/src/FreeRDP/libfreerdp/core/gcc.c

Source (jump to first uncovered line)
/**
 * FreeRDP: A Remote Desktop Protocol Implementation
 * T.124 Generic Conference Control (GCC)
 *
 * Copyright 2011 Marc-Andre Moreau <marcandre.moreau@gmail.com>
 * Copyright 2014 Norbert Federa <norbert.federa@thincast.com>
 * Copyright 2014 DI (FH) Martin Haimberger <martin.haimberger@thincast.com>
 * Copyright 2023 Armin Novak <anovak@thincast.com>
 * Copyright 2023 Thincast Technologies GmbH
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

#include <freerdp/config.h>

#include "settings.h"

#include <winpr/crt.h>
#include <winpr/crypto.h>
#include <winpr/assert.h>

#include <freerdp/log.h>
#include <freerdp/utils/string.h>
#include <freerdp/crypto/certificate.h>

#include "utils.h"
#include "gcc.h"
#include "nego.h"

#include "../crypto/certificate.h"

#define TAG FREERDP_TAG("core.gcc")

typedef enum
{
  HIGH_COLOR_4BPP = 0x04,
  HIGH_COLOR_8BPP = 0x08,
  HIGH_COLOR_15BPP = 0x0F,
  HIGH_COLOR_16BPP = 0x10,
  HIGH_COLOR_24BPP = 0x18,
} HIGH_COLOR_DEPTH;

static const char* HighColorToString(HIGH_COLOR_DEPTH color)
{
  switch (color)
  {
    case HIGH_COLOR_4BPP:
      return "HIGH_COLOR_4BPP";
    case HIGH_COLOR_8BPP:
      return "HIGH_COLOR_8BPP";
    case HIGH_COLOR_15BPP:
      return "HIGH_COLOR_15BPP";
    case HIGH_COLOR_16BPP:
      return "HIGH_COLOR_16BPP";
    case HIGH_COLOR_24BPP:
      return "HIGH_COLOR_24BPP";
    default:
      return "HIGH_COLOR_UNKNOWN";
  }
}

static HIGH_COLOR_DEPTH ColorDepthToHighColor(UINT32 bpp)
{
  switch (bpp)
  {
    case 4:
      return HIGH_COLOR_4BPP;
    case 8:
      return HIGH_COLOR_8BPP;
    case 15:
      return HIGH_COLOR_15BPP;
    case 16:
      return HIGH_COLOR_16BPP;
    default:
      return HIGH_COLOR_24BPP;
  }
}

static char* gcc_block_type_string(UINT16 type, char* buffer, size_t size);
static BOOL gcc_read_client_cluster_data(wStream* s, rdpMcs* mcs);
static BOOL gcc_read_client_core_data(wStream* s, rdpMcs* mcs);
static BOOL gcc_read_client_data_blocks(wStream* s, rdpMcs* mcs, UINT16 length);
static BOOL gcc_read_server_data_blocks(wStream* s, rdpMcs* mcs, UINT16 length);
static BOOL gcc_read_user_data_header(wStream* s, UINT16* type, UINT16* length);
static BOOL gcc_write_user_data_header(wStream* s, UINT16 type, UINT16 length);

static BOOL gcc_write_client_core_data(wStream* s, const rdpMcs* mcs);
static BOOL gcc_read_server_core_data(wStream* s, rdpMcs* mcs);
static BOOL gcc_write_server_core_data(wStream* s, rdpMcs* mcs);
static BOOL gcc_read_client_security_data(wStream* s, rdpMcs* mcs);
static BOOL gcc_write_client_security_data(wStream* s, const rdpMcs* mcs);
static BOOL gcc_read_server_security_data(wStream* s, rdpMcs* mcs);
static BOOL gcc_write_server_security_data(wStream* s, rdpMcs* mcs);
static BOOL gcc_read_client_network_data(wStream* s, rdpMcs* mcs);
static BOOL gcc_write_client_network_data(wStream* s, const rdpMcs* mcs);
static BOOL gcc_read_server_network_data(wStream* s, rdpMcs* mcs);
static BOOL gcc_write_server_network_data(wStream* s, const rdpMcs* mcs);
static BOOL gcc_write_client_cluster_data(wStream* s, const rdpMcs* mcs);
static BOOL gcc_read_client_monitor_data(wStream* s, rdpMcs* mcs);
static BOOL gcc_write_client_monitor_data(wStream* s, const rdpMcs* mcs);
static BOOL gcc_read_client_monitor_extended_data(wStream* s, rdpMcs* mcs);
static BOOL gcc_write_client_monitor_extended_data(wStream* s, const rdpMcs* mcs);
static BOOL gcc_read_client_message_channel_data(wStream* s, rdpMcs* mcs);
static BOOL gcc_write_client_message_channel_data(wStream* s, const rdpMcs* mcs);
static BOOL gcc_read_server_message_channel_data(wStream* s, rdpMcs* mcs);
static BOOL gcc_write_server_message_channel_data(wStream* s, const rdpMcs* mcs);
static BOOL gcc_read_client_multitransport_channel_data(wStream* s, rdpMcs* mcs);
static BOOL gcc_write_client_multitransport_channel_data(wStream* s, const rdpMcs* mcs);
static BOOL gcc_read_server_multitransport_channel_data(wStream* s, rdpMcs* mcs);
static BOOL gcc_write_server_multitransport_channel_data(wStream* s, const rdpMcs* mcs);

static rdpSettings* mcs_get_settings(rdpMcs* mcs)
{
  WINPR_ASSERT(mcs);

  rdpContext* context = transport_get_context(mcs->transport);
  WINPR_ASSERT(context);

  return context->settings;
}

static const rdpSettings* mcs_get_const_settings(const rdpMcs* mcs)
{
  WINPR_ASSERT(mcs);

  const rdpContext* context = transport_get_context(mcs->transport);
  WINPR_ASSERT(context);

  return context->settings;
}

static char* rdp_early_server_caps_string(UINT32 flags, char* buffer, size_t size)
{
  char msg[32] = { 0 };
  const UINT32 mask = RNS_UD_SC_EDGE_ACTIONS_SUPPORTED_V1 | RNS_UD_SC_DYNAMIC_DST_SUPPORTED |
                      RNS_UD_SC_EDGE_ACTIONS_SUPPORTED_V2 | RNS_UD_SC_SKIP_CHANNELJOIN_SUPPORTED;
  const UINT32 unknown = flags & (~mask);

  if (flags & RNS_UD_SC_EDGE_ACTIONS_SUPPORTED_V1)
    winpr_str_append("RNS_UD_SC_EDGE_ACTIONS_SUPPORTED_V1", buffer, size, "|");
  if (flags & RNS_UD_SC_DYNAMIC_DST_SUPPORTED)
    winpr_str_append("RNS_UD_SC_DYNAMIC_DST_SUPPORTED", buffer, size, "|");
  if (flags & RNS_UD_SC_EDGE_ACTIONS_SUPPORTED_V2)
    winpr_str_append("RNS_UD_SC_EDGE_ACTIONS_SUPPORTED_V2", buffer, size, "|");
  if (flags & RNS_UD_SC_SKIP_CHANNELJOIN_SUPPORTED)
    winpr_str_append("RNS_UD_SC_SKIP_CHANNELJOIN_SUPPORTED", buffer, size, "|");

  if (unknown != 0)
  {
    (void)_snprintf(msg, sizeof(msg), "RNS_UD_SC_UNKNOWN[0x%08" PRIx32 "]", unknown);
    winpr_str_append(msg, buffer, size, "|");
  }
  (void)_snprintf(msg, sizeof(msg), "[0x%08" PRIx32 "]", flags);
  winpr_str_append(msg, buffer, size, "|");
  return buffer;
}

static const char* rdp_early_client_caps_string(UINT32 flags, char* buffer, size_t size)
{
  char msg[32] = { 0 };
  const UINT32 mask = RNS_UD_CS_SUPPORT_ERRINFO_PDU | RNS_UD_CS_WANT_32BPP_SESSION |
                      RNS_UD_CS_SUPPORT_STATUSINFO_PDU | RNS_UD_CS_STRONG_ASYMMETRIC_KEYS |
                      RNS_UD_CS_RELATIVE_MOUSE_INPUT | RNS_UD_CS_VALID_CONNECTION_TYPE |
                      RNS_UD_CS_SUPPORT_MONITOR_LAYOUT_PDU |
                      RNS_UD_CS_SUPPORT_NETCHAR_AUTODETECT |
                      RNS_UD_CS_SUPPORT_DYNVC_GFX_PROTOCOL | RNS_UD_CS_SUPPORT_DYNAMIC_TIME_ZONE |
                      RNS_UD_CS_SUPPORT_HEARTBEAT_PDU | RNS_UD_CS_SUPPORT_SKIP_CHANNELJOIN;
  const UINT32 unknown = flags & (~mask);

  if (flags & RNS_UD_CS_SUPPORT_ERRINFO_PDU)
    winpr_str_append("RNS_UD_CS_SUPPORT_ERRINFO_PDU", buffer, size, "|");
  if (flags & RNS_UD_CS_WANT_32BPP_SESSION)
    winpr_str_append("RNS_UD_CS_WANT_32BPP_SESSION", buffer, size, "|");
  if (flags & RNS_UD_CS_SUPPORT_STATUSINFO_PDU)
    winpr_str_append("RNS_UD_CS_SUPPORT_STATUSINFO_PDU", buffer, size, "|");
  if (flags & RNS_UD_CS_STRONG_ASYMMETRIC_KEYS)
    winpr_str_append("RNS_UD_CS_STRONG_ASYMMETRIC_KEYS", buffer, size, "|");
  if (flags & RNS_UD_CS_RELATIVE_MOUSE_INPUT)
    winpr_str_append("RNS_UD_CS_RELATIVE_MOUSE_INPUT", buffer, size, "|");
  if (flags & RNS_UD_CS_VALID_CONNECTION_TYPE)
    winpr_str_append("RNS_UD_CS_VALID_CONNECTION_TYPE", buffer, size, "|");
  if (flags & RNS_UD_CS_SUPPORT_MONITOR_LAYOUT_PDU)
    winpr_str_append("RNS_UD_CS_SUPPORT_MONITOR_LAYOUT_PDU", buffer, size, "|");
  if (flags & RNS_UD_CS_SUPPORT_NETCHAR_AUTODETECT)
    winpr_str_append("RNS_UD_CS_SUPPORT_NETCHAR_AUTODETECT", buffer, size, "|");
  if (flags & RNS_UD_CS_SUPPORT_DYNVC_GFX_PROTOCOL)
    winpr_str_append("RNS_UD_CS_SUPPORT_DYNVC_GFX_PROTOCOL", buffer, size, "|");
  if (flags & RNS_UD_CS_SUPPORT_DYNAMIC_TIME_ZONE)
    winpr_str_append("RNS_UD_CS_SUPPORT_DYNAMIC_TIME_ZONE", buffer, size, "|");
  if (flags & RNS_UD_CS_SUPPORT_HEARTBEAT_PDU)
    winpr_str_append("RNS_UD_CS_SUPPORT_HEARTBEAT_PDU", buffer, size, "|");
  if (flags & RNS_UD_CS_SUPPORT_SKIP_CHANNELJOIN)
    winpr_str_append("RNS_UD_CS_SUPPORT_SKIP_CHANNELJOIN", buffer, size, "|");

  if (unknown != 0)
  {
    (void)_snprintf(msg, sizeof(msg), "RNS_UD_CS_UNKNOWN[0x%08" PRIx32 "]", unknown);
    winpr_str_append(msg, buffer, size, "|");
  }
  (void)_snprintf(msg, sizeof(msg), "[0x%08" PRIx32 "]", flags);
  winpr_str_append(msg, buffer, size, "|");
  return buffer;
}

static DWORD rdp_version_common(DWORD serverVersion, DWORD clientVersion)
{
  DWORD version = MIN(serverVersion, clientVersion);

  switch (version)
  {
    case RDP_VERSION_4:
    case RDP_VERSION_5_PLUS:
    case RDP_VERSION_10_0:
    case RDP_VERSION_10_1:
    case RDP_VERSION_10_2:
    case RDP_VERSION_10_3:
    case RDP_VERSION_10_4:
    case RDP_VERSION_10_5:
    case RDP_VERSION_10_6:
    case RDP_VERSION_10_7:
    case RDP_VERSION_10_8:
    case RDP_VERSION_10_9:
    case RDP_VERSION_10_10:
    case RDP_VERSION_10_11:
    case RDP_VERSION_10_12:
      return version;

    default:
      WLog_ERR(TAG, "Invalid client [%" PRId32 "] and server [%" PRId32 "] versions",
               serverVersion, clientVersion);
      return version;
  }
}

