rdpTls* tls_new(rdpSettings* settings)
{
rdpTls* tls;
tls = (rdpTls*) calloc(1, sizeof(rdpTls));
if (!tls)
return NULL;
winpr_InitializeSSL(WINPR_SSL_INIT_DEFAULT);
tls->settings = settings;
if (!settings->ServerMode)
{
tls->certificate_store = certificate_store_new(settings);
if (!tls->certificate_store)
goto out_free;
}
tls->alertLevel = TLS_ALERT_LEVEL_WARNING;
tls->alertDescription = TLS_ALERT_DESCRIPTION_CLOSE_NOTIFY;
return tls;
out_free:
free(tls);
return NULL;
}
void sspi_GlobalInit()
{
if (!sspi_initialized)
{
winpr_InitializeSSL(WINPR_SSL_INIT_DEFAULT);
sspi_ContextBufferAllocTableNew();
sspi_initialized = TRUE;
}
}
SCHANNEL_OPENSSL* schannel_openssl_new()
{
SCHANNEL_OPENSSL* context;
context = (SCHANNEL_OPENSSL*) calloc(1, sizeof(SCHANNEL_OPENSSL));
if (context != NULL)
{
winpr_InitializeSSL(WINPR_SSL_INIT_DEFAULT);
context->connected = FALSE;
}
return context;
}
int TestCommonAssistance(int argc, char* argv[])
{
wLog* log = WLog_Get(__FUNCTION__);
winpr_InitializeSSL(WINPR_SSL_INIT_DEFAULT);
if (!test_msrsc_incident_file_type1(log))
{
WLog_Print(log, WLOG_ERROR, "test_msrsc_incident_file_type1 failed");
return -1;
}
if (!test_msrsc_incident_file_type2(log))
{
WLog_Print(log, WLOG_ERROR, "test_msrsc_incident_file_type1 failed");
return -1;
}
return 0;
}
static BOOL CALLBACK sspi_init(PINIT_ONCE InitOnce, PVOID Parameter, PVOID* Context)
{
winpr_InitializeSSL(WINPR_SSL_INIT_DEFAULT);
sspi_ContextBufferAllocTableNew();
return TRUE;
}
BOOL rdp_client_connect(rdpRdp* rdp)
{
BOOL status;
rdpSettings* settings = rdp->settings;
/* make sure SSL is initialize for earlier enough for crypto, by taking advantage of winpr SSL FIPS flag for openssl initialization */
DWORD flags = WINPR_SSL_INIT_DEFAULT;
if (settings->FIPSMode)
flags |= WINPR_SSL_INIT_ENABLE_FIPS;
winpr_InitializeSSL(flags);
/* FIPS Mode forces the following and overrides the following(by happening later */
/* in the command line processing): */
/* 1. Disables NLA Security since NLA in freerdp uses NTLM(no Kerberos support yet) which uses algorithms */
/* not allowed in FIPS for sensitive data. So, we disallow NLA when FIPS is required. */
/* 2. Forces the only supported RDP encryption method to be FIPS. */
if (settings->FIPSMode || winpr_FIPSMode())
{
settings->NlaSecurity = FALSE;
settings->EncryptionMethods = ENCRYPTION_METHOD_FIPS;
}
nego_init(rdp->nego);
nego_set_target(rdp->nego, settings->ServerHostname, settings->ServerPort);
if (settings->GatewayEnabled)
{
char* user = NULL;
char* domain = NULL;
char* cookie = NULL;
int user_length = 0;
int domain_length = 0;
int cookie_length = 0;
if (settings->Username)
{
user = settings->Username;
user_length = strlen(settings->Username);
}
if (settings->Domain)
domain = settings->Domain;
else
domain = settings->ComputerName;
domain_length = strlen(domain);
cookie_length = domain_length + 1 + user_length;
cookie = (char*) malloc(cookie_length + 1);
if (!cookie)
return FALSE;
CopyMemory(cookie, domain, domain_length);
CharUpperBuffA(cookie, domain_length);
cookie[domain_length] = '\\';
if (settings->Username)
CopyMemory(&cookie[domain_length + 1], user, user_length);
cookie[cookie_length] = '\0';
status = nego_set_cookie(rdp->nego, cookie);
free(cookie);
}
else
{
status = nego_set_cookie(rdp->nego, settings->Username);
}
if (!status)
return FALSE;
nego_set_send_preconnection_pdu(rdp->nego, settings->SendPreconnectionPdu);
nego_set_preconnection_id(rdp->nego, settings->PreconnectionId);
