FreeRDP/libfreerdp/core/mcs.c
Armin Novak 8292b4558f Fix TALOS issues
Fix the following issues identified by the CISCO TALOS project:
 * TALOS-2017-0336 CVE-2017-2834
 * TALOS-2017-0337 CVE-2017-2834
 * TALOS-2017-0338 CVE-2017-2836
 * TALOS-2017-0339 CVE-2017-2837
 * TALOS-2017-0340 CVE-2017-2838
 * TALOS-2017-0341 CVE-2017-2839
2017-07-20 09:28:47 +02:00

1292 lines
29 KiB
C

/**
* FreeRDP: A Remote Desktop Protocol Implementation
* T.125 Multipoint Communication Service (MCS) Protocol
*
* Copyright 2011 Marc-Andre Moreau <marcandre.moreau@gmail.com>
* Copyright 2015 Thincast Technologies GmbH
* Copyright 2015 DI (FH) Martin Haimberger <martin.haimberger@thincast.com>
* Copyright 2017 Armin Novak <armin.novak@thincast.com>
* Copyright 2017 Thincast Technologies GmbH
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include <winpr/crt.h>
#include <freerdp/log.h>
#include "gcc.h"
#include "mcs.h"
#include "tpdu.h"
#include "tpkt.h"
#include "client.h"
#include "connection.h"
#define TAG FREERDP_TAG("core")
/**
* T.125 MCS is defined in:
*
* http://www.itu.int/rec/T-REC-T.125-199802-I/
* ITU-T T.125 Multipoint Communication Service Protocol Specification
*/
/**
* Connect-Initial ::= [APPLICATION 101] IMPLICIT SEQUENCE
* {
* callingDomainSelector OCTET_STRING,
* calledDomainSelector OCTET_STRING,
* upwardFlag BOOLEAN,
* targetParameters DomainParameters,
* minimumParameters DomainParameters,
* maximumParameters DomainParameters,
* userData OCTET_STRING
* }
*
* DomainParameters ::= SEQUENCE
* {
* maxChannelIds INTEGER (0..MAX),
* maxUserIds INTEGER (0..MAX),
* maxTokenIds INTEGER (0..MAX),
* numPriorities INTEGER (0..MAX),
* minThroughput INTEGER (0..MAX),
* maxHeight INTEGER (0..MAX),
* maxMCSPDUsize INTEGER (0..MAX),
* protocolVersion INTEGER (0..MAX)
* }
*
* Connect-Response ::= [APPLICATION 102] IMPLICIT SEQUENCE
* {
* result Result,
* calledConnectId INTEGER (0..MAX),
* domainParameters DomainParameters,
* userData OCTET_STRING
* }
*
* Result ::= ENUMERATED
* {
* rt-successful (0),
* rt-domain-merging (1),
* rt-domain-not-hierarchical (2),
* rt-no-such-channel (3),
* rt-no-such-domain (4),
* rt-no-such-user (5),
* rt-not-admitted (6),
* rt-other-user-id (7),
* rt-parameters-unacceptable (8),
* rt-token-not-available (9),
* rt-token-not-possessed (10),
* rt-too-many-channels (11),
* rt-too-many-tokens (12),
* rt-too-many-users (13),
* rt-unspecified-failure (14),
* rt-user-rejected (15)
* }
*
* ErectDomainRequest ::= [APPLICATION 1] IMPLICIT SEQUENCE
* {
* subHeight INTEGER (0..MAX),
* subInterval INTEGER (0..MAX)
* }
*
* AttachUserRequest ::= [APPPLICATION 10] IMPLICIT SEQUENCE
* {
* }
*
* AttachUserConfirm ::= [APPLICATION 11] IMPLICIT SEQUENCE
* {
* result Result,
* initiator UserId OPTIONAL
* }
*
* ChannelJoinRequest ::= [APPLICATION 14] IMPLICIT SEQUENCE
* {
* initiator UserId,
* channelId ChannelId
* }
*
* ChannelJoinConfirm ::= [APPLICATION 15] IMPLICIT SEQUENCE
* {
* result Result,
* initiator UserId,
* requested ChannelId,
* channelId ChannelId OPTIONAL
* }
*
* SendDataRequest ::= [APPLICATION 25] IMPLICIT SEQUENCE
* {
* initiator UserId,
* channelId ChannelId,
* dataPriority DataPriority,
* segmentation Segmentation,
* userData OCTET_STRING
* }
*
* DataPriority ::= CHOICE
* {
* top NULL,
* high NULL,
* medium NULL,
* low NULL,
* ...
