boolean rdp_client_redirect(rdpRdp* rdp)
{
rdpSettings* settings = rdp->settings;
rdpRedirection* redirection = rdp->redirection;
rdp_client_disconnect(rdp);
mcs_free(rdp->mcs);
nego_free(rdp->nego);
license_free(rdp->license);
transport_free(rdp->transport);
rdp->transport = transport_new(settings);
rdp->license = license_new(rdp);
rdp->nego = nego_new(rdp->transport);
rdp->mcs = mcs_new(rdp->transport);
rdp->transport->layer = TRANSPORT_LAYER_TCP;
settings->redirected_session_id = redirection->sessionID;
if (redirection->flags & LB_LOAD_BALANCE_INFO)
nego_set_routing_token(rdp->nego, &redirection->loadBalanceInfo);
if (redirection->flags & LB_TARGET_NET_ADDRESS)
settings->hostname = redirection->targetNetAddress.ascii;
else if (redirection->flags & LB_TARGET_NETBIOS_NAME)
settings->hostname = redirection->targetNetBiosName.ascii;
if (redirection->flags & LB_USERNAME)
settings->username = redirection->username.ascii;
if (redirection->flags & LB_DOMAIN)
settings->domain = redirection->domain.ascii;
return rdp_client_connect(rdp);
}
BOOL rdp_client_redirect(rdpRdp* rdp)
{
BOOL status;
rdpSettings* settings = rdp->settings;
rdp_client_disconnect(rdp);
if (rdp_redirection_apply_settings(rdp) != 0)
return FALSE;
if (settings->RedirectionFlags & LB_LOAD_BALANCE_INFO)
{
if (!nego_set_routing_token(rdp->nego, settings->LoadBalanceInfo, settings->LoadBalanceInfoLength))
return FALSE;
}
else
{
if (settings->RedirectionFlags & LB_TARGET_FQDN)
{
free(settings->ServerHostname);
settings->ServerHostname = _strdup(settings->RedirectionTargetFQDN);
if (!settings->ServerHostname)
return FALSE;
}
else if (settings->RedirectionFlags & LB_TARGET_NET_ADDRESS)
{
free(settings->ServerHostname);
settings->ServerHostname = _strdup(settings->TargetNetAddress);
if (!settings->ServerHostname)
return FALSE;
}
else if (settings->RedirectionFlags & LB_TARGET_NETBIOS_NAME)
{
free(settings->ServerHostname);
settings->ServerHostname = _strdup(settings->RedirectionTargetNetBiosName);
if (!settings->ServerHostname)
return FALSE;
}
}
if (settings->RedirectionFlags & LB_USERNAME)
{
free(settings->Username);
settings->Username = _strdup(settings->RedirectionUsername);
if (!settings->Username)
return FALSE;
}
if (settings->RedirectionFlags & LB_DOMAIN)
{
free(settings->Domain);
settings->Domain = _strdup(settings->RedirectionDomain);
if (!settings->Domain)
return FALSE;
}
status = rdp_client_connect(rdp);
return status;
}
static BOOL nego_read_request_token_or_cookie(rdpNego* nego, wStream* s)
{
/* routingToken and cookie are optional and mutually exclusive!
*
* routingToken (variable): An optional and variable-length routing
* token (used for load balancing) terminated by a 0x0D0A two-byte
* sequence: (check [MSFT-SDLBTS] for details!)
