mirrors
/
FreeRDP
mirror of https://github.com/FreeRDP/FreeRDP
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #5036 from akallabeth/auth_fixes 

Refactor NEGO NLA and redirection to use opaque handles
This commit is contained in:
Martin Fleisz 2018-12-05 11:20:34 +01:00 committed by GitHub
parent bb187d8ea2 e49adfc51a
commit 7db6ac063a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
12 changed files with 628 additions and 459 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
include/freerdp/error.h
View File

@ -45,19 +45,6 @@ extern "C" {
#define ERRINFO_RPC_INITIATED_DISCONNECT_BY_USER 0x0000000B
#define ERRINFO_LOGOFF_BY_USER 0x0000000C
/* Protocol-independent codes generated by the Connection Broker */
#define ERRINFO_CB_DESTINATION_NOT_FOUND 0x0000400
#define ERRINFO_CB_LOADING_DESTINATION 0x0000402
#define ERRINFO_CB_REDIRECTING_TO_DESTINATION 0x0000404
#define ERRINFO_CB_SESSION_ONLINE_VM_WAKE 0x0000405
#define ERRINFO_CB_SESSION_ONLINE_VM_BOOT 0x0000406
#define ERRINFO_CB_SESSION_ONLINE_VM_NO_DNS 0x0000407
#define ERRINFO_CB_DESTINATION_POOL_NOT_FREE 0x0000408
#define ERRINFO_CB_CONNECTION_CANCELLED 0x0000409
#define ERRINFO_CB_CONNECTION_ERROR_INVALID_SETTINGS 0x0000410
#define ERRINFO_CB_SESSION_ONLINE_VM_BOOT_TIMEOUT 0x0000411
#define ERRINFO_CB_SESSION_ONLINE_VM_SESSMON_FAILED 0x0000412
/* Protocol-independent licensing codes */
#define ERRINFO_LICENSE_INTERNAL 0x00000100
#define ERRINFO_LICENSE_NO_LICENSE_SERVER 0x00000101
@ -71,6 +58,19 @@ extern "C" {
#define ERRINFO_LICENSE_CANT_UPGRADE_LICENSE 0x00000109
#define ERRINFO_LICENSE_NO_REMOTE_CONNECTIONS 0x0000010A
/* Protocol-independent codes generated by the Connection Broker */
#define ERRINFO_CB_DESTINATION_NOT_FOUND 0x0000400
#define ERRINFO_CB_LOADING_DESTINATION 0x0000402
#define ERRINFO_CB_REDIRECTING_TO_DESTINATION 0x0000404
#define ERRINFO_CB_SESSION_ONLINE_VM_WAKE 0x0000405
#define ERRINFO_CB_SESSION_ONLINE_VM_BOOT 0x0000406
#define ERRINFO_CB_SESSION_ONLINE_VM_NO_DNS 0x0000407
#define ERRINFO_CB_DESTINATION_POOL_NOT_FREE 0x0000408
#define ERRINFO_CB_CONNECTION_CANCELLED 0x0000409
#define ERRINFO_CB_CONNECTION_ERROR_INVALID_SETTINGS 0x0000410
#define ERRINFO_CB_SESSION_ONLINE_VM_BOOT_TIMEOUT 0x0000411
#define ERRINFO_CB_SESSION_ONLINE_VM_SESSMON_FAILED 0x0000412
/* RDP specific codes */
#define ERRINFO_UNKNOWN_DATA_PDU_TYPE 0x000010C9
#define ERRINFO_UNKNOWN_PDU_TYPE 0x000010CA
@ -134,6 +134,7 @@ extern "C" {
#define ERRINFO_BAD_MONITOR_DATA 0x00001129
#define ERRINFO_VC_DECOMPRESSED_REASSEMBLE_FAILED 0x0000112A
#define ERRINFO_VC_DATA_TOO_LONG 0x0000112B
#define ERRINFO_BAD_FRAME_ACK_DATA 0x0000112C
#define ERRINFO_GRAPHICS_MODE_NOT_SUPPORTED 0x0000112D
#define ERRINFO_GRAPHICS_SUBSYSTEM_RESET_FAILED 0x0000112E
#define ERRINFO_GRAPHICS_SUBSYSTEM_FAILED 0x0000112F
@ -141,6 +142,9 @@ extern "C" {
#define ERRINFO_TIMEZONE_KEY_NAME_LENGTH_TOO_LONG 0x00001131
#define ERRINFO_DYNAMIC_DST_DISABLED_FIELD_MISSING 0x00001132
#define ERRINFO_VC_DECODING_ERROR 0x00001133
#define ERRINFO_VIRTUALDESKTOPTOOLARGE 0x00001134
#define ERRINFO_MONITORGEOMETRYVALIDATIONFAILED 0x00001135
#define ERRINFO_INVALIDMONITORCOUNT 0x00001136
#define ERRINFO_UPDATE_SESSION_KEY_FAILED 0x00001191
#define ERRINFO_DECRYPT_FAILED 0x00001192
#define ERRINFO_ENCRYPT_FAILED 0x00001193

53
libfreerdp/core/connection.c
View File

@ -197,6 +197,7 @@ static BOOL rdp_client_reset_codecs(rdpContext* context)
BOOL rdp_client_connect(rdpRdp* rdp)
{
UINT32 SelectedProtocol;
BOOL status;
rdpSettings* settings = rdp->settings;
/* make sure SSL is initialize for earlier enough for crypto, by taking advantage of winpr SSL FIPS flag for openssl initialization */
@ -306,7 +307,9 @@ BOOL rdp_client_connect(rdpRdp* rdp)
return FALSE;
}
if ((rdp->nego->SelectedProtocol & PROTOCOL_TLS) || (rdp->nego->SelectedProtocol == PROTOCOL_RDP))
SelectedProtocol = nego_get_selected_protocol(rdp->nego);
if ((SelectedProtocol & PROTOCOL_SSL) || (SelectedProtocol == PROTOCOL_RDP))
{
if ((settings->Username != NULL) && ((settings->Password != NULL) ||
(settings->RedirectionPassword != NULL && settings->RedirectionPasswordLength > 0)))
@ -1169,6 +1172,8 @@ int rdp_client_transition_to_state(rdpRdp* rdp, int state)
BOOL rdp_server_accept_nego(rdpRdp* rdp, wStream* s)
{
UINT32 SelectedProtocol = 0;
UINT32 RequestedProtocols;
BOOL status;
rdpSettings* settings = rdp->settings;
rdpNego* nego = rdp->nego;
@ -1177,26 +1182,26 @@ BOOL rdp_server_accept_nego(rdpRdp* rdp, wStream* s)
if (!nego_read_request(nego, s))
return FALSE;
nego->SelectedProtocol = 0;
RequestedProtocols = nego_get_requested_protocols(nego);
WLog_INFO(TAG, "Client Security: NLA:%d TLS:%d RDP:%d",
(nego->RequestedProtocols & PROTOCOL_NLA) ? 1 : 0,
(nego->RequestedProtocols & PROTOCOL_TLS) ? 1 : 0,
(nego->RequestedProtocols == PROTOCOL_RDP) ? 1 : 0
(RequestedProtocols & PROTOCOL_HYBRID) ? 1 : 0,
(RequestedProtocols & PROTOCOL_SSL) ? 1 : 0,
(RequestedProtocols == PROTOCOL_RDP) ? 1 : 0
);
WLog_INFO(TAG, "Server Security: NLA:%"PRId32" TLS:%"PRId32" RDP:%"PRId32"",
settings->NlaSecurity, settings->TlsSecurity, settings->RdpSecurity);
if ((settings->NlaSecurity) && (nego->RequestedProtocols & PROTOCOL_NLA))
if ((settings->NlaSecurity) && (RequestedProtocols & PROTOCOL_HYBRID))
{
nego->SelectedProtocol = PROTOCOL_NLA;
SelectedProtocol = PROTOCOL_HYBRID;
}
else if ((settings->TlsSecurity) && (nego->RequestedProtocols & PROTOCOL_TLS))
else if ((settings->TlsSecurity) && (RequestedProtocols & PROTOCOL_SSL))
{
nego->SelectedProtocol = PROTOCOL_TLS;
SelectedProtocol = PROTOCOL_SSL;
}
else if ((settings->RdpSecurity) && (nego->RequestedProtocols == PROTOCOL_RDP))
else if ((settings->RdpSecurity) && (RequestedProtocols == PROTOCOL_RDP))
{
nego->SelectedProtocol = PROTOCOL_RDP;
SelectedProtocol = PROTOCOL_RDP;
}
else
{
@ -1204,49 +1209,53 @@ BOOL rdp_server_accept_nego(rdpRdp* rdp, wStream* s)
* when here client and server aren't compatible, we select the right
* error message to return to the client in the nego failure packet
*/
nego->SelectedProtocol = PROTOCOL_FAILED_NEGO;
SelectedProtocol = PROTOCOL_FAILED_NEGO;
if (settings->RdpSecurity)
{
WLog_ERR(TAG, "server supports only Standard RDP Security");
nego->SelectedProtocol |= SSL_NOT_ALLOWED_BY_SERVER;
SelectedProtocol |= SSL_NOT_ALLOWED_BY_SERVER;
}
else
{
if (settings->NlaSecurity && !settings->TlsSecurity)
{
WLog_WARN(TAG, "server supports only NLA Security");
nego->SelectedProtocol |= HYBRID_REQUIRED_BY_SERVER;
SelectedProtocol |= HYBRID_REQUIRED_BY_SERVER;
}
else
{
WLog_WARN(TAG, "server supports only a SSL based Security (TLS or NLA)");
nego->SelectedProtocol |= SSL_REQUIRED_BY_SERVER;
SelectedProtocol |= SSL_REQUIRED_BY_SERVER;
}
}
WLog_ERR(TAG, "Protocol security negotiation failure");
}
if (!(nego->SelectedProtocol & PROTOCOL_FAILED_NEGO))
if (!(SelectedProtocol & PROTOCOL_FAILED_NEGO))
{
WLog_INFO(TAG, "Negotiated Security: NLA:%d TLS:%d RDP:%d",
(nego->SelectedProtocol & PROTOCOL_NLA) ? 1 : 0,
(nego->SelectedProtocol & PROTOCOL_TLS) ? 1 : 0,
(nego->SelectedProtocol == PROTOCOL_RDP) ? 1 : 0
(SelectedProtocol & PROTOCOL_HYBRID) ? 1 : 0,
(SelectedProtocol & PROTOCOL_SSL) ? 1 : 0,
(SelectedProtocol == PROTOCOL_RDP) ? 1 : 0
);
}
if (!nego_set_selected_protocol(nego, SelectedProtocol))
return FALSE;
if (!nego_send_negotiation_response(nego))
return FALSE;
SelectedProtocol = nego_get_selected_protocol(nego);
status = FALSE;
if (nego->SelectedProtocol & PROTOCOL_NLA)
if (SelectedProtocol & PROTOCOL_HYBRID)
status = transport_accept_nla(rdp->transport);
else if (nego->SelectedProtocol & PROTOCOL_TLS)
else if (SelectedProtocol & PROTOCOL_SSL)
status = transport_accept_tls(rdp->transport);
else if (nego->SelectedProtocol == PROTOCOL_RDP) /* 0 */
else if (SelectedProtocol == PROTOCOL_RDP) /* 0 */
status = transport_accept_rdp(rdp->transport);
if (!status)