* }
*
* Segmentation ::= BIT_STRING
* {
* begin (0),
* end (1)
* } (SIZE(2))
*
* SendDataIndication ::= SEQUENCE
* {
* initiator UserId,
* channelId ChannelId,
* reliability BOOLEAN,
* domainReferenceID INTEGER (0..65535) OPTIONAL,
* dataPriority DataPriority,
* segmentation Segmentation,
* userData OCTET_STRING,
* totalDataSize INTEGER OPTIONAL,
* nonStandard SEQUENCE OF NonStandardParameter OPTIONAL,
* ...
* }
*
*/
static const BYTE callingDomainSelector[1] = "\x01";
static const BYTE calledDomainSelector[1] = "\x01";
/*
static const char* const mcs_result_enumerated[] =
{
"rt-successful",
"rt-domain-merging",
"rt-domain-not-hierarchical",
"rt-no-such-channel",
"rt-no-such-domain",
"rt-no-such-user",
"rt-not-admitted",
"rt-other-user-id",
"rt-parameters-unacceptable",
"rt-token-not-available",
"rt-token-not-possessed",
"rt-too-many-channels",
"rt-too-many-tokens",
"rt-too-many-users",
"rt-unspecified-failure",
"rt-user-rejected"
};
*/
static int mcs_initialize_client_channels(rdpMcs* mcs, rdpSettings* settings)
{
UINT32 index;
if (!mcs || !settings)
return -1;
mcs->channelCount = settings->ChannelCount;
if (mcs->channelCount > mcs->channelMaxCount)
mcs->channelCount = mcs->channelMaxCount;
ZeroMemory(mcs->channels, sizeof(rdpMcsChannel) * mcs->channelMaxCount);
for (index = 0; index < mcs->channelCount; index++)
{
CopyMemory(mcs->channels[index].Name, settings->ChannelDefArray[index].name, 8);
mcs->channels[index].options = settings->ChannelDefArray[index].options;
}
return 0;
}
/**
* Read a DomainMCSPDU header.
* @param s stream
* @param domainMCSPDU DomainMCSPDU type
* @param length TPKT length
* @return
*/
BOOL mcs_read_domain_mcspdu_header(wStream* s, enum DomainMCSPDU* domainMCSPDU, UINT16* length)
{
UINT16 li;
BYTE choice;
enum DomainMCSPDU MCSPDU;
if (!s || !domainMCSPDU || !length)
return FALSE;
if (!tpkt_read_header(s, length))
return FALSE;
if (!tpdu_read_data(s, &li))
return FALSE;
MCSPDU = *domainMCSPDU;
if (!per_read_choice(s, &choice))
return FALSE;
*domainMCSPDU = (choice >> 2);
if (*domainMCSPDU != MCSPDU)
return FALSE;
return TRUE;
}
/**
* Write a DomainMCSPDU header.
* @param s stream
* @param domainMCSPDU DomainMCSPDU type
* @param length TPKT length
*/
void mcs_write_domain_mcspdu_header(wStream* s, enum DomainMCSPDU domainMCSPDU, UINT16 length,
BYTE options)
{
tpkt_write_header(s, length);
tpdu_write_data(s);
per_write_choice(s, (domainMCSPDU << 2) | options);
}
/**
* Initialize MCS Domain Parameters.
* @param domainParameters domain parameters
* @param maxChannelIds max channel ids
* @param maxUserIds max user ids
* @param maxTokenIds max token ids
* @param maxMCSPDUsize max MCS PDU size
*/
static BOOL mcs_init_domain_parameters(DomainParameters* domainParameters,
UINT32 maxChannelIds, UINT32 maxUserIds, UINT32 maxTokenIds, UINT32 maxMCSPDUsize)
{
if (!domainParameters)
return FALSE;
domainParameters->maxChannelIds = maxChannelIds;
domainParameters->maxUserIds = maxUserIds;
domainParameters->maxTokenIds = maxTokenIds;
domainParameters->maxMCSPDUsize = maxMCSPDUsize;
domainParameters->numPriorities = 1;
domainParameters->minThroughput = 0;
domainParameters->maxHeight = 1;
domainParameters->protocolVersion = 2;
return TRUE;
}
/**
* Read MCS Domain Parameters.
* @param s stream
* @param domainParameters domain parameters
*/
static BOOL mcs_read_domain_parameters(wStream* s, DomainParameters* domainParameters)
{
int length;
if (!s || !domainParameters)
return FALSE;
return
ber_read_sequence_tag(s, &length) &&
ber_read_integer(s, &(domainParameters->maxChannelIds)) &&
ber_read_integer(s, &(domainParameters->maxUserIds)) &&
ber_read_integer(s, &(domainParameters->maxTokenIds)) &&
ber_read_integer(s, &(domainParameters->numPriorities)) &&
ber_read_integer(s, &(domainParameters->minThroughput)) &&
ber_read_integer(s, &(domainParameters->maxHeight)) &&
ber_read_integer(s, &(domainParameters->maxMCSPDUsize)) &&
ber_read_integer(s, &(domainParameters->protocolVersion));
}
/**
* Write MCS Domain Parameters.