* Cookie:[space]msts=[ip address].[port].[reserved][\x0D\x0A]
*
* cookie (variable): An optional and variable-length ANSI character
* string terminated by a 0x0D0A two-byte sequence:
* Cookie:[space]mstshash=[ANSISTRING][\x0D\x0A]
*/
BYTE *str = NULL;
UINT16 crlf = 0;
int pos, len;
BOOL result = FALSE;
BOOL isToken = FALSE;
str = Stream_Pointer(s);
pos = Stream_GetPosition(s);
/* minimum length for cookie is 15 */
if (Stream_GetRemainingLength(s) < 15)
return TRUE;
if (!memcmp(Stream_Pointer(s), "Cookie: msts=", 13))
{
isToken = TRUE;
Stream_Seek(s, 13);
}
else
{
/* not a cookie, minimum length for token is 19 */
if (Stream_GetRemainingLength(s) < 19)
return TRUE;
if (memcmp(Stream_Pointer(s), "Cookie: mstshash=", 17))
return TRUE;
Stream_Seek(s, 17);
}
while (Stream_GetRemainingLength(s) >= 2)
{
Stream_Read_UINT16(s, crlf);
if (crlf == 0x0A0D)
break;
Stream_Rewind(s, 1);
}
if (crlf == 0x0A0D)
{
Stream_Rewind(s, 2);
len = Stream_GetPosition(s) - pos;
Stream_Write_UINT16(s, 0);
if (strlen((char*)str) == len)
{
if (isToken)
result = nego_set_routing_token(nego, str, len);
else
result = nego_set_cookie(nego, (char*)str);
}
}
if (!result)
{
Stream_SetPosition(s, pos);
WLog_ERR(TAG, "invalid %s received",
isToken ? "routing token" : "cookie");
}
else
{
WLog_DBG(TAG, "received %s [%s]",
isToken ? "routing token" : "cookie", str);
}
return result;
}
BOOL rdp_client_connect(rdpRdp* rdp)
{
rdpSettings* settings = rdp->settings;
if (rdp->settingsCopy)
{
freerdp_settings_free(rdp->settingsCopy);
rdp->settingsCopy = NULL;
}
rdp->settingsCopy = freerdp_settings_clone(settings);
nego_init(rdp->nego);
nego_set_target(rdp->nego, settings->ServerHostname, settings->ServerPort);
if (settings->GatewayEnabled)
{
char* user = NULL;
char* domain = NULL;
char* cookie = NULL;
int user_length = 0;
int domain_length = 0;
int cookie_length = 0;
if (settings->Username)
{
user = settings->Username;
user_length = strlen(settings->Username);
}
if (settings->Domain)
domain = settings->Domain;
else
domain = settings->ComputerName;
domain_length = strlen(domain);
cookie_length = domain_length + 1 + user_length;
cookie = (char*) malloc(cookie_length + 1);
CopyMemory(cookie, domain, domain_length);
CharUpperBuffA(cookie, domain_length);
cookie[domain_length] = '\\';
if (settings->Username)
CopyMemory(&cookie[domain_length + 1], user, user_length);
cookie[cookie_length] = '\0';
nego_set_cookie(rdp->nego, cookie);
free(cookie);
}
else
{
nego_set_cookie(rdp->nego, settings->Username);
}
nego_set_send_preconnection_pdu(rdp->nego, settings->SendPreconnectionPdu);
nego_set_preconnection_id(rdp->nego, settings->PreconnectionId);
nego_set_preconnection_blob(rdp->nego, settings->PreconnectionBlob);
nego_set_negotiation_enabled(rdp->nego, settings->NegotiateSecurityLayer);
nego_set_restricted_admin_mode_required(rdp->nego, settings->RestrictedAdminModeRequired);
nego_enable_rdp(rdp->nego, settings->RdpSecurity);
nego_enable_tls(rdp->nego, settings->TlsSecurity);
nego_enable_nla(rdp->nego, settings->NlaSecurity);
nego_enable_ext(rdp->nego, settings->ExtSecurity);
if (settings->MstscCookieMode)
settings->CookieMaxLength = MSTSC_COOKIE_MAX_LENGTH;
nego_set_cookie_max_length(rdp->nego, settings->CookieMaxLength);
if (settings->LoadBalanceInfo)
nego_set_routing_token(rdp->nego, settings->LoadBalanceInfo, settings->LoadBalanceInfoLength);