522
libfreerdp/core/errinfo.c
View File

@ -36,363 +36,376 @@ int connectErrorCode;
/* Protocol-independent codes */
#define ERRINFO_RPC_INITIATED_DISCONNECT_STRING \
"The disconnection was initiated by an administrative tool on the server in another session."
"The disconnection was initiated by an administrative tool on the server in another session."
#define ERRINFO_RPC_INITIATED_LOGOFF_STRING \
"The disconnection was due to a forced logoff initiated by an administrative tool on the server in another session."
"The disconnection was due to a forced logoff initiated by an administrative tool on the server in another session."
#define ERRINFO_IDLE_TIMEOUT_STRING \
"The idle session limit timer on the server has elapsed."
"The idle session limit timer on the server has elapsed."
#define ERRINFO_LOGON_TIMEOUT_STRING \
"The active session limit timer on the server has elapsed."
"The active session limit timer on the server has elapsed."
#define ERRINFO_DISCONNECTED_BY_OTHER_CONNECTION_STRING \
"Another user connected to the server, forcing the disconnection of the current connection."
"Another user connected to the server, forcing the disconnection of the current connection."
#define ERRINFO_OUT_OF_MEMORY_STRING \
"The server ran out of available memory resources."
"The server ran out of available memory resources."
#define ERRINFO_SERVER_DENIED_CONNECTION_STRING \
"The server denied the connection."
"The server denied the connection."
#define ERRINFO_SERVER_INSUFFICIENT_PRIVILEGES_STRING \
"The user cannot connect to the server due to insufficient access privileges."
"The user cannot connect to the server due to insufficient access privileges."
#define ERRINFO_SERVER_FRESH_CREDENTIALS_REQUIRED_STRING \
"The server does not accept saved user credentials and requires that the user enter their credentials for each connection."
"The server does not accept saved user credentials and requires that the user enter their credentials for each connection."
#define ERRINFO_RPC_INITIATED_DISCONNECT_BY_USER_STRING \
"The disconnection was initiated by an administrative tool on the server running in the user's session."
"The disconnection was initiated by an administrative tool on the server running in the user's session."
#define ERRINFO_LOGOFF_BY_USER_STRING \
"The disconnection was initiated by the user logging off their session on the server."
"The disconnection was initiated by the user logging off their session on the server."
/* Protocol-independent codes generated by the Connection Broker */
#define ERRINFO_CB_DESTINATION_NOT_FOUND_STRING \
"The target endpoint could not be found."
"The target endpoint could not be found."
#define ERRINFO_CB_LOADING_DESTINATION_STRING \
"The target endpoint to which the client is being redirected is disconnecting from the Connection Broker."
"The target endpoint to which the client is being redirected is disconnecting from the Connection Broker."
#define ERRINFO_CB_REDIRECTING_TO_DESTINATION_STRING \
"An error occurred while the connection was being redirected to the target endpoint."
"An error occurred while the connection was being redirected to the target endpoint."
#define ERRINFO_CB_SESSION_ONLINE_VM_WAKE_STRING \
"An error occurred while the target endpoint (a virtual machine) was being awakened."
"An error occurred while the target endpoint (a virtual machine) was being awakened."
#define ERRINFO_CB_SESSION_ONLINE_VM_BOOT_STRING \
"An error occurred while the target endpoint (a virtual machine) was being started."
"An error occurred while the target endpoint (a virtual machine) was being started."
#define ERRINFO_CB_SESSION_ONLINE_VM_NO_DNS_STRING \
"The IP address of the target endpoint (a virtual machine) cannot be determined."
"The IP address of the target endpoint (a virtual machine) cannot be determined."
#define ERRINFO_CB_DESTINATION_POOL_NOT_FREE_STRING \
"There are no available endpoints in the pool managed by the Connection Broker."
"There are no available endpoints in the pool managed by the Connection Broker."
#define ERRINFO_CB_CONNECTION_CANCELLED_STRING \
"Processing of the connection has been cancelled."
"Processing of the connection has been cancelled."
#define ERRINFO_CB_CONNECTION_ERROR_INVALID_SETTINGS_STRING \
"The settings contained in the routingToken field of the X.224 Connection Request PDU (section 2.2.1.1) cannot be validated."
"The settings contained in the routingToken field of the X.224 Connection Request PDU (section 2.2.1.1) cannot be validated."
#define ERRINFO_CB_SESSION_ONLINE_VM_BOOT_TIMEOUT_STRING \
"A time-out occurred while the target endpoint (a virtual machine) was being started."
"A time-out occurred while the target endpoint (a virtual machine) was being started."
#define ERRINFO_CB_SESSION_ONLINE_VM_SESSMON_FAILED_STRING \
"A session monitoring error occurred while the target endpoint (a virtual machine) was being started."
"A session monitoring error occurred while the target endpoint (a virtual machine) was being started."
/* Protocol-independent licensing codes */
#define ERRINFO_LICENSE_INTERNAL_STRING \
"An internal error has occurred in the Terminal Services licensing component."
"An internal error has occurred in the Terminal Services licensing component."
#define ERRINFO_LICENSE_NO_LICENSE_SERVER_STRING \
"A Remote Desktop License Server ([MS-RDPELE] section 1.1) could not be found to provide a license."
"A Remote Desktop License Server ([MS-RDPELE] section 1.1) could not be found to provide a license."
#define ERRINFO_LICENSE_NO_LICENSE_STRING \
"There are no Client Access Licenses ([MS-RDPELE] section 1.1) available for the target remote computer."
"There are no Client Access Licenses ([MS-RDPELE] section 1.1) available for the target remote computer."
#define ERRINFO_LICENSE_BAD_CLIENT_MSG_STRING \
"The remote computer received an invalid licensing message from the client."
"The remote computer received an invalid licensing message from the client."
#define ERRINFO_LICENSE_HWID_DOESNT_MATCH_LICENSE_STRING \
"The Client Access License ([MS-RDPELE] section 1.1) stored by the client has been modified."
"The Client Access License ([MS-RDPELE] section 1.1) stored by the client has been modified."
#define ERRINFO_LICENSE_BAD_CLIENT_LICENSE_STRING \
"The Client Access License ([MS-RDPELE] section 1.1) stored by the client is in an invalid format."
"The Client Access License ([MS-RDPELE] section 1.1) stored by the client is in an invalid format."
#define ERRINFO_LICENSE_CANT_FINISH_PROTOCOL_STRING \
"Network problems have caused the licensing protocol ([MS-RDPELE] section 1.3.3) to be terminated."
"Network problems have caused the licensing protocol ([MS-RDPELE] section 1.3.3) to be terminated."
#define ERRINFO_LICENSE_CLIENT_ENDED_PROTOCOL_STRING \
"The client prematurely ended the licensing protocol ([MS-RDPELE] section 1.3.3)."
"The client prematurely ended the licensing protocol ([MS-RDPELE] section 1.3.3)."
#define ERRINFO_LICENSE_BAD_CLIENT_ENCRYPTION_STRING \
"A licensing message ([MS-RDPELE] sections 2.2 and 5.1) was incorrectly encrypted."
"A licensing message ([MS-RDPELE] sections 2.2 and 5.1) was incorrectly encrypted."
#define ERRINFO_LICENSE_CANT_UPGRADE_LICENSE_STRING \
"The Client Access License ([MS-RDPELE] section 1.1) stored by the client could not be upgraded or renewed."
"The Client Access License ([MS-RDPELE] section 1.1) stored by the client could not be upgraded or renewed."
#define ERRINFO_LICENSE_NO_REMOTE_CONNECTIONS_STRING \
"The remote computer is not licensed to accept remote connections."
"The remote computer is not licensed to accept remote connections."
/* RDP specific codes */
#define ERRINFO_UNKNOWN_DATA_PDU_TYPE_STRING \
"Unknown pduType2 field in a received Share Data Header (section 2.2.8.1.1.1.2)."
"Unknown pduType2 field in a received Share Data Header (section 2.2.8.1.1.1.2)."
#define ERRINFO_UNKNOWN_PDU_TYPE_STRING \
"Unknown pduType field in a received Share Control Header (section 2.2.8.1.1.1.1)."
"Unknown pduType field in a received Share Control Header (section 2.2.8.1.1.1.1)."
#define ERRINFO_DATA_PDU_SEQUENCE_STRING \
"An out-of-sequence Slow-Path Data PDU (section 2.2.8.1.1.1.1) has been received."
"An out-of-sequence Slow-Path Data PDU (section 2.2.8.1.1.1.1) has been received."
#define ERRINFO_CONTROL_PDU_SEQUENCE_STRING \
"An out-of-sequence Slow-Path Non-Data PDU (section 2.2.8.1.1.1.1) has been received."
"An out-of-sequence Slow-Path Non-Data PDU (section 2.2.8.1.1.1.1) has been received."
#define ERRINFO_INVALID_CONTROL_PDU_ACTION_STRING \
"A Control PDU (sections 2.2.1.15 and 2.2.1.16) has been received with an invalid action field."
"A Control PDU (sections 2.2.1.15 and 2.2.1.16) has been received with an invalid action field."
#define ERRINFO_INVALID_INPUT_PDU_TYPE_STRING \
"(a) A Slow-Path Input Event (section 2.2.8.1.1.3.1.1) has been received with an invalid messageType field.\n" \
"(b) A Fast-Path Input Event (section 2.2.8.1.2.2) has been received with an invalid eventCode field."