* @param s stream
* @param domainParameters domain parameters
*/
static BOOL mcs_write_domain_parameters(wStream* s, DomainParameters* domainParameters)
{
int length;
wStream* tmps;
if (!s || !domainParameters)
return FALSE;
tmps = Stream_New(NULL, Stream_Capacity(s));
if (!tmps)
{
WLog_ERR(TAG, "Stream_New failed!");
return FALSE;
}
ber_write_integer(tmps, domainParameters->maxChannelIds);
ber_write_integer(tmps, domainParameters->maxUserIds);
ber_write_integer(tmps, domainParameters->maxTokenIds);
ber_write_integer(tmps, domainParameters->numPriorities);
ber_write_integer(tmps, domainParameters->minThroughput);
ber_write_integer(tmps, domainParameters->maxHeight);
ber_write_integer(tmps, domainParameters->maxMCSPDUsize);
ber_write_integer(tmps, domainParameters->protocolVersion);
length = Stream_GetPosition(tmps);
ber_write_sequence_tag(s, length);
Stream_Write(s, Stream_Buffer(tmps), length);
Stream_Free(tmps, TRUE);
return TRUE;
}
#ifdef DEBUG_MCS
/**
* Print MCS Domain Parameters.
* @param domainParameters domain parameters
*/
static void mcs_print_domain_parameters(DomainParameters* domainParameters)
{
WLog_INFO(TAG, "DomainParameters {");
if (domainParameters)
{
WLog_INFO(TAG, "\tmaxChannelIds:%"PRIu32"", domainParameters->maxChannelIds);
WLog_INFO(TAG, "\tmaxUserIds:%"PRIu32"", domainParameters->maxUserIds);
WLog_INFO(TAG, "\tmaxTokenIds:%"PRIu32"", domainParameters->maxTokenIds);
WLog_INFO(TAG, "\tnumPriorities:%"PRIu32"", domainParameters->numPriorities);
WLog_INFO(TAG, "\tminThroughput:%"PRIu32"", domainParameters->minThroughput);
WLog_INFO(TAG, "\tmaxHeight:%"PRIu32"", domainParameters->maxHeight);
WLog_INFO(TAG, "\tmaxMCSPDUsize:%"PRIu32"", domainParameters->maxMCSPDUsize);
WLog_INFO(TAG, "\tprotocolVersion:%"PRIu32"", domainParameters->protocolVersion);
}
else
WLog_INFO(TAG, "\tdomainParameters=%p", domainParameters);
WLog_INFO(TAG, "}");
}
#endif
/**
* Merge MCS Domain Parameters.
* @param domainParameters target parameters
* @param domainParameters minimum parameters
* @param domainParameters maximum parameters
* @param domainParameters output parameters
*/
BOOL mcs_merge_domain_parameters(DomainParameters* targetParameters,
DomainParameters* minimumParameters,
DomainParameters* maximumParameters, DomainParameters* pOutParameters)
{
/* maxChannelIds */
if (!targetParameters || !minimumParameters || !maximumParameters || !pOutParameters)
return FALSE;
if (targetParameters->maxChannelIds >= 4)
{
pOutParameters->maxChannelIds = targetParameters->maxChannelIds;
}
else if (maximumParameters->maxChannelIds >= 4)
{
pOutParameters->maxChannelIds = 4;
}
else
{
return FALSE;
}
/* maxUserIds */
if (targetParameters->maxUserIds >= 3)
{
pOutParameters->maxUserIds = targetParameters->maxUserIds;
}
else if (maximumParameters->maxUserIds >= 3)
{
pOutParameters->maxUserIds = 3;
}
else
{
return FALSE;
}
/* maxTokenIds */
pOutParameters->maxTokenIds = targetParameters->maxTokenIds;
/* numPriorities */
if (minimumParameters->numPriorities <= 1)
{
pOutParameters->numPriorities = 1;
}
else
{
return FALSE;
}
/* minThroughput */
pOutParameters->minThroughput = targetParameters->minThroughput;
/* maxHeight */
if ((targetParameters->maxHeight == 1) || (minimumParameters->maxHeight <= 1))
{
pOutParameters->maxHeight = 1;
}
else
{
return FALSE;
}
/* maxMCSPDUsize */
if (targetParameters->maxMCSPDUsize >= 1024)
{