/**
 * T.124 GCC is defined in:
 *
 * http://www.itu.int/rec/T-REC-T.124-199802-S/en
 * ITU-T T.124 (02/98): Generic Conference Control
 */

/**
 * ConnectData ::= SEQUENCE
 * {
 *  t124Identifier  Key,
 *  connectPDU  OCTET_STRING
 * }
 *
 * Key ::= CHOICE
 * {
 *  object        OBJECT_IDENTIFIER,
 *  h221NonStandard     H221NonStandardIdentifier
 * }
 *
 * ConnectGCCPDU ::= CHOICE
 * {
 *  conferenceCreateRequest   ConferenceCreateRequest,
 *  conferenceCreateResponse  ConferenceCreateResponse,
 *  conferenceQueryRequest    ConferenceQueryRequest,
 *  conferenceQueryResponse   ConferenceQueryResponse,
 *  conferenceJoinRequest   ConferenceJoinRequest,
 *  conferenceJoinResponse    ConferenceJoinResponse,
 *  conferenceInviteRequest   ConferenceInviteRequest,
 *  conferenceInviteResponse  ConferenceInviteResponse,
 *  ...
 * }
 *
 * ConferenceCreateRequest ::= SEQUENCE
 * {
 *  conferenceName      ConferenceName,
 *  convenerPassword    Password OPTIONAL,
 *  password      Password OPTIONAL,
 *  lockedConference    BOOLEAN,
 *  listedConference    BOOLEAN,
 *  conductibleConference   BOOLEAN,
 *  terminationMethod   TerminationMethod,
 *  conductorPrivileges   SET OF Privilege OPTIONAL,
 *  conductedPrivileges   SET OF Privilege OPTIONAL,
 *  nonConductedPrivileges    SET OF Privilege OPTIONAL,
 *  conferenceDescription   TextString OPTIONAL,
 *  callerIdentifier    TextString OPTIONAL,
 *  userData      UserData OPTIONAL,
 *  ...,
 *  conferencePriority    ConferencePriority OPTIONAL,
 *  conferenceMode      ConferenceMode OPTIONAL
 * }
 *
 * ConferenceCreateResponse ::= SEQUENCE
 * {
 *  nodeID        UserID,
 *  tag       INTEGER,
 *  result        ENUMERATED
 *  {
 *    success       (0),
 *    userRejected      (1),
 *    resourcesNotAvailable   (2),
 *    rejectedForSymmetryBreaking (3),
 *    lockedConferenceNotSupported  (4)
 *  },
 *  userData      UserData OPTIONAL,
 *  ...
 * }
 *
 * ConferenceName ::= SEQUENCE
 * {
 *  numeric       SimpleNumericString
 *  text        SimpleTextString OPTIONAL,
 *  ...
 * }
 *
 * SimpleNumericString ::= NumericString (SIZE (1..255)) (FROM ("0123456789"))
 *
 * UserData ::= SET OF SEQUENCE
 * {
 *  key       Key,
 *  value       OCTET_STRING OPTIONAL
 * }
 *
 * H221NonStandardIdentifier ::= OCTET STRING (SIZE (4..255))
 *
 * UserID ::= DynamicChannelID
 *
 * ChannelID ::= INTEGER (1..65535)
 * StaticChannelID ::= INTEGER (1..1000)
 * DynamicChannelID ::= INTEGER (1001..65535)
 *
 */

/*
 * OID = 0.0.20.124.0.1
 * { itu-t(0) recommendation(0) t(20) t124(124) version(0) 1 }
 * v.1 of ITU-T Recommendation T.124 (Feb 1998): "Generic Conference Control"
 */
static const BYTE t124_02_98_oid[6] = { 0, 0, 20, 124, 0, 1 };

static const BYTE h221_cs_key[4] = "Duca";
static const BYTE h221_sc_key[4] = "McDn";

/**
 * Read a GCC Conference Create Request.
 * msdn{cc240836}
 *
 * @param s stream
 * @param mcs The MCS instance
 *
 * @return \b TRUE for success, \b FALSE otherwise
 */

BOOL gcc_read_conference_create_request(wStream* s, rdpMcs* mcs)
{
  UINT16 length = 0;
  BYTE choice = 0;
  BYTE number = 0;
  BYTE selection = 0;

  WINPR_ASSERT(s);
  WINPR_ASSERT(mcs);
  /* ConnectData */
  if (!per_read_choice(s, &choice))
    return FALSE;

  if (!per_read_object_identifier(s, t124_02_98_oid))
    return FALSE;

  /* ConnectData::connectPDU (OCTET_STRING) */
  if (!per_read_length(s, &length))
    return FALSE;

  /* ConnectGCCPDU */
  if (!per_read_choice(s, &choice))
    return FALSE;

  if (!per_read_selection(s, &selection))
    return FALSE;

  /* ConferenceCreateRequest::conferenceName */
  if (!per_read_numeric_string(s, 1)) /* ConferenceName::numeric */
    return FALSE;

  if (!per_read_padding(s, 1)) /* padding */
    return FALSE;

  /* UserData (SET OF SEQUENCE) */
  if (!per_read_number_of_sets(s, &number) || number != 1) /* one set of UserData */
    return FALSE;

  if (!per_read_choice(s, &choice) ||
      choice != 0xC0) /* UserData::value present + select h221NonStandard (1) */
    return FALSE;

  /* h221NonStandard */
  if (!per_read_octet_string(s, h221_cs_key, 4,
                             4)) /* h221NonStandard, client-to-server H.221 key, "Duca" */
    return FALSE;

  /* userData::value (OCTET_STRING) */
  if (!per_read_length(s, &length))
    return FALSE;

  if (!Stream_CheckAndLogRequiredLength(TAG, s, length))
    return FALSE;

  if (!gcc_read_client_data_blocks(s, mcs, length))
    return FALSE;

  return TRUE;
}

/**
 * Write a GCC Conference Create Request.
 * msdn{cc240836}
 *
 * @param s stream
 * @param userData client data blocks
 *
 * @return \b TRUE for success, \b FALSE otherwise
 */

BOOL gcc_write_conference_create_request(wStream* s, wStream* userData)
{
  WINPR_ASSERT(s);
  WINPR_ASSERT(userData);
  /* ConnectData */
  if (!per_write_choice(s, 0)) /* From Key select object (0) of type OBJECT_IDENTIFIER */
    return FALSE;
  if (!per_write_object_identifier(s, t124_02_98_oid)) /* ITU-T T.124 (02/98) OBJECT_IDENTIFIER */
    return FALSE;
  /* ConnectData::connectPDU (OCTET_STRING) */
  if (!per_write_length(s, Stream_GetPosition(userData) + 14)) /* connectPDU length */
    return FALSE;
  /* ConnectGCCPDU */
  if (!per_write_choice(s, 0)) /* From ConnectGCCPDU select conferenceCreateRequest (0) of type
                                   ConferenceCreateRequest */
    return FALSE;
  if (!per_write_selection(s, 0x08)) /* select optional userData from ConferenceCreateRequest */
    return FALSE;
  /* ConferenceCreateRequest::conferenceName */
  if (!per_write_numeric_string(s, (BYTE*)"1", 1, 1)) /* ConferenceName::numeric */
    return FALSE;
  if (!per_write_padding(s, 1)) /* padding */
    return FALSE;
  /* UserData (SET OF SEQUENCE) */
  if (!per_write_number_of_sets(s, 1)) /* one set of UserData */
    return FALSE;
  if (!per_write_choice(s, 0xC0)) /* UserData::value present + select h221NonStandard (1) */
    return FALSE;
  /* h221NonStandard */
  if (!per_write_octet_string(s, h221_cs_key, 4,
                              4)) /* h221NonStandard, client-to-server H.221 key, "Duca" */
    return FALSE;
  /* userData::value (OCTET_STRING) */
  return per_write_octet_string(s, Stream_Buffer(userData), Stream_GetPosition(userData),
                                0); /* array of client data blocks */
}

BOOL gcc_read_conference_create_response(wStream* s, rdpMcs* mcs)
{
  UINT16 length = 0;
  UINT32 tag = 0;
  UINT16 nodeID = 0;
  BYTE result = 0;
  BYTE choice = 0;
  BYTE number = 0;
  WINPR_ASSERT(s);
  WINPR_ASSERT(mcs);
  /* ConnectData */
  if (!per_read_choice(s, &choice) || !per_read_object_identifier(s, t124_02_98_oid))
    return FALSE;

  /* ConnectData::connectPDU (OCTET_STRING) */
  if (!per_read_length(s, &length))
    return FALSE;

  /* ConnectGCCPDU */
  if (!per_read_choice(s, &choice))
    return FALSE;

  /* ConferenceCreateResponse::nodeID (UserID) */
  if (!per_read_integer16(s, &nodeID, 1001))
    return FALSE;

  /* ConferenceCreateResponse::tag (INTEGER) */
  if (!per_read_integer(s, &tag))
    return FALSE;

  /* ConferenceCreateResponse::result (ENUMERATED) */
  if (!per_read_enumerated(s, &result, MCS_Result_enum_length))
    return FALSE;

  /* number of UserData sets */
  if (!per_read_number_of_sets(s, &number))
    return FALSE;

  /* UserData::value present + select h221NonStandard (1) */
  if (!per_read_choice(s, &choice))
    return FALSE;

  /* h221NonStandard */
  if (!per_read_octet_string(s, h221_sc_key, 4,
                             4)) /* h221NonStandard, server-to-client H.221 key, "McDn" */
    return FALSE;

  /* userData (OCTET_STRING) */
  if (!per_read_length(s, &length))
    return FALSE;

  if (!gcc_read_server_data_blocks(s, mcs, length))
  {
    WLog_ERR(TAG, "gcc_read_conference_create_response: gcc_read_server_data_blocks failed");
    return FALSE;
  }

  return TRUE;
}

BOOL gcc_write_conference_create_response(wStream* s, wStream* userData)
{
  WINPR_ASSERT(s);
  WINPR_ASSERT(userData);
  /* ConnectData */
  if (!per_write_choice(s, 0))
    return FALSE;
  if (!per_write_object_identifier(s, t124_02_98_oid))
    return FALSE;
  /* ConnectData::connectPDU (OCTET_STRING) */
  /* This length MUST be ignored by the client according to [MS-RDPBCGR] */
  if (!per_write_length(s, 0x2A))
    return FALSE;
  /* ConnectGCCPDU */
  if (!per_write_choice(s, 0x14))
    return FALSE;
  /* ConferenceCreateResponse::nodeID (UserID) */
  if (!per_write_integer16(s, 0x79F3, 1001))
    return FALSE;
  /* ConferenceCreateResponse::tag (INTEGER) */
  if (!per_write_integer(s, 1))
    return FALSE;
  /* ConferenceCreateResponse::result (ENUMERATED) */
  if (!per_write_enumerated(s, 0, MCS_Result_enum_length))
    return FALSE;
  /* number of UserData sets */
  if (!per_write_number_of_sets(s, 1))
    return FALSE;
  /* UserData::value present + select h221NonStandard (1) */
  if (!per_write_choice(s, 0xC0))
    return FALSE;
  /* h221NonStandard */
  if (!per_write_octet_string(s, h221_sc_key, 4,
                              4)) /* h221NonStandard, server-to-client H.221 key, "McDn" */
    return FALSE;
  /* userData (OCTET_STRING) */
  return per_write_octet_string(s, Stream_Buffer(userData), Stream_GetPosition(userData),
                                0); /* array of server data blocks */
}

static BOOL gcc_read_client_unused1_data(wStream* s)
{
  return Stream_SafeSeek(s, 2);
}