if (!nego_connect(rdp->nego))
{
fprintf(stderr, "Error: protocol security negotiation or connection failure\n");
return FALSE;
}
if ((rdp->nego->selected_protocol & PROTOCOL_TLS) || (rdp->nego->selected_protocol == PROTOCOL_RDP))
{
if ((settings->Username != NULL) && ((settings->Password != NULL) ||
(settings->RedirectionPassword != NULL && settings->RedirectionPasswordLength > 0)))
settings->AutoLogonEnabled = TRUE;
}
rdp_set_blocking_mode(rdp, FALSE);
rdp_client_transition_to_state(rdp, CONNECTION_STATE_NEGO);
rdp->finalize_sc_pdus = 0;
if (!mcs_send_connect_initial(rdp->mcs))
{
if (!connectErrorCode)
{
connectErrorCode = MCSCONNECTINITIALERROR;
}
fprintf(stderr, "Error: unable to send MCS Connect Initial\n");
return FALSE;
}
while (rdp->state != CONNECTION_STATE_ACTIVE)
{
if (rdp_check_fds(rdp) < 0)
return FALSE;
}
return TRUE;
}
boolean rdp_client_redirect(rdpRdp* rdp)
{
rdpSettings* settings = rdp->settings;
rdpRedirection* redirection = rdp->redirection;
rdp_client_disconnect(rdp);
/* FIXME: this is a subset of rdp_free */
crypto_rc4_free(rdp->rc4_decrypt_key);
crypto_rc4_free(rdp->rc4_encrypt_key);
crypto_des3_free(rdp->fips_encrypt);
crypto_des3_free(rdp->fips_decrypt);
crypto_hmac_free(rdp->fips_hmac);
mcs_free(rdp->mcs);
nego_free(rdp->nego);
license_free(rdp->license);
transport_free(rdp->transport);
/* FIXME: this is a subset of settings_free */
freerdp_blob_free(settings->server_random);
freerdp_blob_free(settings->server_certificate);
xfree(settings->ip_address);
rdp->transport = transport_new(settings);
rdp->license = license_new(rdp);
rdp->nego = nego_new(rdp->transport);
rdp->mcs = mcs_new(rdp->transport);
rdp->transport->layer = TRANSPORT_LAYER_TCP;
settings->redirected_session_id = redirection->sessionID;
if (redirection->flags & LB_LOAD_BALANCE_INFO)
{
nego_set_routing_token(rdp->nego, &redirection->loadBalanceInfo);
}
else
{
if (redirection->flags & LB_TARGET_NET_ADDRESS)
{
xfree(settings->hostname);
settings->hostname = xstrdup(redirection->targetNetAddress.ascii);
}
else if (redirection->flags & LB_TARGET_FQDN)
{
xfree(settings->hostname);
settings->hostname = xstrdup(redirection->targetFQDN.ascii);
}
else if (redirection->flags & LB_TARGET_NETBIOS_NAME)
{
xfree(settings->hostname);
settings->hostname = xstrdup(redirection->targetNetBiosName.ascii);
}
}
if (redirection->flags & LB_USERNAME)
{
xfree(settings->username);
settings->username = xstrdup(redirection->username.ascii);
}
if (redirection->flags & LB_DOMAIN)
{
xfree(settings->domain);
settings->domain = xstrdup(redirection->domain.ascii);
}
if (redirection->flags & LB_PASSWORD)
{
settings->password_cookie = &redirection->password_cookie;
}
return rdp_client_connect(rdp);
}
BOOL rdp_client_redirect(rdpRdp* rdp)
{
rdpSettings* settings = rdp->settings;
rdpRedirection* redirection = rdp->redirection;
rdp_client_disconnect(rdp);
/* FIXME: this is a subset of rdp_free */
crypto_rc4_free(rdp->rc4_decrypt_key);
crypto_rc4_free(rdp->rc4_encrypt_key);
crypto_des3_free(rdp->fips_encrypt);
crypto_des3_free(rdp->fips_decrypt);
crypto_hmac_free(rdp->fips_hmac);
mcs_free(rdp->mcs);
nego_free(rdp->nego);
license_free(rdp->license);
transport_free(rdp->transport);
free(settings->ServerRandom);
free(settings->ServerCertificate);
free(settings->ClientAddress);
rdp->transport = transport_new(settings);
rdp->license = license_new(rdp);
rdp->nego = nego_new(rdp->transport);