if (targetParameters->maxMCSPDUsize <= 65528)
{
pOutParameters->maxMCSPDUsize = targetParameters->maxMCSPDUsize;
}
else if ((minimumParameters->maxMCSPDUsize >= 124) && (minimumParameters->maxMCSPDUsize <= 65528))
{
pOutParameters->maxMCSPDUsize = 65528;
}
else
{
return FALSE;
}
}
else
{
if (maximumParameters->maxMCSPDUsize >= 124)
{
pOutParameters->maxMCSPDUsize = maximumParameters->maxMCSPDUsize;
}
else
{
return FALSE;
}
}
/* protocolVersion */
if ((targetParameters->protocolVersion == 2) ||
((minimumParameters->protocolVersion <= 2) && (maximumParameters->protocolVersion >= 2)))
{
pOutParameters->protocolVersion = 2;
}
else
{
return FALSE;
}
return TRUE;
}
/**
* Read an MCS Connect Initial PDU.\n
* @msdn{cc240508}
* @param mcs MCS module
* @param s stream
*/
BOOL mcs_recv_connect_initial(rdpMcs* mcs, wStream* s)
{
UINT16 li;
int length;
BOOL upwardFlag;
UINT16 tlength;
if (!mcs || !s)
return FALSE;
if (!tpkt_read_header(s, &tlength))
return FALSE;
if (!tpdu_read_data(s, &li))
return FALSE;
if (!ber_read_application_tag(s, MCS_TYPE_CONNECT_INITIAL, &length))
return FALSE;
/* callingDomainSelector (OCTET_STRING) */
if (!ber_read_octet_string_tag(s, &length) || ((int) Stream_GetRemainingLength(s)) < length)
return FALSE;
Stream_Seek(s, length);
/* calledDomainSelector (OCTET_STRING) */
if (!ber_read_octet_string_tag(s, &length) || ((int) Stream_GetRemainingLength(s)) < length)
return FALSE;
Stream_Seek(s, length);
/* upwardFlag (BOOLEAN) */
if (!ber_read_BOOL(s, &upwardFlag))
return FALSE;
/* targetParameters (DomainParameters) */
if (!mcs_read_domain_parameters(s, &mcs->targetParameters))
return FALSE;
/* minimumParameters (DomainParameters) */
if (!mcs_read_domain_parameters(s, &mcs->minimumParameters))
return FALSE;
/* maximumParameters (DomainParameters) */
if (!mcs_read_domain_parameters(s, &mcs->maximumParameters))
return FALSE;
if (!ber_read_octet_string_tag(s, &length) || ((int) Stream_GetRemainingLength(s)) < length)
return FALSE;
if (!gcc_read_conference_create_request(s, mcs))
return FALSE;
if (!mcs_merge_domain_parameters(&mcs->targetParameters, &mcs->minimumParameters,
&mcs->maximumParameters, &mcs->domainParameters))
return FALSE;
return TRUE;
}
/**
* Write an MCS Connect Initial PDU.\n
* @msdn{cc240508}
* @param s stream
* @param mcs MCS module
* @param user_data GCC Conference Create Request
*/
BOOL mcs_write_connect_initial(wStream* s, rdpMcs* mcs, wStream* userData)
{
int length;
wStream* tmps;
BOOL ret = FALSE;
if (!s || !mcs || !userData)
return FALSE;
tmps = Stream_New(NULL, Stream_Capacity(s));
if (!tmps)
{
WLog_ERR(TAG, "Stream_New failed!");
return FALSE;
}
/* callingDomainSelector (OCTET_STRING) */
ber_write_octet_string(tmps, callingDomainSelector, sizeof(callingDomainSelector));
/* calledDomainSelector (OCTET_STRING) */
ber_write_octet_string(tmps, calledDomainSelector, sizeof(calledDomainSelector));
/* upwardFlag (BOOLEAN) */
ber_write_BOOL(tmps, TRUE);
/* targetParameters (DomainParameters) */
if (!mcs_write_domain_parameters(tmps, &mcs->targetParameters))
goto out;
/* minimumParameters (DomainParameters) */
if (!mcs_write_domain_parameters(tmps, &mcs->minimumParameters))
goto out;
/* maximumParameters (DomainParameters) */
if (!mcs_write_domain_parameters(tmps, &mcs->maximumParameters))
goto out;
/* userData (OCTET_STRING) */
ber_write_octet_string(tmps, Stream_Buffer(userData), Stream_GetPosition(userData));