"(a) A Slow-Path Input Event (section 2.2.8.1.1.3.1.1) has been received with an invalid messageType field.\n" \
"(b) A Fast-Path Input Event (section 2.2.8.1.2.2) has been received with an invalid eventCode field."
#define ERRINFO_INVALID_INPUT_PDU_MOUSE_STRING \
"(a) A Slow-Path Mouse Event (section 2.2.8.1.1.3.1.1.3) or Extended Mouse Event " \
"(section 2.2.8.1.1.3.1.1.4) has been received with an invalid pointerFlags field.\n" \
"(b) A Fast-Path Mouse Event (section 2.2.8.1.2.2.3) or Fast-Path Extended Mouse Event " \
"(section 2.2.8.1.2.2.4) has been received with an invalid pointerFlags field."
"(a) A Slow-Path Mouse Event (section 2.2.8.1.1.3.1.1.3) or Extended Mouse Event " \
"(section 2.2.8.1.1.3.1.1.4) has been received with an invalid pointerFlags field.\n" \
"(b) A Fast-Path Mouse Event (section 2.2.8.1.2.2.3) or Fast-Path Extended Mouse Event " \
"(section 2.2.8.1.2.2.4) has been received with an invalid pointerFlags field."
#define ERRINFO_INVALID_REFRESH_RECT_PDU_STRING \
"An invalid Refresh Rect PDU (section 2.2.11.2) has been received."
"An invalid Refresh Rect PDU (section 2.2.11.2) has been received."
#define ERRINFO_CREATE_USER_DATA_FAILED_STRING \
"The server failed to construct the GCC Conference Create Response user data (section 2.2.1.4)."
"The server failed to construct the GCC Conference Create Response user data (section 2.2.1.4)."
#define ERRINFO_CONNECT_FAILED_STRING \
"Processing during the Channel Connection phase of the RDP Connection Sequence " \
"(see section 1.3.1.1 for an overview of the RDP Connection Sequence phases) has failed."
"Processing during the Channel Connection phase of the RDP Connection Sequence " \
"(see section 1.3.1.1 for an overview of the RDP Connection Sequence phases) has failed."
#define ERRINFO_CONFIRM_ACTIVE_HAS_WRONG_SHAREID_STRING \
"A Confirm Active PDU (section 2.2.1.13.2) was received from the client with an invalid shareId field."
"A Confirm Active PDU (section 2.2.1.13.2) was received from the client with an invalid shareId field."
#define ERRINFO_CONFIRM_ACTIVE_HAS_WRONG_ORIGINATOR_STRING \
"A Confirm Active PDU (section 2.2.1.13.2) was received from the client with an invalid originatorId field."
"A Confirm Active PDU (section 2.2.1.13.2) was received from the client with an invalid originatorId field."
#define ERRINFO_PERSISTENT_KEY_PDU_BAD_LENGTH_STRING \
"There is not enough data to process a Persistent Key List PDU (section 2.2.1.17)."
"There is not enough data to process a Persistent Key List PDU (section 2.2.1.17)."
#define ERRINFO_PERSISTENT_KEY_PDU_ILLEGAL_FIRST_STRING \
"A Persistent Key List PDU (section 2.2.1.17) marked as PERSIST_PDU_FIRST (0x01) was received after the reception " \
"of a prior Persistent Key List PDU also marked as PERSIST_PDU_FIRST."
"A Persistent Key List PDU (section 2.2.1.17) marked as PERSIST_PDU_FIRST (0x01) was received after the reception " \
"of a prior Persistent Key List PDU also marked as PERSIST_PDU_FIRST."
#define ERRINFO_PERSISTENT_KEY_PDU_TOO_MANY_TOTAL_KEYS_STRING \
"A Persistent Key List PDU (section 2.2.1.17) was received which specified a total number of bitmap cache entries larger than 262144."
"A Persistent Key List PDU (section 2.2.1.17) was received which specified a total number of bitmap cache entries larger than 262144."
#define ERRINFO_PERSISTENT_KEY_PDU_TOO_MANY_CACHE_KEYS_STRING \
"A Persistent Key List PDU (section 2.2.1.17) was received which specified an invalid total number of keys for a bitmap cache " \
"(the number of entries that can be stored within each bitmap cache is specified in the Revision 1 or 2 Bitmap Cache Capability Set " \
"(section 2.2.7.1.4) that is sent from client to server)."
"A Persistent Key List PDU (section 2.2.1.17) was received which specified an invalid total number of keys for a bitmap cache " \
"(the number of entries that can be stored within each bitmap cache is specified in the Revision 1 or 2 Bitmap Cache Capability Set " \
"(section 2.2.7.1.4) that is sent from client to server)."
#define ERRINFO_INPUT_PDU_BAD_LENGTH_STRING \
"There is not enough data to process Input Event PDU Data (section 2.2.8.1.1.3.1) or a Fast-Path Input Event PDU (section 2.2.8.1.2)." \
"There is not enough data to process Input Event PDU Data (section 2.2.8.1.1.3.1) or a Fast-Path Input Event PDU (section 2.2.8.1.2)." \
#define ERRINFO_BITMAP_CACHE_ERROR_PDU_BAD_LENGTH_STRING \
"There is not enough data to process the shareDataHeader, NumInfoBlocks, " \
"Pad1, and Pad2 fields of the Bitmap Cache Error PDU Data ([MS-RDPEGDI] section 2.2.2.3.1.1)."
"There is not enough data to process the shareDataHeader, NumInfoBlocks, " \
"Pad1, and Pad2 fields of the Bitmap Cache Error PDU Data ([MS-RDPEGDI] section 2.2.2.3.1.1)."
#define ERRINFO_SECURITY_DATA_TOO_SHORT_STRING \
"(a) The dataSignature field of the Fast-Path Input Event PDU (section 2.2.8.1.2) does not contain enough data.\n" \
"(b) The fipsInformation and dataSignature fields of the Fast-Path Input Event PDU (section 2.2.8.1.2) do not contain enough data."
"(a) The dataSignature field of the Fast-Path Input Event PDU (section 2.2.8.1.2) does not contain enough data.\n" \
"(b) The fipsInformation and dataSignature fields of the Fast-Path Input Event PDU (section 2.2.8.1.2) do not contain enough data."
#define ERRINFO_VCHANNEL_DATA_TOO_SHORT_STRING \
"(a) There is not enough data in the Client Network Data (section 2.2.1.3.4) to read the virtual channel configuration data.\n" \
"(b) There is not enough data to read a complete Channel PDU Header (section 2.2.6.1.1)."
"(a) There is not enough data in the Client Network Data (section 2.2.1.3.4) to read the virtual channel configuration data.\n" \
"(b) There is not enough data to read a complete Channel PDU Header (section 2.2.6.1.1)."
#define ERRINFO_SHARE_DATA_TOO_SHORT_STRING \
"(a) There is not enough data to process Control PDU Data (section 2.2.1.15.1).\n" \
"(b) There is not enough data to read a complete Share Control Header (section 2.2.8.1.1.1.1).\n" \
"(c) There is not enough data to read a complete Share Data Header (section 2.2.8.1.1.1.2) of a Slow-Path Data PDU (section 2.2.8.1.1.1.1).\n" \
"(d) There is not enough data to process Font List PDU Data (section 2.2.1.18.1)."
"(a) There is not enough data to process Control PDU Data (section 2.2.1.15.1).\n" \
"(b) There is not enough data to read a complete Share Control Header (section 2.2.8.1.1.1.1).\n" \
"(c) There is not enough data to read a complete Share Data Header (section 2.2.8.1.1.1.2) of a Slow-Path Data PDU (section 2.2.8.1.1.1.1).\n" \
"(d) There is not enough data to process Font List PDU Data (section 2.2.1.18.1)."
#define ERRINFO_BAD_SUPPRESS_OUTPUT_PDU_STRING \
"(a) There is not enough data to process Suppress Output PDU Data (section 2.2.11.3.1).\n" \
"(b) The allowDisplayUpdates field of the Suppress Output PDU Data (section 2.2.11.3.1) is invalid."
"(a) There is not enough data to process Suppress Output PDU Data (section 2.2.11.3.1).\n" \
"(b) The allowDisplayUpdates field of the Suppress Output PDU Data (section 2.2.11.3.1) is invalid."
#define ERRINFO_CONFIRM_ACTIVE_PDU_TOO_SHORT_STRING \
"(a) There is not enough data to read the shareControlHeader, shareId, originatorId, lengthSourceDescriptor, " \
"and lengthCombinedCapabilities fields of the Confirm Active PDU Data (section 2.2.1.13.2.1).\n" \
"(b) There is not enough data to read the sourceDescriptor, numberCapabilities, pad2Octets, and capabilitySets " \
"fields of the Confirm Active PDU Data (section 2.2.1.13.2.1)."
"(a) There is not enough data to read the shareControlHeader, shareId, originatorId, lengthSourceDescriptor, " \
"and lengthCombinedCapabilities fields of the Confirm Active PDU Data (section 2.2.1.13.2.1).\n" \
"(b) There is not enough data to read the sourceDescriptor, numberCapabilities, pad2Octets, and capabilitySets " \
"fields of the Confirm Active PDU Data (section 2.2.1.13.2.1)."
#define ERRINFO_CAPABILITY_SET_TOO_SMALL_STRING \
"There is not enough data to read the capabilitySetType and the lengthCapability fields in a received Capability Set (section 2.2.1.13.1.1.1)."
"There is not enough data to read the capabilitySetType and the lengthCapability fields in a received Capability Set (section 2.2.1.13.1.1.1)."
#define ERRINFO_CAPABILITY_SET_TOO_LARGE_STRING \
"A Capability Set (section 2.2.1.13.1.1.1) has been received with a lengthCapability " \
"field that contains a value greater than the total length of the data received."
"A Capability Set (section 2.2.1.13.1.1.1) has been received with a lengthCapability " \
"field that contains a value greater than the total length of the data received."
#define ERRINFO_NO_CURSOR_CACHE_STRING \
"(a) Both the colorPointerCacheSize and pointerCacheSize fields in the Pointer Capability Set (section 2.2.7.1.5) are set to zero.\n" \
"(b) The pointerCacheSize field in the Pointer Capability Set (section 2.2.7.1.5) is not present, and the colorPointerCacheSize field is set to zero."