rdp->mcs = mcs_new(rdp->transport);
rdp->transport->layer = TRANSPORT_LAYER_TCP;
settings->RedirectedSessionId = redirection->sessionID;
if (redirection->flags & LB_LOAD_BALANCE_INFO)
{
nego_set_routing_token(rdp->nego, redirection->LoadBalanceInfo, redirection->LoadBalanceInfoLength);
}
else
{
if (redirection->flags & LB_TARGET_NET_ADDRESS)
{
free(settings->ServerHostname);
settings->ServerHostname = _strdup(redirection->targetNetAddress.ascii);
}
else if (redirection->flags & LB_TARGET_FQDN)
{
free(settings->ServerHostname);
settings->ServerHostname = _strdup(redirection->targetFQDN.ascii);
}
else if (redirection->flags & LB_TARGET_NETBIOS_NAME)
{
free(settings->ServerHostname);
settings->ServerHostname = _strdup(redirection->targetNetBiosName.ascii);
}
}
if (redirection->flags & LB_USERNAME)
{
free(settings->Username);
settings->Username = _strdup(redirection->username.ascii);
}
if (redirection->flags & LB_DOMAIN)
{
free(settings->Domain);
settings->Domain = _strdup(redirection->domain.ascii);
}
if (redirection->flags & LB_PASSWORD)
{
settings->RedirectionPassword = redirection->PasswordCookie;
settings->RedirectionPasswordLength = redirection->PasswordCookieLength;
}
return rdp_client_connect(rdp);
}
tbool rdp_client_redirect(rdpRdp* rdp)
{
rdpSettings* settings = rdp->settings;
rdpRedirection* redirection = rdp->redirection;
rdp_client_disconnect(rdp);
mcs_free(rdp->mcs);
nego_free(rdp->nego);
license_free(rdp->license);
transport_free(rdp->transport);
rdp->transport = transport_new(settings);
rdp->license = license_new(rdp);
rdp->nego = nego_new(rdp->transport);
rdp->mcs = mcs_new(rdp->transport);
rdp->transport->layer = TRANSPORT_LAYER_TCP;
settings->redirected_session_id = redirection->sessionID;
if (redirection->flags & LB_LOAD_BALANCE_INFO)
{
nego_set_routing_token(rdp->nego, &redirection->loadBalanceInfo);
}
else
{
if (redirection->flags & LB_TARGET_NET_ADDRESS)
{
xfree(settings->hostname);
settings->hostname = xstrdup(redirection->targetNetAddress.ascii);
}
else if (redirection->flags & LB_TARGET_FQDN)
{
xfree(settings->hostname);
settings->hostname = xstrdup(redirection->targetFQDN.ascii);
}
else if (redirection->flags & LB_TARGET_NETBIOS_NAME)
{
xfree(settings->hostname);
settings->hostname = xstrdup(redirection->targetNetBiosName.ascii);
}
}
if (redirection->flags & LB_USERNAME)
{
xfree(settings->username);
settings->username = xstrdup(redirection->username.ascii);
}
if (redirection->flags & LB_DOMAIN)
{
xfree(settings->domain);
settings->domain = xstrdup(redirection->domain.ascii);
}
if (redirection->flags & LB_PASSWORD)
{
settings->password_cookie = &redirection->password_cookie;
}
return rdp_client_connect(rdp);
}
BOOL rdp_client_connect(rdpRdp* rdp)
{
BOOL status;
rdpSettings* settings = rdp->settings;
if (rdp->settingsCopy)
{
freerdp_settings_free(rdp->settingsCopy);
rdp->settingsCopy = NULL;
}
rdp->settingsCopy = freerdp_settings_clone(settings);
if (!rdp->settingsCopy)
return FALSE;
nego_init(rdp->nego);
nego_set_target(rdp->nego, settings->ServerHostname, settings->ServerPort);
if (settings->GatewayEnabled)
{
char* user = NULL;
char* domain = NULL;
char* cookie = NULL;
int user_length = 0;
int domain_length = 0;
int cookie_length = 0;
if (settings->Username)
{
user = settings->Username;
user_length = strlen(settings->Username);
}
if (settings->Domain)