nego_set_preconnection_blob(rdp->nego, settings->PreconnectionBlob);
nego_set_negotiation_enabled(rdp->nego, settings->NegotiateSecurityLayer);
nego_set_restricted_admin_mode_required(rdp->nego, settings->RestrictedAdminModeRequired);
nego_set_gateway_enabled(rdp->nego, settings->GatewayEnabled);
nego_set_gateway_bypass_local(rdp->nego, settings->GatewayBypassLocal);
nego_enable_rdp(rdp->nego, settings->RdpSecurity);
nego_enable_tls(rdp->nego, settings->TlsSecurity);
nego_enable_nla(rdp->nego, settings->NlaSecurity);
nego_enable_ext(rdp->nego, settings->ExtSecurity);
if (settings->MstscCookieMode)
settings->CookieMaxLength = MSTSC_COOKIE_MAX_LENGTH;
nego_set_cookie_max_length(rdp->nego, settings->CookieMaxLength);
if (settings->LoadBalanceInfo)
{
if (!nego_set_routing_token(rdp->nego, settings->LoadBalanceInfo, settings->LoadBalanceInfoLength))
return FALSE;
}
rdp_client_transition_to_state(rdp, CONNECTION_STATE_NEGO);
if (!nego_connect(rdp->nego))
{
if (!freerdp_get_last_error(rdp->context))
freerdp_set_last_error(rdp->context, FREERDP_ERROR_SECURITY_NEGO_CONNECT_FAILED);
WLog_ERR(TAG, "Error: protocol security negotiation or connection failure");
return FALSE;
}
if ((rdp->nego->SelectedProtocol & PROTOCOL_TLS) || (rdp->nego->SelectedProtocol == PROTOCOL_RDP))
{
if ((settings->Username != NULL) && ((settings->Password != NULL) ||
(settings->RedirectionPassword != NULL && settings->RedirectionPasswordLength > 0)))
settings->AutoLogonEnabled = TRUE;
}
/* everything beyond this point is event-driven and non blocking */
rdp->transport->ReceiveCallback = rdp_recv_callback;
rdp->transport->ReceiveExtra = rdp;
transport_set_blocking_mode(rdp->transport, FALSE);
if (rdp->state != CONNECTION_STATE_NLA)
{
if (!mcs_client_begin(rdp->mcs))
return FALSE;
}
while (rdp->state != CONNECTION_STATE_ACTIVE)
{
if (rdp_check_fds(rdp) < 0)
{
if (!freerdp_get_last_error(rdp->context))
freerdp_set_last_error(rdp->context, FREERDP_ERROR_CONNECT_TRANSPORT_FAILED);
return FALSE;
}
}
return TRUE;
}
int main(int argc, char* argv[])
{
WSADATA wsaData;
freerdp_listener* instance;
char* file;
char name[MAX_PATH];
long port = 3389, i;
BOOL localOnly = FALSE;
errno = 0;
for (i = 1; i < argc; i++)
{
char* arg = argv[i];
if (strncmp(arg, "--fast", 7) == 0)
test_dump_rfx_realtime = FALSE;
else if (strncmp(arg, "--port=", 7) == 0)
{
StrSep(&arg, "=");
if (!arg)
return -1;
port = strtol(arg, NULL, 10);
if ((port < 1) || (port > 0xFFFF) || (errno != 0))
return -1;
}
else if (strcmp(arg, "--local-only"))
localOnly = TRUE;
else if (strncmp(arg, "--", 2))
test_pcap_file = arg;
}
WTSRegisterWtsApiFunctionTable(FreeRDP_InitWtsApi());
winpr_InitializeSSL(WINPR_SSL_INIT_DEFAULT);
instance = freerdp_listener_new();
if (!instance)
return -1;
instance->PeerAccepted = test_peer_accepted;
if (WSAStartup(MAKEWORD(2, 2), &wsaData) != 0)
{
freerdp_listener_free(instance);
return -1;
}
/* Open the server socket and start listening. */
sprintf_s(name, sizeof(name), "tfreerdp-server.%ld", port);
file = GetKnownSubPath(KNOWN_PATH_TEMP, name);
if (!file)
{
freerdp_listener_free(instance);
WSACleanup();
return -1;
}
if ((localOnly || instance->Open(instance, NULL, port)) &&
instance->OpenLocal(instance, file))
{
/* Entering the server main loop. In a real server the listener can be run in its own thread. */
test_server_mainloop(instance);
}
free(file);
freerdp_listener_free(instance);
WSACleanup();
return 0;
}