BOOL gcc_read_client_data_blocks(wStream* s, rdpMcs* mcs, UINT16 length)
{
  WINPR_ASSERT(s);
  WINPR_ASSERT(mcs);

  BOOL gotMultitransport = FALSE;

  while (length > 0)
  {
    wStream sbuffer = { 0 };
    UINT16 type = 0;
    UINT16 blockLength = 0;

    if (!gcc_read_user_data_header(s, &type, &blockLength))
      return FALSE;

    if (!Stream_CheckAndLogRequiredLength(TAG, s, (size_t)(blockLength - 4)))
      return FALSE;

    wStream* sub = Stream_StaticConstInit(&sbuffer, Stream_Pointer(s), blockLength - 4);
    WINPR_ASSERT(sub);

    Stream_Seek(s, blockLength - 4);

    switch (type)
    {
      case CS_CORE:
        if (!gcc_read_client_core_data(sub, mcs))
          return FALSE;

        break;

      case CS_SECURITY:
        if (!gcc_read_client_security_data(sub, mcs))
          return FALSE;

        break;

      case CS_NET:
        if (!gcc_read_client_network_data(sub, mcs))
          return FALSE;

        break;

      case CS_CLUSTER:
        if (!gcc_read_client_cluster_data(sub, mcs))
          return FALSE;

        break;

      case CS_MONITOR:
        if (!gcc_read_client_monitor_data(sub, mcs))
          return FALSE;

        break;

      case CS_MCS_MSGCHANNEL:
        if (!gcc_read_client_message_channel_data(sub, mcs))
          return FALSE;

        break;

      case CS_MONITOR_EX:
        if (!gcc_read_client_monitor_extended_data(sub, mcs))
          return FALSE;

        break;

      case CS_UNUSED1:
        if (!gcc_read_client_unused1_data(sub))
          return FALSE;

        break;

      case 0xC009:
      case CS_MULTITRANSPORT:
        gotMultitransport = TRUE;
        if (!gcc_read_client_multitransport_channel_data(sub, mcs))
          return FALSE;

        break;

      default:
        WLog_ERR(TAG, "Unknown GCC client data block: 0x%04" PRIX16 "", type);
        winpr_HexDump(TAG, WLOG_TRACE, Stream_Pointer(sub), Stream_GetRemainingLength(sub));
        break;
    }

    const size_t rem = Stream_GetRemainingLength(sub);
    if (rem > 0)
    {
      char buffer[128] = { 0 };
      const size_t total = Stream_Length(sub);
      WLog_ERR(TAG,
               "Error parsing GCC client data block %s: Actual Offset: %" PRIuz
               " Expected Offset: %" PRIuz,
               gcc_block_type_string(type, buffer, sizeof(buffer)), total - rem, total);
    }

    if (blockLength > length)
    {
      char buffer[128] = { 0 };
      WLog_ERR(TAG,
               "Error parsing GCC client data block %s: got blockLength 0x%04" PRIx16
               ", but only 0x%04" PRIx16 "remaining",
               gcc_block_type_string(type, buffer, sizeof(buffer)), blockLength, length);
      length = 0;
    }
    else
      length -= blockLength;
  }

  if (!gotMultitransport)
  {
    rdpSettings* settings = mcs_get_settings(mcs);
    if (!freerdp_settings_set_bool(settings, FreeRDP_SupportMultitransport, FALSE))
      return FALSE;
    if (!freerdp_settings_set_uint32(settings, FreeRDP_MultitransportFlags, 0))
      return FALSE;
  }
  return TRUE;
}

BOOL gcc_write_client_data_blocks(wStream* s, const rdpMcs* mcs)
{
  const rdpSettings* settings = mcs_get_const_settings(mcs);

  WINPR_ASSERT(s);
  WINPR_ASSERT(settings);

  if (!gcc_write_client_core_data(s, mcs) || !gcc_write_client_cluster_data(s, mcs) ||
      !gcc_write_client_security_data(s, mcs) || !gcc_write_client_network_data(s, mcs))
    return FALSE;

  /* extended client data supported */

  if (settings->NegotiationFlags & EXTENDED_CLIENT_DATA_SUPPORTED)
  {
    if (settings->UseMultimon && !settings->SpanMonitors)
    {
      if (!gcc_write_client_monitor_data(s, mcs) ||
          !gcc_write_client_monitor_extended_data(s, mcs))
        return FALSE;
    }

    if (!gcc_write_client_message_channel_data(s, mcs) ||
        !gcc_write_client_multitransport_channel_data(s, mcs))
      return FALSE;
  }
  else
  {
    if (settings->UseMultimon && !settings->SpanMonitors)
    {
      WLog_ERR(TAG, "WARNING: true multi monitor support was not advertised by server!");

      if (settings->ForceMultimon)
      {
        WLog_ERR(TAG, "Sending multi monitor information anyway (may break connectivity!)");
        if (!gcc_write_client_monitor_data(s, mcs) ||
            !gcc_write_client_monitor_extended_data(s, mcs))
          return FALSE;
      }
      else
      {
        WLog_ERR(TAG, "Use /multimon:force to force sending multi monitor information");
      }
    }
  }
  return TRUE;
}

char* gcc_block_type_string(UINT16 type, char* buffer, size_t size)
{
  switch (type)
  {
    case CS_CORE:
      (void)_snprintf(buffer, size, "CS_CORE [0x%04" PRIx16 "]", type);
      break;
    case CS_SECURITY:
      (void)_snprintf(buffer, size, "CS_SECURITY [0x%04" PRIx16 "]", type);
      break;
    case CS_NET:
      (void)_snprintf(buffer, size, "CS_NET [0x%04" PRIx16 "]", type);
      break;
    case CS_CLUSTER:
      (void)_snprintf(buffer, size, "CS_CLUSTER [0x%04" PRIx16 "]", type);
      break;
    case CS_MONITOR:
      (void)_snprintf(buffer, size, "CS_MONITOR [0x%04" PRIx16 "]", type);
      break;
    case CS_MCS_MSGCHANNEL:
      (void)_snprintf(buffer, size, "CS_MONITOR [0x%04" PRIx16 "]", type);
      break;
    case CS_MONITOR_EX:
      (void)_snprintf(buffer, size, "CS_MONITOR_EX [0x%04" PRIx16 "]", type);
      break;
    case CS_UNUSED1:
      (void)_snprintf(buffer, size, "CS_UNUSED1 [0x%04" PRIx16 "]", type);
      break;
    case CS_MULTITRANSPORT:
      (void)_snprintf(buffer, size, "CS_MONITOR_EX [0x%04" PRIx16 "]", type);
      break;
    case SC_CORE:
      (void)_snprintf(buffer, size, "SC_CORE [0x%04" PRIx16 "]", type);
      break;
    case SC_SECURITY:
      (void)_snprintf(buffer, size, "SC_SECURITY [0x%04" PRIx16 "]", type);
      break;
    case SC_NET:
      (void)_snprintf(buffer, size, "SC_NET [0x%04" PRIx16 "]", type);
      break;
    case SC_MCS_MSGCHANNEL:
      (void)_snprintf(buffer, size, "SC_MCS_MSGCHANNEL [0x%04" PRIx16 "]", type);
      break;
    case SC_MULTITRANSPORT:
      (void)_snprintf(buffer, size, "SC_MULTITRANSPORT [0x%04" PRIx16 "]", type);
      break;
    default:
      (void)_snprintf(buffer, size, "UNKNOWN [0x%04" PRIx16 "]", type);
      break;
  }
  return buffer;
}

BOOL gcc_read_server_data_blocks(wStream* s, rdpMcs* mcs, UINT16 length)
{
  UINT16 type = 0;
  UINT16 offset = 0;
  UINT16 blockLength = 0;
  BYTE* holdp = NULL;

  WINPR_ASSERT(s);
  WINPR_ASSERT(mcs);

  while (offset < length)
  {
    char buffer[64] = { 0 };
    size_t rest = 0;
    wStream subbuffer;
    wStream* sub = NULL;

    if (!gcc_read_user_data_header(s, &type, &blockLength))
    {
      WLog_ERR(TAG, "gcc_read_server_data_blocks: gcc_read_user_data_header failed");
      return FALSE;
    }
    holdp = Stream_Pointer(s);
    sub = Stream_StaticInit(&subbuffer, holdp, blockLength - 4);
    if (!Stream_SafeSeek(s, blockLength - 4))
    {
      WLog_ERR(TAG, "gcc_read_server_data_blocks: stream too short");
      return FALSE;
    }
    offset += blockLength;

    switch (type)
    {
      case SC_CORE:
        if (!gcc_read_server_core_data(sub, mcs))
        {
          WLog_ERR(TAG, "gcc_read_server_data_blocks: gcc_read_server_core_data failed");
          return FALSE;
        }

        break;

      case SC_SECURITY:
        if (!gcc_read_server_security_data(sub, mcs))
          return FALSE;
        break;

      case SC_NET:
        if (!gcc_read_server_network_data(sub, mcs))
        {
          WLog_ERR(TAG,
                   "gcc_read_server_data_blocks: gcc_read_server_network_data failed");
          return FALSE;
        }

        break;

      case SC_MCS_MSGCHANNEL:
        if (!gcc_read_server_message_channel_data(sub, mcs))
        {
          WLog_ERR(
              TAG,
              "gcc_read_server_data_blocks: gcc_read_server_message_channel_data failed");
          return FALSE;
        }

        break;

      case SC_MULTITRANSPORT:
        if (!gcc_read_server_multitransport_channel_data(sub, mcs))
        {
          WLog_ERR(TAG, "gcc_read_server_data_blocks: "
                        "gcc_read_server_multitransport_channel_data failed");
          return FALSE;
        }

        break;

      default:
        WLog_ERR(TAG, "gcc_read_server_data_blocks: ignoring type=%s",
                 gcc_block_type_string(type, buffer, sizeof(buffer)));
        winpr_HexDump(TAG, WLOG_TRACE, Stream_Pointer(sub), Stream_GetRemainingLength(sub));
        break;
    }

    rest = Stream_GetRemainingLength(sub);
    if (rest > 0)
    {
      WLog_WARN(TAG, "gcc_read_server_data_blocks: ignoring %" PRIuz " bytes with type=%s",
                rest, gcc_block_type_string(type, buffer, sizeof(buffer)));
    }
  }

  return TRUE;
}

BOOL gcc_write_server_data_blocks(wStream* s, rdpMcs* mcs)
{
  WINPR_ASSERT(s);
  WINPR_ASSERT(mcs);

  if (!gcc_write_server_core_data(s, mcs) ||          /* serverCoreData */
      !gcc_write_server_network_data(s, mcs) ||       /* serverNetworkData */
      !gcc_write_server_security_data(s, mcs) ||      /* serverSecurityData */
      !gcc_write_server_message_channel_data(s, mcs)) /* serverMessageChannelData */
    return FALSE;

  const rdpSettings* settings = mcs_get_const_settings(mcs);
  WINPR_ASSERT(settings);

  if (settings->SupportMultitransport && (settings->MultitransportFlags != 0))
    /* serverMultitransportChannelData */
    return gcc_write_server_multitransport_channel_data(s, mcs);

  return TRUE;
}

BOOL gcc_read_user_data_header(wStream* s, UINT16* type, UINT16* length)
{
  WINPR_ASSERT(s);
  if (!Stream_CheckAndLogRequiredLength(TAG, s, 4))
    return FALSE;

