SEC_WCHAR* packageName;
|
||||
#else
|
||||
SEC_CHAR* packageName;
|
||||
#endif
|
||||
UINT32 version;
|
||||
UINT32 peerVersion;
|
||||
UINT32 errorCode;
|
||||
ULONG fContextReq;
|
||||
ULONG pfContextAttr;
|
||||
BOOL haveContext;
|
||||
BOOL haveInputBuffer;
|
||||
BOOL havePubKeyAuth;
|
||||
SECURITY_STATUS status;
|
||||
CredHandle credentials;
|
||||
TimeStamp expiration;
|
||||
PSecPkgInfo pPackageInfo;
|
||||
SecBuffer inputBuffer;
|
||||
SecBuffer outputBuffer;
|
||||
SecBufferDesc inputBufferDesc;
|
||||
SecBufferDesc outputBufferDesc;
|
||||
SecBuffer negoToken;
|
||||
SecBuffer pubKeyAuth;
|
||||
SecBuffer authInfo;
|
||||
SecBuffer ClientNonce;
|
||||
SecBuffer PublicKey;
|
||||
SecBuffer tsCredentials;
|
||||
LPTSTR ServicePrincipalName;
|
||||
SEC_WINNT_AUTH_IDENTITY* identity;
|
||||
PSecurityFunctionTable table;
|
||||
SecPkgContext_Sizes ContextSizes;
|
||||
};
|
||||
|
||||
FREERDP_LOCAL int nla_authenticate(rdpNla* nla);
|
||||
FREERDP_LOCAL LPTSTR nla_make_spn(const char* ServiceClass,
|
||||
const char* hostname);
|
||||
@ -100,6 +54,13 @@ FREERDP_LOCAL LPTSTR nla_make_spn(const char* ServiceClass,
|
||||
FREERDP_LOCAL int nla_client_begin(rdpNla* nla);
|
||||
FREERDP_LOCAL int nla_recv_pdu(rdpNla* nla, wStream* s);
|
||||
|
||||
FREERDP_LOCAL SEC_WINNT_AUTH_IDENTITY* nla_get_identity(rdpNla* nla);
|
||||
|
||||
FREERDP_LOCAL NLA_STATE nla_get_state(rdpNla* nla);
|
||||
FREERDP_LOCAL BOOL nla_set_state(rdpNla* nla, NLA_STATE state);
|
||||
|
||||
FREERDP_LOCAL BOOL nla_set_service_principal(rdpNla* nla, LPSTR principal);
|
||||
|
||||
FREERDP_LOCAL rdpNla* nla_new(freerdp* instance, rdpTransport* transport,
|
||||
rdpSettings* settings);
|
||||
FREERDP_LOCAL void nla_free(rdpNla* nla);
|
||||
|
@ -464,6 +464,7 @@ static int peer_recv_pdu(freerdp_peer* client, wStream* s)
|
||||
|
||||
static int peer_recv_callback(rdpTransport* transport, wStream* s, void* extra)
|
||||
{
|
||||
UINT32 SelectedProtocol;
|
||||
freerdp_peer* client = (freerdp_peer*) extra;
|
||||
rdpRdp* rdp = client->context->rdp;
|
||||
|
||||
@ -476,16 +477,17 @@ static int peer_recv_callback(rdpTransport* transport, wStream* s, void* extra)
|
||||
return -1;
|
||||
}
|
||||
|
||||
client->settings->NlaSecurity = (rdp->nego->SelectedProtocol & PROTOCOL_NLA) ? TRUE : FALSE;
|
||||
client->settings->TlsSecurity = (rdp->nego->SelectedProtocol & PROTOCOL_TLS) ? TRUE : FALSE;
|
||||
client->settings->RdpSecurity = (rdp->nego->SelectedProtocol == PROTOCOL_RDP) ? TRUE : FALSE;
|
||||
SelectedProtocol = nego_get_selected_protocol(rdp->nego);
|
||||
client->settings->NlaSecurity = (SelectedProtocol & PROTOCOL_HYBRID) ? TRUE : FALSE;
|
||||
client->settings->TlsSecurity = (SelectedProtocol & PROTOCOL_SSL) ? TRUE : FALSE;
|
||||
client->settings->RdpSecurity = (SelectedProtocol == PROTOCOL_RDP) ? TRUE : FALSE;
|
||||
|
||||