domain = settings->Domain;
else
domain = settings->ComputerName;
domain_length = strlen(domain);
cookie_length = domain_length + 1 + user_length;
cookie = (char*) malloc(cookie_length + 1);
if (!cookie)
return FALSE;
CopyMemory(cookie, domain, domain_length);
CharUpperBuffA(cookie, domain_length);
cookie[domain_length] = '\\';
if (settings->Username)
CopyMemory(&cookie[domain_length + 1], user, user_length);
cookie[cookie_length] = '\0';
status = nego_set_cookie(rdp->nego, cookie);
free(cookie);
}
else
{
status = nego_set_cookie(rdp->nego, settings->Username);
}
if (!status)
return FALSE;
nego_set_send_preconnection_pdu(rdp->nego, settings->SendPreconnectionPdu);
nego_set_preconnection_id(rdp->nego, settings->PreconnectionId);
nego_set_preconnection_blob(rdp->nego, settings->PreconnectionBlob);
nego_set_negotiation_enabled(rdp->nego, settings->NegotiateSecurityLayer);
nego_set_restricted_admin_mode_required(rdp->nego, settings->RestrictedAdminModeRequired);
nego_set_gateway_enabled(rdp->nego, settings->GatewayEnabled);
nego_set_gateway_bypass_local(rdp->nego, settings->GatewayBypassLocal);
nego_enable_rdp(rdp->nego, settings->RdpSecurity);
nego_enable_tls(rdp->nego, settings->TlsSecurity);
nego_enable_nla(rdp->nego, settings->NlaSecurity);
nego_enable_ext(rdp->nego, settings->ExtSecurity);
if (settings->MstscCookieMode)
settings->CookieMaxLength = MSTSC_COOKIE_MAX_LENGTH;
nego_set_cookie_max_length(rdp->nego, settings->CookieMaxLength);
if (settings->LoadBalanceInfo)
{
if (!nego_set_routing_token(rdp->nego, settings->LoadBalanceInfo, settings->LoadBalanceInfoLength))
return FALSE;
}
rdp_client_transition_to_state(rdp, CONNECTION_STATE_NEGO);
if (!nego_connect(rdp->nego))
{
if (!freerdp_get_last_error(rdp->context))
freerdp_set_last_error(rdp->context, FREERDP_ERROR_SECURITY_NEGO_CONNECT_FAILED);
WLog_ERR(TAG, "Error: protocol security negotiation or connection failure");
return FALSE;
}
if ((rdp->nego->SelectedProtocol & PROTOCOL_TLS) || (rdp->nego->SelectedProtocol == PROTOCOL_RDP))
{
if ((settings->Username != NULL) && ((settings->Password != NULL) ||
(settings->RedirectionPassword != NULL && settings->RedirectionPasswordLength > 0)))
settings->AutoLogonEnabled = TRUE;
}
/* everything beyond this point is event-driven and non blocking */
rdp->transport->ReceiveCallback = rdp_recv_callback;
rdp->transport->ReceiveExtra = rdp;
transport_set_blocking_mode(rdp->transport, FALSE);
if (rdp->state != CONNECTION_STATE_NLA)
{
if (!mcs_client_begin(rdp->mcs))
return FALSE;
}
while (rdp->state != CONNECTION_STATE_ACTIVE)
{
if (rdp_check_fds(rdp) < 0)
{
if (!freerdp_get_last_error(rdp->context))
freerdp_set_last_error(rdp->context, FREERDP_ERROR_CONNECT_TRANSPORT_FAILED);
return FALSE;
}
}
return TRUE;
}
BOOL rdp_client_connect(rdpRdp* rdp)
{
BOOL status;
rdpSettings* settings = rdp->settings;
/* make sure SSL is initialize for earlier enough for crypto, by taking advantage of winpr SSL FIPS flag for openssl initialization */
DWORD flags = WINPR_SSL_INIT_DEFAULT;
if (settings->FIPSMode)
flags |= WINPR_SSL_INIT_ENABLE_FIPS;
winpr_InitializeSSL(flags);
/* FIPS Mode forces the following and overrides the following(by happening later */
/* in the command line processing): */
/* 1. Disables NLA Security since NLA in freerdp uses NTLM(no Kerberos support yet) which uses algorithms */
/* not allowed in FIPS for sensitive data. So, we disallow NLA when FIPS is required. */