  Stream_Read_UINT16(s, *type);   /* type */
  Stream_Read_UINT16(s, *length); /* length */

  if ((*length < 4) || (!Stream_CheckAndLogRequiredLength(TAG, s, (size_t)(*length - 4))))
    return FALSE;

  return TRUE;
}

/**
 * Write a user data header (TS_UD_HEADER).
 * msdn{cc240509}
 *
 * @param s stream
 * @param type data block type
 * @param length data block length
 *
 * @return \b TRUE for success, \b FALSE otherwise
 */

BOOL gcc_write_user_data_header(wStream* s, UINT16 type, UINT16 length)
{

  WINPR_ASSERT(s);
  if (!Stream_EnsureRemainingCapacity(s, 4 + length))
    return FALSE;
  Stream_Write_UINT16(s, type);   /* type */
  Stream_Write_UINT16(s, length); /* length */
  return TRUE;
}

static UINT32 filterAndLogEarlyServerCapabilityFlags(UINT32 flags)
{
  const UINT32 mask =
      (RNS_UD_SC_EDGE_ACTIONS_SUPPORTED_V1 | RNS_UD_SC_DYNAMIC_DST_SUPPORTED |
       RNS_UD_SC_EDGE_ACTIONS_SUPPORTED_V2 | RNS_UD_SC_SKIP_CHANNELJOIN_SUPPORTED);
  const UINT32 filtered = flags & mask;
  const UINT32 unknown = flags & (~mask);
  if (unknown != 0)
  {
    char buffer[256] = { 0 };
    WLog_WARN(TAG,
              "TS_UD_SC_CORE::EarlyCapabilityFlags [0x%08" PRIx32 " & 0x%08" PRIx32
              " --> 0x%08" PRIx32 "] filtering %s, feature not implemented",
              flags, ~mask, unknown,
              rdp_early_server_caps_string(unknown, buffer, sizeof(buffer)));
  }
  return filtered;
}

static UINT32 earlyServerCapsFromSettings(const rdpSettings* settings)
{
  UINT32 EarlyCapabilityFlags = 0;

  if (settings->SupportEdgeActionV1)
    EarlyCapabilityFlags |= RNS_UD_SC_EDGE_ACTIONS_SUPPORTED_V1;
  if (settings->SupportDynamicTimeZone)
    EarlyCapabilityFlags |= RNS_UD_SC_DYNAMIC_DST_SUPPORTED;
  if (settings->SupportEdgeActionV2)
    EarlyCapabilityFlags |= RNS_UD_SC_EDGE_ACTIONS_SUPPORTED_V2;
  if (settings->SupportSkipChannelJoin)
    EarlyCapabilityFlags |= RNS_UD_SC_SKIP_CHANNELJOIN_SUPPORTED;

  return filterAndLogEarlyServerCapabilityFlags(EarlyCapabilityFlags);
}

static UINT16 filterAndLogEarlyClientCapabilityFlags(UINT32 flags)
{
  const UINT32 mask =
      (RNS_UD_CS_SUPPORT_ERRINFO_PDU | RNS_UD_CS_WANT_32BPP_SESSION |
       RNS_UD_CS_SUPPORT_STATUSINFO_PDU | RNS_UD_CS_STRONG_ASYMMETRIC_KEYS |
       RNS_UD_CS_RELATIVE_MOUSE_INPUT | RNS_UD_CS_VALID_CONNECTION_TYPE |
       RNS_UD_CS_SUPPORT_MONITOR_LAYOUT_PDU | RNS_UD_CS_SUPPORT_NETCHAR_AUTODETECT |
       RNS_UD_CS_SUPPORT_DYNVC_GFX_PROTOCOL | RNS_UD_CS_SUPPORT_DYNAMIC_TIME_ZONE |
       RNS_UD_CS_SUPPORT_HEARTBEAT_PDU | RNS_UD_CS_SUPPORT_SKIP_CHANNELJOIN);
  const UINT32 filtered = flags & mask;
  const UINT32 unknown = flags & ~mask;
  if (unknown != 0)
  {
    char buffer[256] = { 0 };
    WLog_WARN(TAG,
              "(TS_UD_CS_CORE)::EarlyCapabilityFlags [0x%08" PRIx32 " & 0x%08" PRIx32
              " --> 0x%08" PRIx32 "] filtering %s, feature not implemented",
              flags, ~mask, unknown,
              rdp_early_client_caps_string(unknown, buffer, sizeof(buffer)));
  }
  return filtered;
}

static UINT16 earlyClientCapsFromSettings(const rdpSettings* settings)
{
  UINT32 earlyCapabilityFlags = 0;

  WINPR_ASSERT(settings);
  if (settings->SupportErrorInfoPdu)
    earlyCapabilityFlags |= RNS_UD_CS_SUPPORT_ERRINFO_PDU;

  if (freerdp_settings_get_uint32(settings, FreeRDP_ColorDepth) == 32)
    earlyCapabilityFlags |= RNS_UD_CS_WANT_32BPP_SESSION;

  if (settings->SupportStatusInfoPdu)
    earlyCapabilityFlags |= RNS_UD_CS_SUPPORT_STATUSINFO_PDU;

  if (settings->ConnectionType)
    earlyCapabilityFlags |= RNS_UD_CS_VALID_CONNECTION_TYPE;

  if (settings->SupportMonitorLayoutPdu)
    earlyCapabilityFlags |= RNS_UD_CS_SUPPORT_MONITOR_LAYOUT_PDU;

  if (freerdp_settings_get_bool(settings, FreeRDP_NetworkAutoDetect))
    earlyCapabilityFlags |= RNS_UD_CS_SUPPORT_NETCHAR_AUTODETECT;

  if (settings->SupportGraphicsPipeline)
    earlyCapabilityFlags |= RNS_UD_CS_SUPPORT_DYNVC_GFX_PROTOCOL;

  if (settings->SupportDynamicTimeZone)
    earlyCapabilityFlags |= RNS_UD_CS_SUPPORT_DYNAMIC_TIME_ZONE;

  if (settings->SupportHeartbeatPdu)
    earlyCapabilityFlags |= RNS_UD_CS_SUPPORT_HEARTBEAT_PDU;

  if (settings->SupportAsymetricKeys)
    earlyCapabilityFlags |= RNS_UD_CS_STRONG_ASYMMETRIC_KEYS;

  if (settings->HasRelativeMouseEvent)
    earlyCapabilityFlags |= RNS_UD_CS_RELATIVE_MOUSE_INPUT;

  if (settings->SupportSkipChannelJoin)
    earlyCapabilityFlags |= RNS_UD_CS_SUPPORT_SKIP_CHANNELJOIN;

  return filterAndLogEarlyClientCapabilityFlags(earlyCapabilityFlags);
}

static BOOL updateEarlyClientCaps(rdpSettings* settings, UINT32 earlyCapabilityFlags,
                                  UINT32 connectionType)
{
  WINPR_ASSERT(settings);

  if (settings->SupportErrorInfoPdu)
    settings->SupportErrorInfoPdu =
        (earlyCapabilityFlags & RNS_UD_CS_SUPPORT_ERRINFO_PDU) ? TRUE : FALSE;

  /* RNS_UD_CS_WANT_32BPP_SESSION is already handled in gcc_read_client_core_data:
   *
   * it is evaluated in combination with highColorDepth and the server side
   * settings to determine the session color depth to use.
   */

  if (settings->SupportStatusInfoPdu)
    settings->SupportStatusInfoPdu =
        (earlyCapabilityFlags & RNS_UD_CS_SUPPORT_STATUSINFO_PDU) ? TRUE : FALSE;

  if (settings->SupportAsymetricKeys)
    settings->SupportAsymetricKeys =
        (earlyCapabilityFlags & RNS_UD_CS_STRONG_ASYMMETRIC_KEYS) ? TRUE : FALSE;

  if (settings->HasRelativeMouseEvent)
    settings->HasRelativeMouseEvent =
        (earlyCapabilityFlags & RNS_UD_CS_RELATIVE_MOUSE_INPUT) ? TRUE : FALSE;

  if (settings->NetworkAutoDetect)
    settings->NetworkAutoDetect =
        (earlyCapabilityFlags & RNS_UD_CS_SUPPORT_NETCHAR_AUTODETECT) ? TRUE : FALSE;

  if (settings->SupportSkipChannelJoin)
    settings->SupportSkipChannelJoin =
        (earlyCapabilityFlags & RNS_UD_CS_SUPPORT_SKIP_CHANNELJOIN) ? TRUE : FALSE;

  if (settings->SupportMonitorLayoutPdu)
    settings->SupportMonitorLayoutPdu =
        (earlyCapabilityFlags & RNS_UD_CS_SUPPORT_MONITOR_LAYOUT_PDU) ? TRUE : FALSE;

  if (settings->SupportHeartbeatPdu)
    settings->SupportHeartbeatPdu =
        (earlyCapabilityFlags & RNS_UD_CS_SUPPORT_HEARTBEAT_PDU) ? TRUE : FALSE;

  if (settings->SupportGraphicsPipeline)
    settings->SupportGraphicsPipeline =
        (earlyCapabilityFlags & RNS_UD_CS_SUPPORT_DYNVC_GFX_PROTOCOL) ? TRUE : FALSE;

  if (settings->SupportDynamicTimeZone)
    settings->SupportDynamicTimeZone =
        (earlyCapabilityFlags & RNS_UD_CS_SUPPORT_DYNAMIC_TIME_ZONE) ? TRUE : FALSE;

  if ((earlyCapabilityFlags & RNS_UD_CS_VALID_CONNECTION_TYPE) == 0)
    connectionType = 0;
  settings->ConnectionType = connectionType;

  filterAndLogEarlyClientCapabilityFlags(earlyCapabilityFlags);
  return TRUE;
}

static BOOL updateEarlyServerCaps(rdpSettings* settings, UINT32 earlyCapabilityFlags,
                                  UINT32 connectionType)
{
  WINPR_ASSERT(settings);

  settings->SupportEdgeActionV1 =
      settings->SupportEdgeActionV1 &&
              (earlyCapabilityFlags & RNS_UD_SC_EDGE_ACTIONS_SUPPORTED_V1)
          ? TRUE
          : FALSE;
  settings->SupportDynamicTimeZone =
      settings->SupportDynamicTimeZone && (earlyCapabilityFlags & RNS_UD_SC_DYNAMIC_DST_SUPPORTED)
          ? TRUE
          : FALSE;
  settings->SupportEdgeActionV2 =
      settings->SupportEdgeActionV2 &&
              (earlyCapabilityFlags & RNS_UD_SC_EDGE_ACTIONS_SUPPORTED_V2)
          ? TRUE
          : FALSE;
  settings->SupportSkipChannelJoin =
      settings->SupportSkipChannelJoin &&
              (earlyCapabilityFlags & RNS_UD_SC_SKIP_CHANNELJOIN_SUPPORTED)
          ? TRUE
          : FALSE;

  filterAndLogEarlyServerCapabilityFlags(earlyCapabilityFlags);
  return TRUE;
}

/**
 * Read a client core data block (TS_UD_CS_CORE).
 * msdn{cc240510}
 * @param s stream
 * @param mcs The MCS instance
 *
 * @return \b TRUE for success, \b FALSE otherwise
 */