"(a) Both the colorPointerCacheSize and pointerCacheSize fields in the Pointer Capability Set (section 2.2.7.1.5) are set to zero.\n" \
"(b) The pointerCacheSize field in the Pointer Capability Set (section 2.2.7.1.5) is not present, and the colorPointerCacheSize field is set to zero."
#define ERRINFO_BAD_CAPABILITIES_STRING \
"The capabilities received from the client in the Confirm Active PDU (section 2.2.1.13.2) were not accepted by the server."
"The capabilities received from the client in the Confirm Active PDU (section 2.2.1.13.2) were not accepted by the server."
#define ERRINFO_VIRTUAL_CHANNEL_DECOMPRESSION_STRING \
"An error occurred while using the bulk compressor (section 3.1.8 and [MS-RDPEGDI] section 3.1.8) to decompress a Virtual Channel PDU (section 2.2.6.1)"
"An error occurred while using the bulk compressor (section 3.1.8 and [MS-RDPEGDI] section 3.1.8) to decompress a Virtual Channel PDU (section 2.2.6.1)"
#define ERRINFO_INVALID_VC_COMPRESSION_TYPE_STRING \
"An invalid bulk compression package was specified in the flags field of the Channel PDU Header (section 2.2.6.1.1)."
"An invalid bulk compression package was specified in the flags field of the Channel PDU Header (section 2.2.6.1.1)."
#define ERRINFO_INVALID_CHANNEL_ID_STRING \
"An invalid MCS channel ID was specified in the mcsPdu field of the Virtual Channel PDU (section 2.2.6.1)."
"An invalid MCS channel ID was specified in the mcsPdu field of the Virtual Channel PDU (section 2.2.6.1)."
#define ERRINFO_VCHANNELS_TOO_MANY_STRING \
"The client requested more than the maximum allowed 31 static virtual channels in the Client Network Data (section 2.2.1.3.4)."
"The client requested more than the maximum allowed 31 static virtual channels in the Client Network Data (section 2.2.1.3.4)."
#define ERRINFO_REMOTEAPP_NOT_ENABLED_STRING \
"The INFO_RAIL flag (0x00008000) MUST be set in the flags field of the Info Packet (section 2.2.1.11.1.1) " \
"as the session on the remote server can only host remote applications."
"The INFO_RAIL flag (0x00008000) MUST be set in the flags field of the Info Packet (section 2.2.1.11.1.1) " \
"as the session on the remote server can only host remote applications."
#define ERRINFO_CACHE_CAP_NOT_SET_STRING \
"The client sent a Persistent Key List PDU (section 2.2.1.17) without including the prerequisite Revision 2 Bitmap Cache " \
"Capability Set (section 2.2.7.1.4.2) in the Confirm Active PDU (section 2.2.1.13.2)."
"The client sent a Persistent Key List PDU (section 2.2.1.17) without including the prerequisite Revision 2 Bitmap Cache " \
"Capability Set (section 2.2.7.1.4.2) in the Confirm Active PDU (section 2.2.1.13.2)."
#define ERRINFO_BITMAP_CACHE_ERROR_PDU_BAD_LENGTH2_STRING \
"The NumInfoBlocks field in the Bitmap Cache Error PDU Data is inconsistent with the amount of data in the " \
"Info field ([MS-RDPEGDI] section 2.2.2.3.1.1)."
"The NumInfoBlocks field in the Bitmap Cache Error PDU Data is inconsistent with the amount of data in the " \
"Info field ([MS-RDPEGDI] section 2.2.2.3.1.1)."
#define ERRINFO_OFFSCREEN_CACHE_ERROR_PDU_BAD_LENGTH_STRING \
"There is not enough data to process an Offscreen Bitmap Cache Error PDU ([MS-RDPEGDI] section 2.2.2.3.2)."
"There is not enough data to process an Offscreen Bitmap Cache Error PDU ([MS-RDPEGDI] section 2.2.2.3.2)."
#define ERRINFO_DRAWNINEGRID_CACHE_ERROR_PDU_BAD_LENGTH_STRING \
"There is not enough data to process a DrawNineGrid Cache Error PDU ([MS-RDPEGDI] section 2.2.2.3.3)."
"There is not enough data to process a DrawNineGrid Cache Error PDU ([MS-RDPEGDI] section 2.2.2.3.3)."
#define ERRINFO_GDIPLUS_PDU_BAD_LENGTH_STRING \
"There is not enough data to process a GDI+ Error PDU ([MS-RDPEGDI] section 2.2.2.3.4)."
"There is not enough data to process a GDI+ Error PDU ([MS-RDPEGDI] section 2.2.2.3.4)."
#define ERRINFO_SECURITY_DATA_TOO_SHORT2_STRING \
"There is not enough data to read a Basic Security Header (section 2.2.8.1.1.2.1)."
"There is not enough data to read a Basic Security Header (section 2.2.8.1.1.2.1)."
#define ERRINFO_SECURITY_DATA_TOO_SHORT3_STRING \
"There is not enough data to read a Non-FIPS Security Header (section 2.2.8.1.1.2.2) or FIPS Security Header (section 2.2.8.1.1.2.3)."
"There is not enough data to read a Non-FIPS Security Header (section 2.2.8.1.1.2.2) or FIPS Security Header (section 2.2.8.1.1.2.3)."
#define ERRINFO_SECURITY_DATA_TOO_SHORT4_STRING \
"There is not enough data to read the basicSecurityHeader and length fields of the Security Exchange PDU Data (section 2.2.1.10.1)."
"There is not enough data to read the basicSecurityHeader and length fields of the Security Exchange PDU Data (section 2.2.1.10.1)."
#define ERRINFO_SECURITY_DATA_TOO_SHORT5_STRING \
"There is not enough data to read the CodePage, flags, cbDomain, cbUserName, cbPassword, cbAlternateShell, " \
"cbWorkingDir, Domain, UserName, Password, AlternateShell, and WorkingDir fields in the Info Packet (section 2.2.1.11.1.1)."
"There is not enough data to read the CodePage, flags, cbDomain, cbUserName, cbPassword, cbAlternateShell, " \
"cbWorkingDir, Domain, UserName, Password, AlternateShell, and WorkingDir fields in the Info Packet (section 2.2.1.11.1.1)."
#define ERRINFO_SECURITY_DATA_TOO_SHORT6_STRING \
"There is not enough data to read the CodePage, flags, cbDomain, cbUserName, cbPassword, cbAlternateShell, " \
"and cbWorkingDir fields in the Info Packet (section 2.2.1.11.1.1)."
"There is not enough data to read the CodePage, flags, cbDomain, cbUserName, cbPassword, cbAlternateShell, " \
"and cbWorkingDir fields in the Info Packet (section 2.2.1.11.1.1)."
#define ERRINFO_SECURITY_DATA_TOO_SHORT7_STRING \
"There is not enough data to read the clientAddressFamily and cbClientAddress fields in the Extended Info Packet (section 2.2.1.11.1.1.1)."
"There is not enough data to read the clientAddressFamily and cbClientAddress fields in the Extended Info Packet (section 2.2.1.11.1.1.1)."
#define ERRINFO_SECURITY_DATA_TOO_SHORT8_STRING \
"There is not enough data to read the clientAddress field in the Extended Info Packet (section 2.2.1.11.1.1.1)."
"There is not enough data to read the clientAddress field in the Extended Info Packet (section 2.2.1.11.1.1.1)."
#define ERRINFO_SECURITY_DATA_TOO_SHORT9_STRING \
"There is not enough data to read the cbClientDir field in the Extended Info Packet (section 2.2.1.11.1.1.1)."
"There is not enough data to read the cbClientDir field in the Extended Info Packet (section 2.2.1.11.1.1.1)."
#define ERRINFO_SECURITY_DATA_TOO_SHORT10_STRING \
"There is not enough data to read the clientDir field in the Extended Info Packet (section 2.2.1.11.1.1.1)."
"There is not enough data to read the clientDir field in the Extended Info Packet (section 2.2.1.11.1.1.1)."
#define ERRINFO_SECURITY_DATA_TOO_SHORT11_STRING \
"There is not enough data to read the clientTimeZone field in the Extended Info Packet (section 2.2.1.11.1.1.1)."
"There is not enough data to read the clientTimeZone field in the Extended Info Packet (section 2.2.1.11.1.1.1)."
#define ERRINFO_SECURITY_DATA_TOO_SHORT12_STRING \
"There is not enough data to read the clientSessionId field in the Extended Info Packet (section 2.2.1.11.1.1.1)."
"There is not enough data to read the clientSessionId field in the Extended Info Packet (section 2.2.1.11.1.1.1)."
#define ERRINFO_SECURITY_DATA_TOO_SHORT13_STRING \
"There is not enough data to read the performanceFlags field in the Extended Info Packet (section 2.2.1.11.1.1.1)."
"There is not enough data to read the performanceFlags field in the Extended Info Packet (section 2.2.1.11.1.1.1)."
#define ERRINFO_SECURITY_DATA_TOO_SHORT14_STRING \
"There is not enough data to read the cbAutoReconnectLen field in the Extended Info Packet (section 2.2.1.11.1.1.1)."
"There is not enough data to read the cbAutoReconnectLen field in the Extended Info Packet (section 2.2.1.11.1.1.1)."
#define ERRINFO_SECURITY_DATA_TOO_SHORT15_STRING \
"There is not enough data to read the autoReconnectCookie field in the Extended Info Packet (section 2.2.1.11.1.1.1)."
"There is not enough data to read the autoReconnectCookie field in the Extended Info Packet (section 2.2.1.11.1.1.1)."
#define ERRINFO_SECURITY_DATA_TOO_SHORT16_STRING \
"The cbAutoReconnectLen field in the Extended Info Packet (section 2.2.1.11.1.1.1) contains a value " \
"which is larger than the maximum allowed length of 128 bytes."
"The cbAutoReconnectLen field in the Extended Info Packet (section 2.2.1.11.1.1.1) contains a value " \
"which is larger than the maximum allowed length of 128 bytes."
#define ERRINFO_SECURITY_DATA_TOO_SHORT17_STRING \
"There is not enough data to read the clientAddressFamily and cbClientAddress fields in the Extended Info Packet (section 2.2.1.11.1.1.1)."
"There is not enough data to read the clientAddressFamily and cbClientAddress fields in the Extended Info Packet (section 2.2.1.11.1.1.1)."