length = Stream_GetPosition(tmps);
/* Connect-Initial (APPLICATION 101, IMPLICIT SEQUENCE) */
ber_write_application_tag(s, MCS_TYPE_CONNECT_INITIAL, length);
Stream_Write(s, Stream_Buffer(tmps), length);
ret = TRUE;
out:
Stream_Free(tmps, TRUE);
return ret;
}
/**
* Write an MCS Connect Response PDU.\n
* @msdn{cc240508}
* @param s stream
* @param mcs MCS module
* @param user_data GCC Conference Create Response
*/
BOOL mcs_write_connect_response(wStream* s, rdpMcs* mcs, wStream* userData)
{
int length;
wStream* tmps;
BOOL ret = FALSE;
if (!s || !mcs || !userData)
return FALSE;
tmps = Stream_New(NULL, Stream_Capacity(s));
if (!tmps)
{
WLog_ERR(TAG, "Stream_New failed!");
return FALSE;
}
ber_write_enumerated(tmps, 0, MCS_Result_enum_length);
ber_write_integer(tmps, 0); /* calledConnectId */
if (!mcs_write_domain_parameters(tmps, &(mcs->domainParameters)))
goto out;
/* userData (OCTET_STRING) */
ber_write_octet_string(tmps, Stream_Buffer(userData), Stream_GetPosition(userData));
length = Stream_GetPosition(tmps);
ber_write_application_tag(s, MCS_TYPE_CONNECT_RESPONSE, length);
Stream_Write(s, Stream_Buffer(tmps), length);
ret = TRUE;
out:
Stream_Free(tmps, TRUE);
return ret;
}
/**
* Send MCS Connect Initial.\n
* @msdn{cc240508}
* @param mcs mcs module
*/
BOOL mcs_send_connect_initial(rdpMcs* mcs)
{
int status = -1;
int length;
wStream* s = NULL;
int bm, em;
wStream* gcc_CCrq = NULL;
wStream* client_data = NULL;
if (!mcs)
return FALSE;
mcs_initialize_client_channels(mcs, mcs->settings);
client_data = Stream_New(NULL, 512);
if (!client_data)
{
WLog_ERR(TAG, "Stream_New failed!");
return FALSE;
}
gcc_write_client_data_blocks(client_data, mcs);
gcc_CCrq = Stream_New(NULL, 1024);
if (!gcc_CCrq)
{
WLog_ERR(TAG, "Stream_New failed!");
goto out;
}
gcc_write_conference_create_request(gcc_CCrq, client_data);
length = Stream_GetPosition(gcc_CCrq) + 7;
s = Stream_New(NULL, 1024 + length);
if (!s)
{
WLog_ERR(TAG, "Stream_New failed!");
goto out;
}
bm = Stream_GetPosition(s);
Stream_Seek(s, 7);
if (!mcs_write_connect_initial(s, mcs, gcc_CCrq))
{
WLog_ERR(TAG, "mcs_write_connect_initial failed!");
goto out;
}
em = Stream_GetPosition(s);
length = (em - bm);
Stream_SetPosition(s, bm);
tpkt_write_header(s, length);
tpdu_write_data(s);
Stream_SetPosition(s, em);
Stream_SealLength(s);
status = transport_write(mcs->transport, s);
out:
Stream_Free(s, TRUE);
Stream_Free(gcc_CCrq, TRUE);
Stream_Free(client_data, TRUE);
return (status < 0 ? FALSE : TRUE);
}
/**
* Read MCS Connect Response.\n
* @msdn{cc240501}
* @param mcs mcs module
*/
BOOL mcs_recv_connect_response(rdpMcs* mcs, wStream* s)
{
int length;
UINT16 tlength;
BYTE result;
UINT16 li;
UINT32 calledConnectId;
if (!mcs || !s)
return FALSE;
if (!tpkt_read_header(s, &tlength))
return FALSE;
if (!tpdu_read_data(s, &li))
return FALSE;
if (!ber_read_application_tag(s, MCS_TYPE_CONNECT_RESPONSE, &length) ||
!ber_read_enumerated(s, &result, MCS_Result_enum_length) ||
!ber_read_integer(s, &calledConnectId) ||
!mcs_read_domain_parameters(s, &(mcs->domainParameters)) ||
!ber_read_octet_string_tag(s, &length))
{
return FALSE;
}
if (!gcc_read_conference_create_response(s, mcs))
{
WLog_ERR(TAG, "gcc_read_conference_create_response failed");
return FALSE;
}
return TRUE;
}
/**
* Send MCS Connect Response.\n
* @msdn{cc240501}
* @param mcs mcs module
*/
BOOL mcs_send_connect_response(rdpMcs* mcs)