BOOL gcc_read_client_core_data(wStream* s, rdpMcs* mcs)
{
  char buffer[2048] = { 0 };
  char strbuffer[130] = { 0 };
  UINT32 version = 0;
  BYTE connectionType = 0;
  UINT32 clientColorDepth = 0;
  UINT16 colorDepth = 0;
  UINT16 postBeta2ColorDepth = 0;
  UINT16 highColorDepth = 0;
  UINT32 serverSelectedProtocol = 0;
  rdpSettings* settings = mcs_get_settings(mcs);

  WINPR_ASSERT(s);
  WINPR_ASSERT(settings);

  size_t blockLength = Stream_GetRemainingLength(s);
  /* Length of all required fields, until imeFileName */
  if (blockLength < 128)
    return FALSE;

  Stream_Read_UINT32(s, version); /* version (4 bytes) */
  settings->RdpVersion = rdp_version_common(version, settings->RdpVersion);
  Stream_Read_UINT16(s, settings->DesktopWidth);  /* DesktopWidth (2 bytes) */
  Stream_Read_UINT16(s, settings->DesktopHeight); /* DesktopHeight (2 bytes) */
  Stream_Read_UINT16(s, colorDepth);              /* ColorDepth (2 bytes) */
  Stream_Seek_UINT16(s); /* SASSequence (Secure Access Sequence) (2 bytes) */
  Stream_Read_UINT32(s, settings->KeyboardLayout); /* KeyboardLayout (4 bytes) */
  Stream_Read_UINT32(s, settings->ClientBuild);    /* ClientBuild (4 bytes) */

  /* clientName (32 bytes, null-terminated unicode, truncated to 15 characters) */
  if (Stream_Read_UTF16_String_As_UTF8_Buffer(s, 32 / sizeof(WCHAR), strbuffer,
                                              ARRAYSIZE(strbuffer)) < 0)
  {
    WLog_ERR(TAG, "failed to convert client host name");
    return FALSE;
  }

  if (!freerdp_settings_set_string(settings, FreeRDP_ClientHostname, strbuffer))
    return FALSE;

  Stream_Read_UINT32(s, settings->KeyboardType);        /* KeyboardType (4 bytes) */
  Stream_Read_UINT32(s, settings->KeyboardSubType);     /* KeyboardSubType (4 bytes) */
  Stream_Read_UINT32(s, settings->KeyboardFunctionKey); /* KeyboardFunctionKey (4 bytes) */
  Stream_Seek(s, 64);                                   /* imeFileName (64 bytes) */
  blockLength -= 128;

  /**
   * The following fields are all optional. If one field is present, all of the preceding
   * fields MUST also be present. If one field is not present, all of the subsequent fields
   * MUST NOT be present.
   * We must check the bytes left before reading each field.
   */

  do
  {
    UINT16 clientProductIdLen = 0;
    if (blockLength < 2)
      break;

    Stream_Read_UINT16(s, postBeta2ColorDepth); /* postBeta2ColorDepth (2 bytes) */
    blockLength -= 2;

    if (blockLength < 2)
      break;

    Stream_Read_UINT16(s, clientProductIdLen); /* clientProductID (2 bytes) */
    blockLength -= 2;

    if (blockLength < 4)
      break;

    Stream_Seek_UINT32(s); /* serialNumber (4 bytes) */
    blockLength -= 4;

    if (blockLength < 2)
      break;

    Stream_Read_UINT16(s, highColorDepth); /* highColorDepth (2 bytes) */
    blockLength -= 2;

    if (blockLength < 2)
      break;

    Stream_Read_UINT16(s, settings->SupportedColorDepths); /* supportedColorDepths (2 bytes) */
    blockLength -= 2;

    if (blockLength < 2)
      break;

    Stream_Read_UINT16(s, settings->EarlyCapabilityFlags); /* earlyCapabilityFlags (2 bytes) */
    blockLength -= 2;

    /* clientDigProductId (64 bytes): Contains a value that uniquely identifies the client */

    if (blockLength < 64)
      break;

    if (Stream_Read_UTF16_String_As_UTF8_Buffer(s, 64 / sizeof(WCHAR), strbuffer,
                                                ARRAYSIZE(strbuffer)) < 0)
    {
      WLog_ERR(TAG, "failed to convert the client product identifier");
      return FALSE;
    }

    if (!freerdp_settings_set_string(settings, FreeRDP_ClientProductId, strbuffer))
      return FALSE;
    blockLength -= 64;

    if (blockLength < 1)
      break;

    Stream_Read_UINT8(s, connectionType); /* connectionType (1 byte) */
    blockLength -= 1;

    if (blockLength < 1)
      break;

    Stream_Seek_UINT8(s); /* pad1octet (1 byte) */
    blockLength -= 1;

    if (blockLength < 4)
      break;

    Stream_Read_UINT32(s, serverSelectedProtocol); /* serverSelectedProtocol (4 bytes) */
    blockLength -= 4;

    if (blockLength < 4)
      break;

    Stream_Read_UINT32(s, settings->DesktopPhysicalWidth); /* desktopPhysicalWidth (4 bytes) */
    blockLength -= 4;

    if (blockLength < 4)
      break;

    Stream_Read_UINT32(s,
                       settings->DesktopPhysicalHeight); /* desktopPhysicalHeight (4 bytes) */
    blockLength -= 4;

    if (blockLength < 2)
      break;

    Stream_Read_UINT16(s, settings->DesktopOrientation); /* desktopOrientation (2 bytes) */
    blockLength -= 2;

    if (blockLength < 4)
      break;

    Stream_Read_UINT32(s, settings->DesktopScaleFactor); /* desktopScaleFactor (4 bytes) */
    blockLength -= 4;

    if (blockLength < 4)
      break;

    Stream_Read_UINT32(s, settings->DeviceScaleFactor); /* deviceScaleFactor (4 bytes) */

    if (freerdp_settings_get_bool(settings, FreeRDP_TransportDumpReplay))
      settings->SelectedProtocol = serverSelectedProtocol;
    else if (settings->SelectedProtocol != serverSelectedProtocol)
      return FALSE;
  } while (0);

  if (highColorDepth > 0)
  {
    if (settings->EarlyCapabilityFlags & RNS_UD_CS_WANT_32BPP_SESSION)
      clientColorDepth = 32;
    else
      clientColorDepth = highColorDepth;
  }
  else if (postBeta2ColorDepth > 0)
  {
    switch (postBeta2ColorDepth)
    {
      case RNS_UD_COLOR_4BPP:
        clientColorDepth = 4;
        break;

      case RNS_UD_COLOR_8BPP:
        clientColorDepth = 8;
        break;

      case RNS_UD_COLOR_16BPP_555:
        clientColorDepth = 15;
        break;

      case RNS_UD_COLOR_16BPP_565:
        clientColorDepth = 16;
        break;

      case RNS_UD_COLOR_24BPP:
        clientColorDepth = 24;
        break;

      default:
        return FALSE;
    }
  }
  else
  {
    switch (colorDepth)
    {
      case RNS_UD_COLOR_4BPP:
        clientColorDepth = 4;
        break;

      case RNS_UD_COLOR_8BPP:
        clientColorDepth = 8;
        break;

      default:
        return FALSE;
    }
  }

  /*
   * If we are in server mode, accept client's color depth only if
   * it is smaller than ours. This is what Windows server does.
   */
  if ((clientColorDepth < freerdp_settings_get_uint32(settings, FreeRDP_ColorDepth)) ||
      !settings->ServerMode)
    freerdp_settings_set_uint32(settings, FreeRDP_ColorDepth, clientColorDepth);

  WLog_DBG(TAG, "Received EarlyCapabilityFlags=%s",
           rdp_early_client_caps_string(settings->EarlyCapabilityFlags, buffer, sizeof(buffer)));

  return updateEarlyClientCaps(settings, settings->EarlyCapabilityFlags, connectionType);
}

/**
 * Write a client core data block (TS_UD_CS_CORE).
 * msdn{cc240510}
 * @param s The stream to write to
 * @param mcs The MSC instance to get the data from
 *
 * @return \b TRUE for success, \b FALSE otherwise
 */

BOOL gcc_write_client_core_data(wStream* s, const rdpMcs* mcs)
{
  char buffer[2048] = { 0 };
  char dbuffer[2048] = { 0 };
  BYTE connectionType = 0;
  HIGH_COLOR_DEPTH highColorDepth = HIGH_COLOR_4BPP;

  UINT16 earlyCapabilityFlags = 0;
  const rdpSettings* settings = mcs_get_const_settings(mcs);

  WINPR_ASSERT(s);
  WINPR_ASSERT(settings);

  const UINT16 SupportedColorDepths =
      freerdp_settings_get_uint16(settings, FreeRDP_SupportedColorDepths);
  const UINT32 ColorDepth = freerdp_settings_get_uint32(settings, FreeRDP_ColorDepth);

  if (!gcc_write_user_data_header(s, CS_CORE, 234))
    return FALSE;

  Stream_Write_UINT32(s, settings->RdpVersion);    /* Version */
  Stream_Write_UINT16(s, settings->DesktopWidth);  /* DesktopWidth */
  Stream_Write_UINT16(s, settings->DesktopHeight); /* DesktopHeight */
  Stream_Write_UINT16(s,
                      RNS_UD_COLOR_8BPP); /* ColorDepth, ignored because of postBeta2ColorDepth */
  Stream_Write_UINT16(s, RNS_UD_SAS_DEL); /* SASSequence (Secure Access Sequence) */
  Stream_Write_UINT32(s, settings->KeyboardLayout); /* KeyboardLayout */
  Stream_Write_UINT32(s, settings->ClientBuild);    /* ClientBuild */

  if (!Stream_EnsureRemainingCapacity(s, 32 + 12 + 64 + 8))
    return FALSE;

  /* clientName (32 bytes, null-terminated unicode, truncated to 15 characters) */
  size_t clientNameLength = 0;
  WCHAR* clientName = ConvertUtf8ToWCharAlloc(settings->ClientHostname, &clientNameLength);
  if (clientNameLength >= 16)
  {
    clientNameLength = 16;
    clientName[clientNameLength - 1] = 0;
  }

  Stream_Write(s, clientName, (clientNameLength * 2));
  Stream_Zero(s, 32 - (clientNameLength * 2));
  free(clientName);
  Stream_Write_UINT32(s, settings->KeyboardType);        /* KeyboardType */
  Stream_Write_UINT32(s, settings->KeyboardSubType);     /* KeyboardSubType */
  Stream_Write_UINT32(s, settings->KeyboardFunctionKey); /* KeyboardFunctionKey */
  Stream_Zero(s, 64);                                    /* imeFileName */
  Stream_Write_UINT16(s, RNS_UD_COLOR_8BPP);             /* postBeta2ColorDepth */
  Stream_Write_UINT16(s, 1);                             /* clientProductID */
  Stream_Write_UINT32(s, 0); /* serialNumber (should be initialized to 0) */
  highColorDepth = ColorDepthToHighColor(ColorDepth);
  earlyCapabilityFlags = earlyClientCapsFromSettings(settings);

  connectionType = settings->ConnectionType;

  if (!Stream_EnsureRemainingCapacity(s, 6))
    return FALSE;

  WLog_DBG(TAG, "Sending highColorDepth=%s, supportedColorDepths=%s, earlyCapabilityFlags=%s",
           HighColorToString(highColorDepth),
           freerdp_supported_color_depths_string(SupportedColorDepths, dbuffer, sizeof(dbuffer)),
           rdp_early_client_caps_string(earlyCapabilityFlags, buffer, sizeof(buffer)));
  Stream_Write_UINT16(s, highColorDepth);       /* highColorDepth */
  Stream_Write_UINT16(s, SupportedColorDepths); /* supportedColorDepths */
  Stream_Write_UINT16(s, earlyCapabilityFlags); /* earlyCapabilityFlags */

  if (!Stream_EnsureRemainingCapacity(s, 64 + 24))
    return FALSE;