#define ERRINFO_SECURITY_DATA_TOO_SHORT18_STRING \
"There is not enough data to read the clientAddress field in the Extended Info Packet (section 2.2.1.11.1.1.1)."
"There is not enough data to read the clientAddress field in the Extended Info Packet (section 2.2.1.11.1.1.1)."
#define ERRINFO_SECURITY_DATA_TOO_SHORT19_STRING \
"There is not enough data to read the cbClientDir field in the Extended Info Packet (section 2.2.1.11.1.1.1)."
"There is not enough data to read the cbClientDir field in the Extended Info Packet (section 2.2.1.11.1.1.1)."
#define ERRINFO_SECURITY_DATA_TOO_SHORT20_STRING \
"There is not enough data to read the clientDir field in the Extended Info Packet (section 2.2.1.11.1.1.1)."
"There is not enough data to read the clientDir field in the Extended Info Packet (section 2.2.1.11.1.1.1)."
#define ERRINFO_SECURITY_DATA_TOO_SHORT21_STRING \
"There is not enough data to read the clientTimeZone field in the Extended Info Packet (section 2.2.1.11.1.1.1)."
"There is not enough data to read the clientTimeZone field in the Extended Info Packet (section 2.2.1.11.1.1.1)."
#define ERRINFO_SECURITY_DATA_TOO_SHORT22_STRING \
"There is not enough data to read the clientSessionId field in the Extended Info Packet (section 2.2.1.11.1.1.1)."
"There is not enough data to read the clientSessionId field in the Extended Info Packet (section 2.2.1.11.1.1.1)."
#define ERRINFO_SECURITY_DATA_TOO_SHORT23_STRING \
"There is not enough data to read the Client Info PDU Data (section 2.2.1.11.1)."
"There is not enough data to read the Client Info PDU Data (section 2.2.1.11.1)."
#define ERRINFO_BAD_MONITOR_DATA_STRING \
"The monitorCount field in the Client Monitor Data (section 2.2.1.3.6) is invalid."
"The monitorCount field in the Client Monitor Data (section 2.2.1.3.6) is invalid."
#define ERRINFO_VC_DECOMPRESSED_REASSEMBLE_FAILED_STRING \
"The server-side decompression buffer is invalid, or the size of the decompressed VC data exceeds " \
"the chunking size specified in the Virtual Channel Capability Set (section 2.2.7.1.10)."
"The server-side decompression buffer is invalid, or the size of the decompressed VC data exceeds " \
"the chunking size specified in the Virtual Channel Capability Set (section 2.2.7.1.10)."
#define ERRINFO_VC_DATA_TOO_LONG_STRING \
"The size of a received Virtual Channel PDU (section 2.2.6.1) exceeds the chunking size specified " \
"in the Virtual Channel Capability Set (section 2.2.7.1.10)."
"The size of a received Virtual Channel PDU (section 2.2.6.1) exceeds the chunking size specified " \
"in the Virtual Channel Capability Set (section 2.2.7.1.10)."
#define ERRINFO_BAD_FRAME_ACK_DATA_STRING \
"There is not enough data to read a TS_FRAME_ACKNOWLEDGE_PDU ([MS-RDPRFX] section 2.2.3.1)."
#define ERRINFO_GRAPHICS_MODE_NOT_SUPPORTED_STRING \
"The graphics mode requested by the client is not supported by the server."
"The graphics mode requested by the client is not supported by the server."
#define ERRINFO_GRAPHICS_SUBSYSTEM_RESET_FAILED_STRING \
"The server-side graphics subsystem failed to reset."
"The server-side graphics subsystem failed to reset."
#define ERRINFO_GRAPHICS_SUBSYSTEM_FAILED_STRING \
"The server-side graphics subsystem is in an error state and unable to continue graphics encoding."
"The server-side graphics subsystem is in an error state and unable to continue graphics encoding."
#define ERRINFO_TIMEZONE_KEY_NAME_LENGTH_TOO_SHORT_STRING \
"There is not enough data to read the cbDynamicDSTTimeZoneKeyName field in the Extended Info Packet (section 2.2.1.11.1.1.1)."
"There is not enough data to read the cbDynamicDSTTimeZoneKeyName field in the Extended Info Packet (section 2.2.1.11.1.1.1)."
#define ERRINFO_TIMEZONE_KEY_NAME_LENGTH_TOO_LONG_STRING \
"The length reported in the cbDynamicDSTTimeZoneKeyName field of the Extended Info Packet (section 2.2.1.11.1.1.1) is too long."
"The length reported in the cbDynamicDSTTimeZoneKeyName field of the Extended Info Packet (section 2.2.1.11.1.1.1) is too long."
#define ERRINFO_DYNAMIC_DST_DISABLED_FIELD_MISSING_STRING \
"The dynamicDaylightTimeDisabled field is not present in the Extended Info Packet (section 2.2.1.11.1.1.1)."
"The dynamicDaylightTimeDisabled field is not present in the Extended Info Packet (section 2.2.1.11.1.1.1)."
#define ERRINFO_VC_DECODING_ERROR_STRING \
"An error occurred when processing dynamic virtual channel data ([MS-RDPEDYC] section 3.3.5)."
"An error occurred when processing dynamic virtual channel data ([MS-RDPEDYC] section 3.3.5)."
#define ERRINFO_VIRTUALDESKTOPTOOLARGE_STRING \
"The width or height of the virtual desktop defined by the monitor layout in the Client Monitor Data " \
"(section 2.2.1.3.6) is larger than the maximum allowed value of 32,766."
#define ERRINFO_MONITORGEOMETRYVALIDATIONFAILED_STRING \
"The monitor geometry defined by the Client Monitor Data (section 2.2.1.3.6) is invalid."
#define ERRINFO_INVALIDMONITORCOUNT_STRING \
"The monitorCount field in the Client Monitor Data(section 2.2.1.3.6) is too large."
#define ERRINFO_UPDATE_SESSION_KEY_FAILED_STRING \
"An attempt to update the session keys while using Standard RDP Security mechanisms (section 5.3.7) failed."
"An attempt to update the session keys while using Standard RDP Security mechanisms (section 5.3.7) failed."
#define ERRINFO_DECRYPT_FAILED_STRING \
"(a) Decryption using Standard RDP Security mechanisms (section 5.3.6) failed.\n" \
"(b) Session key creation using Standard RDP Security mechanisms (section 5.3.5) failed."
"(a) Decryption using Standard RDP Security mechanisms (section 5.3.6) failed.\n" \
"(b) Session key creation using Standard RDP Security mechanisms (section 5.3.5) failed."
#define ERRINFO_ENCRYPT_FAILED_STRING \
"Encryption using Standard RDP Security mechanisms (section 5.3.6) failed."
"Encryption using Standard RDP Security mechanisms (section 5.3.6) failed."
#define ERRINFO_ENCRYPTION_PACKAGE_MISMATCH_STRING \
"Failed to find a usable Encryption Method (section 5.3.2) in the encryptionMethods field of the Client Security Data (section 2.2.1.4.3)."
"Failed to find a usable Encryption Method (section 5.3.2) in the encryptionMethods field of the Client Security Data (section 2.2.1.4.3)."
#define ERRINFO_DECRYPT_FAILED2_STRING \
"Unencrypted data was encountered in a protocol stream which is meant to be encrypted with Standard RDP Security mechanisms (section 5.3.6)."
"Unencrypted data was encountered in a protocol stream which is meant to be encrypted with Standard RDP Security mechanisms (section 5.3.6)."
#define ERRINFO_PEER_DISCONNECTED_STRING \
"The peer connection was lost."
"The peer connection was lost."
/* Special codes */
#define ERRINFO_SUCCESS_STRING "Success."
@ -400,131 +413,134 @@ int connectErrorCode;
static const ERRINFO ERRINFO_CODES[] =
{
ERRINFO_DEFINE(SUCCESS),
ERRINFO_DEFINE(SUCCESS),
/* Protocol-independent codes */
ERRINFO_DEFINE(RPC_INITIATED_DISCONNECT),
ERRINFO_DEFINE(RPC_INITIATED_LOGOFF),
ERRINFO_DEFINE(IDLE_TIMEOUT),
ERRINFO_DEFINE(LOGON_TIMEOUT),
ERRINFO_DEFINE(DISCONNECTED_BY_OTHER_CONNECTION),
ERRINFO_DEFINE(OUT_OF_MEMORY),
ERRINFO_DEFINE(SERVER_DENIED_CONNECTION),
ERRINFO_DEFINE(SERVER_INSUFFICIENT_PRIVILEGES),
ERRINFO_DEFINE(SERVER_FRESH_CREDENTIALS_REQUIRED),
ERRINFO_DEFINE(RPC_INITIATED_DISCONNECT_BY_USER),
ERRINFO_DEFINE(LOGOFF_BY_USER),
/* Protocol-independent codes */
ERRINFO_DEFINE(RPC_INITIATED_DISCONNECT),
ERRINFO_DEFINE(RPC_INITIATED_LOGOFF),
ERRINFO_DEFINE(IDLE_TIMEOUT),
ERRINFO_DEFINE(LOGON_TIMEOUT),
ERRINFO_DEFINE(DISCONNECTED_BY_OTHER_CONNECTION),
ERRINFO_DEFINE(OUT_OF_MEMORY),
ERRINFO_DEFINE(SERVER_DENIED_CONNECTION),
ERRINFO_DEFINE(SERVER_INSUFFICIENT_PRIVILEGES),
ERRINFO_DEFINE(SERVER_FRESH_CREDENTIALS_REQUIRED),
ERRINFO_DEFINE(RPC_INITIATED_DISCONNECT_BY_USER),
ERRINFO_DEFINE(LOGOFF_BY_USER),
/* Protocol-independent codes generated by the Connection Broker */
ERRINFO_DEFINE(CB_DESTINATION_NOT_FOUND),
ERRINFO_DEFINE(CB_LOADING_DESTINATION),
ERRINFO_DEFINE(CB_REDIRECTING_TO_DESTINATION),
ERRINFO_DEFINE(CB_SESSION_ONLINE_VM_WAKE),
ERRINFO_DEFINE(CB_SESSION_ONLINE_VM_BOOT),
ERRINFO_DEFINE(CB_SESSION_ONLINE_VM_NO_DNS),
ERRINFO_DEFINE(CB_DESTINATION_POOL_NOT_FREE),
ERRINFO_DEFINE(CB_CONNECTION_CANCELLED),
ERRINFO_DEFINE(CB_CONNECTION_ERROR_INVALID_SETTINGS),
ERRINFO_DEFINE(CB_SESSION_ONLINE_VM_BOOT_TIMEOUT),
ERRINFO_DEFINE(CB_SESSION_ONLINE_VM_SESSMON_FAILED),
/* Protocol-independent licensing codes */
ERRINFO_DEFINE(LICENSE_INTERNAL),
ERRINFO_DEFINE(LICENSE_NO_LICENSE_SERVER),
ERRINFO_DEFINE(LICENSE_NO_LICENSE),
ERRINFO_DEFINE(LICENSE_BAD_CLIENT_MSG),
ERRINFO_DEFINE(LICENSE_HWID_DOESNT_MATCH_LICENSE),
ERRINFO_DEFINE(LICENSE_BAD_CLIENT_LICENSE),
ERRINFO_DEFINE(LICENSE_CANT_FINISH_PROTOCOL),
ERRINFO_DEFINE(LICENSE_CLIENT_ENDED_PROTOCOL),
ERRINFO_DEFINE(LICENSE_BAD_CLIENT_ENCRYPTION),
ERRINFO_DEFINE(LICENSE_CANT_UPGRADE_LICENSE),
ERRINFO_DEFINE(LICENSE_NO_REMOTE_CONNECTIONS),
/* Protocol-independent licensing codes */
ERRINFO_DEFINE(LICENSE_INTERNAL),