{
int length;
int status;
wStream* s;
int bm, em;
wStream* gcc_CCrsp;
wStream* server_data;
if (!mcs)
return FALSE;
server_data = Stream_New(NULL, 512);
if (!server_data)
{
WLog_ERR(TAG, "Stream_New failed!");
return FALSE;
}
if (!gcc_write_server_data_blocks(server_data, mcs))
goto error_data_blocks;
gcc_CCrsp = Stream_New(NULL, 512 + Stream_Capacity(server_data));
if (!gcc_CCrsp)
{
WLog_ERR(TAG, "Stream_New failed!");
goto error_data_blocks;
}
gcc_write_conference_create_response(gcc_CCrsp, server_data);
length = Stream_GetPosition(gcc_CCrsp) + 7;
s = Stream_New(NULL, length + 1024);
if (!s)
{
WLog_ERR(TAG, "Stream_New failed!");
goto error_stream_s;
}
bm = Stream_GetPosition(s);
Stream_Seek(s, 7);
if (!mcs_write_connect_response(s, mcs, gcc_CCrsp))
goto error_write_connect_response;
em = Stream_GetPosition(s);
length = (em - bm);
Stream_SetPosition(s, bm);
tpkt_write_header(s, length);
tpdu_write_data(s);
Stream_SetPosition(s, em);
Stream_SealLength(s);
status = transport_write(mcs->transport, s);
Stream_Free(s, TRUE);
Stream_Free(gcc_CCrsp, TRUE);
Stream_Free(server_data, TRUE);
return (status < 0) ? FALSE : TRUE;
error_write_connect_response:
Stream_Free(s, TRUE);
error_stream_s:
Stream_Free(gcc_CCrsp, TRUE);
error_data_blocks:
Stream_Free(server_data, TRUE);
return FALSE;
}
/**
* Read MCS Erect Domain Request.\n
* @msdn{cc240523}
* @param mcs
* @param s stream
*/
BOOL mcs_recv_erect_domain_request(rdpMcs* mcs, wStream* s)
{
UINT16 length;
UINT32 subHeight;
UINT32 subInterval;
enum DomainMCSPDU MCSPDU;
if (!mcs || !s)
return FALSE;
MCSPDU = DomainMCSPDU_ErectDomainRequest;
if (!mcs_read_domain_mcspdu_header(s, &MCSPDU, &length))
return FALSE;
if (!per_read_integer(s, &subHeight)) /* subHeight (INTEGER) */
return FALSE;
if (!per_read_integer(s, &subInterval)) /* subInterval (INTEGER) */
return FALSE;
return TRUE;
}
/**
* Send MCS Erect Domain Request.\n
* @msdn{cc240523}
* @param mcs
*/
BOOL mcs_send_erect_domain_request(rdpMcs* mcs)
{
wStream* s;
int status;
UINT16 length = 12;
if (!mcs)
return FALSE;
s = Stream_New(NULL, length);
if (!s)
{
WLog_ERR(TAG, "Stream_New failed!");
return FALSE;
}
mcs_write_domain_mcspdu_header(s, DomainMCSPDU_ErectDomainRequest, length, 0);
per_write_integer(s, 0); /* subHeight (INTEGER) */
per_write_integer(s, 0); /* subInterval (INTEGER) */
Stream_SealLength(s);
status = transport_write(mcs->transport, s);
Stream_Free(s, TRUE);
return (status < 0) ? FALSE : TRUE;
}
/**
* Read MCS Attach User Request.\n
* @msdn{cc240524}
* @param mcs mcs module
* @param s stream
*/
BOOL mcs_recv_attach_user_request(rdpMcs* mcs, wStream* s)
{
UINT16 length;
enum DomainMCSPDU MCSPDU;
if (!mcs || !s)
return FALSE;
MCSPDU = DomainMCSPDU_AttachUserRequest;
return mcs_read_domain_mcspdu_header(s, &MCSPDU, &length);
}
/**
* Send MCS Attach User Request.\n
* @msdn{cc240524}
* @param mcs mcs module
*/
BOOL mcs_send_attach_user_request(rdpMcs* mcs)
{
wStream* s;
int status;
UINT16 length = 8;
if (!mcs)
return FALSE;
s = Stream_New(NULL, length);
if (!s)
{
WLog_ERR(TAG, "Stream_New failed!");
return FALSE;
}
mcs_write_domain_mcspdu_header(s, DomainMCSPDU_AttachUserRequest, length, 0);
Stream_SealLength(s);
status = transport_write(mcs->transport, s);
Stream_Free(s, TRUE);
return (status < 0) ? FALSE : TRUE;
}
/**
* Read MCS Attach User Confirm.\n
* @msdn{cc240525}
* @param mcs mcs module