  /* clientDigProductId (64 bytes, null-terminated unicode, truncated to 31 characters) */
  size_t clientDigProductIdLength = 0;
  WCHAR* clientDigProductId =
      ConvertUtf8ToWCharAlloc(settings->ClientProductId, &clientDigProductIdLength);
  if (clientDigProductIdLength >= 32)
  {
    clientDigProductIdLength = 32;
    clientDigProductId[clientDigProductIdLength - 1] = 0;
  }

  Stream_Write(s, clientDigProductId, (clientDigProductIdLength * 2));
  Stream_Zero(s, 64 - (clientDigProductIdLength * 2));
  free(clientDigProductId);
  Stream_Write_UINT8(s, connectionType);                   /* connectionType */
  Stream_Write_UINT8(s, 0);                                /* pad1octet */
  Stream_Write_UINT32(s, settings->SelectedProtocol);      /* serverSelectedProtocol */
  Stream_Write_UINT32(s, settings->DesktopPhysicalWidth);  /* desktopPhysicalWidth */
  Stream_Write_UINT32(s, settings->DesktopPhysicalHeight); /* desktopPhysicalHeight */
  Stream_Write_UINT16(s, settings->DesktopOrientation);    /* desktopOrientation */
  Stream_Write_UINT32(s, settings->DesktopScaleFactor);    /* desktopScaleFactor */
  Stream_Write_UINT32(s, settings->DeviceScaleFactor);     /* deviceScaleFactor */
  return TRUE;
}

BOOL gcc_read_server_core_data(wStream* s, rdpMcs* mcs)
{
  UINT32 serverVersion = 0;
  rdpSettings* settings = mcs_get_settings(mcs);

  WINPR_ASSERT(s);
  WINPR_ASSERT(settings);

  if (!Stream_CheckAndLogRequiredLength(TAG, s, 4))
    return FALSE;

  Stream_Read_UINT32(s, serverVersion); /* version */
  settings->RdpVersion = rdp_version_common(serverVersion, settings->RdpVersion);

  if (Stream_GetRemainingLength(s) >= 4)
  {
    Stream_Read_UINT32(s, settings->RequestedProtocols); /* clientRequestedProtocols */
  }

  if (Stream_GetRemainingLength(s) >= 4)
  {
    char buffer[2048] = { 0 };

    Stream_Read_UINT32(s, settings->EarlyCapabilityFlags); /* earlyCapabilityFlags */
    WLog_DBG(
        TAG, "Received EarlyCapabilityFlags=%s",
        rdp_early_client_caps_string(settings->EarlyCapabilityFlags, buffer, sizeof(buffer)));
  }

  return updateEarlyServerCaps(settings, settings->EarlyCapabilityFlags,
                               settings->ConnectionType);
}

/* TODO: This function modifies rdpMcs
 * TODO:  Split this out of this function
 */
BOOL gcc_write_server_core_data(wStream* s, rdpMcs* mcs)
{
  const rdpSettings* settings = mcs_get_const_settings(mcs);

  WINPR_ASSERT(s);
  WINPR_ASSERT(settings);

  if (!gcc_write_user_data_header(s, SC_CORE, 16))
    return FALSE;

  const UINT32 EarlyCapabilityFlags = earlyServerCapsFromSettings(settings);
  Stream_Write_UINT32(s, settings->RdpVersion);         /* version (4 bytes) */
  Stream_Write_UINT32(s, settings->RequestedProtocols); /* clientRequestedProtocols (4 bytes) */
  Stream_Write_UINT32(s, EarlyCapabilityFlags);         /* earlyCapabilityFlags (4 bytes) */
  return TRUE;
}

/**
 * Read a client security data block (TS_UD_CS_SEC).
 * msdn{cc240511}
 * @param s stream
 * @param mcs MCS instance
 *
 * @return \b TRUE for success, \b FALSE otherwise
 */

BOOL gcc_read_client_security_data(wStream* s, rdpMcs* mcs)
{
  rdpSettings* settings = mcs_get_settings(mcs);

  WINPR_ASSERT(s);
  WINPR_ASSERT(settings);

  const size_t blockLength = Stream_GetRemainingLength(s);
  if (blockLength < 8)
    return FALSE;

  if (settings->UseRdpSecurityLayer)
  {
    Stream_Read_UINT32(s, settings->EncryptionMethods); /* encryptionMethods */

    if (settings->EncryptionMethods == ENCRYPTION_METHOD_NONE)
      Stream_Read_UINT32(s, settings->EncryptionMethods); /* extEncryptionMethods */
    else
      Stream_Seek(s, 4);
  }
  else
  {
    Stream_Seek(s, 8);
  }

  return TRUE;
}

/**
 * Write a client security data block (TS_UD_CS_SEC).
 * msdn{cc240511}
 * @param s stream
 * @param mcs The MCS instance
 *
 * @return \b TRUE for success, \b FALSE otherwise
 */

BOOL gcc_write_client_security_data(wStream* s, const rdpMcs* mcs)
{
  const rdpSettings* settings = mcs_get_const_settings(mcs);

  WINPR_ASSERT(s);
  WINPR_ASSERT(settings);

  if (!gcc_write_user_data_header(s, CS_SECURITY, 12))
    return FALSE;

  if (settings->UseRdpSecurityLayer)
  {
    Stream_Write_UINT32(s, settings->EncryptionMethods); /* encryptionMethods */
    Stream_Write_UINT32(s, 0);                           /* extEncryptionMethods */
  }
  else
  {
    /* French locale, disable encryption */
    Stream_Write_UINT32(s, 0);                           /* encryptionMethods */
    Stream_Write_UINT32(s, settings->EncryptionMethods); /* extEncryptionMethods */
  }
  return TRUE;
}

BOOL gcc_read_server_security_data(wStream* s, rdpMcs* mcs)
{
  const BYTE* data = NULL;
  UINT32 length = 0;
  BOOL validCryptoConfig = FALSE;
  UINT32 EncryptionMethod = 0;
  UINT32 EncryptionLevel = 0;
  rdpSettings* settings = mcs_get_settings(mcs);

  WINPR_ASSERT(s);
  WINPR_ASSERT(settings);

  if (!Stream_CheckAndLogRequiredLength(TAG, s, 8))
    return FALSE;

  Stream_Read_UINT32(s, EncryptionMethod); /* encryptionMethod */
  Stream_Read_UINT32(s, EncryptionLevel);  /* encryptionLevel */

  /* Only accept valid/known encryption methods */
  switch (EncryptionMethod)
  {
    case ENCRYPTION_METHOD_NONE:
      WLog_DBG(TAG, "Server rdp encryption method: NONE");
      break;

    case ENCRYPTION_METHOD_40BIT:
      WLog_DBG(TAG, "Server rdp encryption method: 40BIT");
      break;

    case ENCRYPTION_METHOD_56BIT:
      WLog_DBG(TAG, "Server rdp encryption method: 56BIT");
      break;

    case ENCRYPTION_METHOD_128BIT:
      WLog_DBG(TAG, "Server rdp encryption method: 128BIT");
      break;

    case ENCRYPTION_METHOD_FIPS:
      WLog_DBG(TAG, "Server rdp encryption method: FIPS");
      break;

    default:
      WLog_ERR(TAG, "Received unknown encryption method %08" PRIX32 "", EncryptionMethod);
      return FALSE;
  }

  if (settings->UseRdpSecurityLayer && !(settings->EncryptionMethods & EncryptionMethod))
  {
    WLog_WARN(TAG, "Server uses non-advertised encryption method 0x%08" PRIX32 "",
              EncryptionMethod);
    /* FIXME: Should we return FALSE; in this case ?? */
  }

  settings->EncryptionMethods = EncryptionMethod;
  settings->EncryptionLevel = EncryptionLevel;
  /* Verify encryption level/method combinations according to MS-RDPBCGR Section 5.3.2 */
  switch (settings->EncryptionLevel)
  {
    case ENCRYPTION_LEVEL_NONE:
      if (settings->EncryptionMethods == ENCRYPTION_METHOD_NONE)
      {
        validCryptoConfig = TRUE;
      }

      break;

    case ENCRYPTION_LEVEL_FIPS:
      if (settings->EncryptionMethods == ENCRYPTION_METHOD_FIPS)
      {
        validCryptoConfig = TRUE;
      }

      break;

    case ENCRYPTION_LEVEL_LOW:
    case ENCRYPTION_LEVEL_HIGH:
    case ENCRYPTION_LEVEL_CLIENT_COMPATIBLE:
      if (settings->EncryptionMethods == ENCRYPTION_METHOD_40BIT ||
          settings->EncryptionMethods == ENCRYPTION_METHOD_56BIT ||
          settings->EncryptionMethods == ENCRYPTION_METHOD_128BIT ||
          settings->EncryptionMethods == ENCRYPTION_METHOD_FIPS)
      {
        validCryptoConfig = TRUE;
      }

      break;

    default:
      WLog_ERR(TAG, "Received unknown encryption level 0x%08" PRIX32 "",
               settings->EncryptionLevel);
  }

  if (!validCryptoConfig)
  {
    WLog_ERR(TAG,
             "Received invalid cryptographic configuration (level=0x%08" PRIX32
             " method=0x%08" PRIX32 ")",
             settings->EncryptionLevel, settings->EncryptionMethods);
    return FALSE;
  }

  if (settings->EncryptionLevel == ENCRYPTION_LEVEL_NONE)
  {
    /* serverRandomLen and serverCertLen must not be present */
    settings->UseRdpSecurityLayer = FALSE;
    return TRUE;
  }

  if (!Stream_CheckAndLogRequiredLength(TAG, s, 8))
    return FALSE;

  Stream_Read_UINT32(s, settings->ServerRandomLength);      /* serverRandomLen */
  Stream_Read_UINT32(s, settings->ServerCertificateLength); /* serverCertLen */

  if ((settings->ServerRandomLength == 0) || (settings->ServerCertificateLength == 0))
  {
    WLog_ERR(TAG,
             "Invalid ServerRandom (length=%" PRIu32 ") or ServerCertificate (length=%" PRIu32
             ")",
             settings->ServerRandomLength, settings->ServerCertificateLength);
    return FALSE;
  }

  if (!Stream_CheckAndLogRequiredLength(TAG, s, settings->ServerRandomLength))
    return FALSE;

  /* serverRandom */
  if (!freerdp_settings_set_pointer_len(settings, FreeRDP_ServerRandom, NULL,
                                        settings->ServerRandomLength))
    goto fail;

  Stream_Read(s, settings->ServerRandom, settings->ServerRandomLength);

  if (!Stream_CheckAndLogRequiredLength(TAG, s, settings->ServerCertificateLength))
    goto fail;

  /* serverCertificate */
  if (!freerdp_settings_set_pointer_len(settings, FreeRDP_ServerCertificate, NULL,
                                        settings->ServerCertificateLength))
    goto fail;

  Stream_Read(s, settings->ServerCertificate, settings->ServerCertificateLength);

  data = settings->ServerCertificate;
  length = settings->ServerCertificateLength;

  if (!freerdp_certificate_read_server_cert(settings->RdpServerCertificate, data, length))
    goto fail;

  return TRUE;
fail:
  free(settings->ServerRandom);
  free(settings->ServerCertificate);
  settings->ServerRandom = NULL;
  settings->ServerCertificate = NULL;
  return FALSE;
}

static BOOL gcc_update_server_random(rdpSettings* settings)
{
  const size_t length = 32;
  WINPR_ASSERT(settings);
  if (!freerdp_settings_set_pointer_len(settings, FreeRDP_ServerRandom, NULL, length))
    return FALSE;
  BYTE* data = freerdp_settings_get_pointer_writable(settings, FreeRDP_ServerRandom);
  if (!data)
    return FALSE;
  winpr_RAND(data, length);
  return TRUE;
}