ERRINFO_DEFINE(LICENSE_NO_LICENSE_SERVER),
ERRINFO_DEFINE(LICENSE_NO_LICENSE),
ERRINFO_DEFINE(LICENSE_BAD_CLIENT_MSG),
ERRINFO_DEFINE(LICENSE_HWID_DOESNT_MATCH_LICENSE),
ERRINFO_DEFINE(LICENSE_BAD_CLIENT_LICENSE),
ERRINFO_DEFINE(LICENSE_CANT_FINISH_PROTOCOL),
ERRINFO_DEFINE(LICENSE_CLIENT_ENDED_PROTOCOL),
ERRINFO_DEFINE(LICENSE_BAD_CLIENT_ENCRYPTION),
ERRINFO_DEFINE(LICENSE_CANT_UPGRADE_LICENSE),
ERRINFO_DEFINE(LICENSE_NO_REMOTE_CONNECTIONS),
/* Protocol-independent codes generated by the Connection Broker */
ERRINFO_DEFINE(CB_DESTINATION_NOT_FOUND),
ERRINFO_DEFINE(CB_LOADING_DESTINATION),
ERRINFO_DEFINE(CB_REDIRECTING_TO_DESTINATION),
ERRINFO_DEFINE(CB_SESSION_ONLINE_VM_WAKE),
ERRINFO_DEFINE(CB_SESSION_ONLINE_VM_BOOT),
ERRINFO_DEFINE(CB_SESSION_ONLINE_VM_NO_DNS),
ERRINFO_DEFINE(CB_DESTINATION_POOL_NOT_FREE),
ERRINFO_DEFINE(CB_CONNECTION_CANCELLED),
ERRINFO_DEFINE(CB_CONNECTION_ERROR_INVALID_SETTINGS),
ERRINFO_DEFINE(CB_SESSION_ONLINE_VM_BOOT_TIMEOUT),
ERRINFO_DEFINE(CB_SESSION_ONLINE_VM_SESSMON_FAILED),
/* RDP specific codes */
ERRINFO_DEFINE(UNKNOWN_DATA_PDU_TYPE),
ERRINFO_DEFINE(UNKNOWN_PDU_TYPE),
ERRINFO_DEFINE(DATA_PDU_SEQUENCE),
ERRINFO_DEFINE(CONTROL_PDU_SEQUENCE),
ERRINFO_DEFINE(INVALID_CONTROL_PDU_ACTION),
ERRINFO_DEFINE(INVALID_INPUT_PDU_TYPE),
ERRINFO_DEFINE(INVALID_INPUT_PDU_MOUSE),
ERRINFO_DEFINE(INVALID_REFRESH_RECT_PDU),
ERRINFO_DEFINE(CREATE_USER_DATA_FAILED),
ERRINFO_DEFINE(CONNECT_FAILED),
ERRINFO_DEFINE(CONFIRM_ACTIVE_HAS_WRONG_SHAREID),
ERRINFO_DEFINE(CONFIRM_ACTIVE_HAS_WRONG_ORIGINATOR),
ERRINFO_DEFINE(PERSISTENT_KEY_PDU_BAD_LENGTH),
ERRINFO_DEFINE(PERSISTENT_KEY_PDU_ILLEGAL_FIRST),
ERRINFO_DEFINE(PERSISTENT_KEY_PDU_TOO_MANY_TOTAL_KEYS),
ERRINFO_DEFINE(PERSISTENT_KEY_PDU_TOO_MANY_CACHE_KEYS),
ERRINFO_DEFINE(INPUT_PDU_BAD_LENGTH),
ERRINFO_DEFINE(BITMAP_CACHE_ERROR_PDU_BAD_LENGTH),
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT),
ERRINFO_DEFINE(VCHANNEL_DATA_TOO_SHORT ),
ERRINFO_DEFINE(SHARE_DATA_TOO_SHORT),
ERRINFO_DEFINE(BAD_SUPPRESS_OUTPUT_PDU),
ERRINFO_DEFINE(CONFIRM_ACTIVE_PDU_TOO_SHORT),
ERRINFO_DEFINE(CAPABILITY_SET_TOO_SMALL),
ERRINFO_DEFINE(CAPABILITY_SET_TOO_LARGE),
ERRINFO_DEFINE(NO_CURSOR_CACHE),
ERRINFO_DEFINE(BAD_CAPABILITIES),
ERRINFO_DEFINE(VIRTUAL_CHANNEL_DECOMPRESSION),
ERRINFO_DEFINE(INVALID_VC_COMPRESSION_TYPE),
ERRINFO_DEFINE(INVALID_CHANNEL_ID),
ERRINFO_DEFINE(VCHANNELS_TOO_MANY),
ERRINFO_DEFINE(REMOTEAPP_NOT_ENABLED),
ERRINFO_DEFINE(CACHE_CAP_NOT_SET),
ERRINFO_DEFINE(BITMAP_CACHE_ERROR_PDU_BAD_LENGTH2),
ERRINFO_DEFINE(OFFSCREEN_CACHE_ERROR_PDU_BAD_LENGTH),
ERRINFO_DEFINE(DRAWNINEGRID_CACHE_ERROR_PDU_BAD_LENGTH),
ERRINFO_DEFINE(GDIPLUS_PDU_BAD_LENGTH),
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT2),
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT3),
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT4),
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT5),
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT6),
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT7),
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT8),
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT9),
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT10),
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT11),
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT12),
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT13),
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT14),
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT15),
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT16),
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT17),
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT18),
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT19),
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT20),
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT21),
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT22),
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT23),
ERRINFO_DEFINE(BAD_MONITOR_DATA),
ERRINFO_DEFINE(VC_DECOMPRESSED_REASSEMBLE_FAILED),
ERRINFO_DEFINE(VC_DATA_TOO_LONG),
ERRINFO_DEFINE(GRAPHICS_MODE_NOT_SUPPORTED),
ERRINFO_DEFINE(GRAPHICS_SUBSYSTEM_RESET_FAILED),
ERRINFO_DEFINE(GRAPHICS_SUBSYSTEM_FAILED),
ERRINFO_DEFINE(TIMEZONE_KEY_NAME_LENGTH_TOO_SHORT),
ERRINFO_DEFINE(TIMEZONE_KEY_NAME_LENGTH_TOO_LONG),
ERRINFO_DEFINE(DYNAMIC_DST_DISABLED_FIELD_MISSING),
ERRINFO_DEFINE(VC_DECODING_ERROR),
ERRINFO_DEFINE(UPDATE_SESSION_KEY_FAILED),
ERRINFO_DEFINE(DECRYPT_FAILED),
ERRINFO_DEFINE(ENCRYPT_FAILED),
ERRINFO_DEFINE(ENCRYPTION_PACKAGE_MISMATCH),
ERRINFO_DEFINE(DECRYPT_FAILED2),
ERRINFO_DEFINE(PEER_DISCONNECTED),
/* RDP specific codes */
ERRINFO_DEFINE(UNKNOWN_DATA_PDU_TYPE),
ERRINFO_DEFINE(UNKNOWN_PDU_TYPE),
ERRINFO_DEFINE(DATA_PDU_SEQUENCE),
ERRINFO_DEFINE(CONTROL_PDU_SEQUENCE),
ERRINFO_DEFINE(INVALID_CONTROL_PDU_ACTION),
ERRINFO_DEFINE(INVALID_INPUT_PDU_TYPE),
ERRINFO_DEFINE(INVALID_INPUT_PDU_MOUSE),
ERRINFO_DEFINE(INVALID_REFRESH_RECT_PDU),
ERRINFO_DEFINE(CREATE_USER_DATA_FAILED),
ERRINFO_DEFINE(CONNECT_FAILED),
ERRINFO_DEFINE(CONFIRM_ACTIVE_HAS_WRONG_SHAREID),
ERRINFO_DEFINE(CONFIRM_ACTIVE_HAS_WRONG_ORIGINATOR),
ERRINFO_DEFINE(PERSISTENT_KEY_PDU_BAD_LENGTH),
ERRINFO_DEFINE(PERSISTENT_KEY_PDU_ILLEGAL_FIRST),
ERRINFO_DEFINE(PERSISTENT_KEY_PDU_TOO_MANY_TOTAL_KEYS),
ERRINFO_DEFINE(PERSISTENT_KEY_PDU_TOO_MANY_CACHE_KEYS),
ERRINFO_DEFINE(INPUT_PDU_BAD_LENGTH),
ERRINFO_DEFINE(BITMAP_CACHE_ERROR_PDU_BAD_LENGTH),
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT),
ERRINFO_DEFINE(VCHANNEL_DATA_TOO_SHORT),
ERRINFO_DEFINE(SHARE_DATA_TOO_SHORT),
ERRINFO_DEFINE(BAD_SUPPRESS_OUTPUT_PDU),
ERRINFO_DEFINE(CONFIRM_ACTIVE_PDU_TOO_SHORT),
ERRINFO_DEFINE(CAPABILITY_SET_TOO_SMALL),
ERRINFO_DEFINE(CAPABILITY_SET_TOO_LARGE),
ERRINFO_DEFINE(NO_CURSOR_CACHE),
ERRINFO_DEFINE(BAD_CAPABILITIES),
ERRINFO_DEFINE(VIRTUAL_CHANNEL_DECOMPRESSION),
ERRINFO_DEFINE(INVALID_VC_COMPRESSION_TYPE),
ERRINFO_DEFINE(INVALID_CHANNEL_ID),
ERRINFO_DEFINE(VCHANNELS_TOO_MANY),
ERRINFO_DEFINE(REMOTEAPP_NOT_ENABLED),
ERRINFO_DEFINE(CACHE_CAP_NOT_SET),
ERRINFO_DEFINE(BITMAP_CACHE_ERROR_PDU_BAD_LENGTH2),
ERRINFO_DEFINE(OFFSCREEN_CACHE_ERROR_PDU_BAD_LENGTH),
ERRINFO_DEFINE(DRAWNINEGRID_CACHE_ERROR_PDU_BAD_LENGTH),
ERRINFO_DEFINE(GDIPLUS_PDU_BAD_LENGTH),
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT2),
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT3),
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT4),
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT5),
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT6),
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT7),
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT8),
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT9),
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT10),
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT11),
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT12),
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT13),
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT14),
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT15),
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT16),
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT17),
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT18),
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT19),
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT20),
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT21),
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT22),
ERRINFO_DEFINE(SECURITY_DATA_TOO_SHORT23),
ERRINFO_DEFINE(BAD_MONITOR_DATA),
ERRINFO_DEFINE(VC_DECOMPRESSED_REASSEMBLE_FAILED),
ERRINFO_DEFINE(VC_DATA_TOO_LONG),
ERRINFO_DEFINE(BAD_FRAME_ACK_DATA),
ERRINFO_DEFINE(GRAPHICS_MODE_NOT_SUPPORTED),
ERRINFO_DEFINE(GRAPHICS_SUBSYSTEM_RESET_FAILED),
ERRINFO_DEFINE(GRAPHICS_SUBSYSTEM_FAILED),
ERRINFO_DEFINE(TIMEZONE_KEY_NAME_LENGTH_TOO_SHORT),
ERRINFO_DEFINE(TIMEZONE_KEY_NAME_LENGTH_TOO_LONG),
ERRINFO_DEFINE(DYNAMIC_DST_DISABLED_FIELD_MISSING),
ERRINFO_DEFINE(VC_DECODING_ERROR),
ERRINFO_DEFINE(VIRTUALDESKTOPTOOLARGE),
ERRINFO_DEFINE(MONITORGEOMETRYVALIDATIONFAILED),
ERRINFO_DEFINE(INVALIDMONITORCOUNT),
ERRINFO_DEFINE(UPDATE_SESSION_KEY_FAILED),
ERRINFO_DEFINE(DECRYPT_FAILED),
ERRINFO_DEFINE(ENCRYPT_FAILED),
ERRINFO_DEFINE(ENCRYPTION_PACKAGE_MISMATCH),
ERRINFO_DEFINE(DECRYPT_FAILED2),
ERRINFO_DEFINE(PEER_DISCONNECTED),
ERRINFO_DEFINE(NONE)
ERRINFO_DEFINE(NONE)
};
const char* freerdp_get_error_info_string(UINT32 code)
{
const ERRINFO* errInfo;
errInfo = &ERRINFO_CODES[0];
while (errInfo->code != ERRINFO_NONE)
@ -543,7 +559,6 @@ const char* freerdp_get_error_info_string(UINT32 code)
const char* freerdp_get_error_info_name(UINT32 code)
{
const ERRINFO* errInfo;
errInfo = &ERRINFO_CODES[0];
while (errInfo->code != ERRINFO_NONE)
@ -562,7 +577,6 @@ const char* freerdp_get_error_info_name(UINT32 code)
void rdp_print_errinfo(UINT32 code)
{
const ERRINFO* errInfo;
errInfo = &ERRINFO_CODES[0];
while (errInfo->code != ERRINFO_NONE)