if (rdp->nego->SelectedProtocol & PROTOCOL_NLA)
|
||||
if (SelectedProtocol & PROTOCOL_HYBRID)
|
||||
{
|
||||
sspi_CopyAuthIdentity(&client->identity, rdp->nego->transport->nla->identity);
|
||||
SEC_WINNT_AUTH_IDENTITY* identity = nego_get_identity(rdp->nego);
|
||||
sspi_CopyAuthIdentity(&client->identity, identity);
|
||||
IFCALLRET(client->Logon, client->authenticated, client, &client->identity, TRUE);
|
||||
nla_free(rdp->nego->transport->nla);
|
||||
rdp->nego->transport->nla = NULL;
|
||||
nego_free_nla(rdp->nego);
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -497,7 +499,8 @@ static int peer_recv_callback(rdpTransport* transport, wStream* s, void* extra)
|
||||
case CONNECTION_STATE_NEGO:
|
||||
if (!rdp_server_accept_mcs_connect_initial(rdp, s))
|
||||
{
|
||||
WLog_ERR(TAG, "peer_recv_callback: CONNECTION_STATE_NEGO - rdp_server_accept_mcs_connect_initial() fail");
|
||||
WLog_ERR(TAG,
|
||||
"peer_recv_callback: CONNECTION_STATE_NEGO - rdp_server_accept_mcs_connect_initial() fail");
|
||||
return -1;
|
||||
}
|
||||
|
||||
@ -642,10 +645,13 @@ static int peer_recv_callback(rdpTransport* transport, wStream* s, void* extra)
|
||||
|
||||
static BOOL freerdp_peer_close(freerdp_peer* client)
|
||||
{
|
||||
UINT32 SelectedProtocol;
|
||||
/** if negotiation has failed, we're not MCS connected. So don't
|
||||
* send anything else, or some mstsc will consider that as an error
|
||||
*/
|
||||
if (client->context->rdp->nego->SelectedProtocol & PROTOCOL_FAILED_NEGO)
|
||||
SelectedProtocol = nego_get_selected_protocol(client->context->rdp->nego);
|
||||
|
||||
if (SelectedProtocol & PROTOCOL_FAILED_NEGO)
|
||||
return TRUE;
|
||||
|
||||
/**
|
||||
|
@ -1388,7 +1388,7 @@ int rdp_recv_callback(rdpTransport* transport, wStream* s, void* extra)
|
||||
switch (rdp->state)
|
||||
{
|
||||
case CONNECTION_STATE_NLA:
|
||||
if (rdp->nla->state < NLA_STATE_AUTH_INFO)
|
||||
if (nla_get_state(rdp->nla) < NLA_STATE_AUTH_INFO)
|
||||
{
|
||||
if (nla_recv_pdu(rdp->nla, s) < 1)
|
||||
{
|
||||
@ -1396,37 +1396,45 @@ int rdp_recv_callback(rdpTransport* transport, wStream* s, void* extra)
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
else if (rdp->nla->state == NLA_STATE_POST_NEGO)
|
||||
else if (nla_get_state(rdp->nla) == NLA_STATE_POST_NEGO)
|
||||
{
|
||||
nego_recv(rdp->transport, s, (void*) rdp->nego);
|
||||
|
||||
if (rdp->nego->state != NEGO_STATE_FINAL)
|
||||
if (nego_get_state(rdp->nego) != NEGO_STATE_FINAL)
|
||||
{
|
||||
WLog_ERR(TAG, "rdp_recv_callback: CONNECTION_STATE_NLA - nego_recv() fail");
|
||||
return -1;
|
||||
}
|
||||
|
||||
rdp->nla->state = NLA_STATE_FINAL;
|
||||
if (!nla_set_state(rdp->nla, NLA_STATE_FINAL))
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (rdp->nla->state == NLA_STATE_AUTH_INFO)
|
||||
if (nla_get_state(rdp->nla) == NLA_STATE_AUTH_INFO)
|
||||