/* TODO: This function does manipulate data in rdpMcs
 * TODO: Split this out of this function
 */
BOOL gcc_write_server_security_data(wStream* s, rdpMcs* mcs)
{
  if (!gcc_update_server_random(mcs_get_settings(mcs)))
    return FALSE;

  const rdpSettings* settings = mcs_get_const_settings(mcs);

  WINPR_ASSERT(s);
  WINPR_ASSERT(settings);

  const size_t posHeader = Stream_GetPosition(s);
  if (!gcc_write_user_data_header(s, SC_SECURITY, 12))
    return FALSE;

  Stream_Write_UINT32(s, settings->EncryptionMethods); /* encryptionMethod */
  Stream_Write_UINT32(s, settings->EncryptionLevel);   /* encryptionLevel */

  if (settings->EncryptionMethods == ENCRYPTION_METHOD_NONE)
    return TRUE;

  if (!Stream_EnsureRemainingCapacity(s, sizeof(UINT32) + settings->ServerRandomLength))
    return FALSE;
  Stream_Write_UINT32(s, settings->ServerRandomLength); /* serverRandomLen */
  const size_t posCertLen = Stream_GetPosition(s);
  Stream_Seek_UINT32(s); /* serverCertLen */
  Stream_Write(s, settings->ServerRandom, settings->ServerRandomLength);

  const SSIZE_T len = freerdp_certificate_write_server_cert(
      settings->RdpServerCertificate, CERT_TEMPORARILY_ISSUED | CERT_CHAIN_VERSION_1, s);
  if (len < 0)
    return FALSE;
  const size_t end = Stream_GetPosition(s);
  Stream_SetPosition(s, posHeader);
  if (!gcc_write_user_data_header(s, SC_SECURITY, end - posHeader))
    return FALSE;
  Stream_SetPosition(s, posCertLen);
  WINPR_ASSERT(len <= UINT32_MAX);
  Stream_Write_UINT32(s, (UINT32)len);
  Stream_SetPosition(s, end);
  return TRUE;
}

/**
 * Read a client network data block (TS_UD_CS_NET).
 * msdn{cc240512}
 *
 * @param s stream
 * @param mcs The MCS instance
 *
 * @return \b TRUE for success, \b FALSE otherwise
 */

BOOL gcc_read_client_network_data(wStream* s, rdpMcs* mcs)
{
  WINPR_ASSERT(s);
  WINPR_ASSERT(mcs);

  const size_t blockLength = Stream_GetRemainingLength(s);
  if (blockLength < 4)
    return FALSE;

  Stream_Read_UINT32(s, mcs->channelCount); /* channelCount */

  if (blockLength < 4 + mcs->channelCount * 12)
    return FALSE;

  if (mcs->channelCount > CHANNEL_MAX_COUNT)
    return FALSE;

  /* channelDefArray */
  for (UINT32 i = 0; i < mcs->channelCount; i++)
  {
    /**
     * CHANNEL_DEF
     * - name: an 8-byte array containing a null-terminated collection
     *   of seven ANSI characters that uniquely identify the channel.
     * - options: a 32-bit, unsigned integer. Channel option flags
     */
    rdpMcsChannel* channel = &mcs->channels[i];
    Stream_Read(s, channel->Name, CHANNEL_NAME_LEN + 1); /* name (8 bytes) */

    if (!memchr(channel->Name, 0, CHANNEL_NAME_LEN + 1))
    {
      WLog_ERR(
          TAG,
          "protocol violation: received a static channel name with missing null-termination");
      return FALSE;
    }

    Stream_Read_UINT32(s, channel->options); /* options (4 bytes) */
    channel->ChannelId = mcs->baseChannelId++;
  }

  return TRUE;
}

/**
 * Write a client network data block (TS_UD_CS_NET).
 * msdn{cc240512}
 * @param s stream
 * @param mcs The MCS to use
 *
 * @return \b TRUE for success, \b FALSE otherwise
 */

BOOL gcc_write_client_network_data(wStream* s, const rdpMcs* mcs)
{
  UINT16 length = 0;
  WINPR_ASSERT(s);
  WINPR_ASSERT(mcs);
  if (mcs->channelCount > 0)
  {
    length = mcs->channelCount * 12 + 8;
    if (!gcc_write_user_data_header(s, CS_NET, length))
      return FALSE;
    Stream_Write_UINT32(s, mcs->channelCount); /* channelCount */

    /* channelDefArray */
    for (UINT32 i = 0; i < mcs->channelCount; i++)
    {
      /* CHANNEL_DEF */
      rdpMcsChannel* channel = &mcs->channels[i];
      Stream_Write(s, channel->Name, CHANNEL_NAME_LEN + 1); /* name (8 bytes) */
      Stream_Write_UINT32(s, channel->options);             /* options (4 bytes) */
    }
  }
  return TRUE;
}

BOOL gcc_read_server_network_data(wStream* s, rdpMcs* mcs)
{
  UINT16 channelId = 0;
  UINT16 MCSChannelId = 0;
  UINT16 channelCount = 0;
  UINT32 parsedChannelCount = 0;
  WINPR_ASSERT(s);
  WINPR_ASSERT(mcs);
  if (!Stream_CheckAndLogRequiredLength(TAG, s, 4))
    return FALSE;

  Stream_Read_UINT16(s, MCSChannelId); /* MCSChannelId */
  Stream_Read_UINT16(s, channelCount); /* channelCount */
  parsedChannelCount = channelCount;

  if (channelCount != mcs->channelCount)
  {
    WLog_ERR(TAG, "requested %" PRIu32 " channels, got %" PRIu16 " instead", mcs->channelCount,
             channelCount);

    /* we ensure that the response is not bigger than the request */

    mcs->channelCount = channelCount;
  }

  if (!Stream_CheckAndLogRequiredLengthOfSize(TAG, s, channelCount, 2ull))
    return FALSE;

  if (mcs->channelMaxCount < parsedChannelCount)
  {
    WLog_ERR(TAG, "requested %" PRIu32 " channels > channelMaxCount %" PRIu16,
             mcs->channelCount, mcs->channelMaxCount);
    return FALSE;
  }

  for (UINT32 i = 0; i < parsedChannelCount; i++)
  {
    rdpMcsChannel* channel = &mcs->channels[i];
    Stream_Read_UINT16(s, channelId); /* channelId */
    channel->ChannelId = channelId;
  }

  if (channelCount % 2 == 1)
    return Stream_SafeSeek(s, 2); /* padding */

  return TRUE;
}

BOOL gcc_write_server_network_data(wStream* s, const rdpMcs* mcs)
{
  WINPR_ASSERT(s);
  WINPR_ASSERT(mcs);
  const size_t payloadLen = 8 + mcs->channelCount * 2 + (mcs->channelCount % 2 == 1 ? 2 : 0);

  if (!gcc_write_user_data_header(s, SC_NET, payloadLen))
    return FALSE;

  Stream_Write_UINT16(s, MCS_GLOBAL_CHANNEL_ID); /* MCSChannelId */
  Stream_Write_UINT16(s, mcs->channelCount);     /* channelCount */

  for (UINT32 i = 0; i < mcs->channelCount; i++)
  {
    const rdpMcsChannel* channel = &mcs->channels[i];
    Stream_Write_UINT16(s, channel->ChannelId);
  }

  if (mcs->channelCount % 2 == 1)
    Stream_Write_UINT16(s, 0);

  return TRUE;
}

/**
 * Read a client cluster data block (TS_UD_CS_CLUSTER).
 * msdn{cc240514}
 * @param s stream
 * @param mcs The MCS instance
 *
 * @return \b TRUE for success, \b FALSE otherwise
 */

BOOL gcc_read_client_cluster_data(wStream* s, rdpMcs* mcs)
{
  char buffer[128] = { 0 };
  UINT32 redirectedSessionId = 0;
  rdpSettings* settings = mcs_get_settings(mcs);

  WINPR_ASSERT(s);
  WINPR_ASSERT(settings);

  const size_t blockLength = Stream_GetRemainingLength(s);
  if (blockLength < 8)
    return FALSE;

  Stream_Read_UINT32(s, settings->ClusterInfoFlags); /* flags */
  Stream_Read_UINT32(s, redirectedSessionId);        /* redirectedSessionId */

  WLog_VRB(TAG, "read ClusterInfoFlags=%s, RedirectedSessionId=0x%08" PRIx32,
           rdp_cluster_info_flags_to_string(settings->ClusterInfoFlags, buffer, sizeof(buffer)),
           redirectedSessionId);
  if (settings->ClusterInfoFlags & REDIRECTED_SESSIONID_FIELD_VALID)
    settings->RedirectedSessionId = redirectedSessionId;

  settings->ConsoleSession =
      (settings->ClusterInfoFlags & REDIRECTED_SESSIONID_FIELD_VALID) ? TRUE : FALSE;
  settings->RedirectSmartCards =
      (settings->ClusterInfoFlags & REDIRECTED_SMARTCARD) ? TRUE : FALSE;

  if (blockLength > 8ULL)
  {
    if (Stream_GetRemainingLength(s) >= (blockLength - 8ULL))
    {
      /* The old Microsoft Mac RDP client can send a pad here */
      Stream_Seek(s, (blockLength - 8));
    }
  }

  return TRUE;
}

/**
 * Write a client cluster data block (TS_UD_CS_CLUSTER).
 * msdn{cc240514}
 * @param s stream
 * @param mcs The MCS instance
 *
 * @return \b TRUE for success, \b FALSE otherwise
 */

BOOL gcc_write_client_cluster_data(wStream* s, const rdpMcs* mcs)
{
  char buffer[128] = { 0 };
  UINT32 flags = 0;
  const rdpSettings* settings = mcs_get_const_settings(mcs);

  WINPR_ASSERT(s);
  WINPR_ASSERT(settings);

  if (!gcc_write_user_data_header(s, CS_CLUSTER, 12))
    return FALSE;
  flags = settings->ClusterInfoFlags;

  if (settings->ConsoleSession || settings->RedirectedSessionId)
    flags |= REDIRECTED_SESSIONID_FIELD_VALID;

  if (settings->RedirectSmartCards && settings->SmartcardLogon)
    flags |= REDIRECTED_SMARTCARD;

  if (flags & REDIRECTION_SUPPORTED)
  {
    /* REDIRECTION_VERSION6 requires multitransport enabled.
     * if we run without that use REDIRECTION_VERSION5 */
    if (freerdp_settings_get_bool(settings, FreeRDP_SupportMultitransport))
      flags |= (REDIRECTION_VERSION6 << 2);
    else
      flags |= (REDIRECTION_VERSION5 << 2);
  }

  WLog_VRB(TAG, "write ClusterInfoFlags=%s, RedirectedSessionId=0x%08" PRIx32,
           rdp_cluster_info_flags_to_string(flags, buffer, sizeof(buffer)),
           settings->RedirectedSessionId);
  Stream_Write_UINT32(s, flags);                         /* flags */
  Stream_Write_UINT32(s, settings->RedirectedSessionId); /* redirectedSessionID */
  return TRUE;
}

/**
 * Read a client monitor data block (TS_UD_CS_MONITOR).
 * msdn{dd305336}
 * @param s stream
 * @param mcs The MCS instance
 *
 * @return \b TRUE for success, \b FALSE otherwise
 */

BOOL gcc_read_client_monitor_data(wStream* s, rdpMcs* mcs)
{
  UINT32 monitorCount = 0;
  rdpSettings* settings = mcs_get_settings(mcs);

  WINPR_ASSERT(s);
  WINPR_ASSERT(settings);

  const size_t blockLength = Stream_GetRemainingLength(s);
  if (blockLength < 8)
    return FALSE;

  Stream_Read_UINT32(s, settings->MonitorFlags); /* flags */
  Stream_Read_UINT32(s, monitorCount);           /* monitorCount */