195
libfreerdp/core/nego.c
View File

@ -36,6 +36,35 @@
#define TAG FREERDP_TAG("core.nego")
struct rdp_nego
{
UINT16 port;
UINT32 flags;
const char* hostname;
char* cookie;
BYTE* RoutingToken;
DWORD RoutingTokenLength;
BOOL SendPreconnectionPdu;
UINT32 PreconnectionId;
char* PreconnectionBlob;
NEGO_STATE state;
BOOL TcpConnected;
BOOL SecurityConnected;
UINT32 CookieMaxLength;
BOOL sendNegoData;
UINT32 SelectedProtocol;
UINT32 RequestedProtocols;
BOOL NegotiateSecurityLayer;
BOOL EnabledProtocols[16];
BOOL RestrictedAdminModeRequired;
BOOL GatewayEnabled;
BOOL GatewayBypassLocal;
rdpTransport* transport;
};
static const char* const NEGO_STATE_STRINGS[] =
{
"NEGO_STATE_INITIAL",
@ -82,15 +111,15 @@ BOOL nego_connect(rdpNego* nego)
if (nego->state == NEGO_STATE_INITIAL)
{
if (nego->EnabledProtocols[PROTOCOL_EXT])
if (nego->EnabledProtocols[PROTOCOL_HYBRID_EX])
{
nego->state = NEGO_STATE_EXT;
}
else if (nego->EnabledProtocols[PROTOCOL_NLA])
else if (nego->EnabledProtocols[PROTOCOL_HYBRID])
{
nego->state = NEGO_STATE_NLA;
}
else if (nego->EnabledProtocols[PROTOCOL_TLS])
else if (nego->EnabledProtocols[PROTOCOL_SSL])
{
nego->state = NEGO_STATE_TLS;
}
@ -109,26 +138,26 @@ BOOL nego_connect(rdpNego* nego)
{
WLog_DBG(TAG, "Security Layer Negotiation is disabled");
/* attempt only the highest enabled protocol (see nego_attempt_*) */
nego->EnabledProtocols[PROTOCOL_NLA] = FALSE;
nego->EnabledProtocols[PROTOCOL_TLS] = FALSE;
nego->EnabledProtocols[PROTOCOL_HYBRID] = FALSE;
nego->EnabledProtocols[PROTOCOL_SSL] = FALSE;
nego->EnabledProtocols[PROTOCOL_RDP] = FALSE;
nego->EnabledProtocols[PROTOCOL_EXT] = FALSE;
nego->EnabledProtocols[PROTOCOL_HYBRID_EX] = FALSE;
if (nego->state == NEGO_STATE_EXT)
{
nego->EnabledProtocols[PROTOCOL_EXT] = TRUE;
nego->EnabledProtocols[PROTOCOL_NLA] = TRUE;
nego->SelectedProtocol = PROTOCOL_EXT;
nego->EnabledProtocols[PROTOCOL_HYBRID_EX] = TRUE;
nego->EnabledProtocols[PROTOCOL_HYBRID] = TRUE;
nego->SelectedProtocol = PROTOCOL_HYBRID_EX;
}
else if (nego->state == NEGO_STATE_NLA)
{
nego->EnabledProtocols[PROTOCOL_NLA] = TRUE;
nego->SelectedProtocol = PROTOCOL_NLA;
nego->EnabledProtocols[PROTOCOL_HYBRID] = TRUE;
nego->SelectedProtocol = PROTOCOL_HYBRID;
}
else if (nego->state == NEGO_STATE_TLS)
{
nego->EnabledProtocols[PROTOCOL_TLS] = TRUE;
nego->SelectedProtocol = PROTOCOL_TLS;
nego->EnabledProtocols[PROTOCOL_SSL] = TRUE;
nego->SelectedProtocol = PROTOCOL_SSL;
}
else if (nego->state == NEGO_STATE_RDP)
{
@ -218,14 +247,14 @@ BOOL nego_security_connect(rdpNego* nego)
}
else if (!nego->SecurityConnected)
{
if (nego->SelectedProtocol == PROTOCOL_NLA)
if (nego->SelectedProtocol == PROTOCOL_HYBRID)
{
WLog_DBG(TAG, "nego_security_connect with PROTOCOL_NLA");
WLog_DBG(TAG, "nego_security_connect with PROTOCOL_HYBRID");
nego->SecurityConnected = transport_connect_nla(nego->transport);
}
else if (nego->SelectedProtocol == PROTOCOL_TLS)
else if (nego->SelectedProtocol == PROTOCOL_SSL)
{
WLog_DBG(TAG, "nego_security_connect with PROTOCOL_TLS");
WLog_DBG(TAG, "nego_security_connect with PROTOCOL_SSL");
nego->SecurityConnected = transport_connect_tls(nego->transport);
}
else if (nego->SelectedProtocol == PROTOCOL_RDP)
@ -378,7 +407,7 @@ BOOL nego_send_preconnection_pdu(rdpNego* nego)
static void nego_attempt_ext(rdpNego* nego)
{
nego->RequestedProtocols = PROTOCOL_NLA | PROTOCOL_TLS | PROTOCOL_EXT;
nego->RequestedProtocols = PROTOCOL_HYBRID | PROTOCOL_SSL | PROTOCOL_HYBRID_EX;
WLog_DBG(TAG, "Attempting NLA extended security");
if (!nego_transport_connect(nego))
@ -405,9 +434,9 @@ static void nego_attempt_ext(rdpNego* nego)
{
nego_transport_disconnect(nego);
if (nego->EnabledProtocols[PROTOCOL_NLA])
if (nego->EnabledProtocols[PROTOCOL_HYBRID])
nego->state = NEGO_STATE_NLA;
else if (nego->EnabledProtocols[PROTOCOL_TLS])
else if (nego->EnabledProtocols[PROTOCOL_SSL])
nego->state = NEGO_STATE_TLS;
else if (nego->EnabledProtocols[PROTOCOL_RDP])
nego->state = NEGO_STATE_RDP;
@ -423,7 +452,7 @@ static void nego_attempt_ext(rdpNego* nego)
static void nego_attempt_nla(rdpNego* nego)
{
nego->RequestedProtocols = PROTOCOL_NLA | PROTOCOL_TLS;
nego->RequestedProtocols = PROTOCOL_HYBRID | PROTOCOL_SSL;
WLog_DBG(TAG, "Attempting NLA security");
if (!nego_transport_connect(nego))
@ -450,7 +479,7 @@ static void nego_attempt_nla(rdpNego* nego)
{
nego_transport_disconnect(nego);
if (nego->EnabledProtocols[PROTOCOL_TLS])
if (nego->EnabledProtocols[PROTOCOL_SSL])
nego->state = NEGO_STATE_TLS;
else if (nego->EnabledProtocols[PROTOCOL_RDP])
nego->state = NEGO_STATE_RDP;
@ -466,7 +495,7 @@ static void nego_attempt_nla(rdpNego* nego)
static void nego_attempt_tls(rdpNego* nego)
{
nego->RequestedProtocols = PROTOCOL_TLS;
nego->RequestedProtocols = PROTOCOL_SSL;
WLog_DBG(TAG, "Attempting TLS security");
if (!nego_transport_connect(nego))
@ -600,14 +629,14 @@ int nego_recv(rdpTransport* transport, wStream* s, void* extra)
if (nego->SelectedProtocol)
{
if ((nego->SelectedProtocol == PROTOCOL_NLA) &&
(!nego->EnabledProtocols[PROTOCOL_NLA]))
if ((nego->SelectedProtocol == PROTOCOL_HYBRID) &&
(!nego->EnabledProtocols[PROTOCOL_HYBRID]))
{
nego->state = NEGO_STATE_FAIL;
}
if ((nego->SelectedProtocol == PROTOCOL_TLS) &&
(!nego->EnabledProtocols[PROTOCOL_TLS]))
if ((nego->SelectedProtocol == PROTOCOL_SSL) &&
(!nego->EnabledProtocols[PROTOCOL_SSL]))
{
nego->state = NEGO_STATE_FAIL;
}
@ -803,11 +832,12 @@ void nego_send(rdpNego* nego)
BOOL nego_send_negotiation_request(rdpNego* nego)
{
BOOL rc = FALSE;
wStream* s;
int length;
size_t length;
size_t bm, em;
BYTE flags = 0;
int cookie_length;
size_t cookie_length;
s = Stream_New(NULL, 512);
if (!s)
@ -845,7 +875,7 @@ BOOL nego_send_negotiation_request(rdpNego* nego)
{
cookie_length = strlen(nego->cookie);
if (cookie_length > (int) nego->CookieMaxLength)
if (cookie_length > nego->CookieMaxLength)
cookie_length = nego->CookieMaxLength;
Stream_Write(s, "Cookie: mstshash=", 17);
@ -870,21 +900,19 @@ BOOL nego_send_negotiation_request(rdpNego* nego)
length += 8;
}
if ((length < 5) || (length > UINT16_MAX))
goto fail;
em = Stream_GetPosition(s);
Stream_SetPosition(s, bm);
tpkt_write_header(s, length);
tpdu_write_connection_request(s, length - 5);
tpkt_write_header(s, (UINT16)length);
tpdu_write_connection_request(s, (UINT16)length - 5);
Stream_SetPosition(s, em);
Stream_SealLength(s);
if (transport_write(nego->transport, s) < 0)
{
Stream_Free(s, TRUE);
return FALSE;
}
rc = (transport_write(nego->transport, s) >= 0);
fail:
Stream_Free(s, TRUE);
return TRUE;
return rc;
}
/**
@ -983,7 +1011,7 @@ void nego_process_negotiation_failure(rdpNego* nego, wStream* s)
BOOL nego_send_negotiation_response(rdpNego* nego)
{
int length;
UINT16 length;
size_t bm, em;
BOOL status;
wStream* s;
@ -1085,7 +1113,7 @@ BOOL nego_send_negotiation_response(rdpNego* nego)
return FALSE;
}
}
else if (settings->SelectedProtocol == PROTOCOL_TLS)
else if (settings->SelectedProtocol == PROTOCOL_SSL)
{
settings->TlsSecurity = TRUE;
settings->NlaSecurity = FALSE;
@ -1093,7 +1121,7 @@ BOOL nego_send_negotiation_response(rdpNego* nego)
settings->UseRdpSecurityLayer = FALSE;
settings->EncryptionLevel = ENCRYPTION_LEVEL_NONE;
}
else if (settings->SelectedProtocol == PROTOCOL_NLA)
else if (settings->SelectedProtocol == PROTOCOL_HYBRID)
{
settings->TlsSecurity = TRUE;
settings->NlaSecurity = TRUE;
@ -1160,10 +1188,14 @@ void nego_free(rdpNego* nego)
* @param port
*/
void nego_set_target(rdpNego* nego, char* hostname, int port)
BOOL nego_set_target(rdpNego* nego, const char* hostname, UINT16 port)
{
if (!nego || !hostname)
return FALSE;
nego->hostname = hostname;
nego->port = port;
return TRUE;
}
/**
@ -1221,7 +1253,7 @@ void nego_enable_rdp(rdpNego* nego, BOOL enable_rdp)
void nego_enable_tls(rdpNego* nego, BOOL enable_tls)
{
WLog_DBG(TAG, "Enabling TLS security: %s", enable_tls ? "TRUE" : "FALSE");
nego->EnabledProtocols[PROTOCOL_TLS] = enable_tls;
nego->EnabledProtocols[PROTOCOL_SSL] = enable_tls;
}
/**
@ -1233,7 +1265,7 @@ void nego_enable_tls(rdpNego* nego, BOOL enable_tls)
void nego_enable_nla(rdpNego* nego, BOOL enable_nla)
{
WLog_DBG(TAG, "Enabling NLA security: %s", enable_nla ? "TRUE" : "FALSE");
nego->EnabledProtocols[PROTOCOL_NLA] = enable_nla;
nego->EnabledProtocols[PROTOCOL_HYBRID] = enable_nla;
}
/**
@ -1245,7 +1277,7 @@ void nego_enable_nla(rdpNego* nego, BOOL enable_nla)
void nego_enable_ext(rdpNego* nego, BOOL enable_ext)
{
WLog_DBG(TAG, "Enabling NLA extended security: %s", enable_ext ? "TRUE" : "FALSE");
nego->EnabledProtocols[PROTOCOL_EXT] = enable_ext;
nego->EnabledProtocols[PROTOCOL_HYBRID_EX] = enable_ext;
}
/**
@ -1339,3 +1371,72 @@ void nego_set_preconnection_blob(rdpNego* nego, char* PreconnectionBlob)
{
nego->PreconnectionBlob = PreconnectionBlob;
}
UINT32 nego_get_selected_protocol(rdpNego* nego)
{
if (!nego)
return 0;
return nego->SelectedProtocol;
}
BOOL nego_set_selected_protocol(rdpNego* nego, UINT32 SelectedProtocol)
{
if (!nego)
return FALSE;
nego->SelectedProtocol = SelectedProtocol;
return TRUE;
}
UINT32 nego_get_requested_protocols(rdpNego* nego)
{
if (!nego)
return 0;
return nego->RequestedProtocols;
}
BOOL nego_set_requested_protocols(rdpNego* nego, UINT32 RequestedProtocols)
{
if (!nego)
return FALSE;
nego->RequestedProtocols = RequestedProtocols;
return TRUE;
}
NEGO_STATE nego_get_state(rdpNego* nego)
{
if (!nego)
return NEGO_STATE_FAIL;
return nego->state;
}
BOOL nego_set_state(rdpNego* nego, NEGO_STATE state)
{
if (!nego)
return FALSE;
nego->state = state;
return TRUE;
}
SEC_WINNT_AUTH_IDENTITY* nego_get_identity(rdpNego* nego)
{
if (!nego)
return NULL;
return nla_get_identity(nego->transport->nla);
}
void nego_free_nla(rdpNego* nego)
{
if (!nego || !nego->transport)
return;
nla_free(nego->transport->nla);
nego->transport->nla = NULL;
}

57
libfreerdp/core/nego.h
View File

@ -29,12 +29,14 @@
#include <winpr/stream.h>
/* Protocol Security Negotiation Protocols */
#define PROTOCOL_RDP 0x00000000
#define PROTOCOL_TLS 0x00000001
#define PROTOCOL_NLA 0x00000002
#define PROTOCOL_RDS 0x00000004
#define PROTOCOL_EXT 0x00000008
/* Protocol Security Negotiation Protocols
* [MS-RDPBCGR] 2.2.1.1.1 RDP Negotiation Request (RDP_NEG_REQ)
*/
#define PROTOCOL_RDP 0x00000000
#define PROTOCOL_SSL 0x00000001
#define PROTOCOL_HYBRID 0x00000002
#define PROTOCOL_RDSTLS 0x00000004
#define PROTOCOL_HYBRID_EX 0x00000008
#define PROTOCOL_FAILED_NEGO 0x80000000 /* only used internally, not on the wire */
@ -90,34 +92,6 @@ enum RDP_NEG_MSG
#define REDIRECTED_AUTHENTICATION_MODE_REQUIRED 0x02
#define CORRELATION_INFO_PRESENT 0x08
struct rdp_nego
{
int port;
UINT32 flags;
char* hostname;
char* cookie;
BYTE* RoutingToken;
DWORD RoutingTokenLength;
BOOL SendPreconnectionPdu;
UINT32 PreconnectionId;
char* PreconnectionBlob;
NEGO_STATE state;
BOOL TcpConnected;
BOOL SecurityConnected;
UINT32 CookieMaxLength;
BOOL sendNegoData;
UINT32 SelectedProtocol;
UINT32 RequestedProtocols;
BOOL NegotiateSecurityLayer;
BYTE EnabledProtocols[16];
BOOL RestrictedAdminModeRequired;
BOOL GatewayEnabled;
BOOL GatewayBypassLocal;
rdpTransport* transport;
};
typedef struct rdp_nego rdpNego;
FREERDP_LOCAL BOOL nego_connect(rdpNego* nego);
@ -133,7 +107,7 @@ FREERDP_LOCAL rdpNego* nego_new(rdpTransport* transport);
FREERDP_LOCAL void nego_free(rdpNego* nego);
FREERDP_LOCAL void nego_init(rdpNego* nego);
FREERDP_LOCAL void nego_set_target(rdpNego* nego, char* hostname, int port);
FREERDP_LOCAL BOOL nego_set_target(rdpNego* nego, const char* hostname, UINT16 port);
FREERDP_LOCAL void nego_set_negotiation_enabled(rdpNego* nego,
BOOL NegotiateSecurityLayer);
FREERDP_LOCAL void nego_set_restricted_admin_mode_required(rdpNego* nego,
@ -157,4 +131,17 @@ FREERDP_LOCAL void nego_set_preconnection_id(rdpNego* nego,
FREERDP_LOCAL void nego_set_preconnection_blob(rdpNego* nego,
char* PreconnectionBlob);
FREERDP_LOCAL UINT32 nego_get_selected_protocol(rdpNego* nego);
FREERDP_LOCAL BOOL nego_set_selected_protocol(rdpNego* nego, UINT32 SelectedProtocol);
FREERDP_LOCAL UINT32 nego_get_requested_protocols(rdpNego* nego);
FREERDP_LOCAL BOOL nego_set_requested_protocols(rdpNego* nego, UINT32 RequestedProtocols);
FREERDP_LOCAL BOOL nego_set_state(rdpNego* nego, NEGO_STATE state);
FREERDP_LOCAL NEGO_STATE nego_get_state(rdpNego* nego);
FREERDP_LOCAL SEC_WINNT_AUTH_IDENTITY* nego_get_identity(rdpNego* nego);
FREERDP_LOCAL void nego_free_nla(rdpNego* nego);
#endif /* FREERDP_LIB_CORE_NEGO_H */