*/
BOOL mcs_recv_attach_user_confirm(rdpMcs* mcs, wStream* s)
{
BOOL status;
BYTE result;
UINT16 length;
enum DomainMCSPDU MCSPDU;
if (!mcs || !s)
return FALSE;
MCSPDU = DomainMCSPDU_AttachUserConfirm;
status = mcs_read_domain_mcspdu_header(s, &MCSPDU, &length) &&
per_read_enumerated(s, &result, MCS_Result_enum_length) && /* result */
per_read_integer16(s, &(mcs->userId), MCS_BASE_CHANNEL_ID); /* initiator (UserId) */
return status;
}
/**
* Send MCS Attach User Confirm.\n
* @msdn{cc240525}
* @param mcs mcs module
*/
BOOL mcs_send_attach_user_confirm(rdpMcs* mcs)
{
wStream* s;
int status;
UINT16 length = 11;
if (!mcs)
return FALSE;
s = Stream_New(NULL, length);
if (!s)
{
WLog_ERR(TAG, "Stream_New failed!");
return FALSE;
}
mcs->userId = mcs->baseChannelId++;
mcs_write_domain_mcspdu_header(s, DomainMCSPDU_AttachUserConfirm, length, 2);
per_write_enumerated(s, 0, MCS_Result_enum_length); /* result */
per_write_integer16(s, mcs->userId, MCS_BASE_CHANNEL_ID); /* initiator (UserId) */
Stream_SealLength(s);
status = transport_write(mcs->transport, s);
Stream_Free(s, TRUE);
return (status < 0) ? FALSE : TRUE;
}
/**
* Read MCS Channel Join Request.\n
* @msdn{cc240526}
* @param mcs mcs module
* @param s stream
*/
BOOL mcs_recv_channel_join_request(rdpMcs* mcs, wStream* s, UINT16* channelId)
{
UINT16 length;
UINT16 userId;
enum DomainMCSPDU MCSPDU;
if (!mcs || !s || !channelId)
return FALSE;
MCSPDU = DomainMCSPDU_ChannelJoinRequest;
return
mcs_read_domain_mcspdu_header(s, &MCSPDU, &length) &&
per_read_integer16(s, &userId, MCS_BASE_CHANNEL_ID) &&
(userId == mcs->userId) &&
per_read_integer16(s, channelId, 0);
}
/**
* Send MCS Channel Join Request.\n
* @msdn{cc240526}
* @param mcs mcs module
* @param channel_id channel id
*/
BOOL mcs_send_channel_join_request(rdpMcs* mcs, UINT16 channelId)
{
wStream* s;
int status;
UINT16 length = 12;
if (!mcs)
return FALSE;
s = Stream_New(NULL, length);
if (!s)
{
WLog_ERR(TAG, "Stream_New failed!");
return FALSE;
}
mcs_write_domain_mcspdu_header(s, DomainMCSPDU_ChannelJoinRequest, length, 0);
per_write_integer16(s, mcs->userId, MCS_BASE_CHANNEL_ID);
per_write_integer16(s, channelId, 0);
Stream_SealLength(s);
status = transport_write(mcs->transport, s);
Stream_Free(s, TRUE);
return (status < 0) ? FALSE : TRUE;
}
/**
* Read MCS Channel Join Confirm.\n
* @msdn{cc240527}
* @param mcs mcs module
*/
BOOL mcs_recv_channel_join_confirm(rdpMcs* mcs, wStream* s, UINT16* channelId)
{
BOOL status;
UINT16 length;
BYTE result;
UINT16 initiator;
UINT16 requested;
enum DomainMCSPDU MCSPDU;
if (!mcs || !s || !channelId)
return FALSE;
status = TRUE;
MCSPDU = DomainMCSPDU_ChannelJoinConfirm;
status &= mcs_read_domain_mcspdu_header(s, &MCSPDU, &length);
status &= per_read_enumerated(s, &result, MCS_Result_enum_length); /* result */
status &= per_read_integer16(s, &initiator, MCS_BASE_CHANNEL_ID); /* initiator (UserId) */
status &= per_read_integer16(s, &requested, 0); /* requested (ChannelId) */
status &= per_read_integer16(s, channelId, 0); /* channelId */
return status;
}
/**
* Send MCS Channel Join Confirm.\n
* @msdn{cc240527}
* @param mcs mcs module
*/
BOOL mcs_send_channel_join_confirm(rdpMcs* mcs, UINT16 channelId)
{
wStream* s;
int status;
UINT16 length = 15;
if (!mcs)
return FALSE;
s = Stream_New(NULL, length);
if (!s)
{
WLog_ERR(TAG, "Stream_New failed!");
return FALSE;
}