/* 2. Forces the only supported RDP encryption method to be FIPS. */
if (settings->FIPSMode || winpr_FIPSMode())
{
settings->NlaSecurity = FALSE;
settings->EncryptionMethods = ENCRYPTION_METHOD_FIPS;
}
nego_init(rdp->nego);
nego_set_target(rdp->nego, settings->ServerHostname, settings->ServerPort);
if (settings->GatewayEnabled)
{
char* user = NULL;
char* domain = NULL;
char* cookie = NULL;
int user_length = 0;
int domain_length = 0;
int cookie_length = 0;
if (settings->Username)
{
user = settings->Username;
user_length = strlen(settings->Username);
}
if (settings->Domain)
domain = settings->Domain;
else
domain = settings->ComputerName;
domain_length = strlen(domain);
cookie_length = domain_length + 1 + user_length;
cookie = (char*) malloc(cookie_length + 1);
if (!cookie)
return FALSE;
CopyMemory(cookie, domain, domain_length);
CharUpperBuffA(cookie, domain_length);
cookie[domain_length] = '\\';
if (settings->Username)
CopyMemory(&cookie[domain_length + 1], user, user_length);
cookie[cookie_length] = '\0';
status = nego_set_cookie(rdp->nego, cookie);
free(cookie);
}
else
{
status = nego_set_cookie(rdp->nego, settings->Username);
}
if (!status)
return FALSE;
nego_set_send_preconnection_pdu(rdp->nego, settings->SendPreconnectionPdu);
nego_set_preconnection_id(rdp->nego, settings->PreconnectionId);
nego_set_preconnection_blob(rdp->nego, settings->PreconnectionBlob);
nego_set_negotiation_enabled(rdp->nego, settings->NegotiateSecurityLayer);
nego_set_restricted_admin_mode_required(rdp->nego, settings->RestrictedAdminModeRequired);
nego_set_gateway_enabled(rdp->nego, settings->GatewayEnabled);
nego_set_gateway_bypass_local(rdp->nego, settings->GatewayBypassLocal);
nego_enable_rdp(rdp->nego, settings->RdpSecurity);
nego_enable_tls(rdp->nego, settings->TlsSecurity);
nego_enable_nla(rdp->nego, settings->NlaSecurity);
nego_enable_ext(rdp->nego, settings->ExtSecurity);
if (settings->MstscCookieMode)
settings->CookieMaxLength = MSTSC_COOKIE_MAX_LENGTH;
nego_set_cookie_max_length(rdp->nego, settings->CookieMaxLength);
if (settings->LoadBalanceInfo)
{
if (!nego_set_routing_token(rdp->nego, settings->LoadBalanceInfo, settings->LoadBalanceInfoLength))
return FALSE;
}
rdp_client_transition_to_state(rdp, CONNECTION_STATE_NEGO);
if (!nego_connect(rdp->nego))
{
if (!freerdp_get_last_error(rdp->context))
freerdp_set_last_error(rdp->context, FREERDP_ERROR_SECURITY_NEGO_CONNECT_FAILED);
WLog_ERR(TAG, "Error: protocol security negotiation or connection failure");
return FALSE;
}
if ((rdp->nego->SelectedProtocol & PROTOCOL_TLS) || (rdp->nego->SelectedProtocol == PROTOCOL_RDP))
{
if ((settings->Username != NULL) && ((settings->Password != NULL) ||
(settings->RedirectionPassword != NULL && settings->RedirectionPasswordLength > 0)))
settings->AutoLogonEnabled = TRUE;
}
/* everything beyond this point is event-driven and non blocking */
rdp->transport->ReceiveCallback = rdp_recv_callback;
rdp->transport->ReceiveExtra = rdp;
transport_set_blocking_mode(rdp->transport, FALSE);
if (rdp->state != CONNECTION_STATE_NLA)
{
if (!mcs_client_begin(rdp->mcs))
return FALSE;
}
while (rdp->state != CONNECTION_STATE_ACTIVE)
{
if (rdp_check_fds(rdp) < 0)
{
if (!freerdp_get_last_error(rdp->context))
freerdp_set_last_error(rdp->context, FREERDP_ERROR_CONNECT_TRANSPORT_FAILED);
return FALSE;
}
}
return TRUE;
}