81
libfreerdp/core/nla.c
View File

@ -99,6 +99,53 @@
#define TERMSRV_SPN_PREFIX "TERMSRV/"
struct rdp_nla
{
BOOL server;
NLA_STATE state;
int sendSeqNum;
int recvSeqNum;
freerdp* instance;
CtxtHandle context;
LPTSTR SspiModule;
char* SamFile;
rdpSettings* settings;
rdpTransport* transport;
UINT32 cbMaxToken;
#if defined(UNICODE)
SEC_WCHAR* packageName;
#else
SEC_CHAR* packageName;
#endif
UINT32 version;
UINT32 peerVersion;
UINT32 errorCode;
ULONG fContextReq;
ULONG pfContextAttr;
BOOL haveContext;
BOOL haveInputBuffer;
BOOL havePubKeyAuth;
SECURITY_STATUS status;
CredHandle credentials;
TimeStamp expiration;
PSecPkgInfo pPackageInfo;
SecBuffer inputBuffer;
SecBuffer outputBuffer;
SecBufferDesc inputBufferDesc;
SecBufferDesc outputBufferDesc;
SecBuffer negoToken;
SecBuffer pubKeyAuth;
SecBuffer authInfo;
SecBuffer ClientNonce;
SecBuffer PublicKey;
SecBuffer tsCredentials;
LPTSTR ServicePrincipalName;
SEC_WINNT_AUTH_IDENTITY* identity;
PSecurityFunctionTable table;
SecPkgContext_Sizes ContextSizes;
};
static BOOL nla_send(rdpNla* nla);
static int nla_recv(rdpNla* nla);
static void nla_buffer_print(rdpNla* nla);
@ -2387,3 +2434,37 @@ void nla_free(rdpNla* nla)
nla_identity_free(nla->identity);
free(nla);
}
SEC_WINNT_AUTH_IDENTITY* nla_get_identity(rdpNla* nla)
{
if (!nla)
return NULL;
return nla->identity;
}
NLA_STATE nla_get_state(rdpNla* nla)
{
if (!nla)
return NLA_STATE_FINAL;
return nla->state;
}
BOOL nla_set_state(rdpNla* nla, NLA_STATE state)
{
if (!nla)
return FALSE;
nla->state = state;
return TRUE;
}
BOOL nla_set_service_principal(rdpNla* nla, LPSTR principal)
{
if (!nla || !principal)
return FALSE;
nla->ServicePrincipalName = principal;
return TRUE;
}

53
libfreerdp/core/nla.h
View File

@ -47,52 +47,6 @@ enum _NLA_STATE
};
typedef enum _NLA_STATE NLA_STATE;
struct rdp_nla
{
BOOL server;
NLA_STATE state;
int sendSeqNum;
int recvSeqNum;
freerdp* instance;
CtxtHandle context;
LPTSTR SspiModule;
char* SamFile;
rdpSettings* settings;
rdpTransport* transport;
UINT32 cbMaxToken;
#if defined(UNICODE)
SEC_WCHAR* packageName;
#else
SEC_CHAR* packageName;
#endif
UINT32 version;
UINT32 peerVersion;
UINT32 errorCode;
ULONG fContextReq;
ULONG pfContextAttr;
BOOL haveContext;
BOOL haveInputBuffer;
BOOL havePubKeyAuth;
SECURITY_STATUS status;
CredHandle credentials;
TimeStamp expiration;
PSecPkgInfo pPackageInfo;
SecBuffer inputBuffer;
SecBuffer outputBuffer;
SecBufferDesc inputBufferDesc;
SecBufferDesc outputBufferDesc;
SecBuffer negoToken;
SecBuffer pubKeyAuth;
SecBuffer authInfo;
SecBuffer ClientNonce;
SecBuffer PublicKey;
SecBuffer tsCredentials;
LPTSTR ServicePrincipalName;
SEC_WINNT_AUTH_IDENTITY* identity;
PSecurityFunctionTable table;
SecPkgContext_Sizes ContextSizes;
};
FREERDP_LOCAL int nla_authenticate(rdpNla* nla);
FREERDP_LOCAL LPTSTR nla_make_spn(const char* ServiceClass,
const char* hostname);
@ -100,6 +54,13 @@ FREERDP_LOCAL LPTSTR nla_make_spn(const char* ServiceClass,
FREERDP_LOCAL int nla_client_begin(rdpNla* nla);
FREERDP_LOCAL int nla_recv_pdu(rdpNla* nla, wStream* s);
FREERDP_LOCAL SEC_WINNT_AUTH_IDENTITY* nla_get_identity(rdpNla* nla);
FREERDP_LOCAL NLA_STATE nla_get_state(rdpNla* nla);
FREERDP_LOCAL BOOL nla_set_state(rdpNla* nla, NLA_STATE state);
FREERDP_LOCAL BOOL nla_set_service_principal(rdpNla* nla, LPSTR principal);
FREERDP_LOCAL rdpNla* nla_new(freerdp* instance, rdpTransport* transport,
rdpSettings* settings);
FREERDP_LOCAL void nla_free(rdpNla* nla);

24
libfreerdp/core/peer.c
View File

@ -464,6 +464,7 @@ static int peer_recv_pdu(freerdp_peer* client, wStream* s)
static int peer_recv_callback(rdpTransport* transport, wStream* s, void* extra)
{
UINT32 SelectedProtocol;
freerdp_peer* client = (freerdp_peer*) extra;
rdpRdp* rdp = client->context->rdp;
@ -476,16 +477,17 @@ static int peer_recv_callback(rdpTransport* transport, wStream* s, void* extra)
return -1;
}
client->settings->NlaSecurity = (rdp->nego->SelectedProtocol & PROTOCOL_NLA) ? TRUE : FALSE;
client->settings->TlsSecurity = (rdp->nego->SelectedProtocol & PROTOCOL_TLS) ? TRUE : FALSE;
client->settings->RdpSecurity = (rdp->nego->SelectedProtocol == PROTOCOL_RDP) ? TRUE : FALSE;
SelectedProtocol = nego_get_selected_protocol(rdp->nego);
client->settings->NlaSecurity = (SelectedProtocol & PROTOCOL_HYBRID) ? TRUE : FALSE;
client->settings->TlsSecurity = (SelectedProtocol & PROTOCOL_SSL) ? TRUE : FALSE;
client->settings->RdpSecurity = (SelectedProtocol == PROTOCOL_RDP) ? TRUE : FALSE;
if (rdp->nego->SelectedProtocol & PROTOCOL_NLA)
if (SelectedProtocol & PROTOCOL_HYBRID)
{
sspi_CopyAuthIdentity(&client->identity, rdp->nego->transport->nla->identity);
SEC_WINNT_AUTH_IDENTITY* identity = nego_get_identity(rdp->nego);
sspi_CopyAuthIdentity(&client->identity, identity);
IFCALLRET(client->Logon, client->authenticated, client, &client->identity, TRUE);
nla_free(rdp->nego->transport->nla);
rdp->nego->transport->nla = NULL;
nego_free_nla(rdp->nego);
}
else
{
@ -497,7 +499,8 @@ static int peer_recv_callback(rdpTransport* transport, wStream* s, void* extra)
case CONNECTION_STATE_NEGO:
if (!rdp_server_accept_mcs_connect_initial(rdp, s))
{
WLog_ERR(TAG, "peer_recv_callback: CONNECTION_STATE_NEGO - rdp_server_accept_mcs_connect_initial() fail");
WLog_ERR(TAG,
"peer_recv_callback: CONNECTION_STATE_NEGO - rdp_server_accept_mcs_connect_initial() fail");
return -1;
}
@ -642,10 +645,13 @@ static int peer_recv_callback(rdpTransport* transport, wStream* s, void* extra)
static BOOL freerdp_peer_close(freerdp_peer* client)
{
UINT32 SelectedProtocol;
/** if negotiation has failed, we're not MCS connected. So don't
* send anything else, or some mstsc will consider that as an error
*/
if (client->context->rdp->nego->SelectedProtocol & PROTOCOL_FAILED_NEGO)
SelectedProtocol = nego_get_selected_protocol(client->context->rdp->nego);
if (SelectedProtocol & PROTOCOL_FAILED_NEGO)
return TRUE;
/**

28
libfreerdp/core/rdp.c
View File

@ -1388,7 +1388,7 @@ int rdp_recv_callback(rdpTransport* transport, wStream* s, void* extra)
switch (rdp->state)
{
case CONNECTION_STATE_NLA:
if (rdp->nla->state < NLA_STATE_AUTH_INFO)
if (nla_get_state(rdp->nla) < NLA_STATE_AUTH_INFO)
{
if (nla_recv_pdu(rdp->nla, s) < 1)
{
@ -1396,37 +1396,45 @@ int rdp_recv_callback(rdpTransport* transport, wStream* s, void* extra)
return -1;
}
}
else if (rdp->nla->state == NLA_STATE_POST_NEGO)
else if (nla_get_state(rdp->nla) == NLA_STATE_POST_NEGO)
{
nego_recv(rdp->transport, s, (void*) rdp->nego);
if (rdp->nego->state != NEGO_STATE_FINAL)
if (nego_get_state(rdp->nego) != NEGO_STATE_FINAL)
{
WLog_ERR(TAG, "rdp_recv_callback: CONNECTION_STATE_NLA - nego_recv() fail");
return -1;
}
rdp->nla->state = NLA_STATE_FINAL;
if (!nla_set_state(rdp->nla, NLA_STATE_FINAL))
return -1;
}
if (rdp->nla->state == NLA_STATE_AUTH_INFO)
if (nla_get_state(rdp->nla) == NLA_STATE_AUTH_INFO)
{
transport_set_nla_mode(rdp->transport, FALSE);
if (rdp->settings->VmConnectMode)
{
rdp->nego->state = NEGO_STATE_NLA;
rdp->nego->RequestedProtocols = PROTOCOL_NLA | PROTOCOL_TLS;
if (!nego_set_state(rdp->nego, NEGO_STATE_NLA))
return -1;
if (!nego_set_requested_protocols(rdp->nego, PROTOCOL_HYBRID | PROTOCOL_SSL))
return -1;
nego_send_negotiation_request(rdp->nego);
rdp->nla->state = NLA_STATE_POST_NEGO;
if (!nla_set_state(rdp->nla, NLA_STATE_POST_NEGO))
return -1;
}
else
{
rdp->nla->state = NLA_STATE_FINAL;
if (!nla_set_state(rdp->nla, NLA_STATE_FINAL))
return -1;
}
}
if (rdp->nla->state == NLA_STATE_FINAL)
if (nla_get_state(rdp->nla) == NLA_STATE_FINAL)
{
nla_free(rdp->nla);
rdp->nla = NULL;

19
libfreerdp/core/redirection.c
View File

@ -30,6 +30,25 @@
#define TAG FREERDP_TAG("core.redirection")
struct rdp_redirection
{
UINT32 flags;
UINT32 sessionID;
BYTE* TsvUrl;
DWORD TsvUrlLength;
char* Username;
char* Domain;
BYTE* Password;
DWORD PasswordLength;
char* TargetFQDN;
BYTE* LoadBalanceInfo;
DWORD LoadBalanceInfoLength;
char* TargetNetBiosName;
char* TargetNetAddress;
UINT32 TargetNetAddressesCount;
char** TargetNetAddresses;
};
static void rdp_print_redirection_flags(UINT32 flags)
{
WLog_DBG(TAG, "redirectionFlags = {");

19
libfreerdp/core/redirection.h
View File

@ -31,25 +31,6 @@ typedef struct rdp_redirection rdpRedirection;
#include <winpr/wlog.h>
#include <winpr/stream.h>
struct rdp_redirection
{
UINT32 flags;
UINT32 sessionID;
BYTE* TsvUrl;
DWORD TsvUrlLength;
char* Username;
char* Domain;
BYTE* Password;
DWORD PasswordLength;
char* TargetFQDN;
BYTE* LoadBalanceInfo;
DWORD LoadBalanceInfoLength;
char* TargetNetBiosName;
char* TargetNetAddress;
UINT32 TargetNetAddressesCount;
char** TargetNetAddresses;
};
FREERDP_LOCAL int rdp_recv_enhanced_security_redirection_packet(rdpRdp* rdp,
wStream* s);

6
libfreerdp/core/transport.c
View File

@ -334,10 +334,8 @@ BOOL transport_connect_nla(rdpTransport* transport)
if (settings->AuthenticationServiceClass)
{
rdp->nla->ServicePrincipalName =
nla_make_spn(settings->AuthenticationServiceClass, settings->ServerHostname);
if (!rdp->nla->ServicePrincipalName)
if (!nla_set_service_principal(rdp->nla, nla_make_spn(settings->AuthenticationServiceClass,
settings->ServerHostname)))
return FALSE;
}