mcs_write_domain_mcspdu_header(s, DomainMCSPDU_ChannelJoinConfirm, length, 2);
per_write_enumerated(s, 0, MCS_Result_enum_length); /* result */
per_write_integer16(s, mcs->userId, MCS_BASE_CHANNEL_ID); /* initiator (UserId) */
per_write_integer16(s, channelId, 0); /* requested (ChannelId) */
per_write_integer16(s, channelId, 0); /* channelId */
Stream_SealLength(s);
status = transport_write(mcs->transport, s);
Stream_Free(s, TRUE);
return (status < 0) ? FALSE : TRUE;
}
/**
* Receive MCS Disconnect Provider Ultimatum PDU.\n
* @param mcs mcs module
*/
BOOL mcs_recv_disconnect_provider_ultimatum(rdpMcs* mcs, wStream* s, int* reason)
{
BYTE b1, b2;
if (!mcs || !s || !reason)
return FALSE;
/*
* http://msdn.microsoft.com/en-us/library/cc240872.aspx:
*
* PER encoded (ALIGNED variant of BASIC-PER) PDU contents:
* 21 80
*
* 0x21:
* 0 - --\
* 0 - |
* 1 - | CHOICE: From DomainMCSPDU select disconnectProviderUltimatum (8)
* 0 - | of type DisconnectProviderUltimatum
* 0 - |
* 0 - --/
* 0 - --\
* 1 - |
* | DisconnectProviderUltimatum::reason = rn-user-requested (3)
* 0x80: |
* 1 - --/
* 0 - padding
* 0 - padding
* 0 - padding
* 0 - padding
* 0 - padding
* 0 - padding
* 0 - padding
*/
if (Stream_GetRemainingLength(s) < 1)
return FALSE;
Stream_Rewind_UINT8(s);
Stream_Read_UINT8(s, b1);
Stream_Read_UINT8(s, b2);
*reason = ((b1 & 0x01) << 1) | (b2 >> 7);
return TRUE;
}
/**
* Send MCS Disconnect Provider Ultimatum PDU.\n
* @param mcs mcs module
*/
BOOL mcs_send_disconnect_provider_ultimatum(rdpMcs* mcs)
{
wStream* s;
int status;
UINT16 length = 9;
if (!mcs)
return FALSE;
s = Stream_New(NULL, length);
if (!s)
{
WLog_ERR(TAG, "Stream_New failed!");
return FALSE;
}
mcs_write_domain_mcspdu_header(s, DomainMCSPDU_DisconnectProviderUltimatum, length, 1);
per_write_enumerated(s, 0x80, 0);
status = transport_write(mcs->transport, s);
Stream_Free(s, TRUE);
return (status < 0) ? FALSE : TRUE;
}
BOOL mcs_client_begin(rdpMcs* mcs)
{
rdpContext* context;
if (!mcs || !mcs->transport)
return FALSE;
context = mcs->transport->context;
if (!context)
return FALSE;
if (!mcs_send_connect_initial(mcs))
{
if (!freerdp_get_last_error(context))
freerdp_set_last_error(context, FREERDP_ERROR_MCS_CONNECT_INITIAL_ERROR);
WLog_ERR(TAG, "Error: unable to send MCS Connect Initial");
return FALSE;
}
rdp_client_transition_to_state(context->rdp, CONNECTION_STATE_MCS_CONNECT);
return TRUE;
}
/**
* Instantiate new MCS module.
* @param transport transport
* @return new MCS module
*/
rdpMcs* mcs_new(rdpTransport* transport)
{
rdpMcs* mcs;
if (!transport)
return NULL;
mcs = (rdpMcs*) calloc(1, sizeof(rdpMcs));
if (!mcs)
return NULL;
mcs->transport = transport;
mcs->settings = transport->settings;
mcs_init_domain_parameters(&mcs->targetParameters, 34, 2, 0, 0xFFFF);
mcs_init_domain_parameters(&mcs->minimumParameters, 1, 1, 1, 0x420);
mcs_init_domain_parameters(&mcs->maximumParameters, 0xFFFF, 0xFC17, 0xFFFF, 0xFFFF);
mcs_init_domain_parameters(&mcs->domainParameters, 0, 0, 0, 0xFFFF);
mcs->channelCount = 0;
mcs->channelMaxCount = CHANNEL_MAX_COUNT;
mcs->baseChannelId = MCS_GLOBAL_CHANNEL_ID + 1;
mcs->channels = (rdpMcsChannel*) calloc(mcs->channelMaxCount, sizeof(rdpMcsChannel));
if (!mcs->channels)
goto out_free;
return mcs;
out_free:
free(mcs);
return NULL;
}
/**
* Free MCS module.
* @param mcs MCS module to be freed
*/
void mcs_free(rdpMcs* mcs)
{
if (mcs)
{
free(mcs->channels);
free(mcs);
}
}