{
|
||||
transport_set_nla_mode(rdp->transport, FALSE);
|
||||
|
||||
if (rdp->settings->VmConnectMode)
|
||||
{
|
||||
rdp->nego->state = NEGO_STATE_NLA;
|
||||
rdp->nego->RequestedProtocols = PROTOCOL_NLA | PROTOCOL_TLS;
|
||||
if (!nego_set_state(rdp->nego, NEGO_STATE_NLA))
|
||||
return -1;
|
||||
|
||||
if (!nego_set_requested_protocols(rdp->nego, PROTOCOL_HYBRID | PROTOCOL_SSL))
|
||||
return -1;
|
||||
|
||||
nego_send_negotiation_request(rdp->nego);
|
||||
rdp->nla->state = NLA_STATE_POST_NEGO;
|
||||
|
||||
if (!nla_set_state(rdp->nla, NLA_STATE_POST_NEGO))
|
||||
return -1;
|
||||
}
|
||||
else
|
||||
{
|
||||
rdp->nla->state = NLA_STATE_FINAL;
|
||||
if (!nla_set_state(rdp->nla, NLA_STATE_FINAL))
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
|
||||
if (rdp->nla->state == NLA_STATE_FINAL)
|
||||
if (nla_get_state(rdp->nla) == NLA_STATE_FINAL)
|
||||
{
|
||||
nla_free(rdp->nla);
|
||||
rdp->nla = NULL;
|
||||
|
@ -30,6 +30,25 @@
|
||||
|
||||
#define TAG FREERDP_TAG("core.redirection")
|
||||
|
||||
struct rdp_redirection
|
||||
{
|
||||
UINT32 flags;
|
||||
UINT32 sessionID;
|
||||
BYTE* TsvUrl;
|
||||
DWORD TsvUrlLength;
|
||||
char* Username;
|
||||
char* Domain;
|
||||
BYTE* Password;
|
||||
DWORD PasswordLength;
|
||||
char* TargetFQDN;
|
||||
BYTE* LoadBalanceInfo;
|
||||
DWORD LoadBalanceInfoLength;
|
||||
char* TargetNetBiosName;
|
||||
char* TargetNetAddress;
|
||||
UINT32 TargetNetAddressesCount;
|
||||
char** TargetNetAddresses;
|
||||
};
|
||||
|
||||
static void rdp_print_redirection_flags(UINT32 flags)
|
||||
{
|
||||
WLog_DBG(TAG, "redirectionFlags = {");
|
||||
|
@ -31,25 +31,6 @@ typedef struct rdp_redirection rdpRedirection;
|
||||
#include <winpr/wlog.h>
|
||||
#include <winpr/stream.h>
|
||||
|
||||
struct rdp_redirection
|
||||
{
|
||||
UINT32 flags;
|
||||
UINT32 sessionID;
|
||||
BYTE* TsvUrl;
|
||||
DWORD TsvUrlLength;
|
||||
char* Username;
|
||||
char* Domain;
|
||||
BYTE* Password;
|
||||
DWORD PasswordLength;
|
||||
char* TargetFQDN;
|
||||
BYTE* LoadBalanceInfo;
|
||||
DWORD LoadBalanceInfoLength;
|
||||
char* TargetNetBiosName;
|
||||
char* TargetNetAddress;
|
||||
UINT32 TargetNetAddressesCount;
|
||||
char** TargetNetAddresses;
|
||||
};
|
||||
|
||||
FREERDP_LOCAL int rdp_recv_enhanced_security_redirection_packet(rdpRdp* rdp,
|
||||
wStream* s);
|
||||
|
||||
|
@ -334,10 +334,8 @@ BOOL transport_connect_nla(rdpTransport* transport)
|
||||
|
||||
if (settings->AuthenticationServiceClass)
|
||||
{
|
||||
rdp->nla->ServicePrincipalName =
|
||||
nla_make_spn(settings->AuthenticationServiceClass, settings->ServerHostname);
|
||||
|
||||
if (!rdp->nla->ServicePrincipalName)
|
||||
if (!nla_set_service_principal(rdp->nla, nla_make_spn(settings->AuthenticationServiceClass,
|
||||
settings->ServerHostname)))
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user