  /* 2.2.1.3.6 Client Monitor Data -
   * monitorCount (4 bytes): A 32-bit, unsigned integer. The number of display
   * monitor definitions in the monitorDefArray field (the maximum allowed is 16).
   */
  if (monitorCount > 16)
  {
    WLog_ERR(TAG, "announced monitors(%" PRIu32 ") exceed the 16 limit", monitorCount);
    return FALSE;
  }

  if (monitorCount > settings->MonitorDefArraySize)
  {
    WLog_ERR(TAG, "too many announced monitors(%" PRIu32 "), clamping to %" PRIu32 "",
             monitorCount, settings->MonitorDefArraySize);
    monitorCount = settings->MonitorDefArraySize;
  }

  if ((UINT32)((blockLength - 8) / 20) < monitorCount)
    return FALSE;

  settings->MonitorCount = monitorCount;

  for (UINT32 index = 0; index < monitorCount; index++)
  {
    UINT32 left = 0;
    UINT32 top = 0;
    UINT32 right = 0;
    UINT32 bottom = 0;
    UINT32 flags = 0;
    rdpMonitor* current = &settings->MonitorDefArray[index];

    Stream_Read_UINT32(s, left);   /* left */
    Stream_Read_UINT32(s, top);    /* top */
    Stream_Read_UINT32(s, right);  /* right */
    Stream_Read_UINT32(s, bottom); /* bottom */
    Stream_Read_UINT32(s, flags);  /* flags */
    current->x = left;
    current->y = top;
    current->width = right - left + 1;
    current->height = bottom - top + 1;
    current->is_primary = (flags & MONITOR_PRIMARY) ? TRUE : FALSE;
  }

  return TRUE;
}

/**
 * Write a client monitor data block (TS_UD_CS_MONITOR).
 * msdn{dd305336}
 * @param s stream
 * @param mcs The MCS to use
 *
 * @return \b TRUE for success, \b FALSE otherwise
 */

BOOL gcc_write_client_monitor_data(wStream* s, const rdpMcs* mcs)
{
  UINT16 length = 0;
  INT32 baseX = 0;
  INT32 baseY = 0;
  const rdpSettings* settings = mcs_get_const_settings(mcs);

  WINPR_ASSERT(s);
  WINPR_ASSERT(settings);

  WLog_DBG(TAG, "MonitorCount=%" PRIu32, settings->MonitorCount);
  if (settings->MonitorCount > 1)
  {
    length = (20 * settings->MonitorCount) + 12;
    if (!gcc_write_user_data_header(s, CS_MONITOR, length))
      return FALSE;
    Stream_Write_UINT32(s, settings->MonitorFlags); /* flags */
    Stream_Write_UINT32(s, settings->MonitorCount); /* monitorCount */

    /* first pass to get the primary monitor coordinates (it is supposed to be
     * in (0,0) */
    for (UINT32 i = 0; i < settings->MonitorCount; i++)
    {
      const rdpMonitor* current = &settings->MonitorDefArray[i];
      if (current->is_primary)
      {
        baseX = current->x;
        baseY = current->y;
        break;
      }
    }

    for (UINT32 i = 0; i < settings->MonitorCount; i++)
    {
      const rdpMonitor* current = &settings->MonitorDefArray[i];
      const UINT32 left = current->x - baseX;
      const UINT32 top = current->y - baseY;
      const UINT32 right = left + current->width - 1;
      const UINT32 bottom = top + current->height - 1;
      const UINT32 flags = current->is_primary ? MONITOR_PRIMARY : 0;
      WLog_DBG(TAG,
               "Monitor[%" PRIu32 "]: top=%" PRIu32 ", left=%" PRIu32 ", bottom=%" PRIu32
               ", right=%" PRIu32 ", flags=%" PRIu32,
               i, top, left, bottom, right, flags);
      Stream_Write_UINT32(s, left);   /* left */
      Stream_Write_UINT32(s, top);    /* top */
      Stream_Write_UINT32(s, right);  /* right */
      Stream_Write_UINT32(s, bottom); /* bottom */
      Stream_Write_UINT32(s, flags);  /* flags */
    }
  }
  WLog_DBG(TAG, "FINISHED");
  return TRUE;
}

BOOL gcc_read_client_monitor_extended_data(wStream* s, rdpMcs* mcs)
{
  UINT32 monitorCount = 0;
  UINT32 monitorAttributeSize = 0;
  rdpSettings* settings = mcs_get_settings(mcs);

  WINPR_ASSERT(s);
  WINPR_ASSERT(settings);

  const size_t blockLength = Stream_GetRemainingLength(s);
  if (blockLength < 12)
    return FALSE;

  Stream_Read_UINT32(s, settings->MonitorAttributeFlags); /* flags */
  Stream_Read_UINT32(s, monitorAttributeSize);            /* monitorAttributeSize */
  Stream_Read_UINT32(s, monitorCount);                    /* monitorCount */

  if (monitorAttributeSize != 20)
    return FALSE;

  if ((blockLength - 12) / monitorAttributeSize < monitorCount)
    return FALSE;

  if (settings->MonitorCount != monitorCount)
    return FALSE;

  settings->HasMonitorAttributes = TRUE;

  for (UINT32 index = 0; index < monitorCount; index++)
  {
    rdpMonitor* current = &settings->MonitorDefArray[index];
    Stream_Read_UINT32(s, current->attributes.physicalWidth);      /* physicalWidth */
    Stream_Read_UINT32(s, current->attributes.physicalHeight);     /* physicalHeight */
    Stream_Read_UINT32(s, current->attributes.orientation);        /* orientation */
    Stream_Read_UINT32(s, current->attributes.desktopScaleFactor); /* desktopScaleFactor */
    Stream_Read_UINT32(s, current->attributes.deviceScaleFactor);  /* deviceScaleFactor */
  }

  return TRUE;
}

BOOL gcc_write_client_monitor_extended_data(wStream* s, const rdpMcs* mcs)
{
  UINT16 length = 0;
  const rdpSettings* settings = mcs_get_const_settings(mcs);

  WINPR_ASSERT(s);
  WINPR_ASSERT(settings);

  if (settings->HasMonitorAttributes)
  {
    length = (20 * settings->MonitorCount) + 16;
    if (!gcc_write_user_data_header(s, CS_MONITOR_EX, length))
      return FALSE;
    Stream_Write_UINT32(s, settings->MonitorAttributeFlags); /* flags */
    Stream_Write_UINT32(s, 20);                              /* monitorAttributeSize */
    Stream_Write_UINT32(s, settings->MonitorCount);          /* monitorCount */

    for (UINT32 i = 0; i < settings->MonitorCount; i++)
    {
      const rdpMonitor* current = &settings->MonitorDefArray[i];
      Stream_Write_UINT32(s, current->attributes.physicalWidth);      /* physicalWidth */
      Stream_Write_UINT32(s, current->attributes.physicalHeight);     /* physicalHeight */
      Stream_Write_UINT32(s, current->attributes.orientation);        /* orientation */
      Stream_Write_UINT32(s, current->attributes.desktopScaleFactor); /* desktopScaleFactor */
      Stream_Write_UINT32(s, current->attributes.deviceScaleFactor);  /* deviceScaleFactor */
    }
  }
  return TRUE;
}

/**
 * Read a client message channel data block (TS_UD_CS_MCS_MSGCHANNEL).
 * msdn{jj217627}
 * @param s stream
 * @param mcs The MCS instance
 *
 * @return \b TRUE for success, \b FALSE otherwise
 */

BOOL gcc_read_client_message_channel_data(wStream* s, rdpMcs* mcs)
{
  WINPR_ASSERT(s);
  WINPR_ASSERT(mcs);

  const size_t blockLength = Stream_GetRemainingLength(s);
  if (blockLength < 4)
    return FALSE;

  Stream_Read_UINT32(s, mcs->flags);
  mcs->messageChannelId = mcs->baseChannelId++;
  return TRUE;
}

/**
 * Write a client message channel data block (TS_UD_CS_MCS_MSGCHANNEL).
 * msdn{jj217627}
 * @param s stream
 * @param mcs The MCS instance
 *
 * @return \b TRUE for success, \b FALSE otherwise
 */

BOOL gcc_write_client_message_channel_data(wStream* s, const rdpMcs* mcs)
{
  const rdpSettings* settings = mcs_get_const_settings(mcs);

  WINPR_ASSERT(s);
  WINPR_ASSERT(mcs);
  WINPR_ASSERT(settings);
  if (freerdp_settings_get_bool(settings, FreeRDP_NetworkAutoDetect) ||
      settings->SupportHeartbeatPdu || settings->SupportMultitransport)
  {
    if (!gcc_write_user_data_header(s, CS_MCS_MSGCHANNEL, 8))
      return FALSE;
    Stream_Write_UINT32(s, mcs->flags); /* flags */
  }
  return TRUE;
}

BOOL gcc_read_server_message_channel_data(wStream* s, rdpMcs* mcs)
{
  UINT16 MCSChannelId = 0;
  WINPR_ASSERT(s);
  WINPR_ASSERT(mcs);
  if (!Stream_CheckAndLogRequiredLength(TAG, s, 2))
    return FALSE;

  Stream_Read_UINT16(s, MCSChannelId); /* MCSChannelId */
  /* Save the MCS message channel id */
  mcs->messageChannelId = MCSChannelId;
  return TRUE;
}

BOOL gcc_write_server_message_channel_data(wStream* s, const rdpMcs* mcs)
{
  WINPR_ASSERT(s);
  WINPR_ASSERT(mcs);
  if (mcs->messageChannelId == 0)
    return TRUE;

  if (!gcc_write_user_data_header(s, SC_MCS_MSGCHANNEL, 6))
    return FALSE;

  Stream_Write_UINT16(s, mcs->messageChannelId); /* mcsChannelId (2 bytes) */
  return TRUE;
}

/**
 * Read a client multitransport channel data block (TS_UD_CS_MULTITRANSPORT).
 * msdn{jj217498}
 * @param s stream
 * @param mcs The MCS instance
 *
 * @return \b TRUE for success, \b FALSE otherwise
 */

BOOL gcc_read_client_multitransport_channel_data(wStream* s, rdpMcs* mcs)
{
  rdpSettings* settings = mcs_get_settings(mcs);

  WINPR_ASSERT(s);
  WINPR_ASSERT(settings);

  const size_t blockLength = Stream_GetRemainingLength(s);
  if (blockLength < 4)
    return FALSE;

  UINT32 remoteFlags = 0;
  Stream_Read_UINT32(s, remoteFlags);
  settings->MultitransportFlags &= remoteFlags; /* merge local and remote flags */
  return TRUE;
}

/**
 * Write a client multitransport channel data block (TS_UD_CS_MULTITRANSPORT).
 * msdn{jj217498}
 *
 * @param s stream
 * @param mcs The MCS instance
 *
 * @return \b TRUE for success, \b FALSE otherwise
 */

BOOL gcc_write_client_multitransport_channel_data(wStream* s, const rdpMcs* mcs)
{
  const rdpSettings* settings = mcs_get_const_settings(mcs);

  WINPR_ASSERT(s);
  WINPR_ASSERT(settings);
  if (!gcc_write_user_data_header(s, CS_MULTITRANSPORT, 8))
    return FALSE;
  Stream_Write_UINT32(s, settings->MultitransportFlags); /* flags */
  return TRUE;
}

BOOL gcc_read_server_multitransport_channel_data(wStream* s, rdpMcs* mcs)
{
  rdpSettings* settings = mcs_get_settings(mcs);
  UINT32 remoteFlags = 0;

  WINPR_ASSERT(s);
  WINPR_ASSERT(settings);
  if (!Stream_CheckAndLogRequiredLength(TAG, s, 4))
    return FALSE;

  Stream_Read_UINT32(s, remoteFlags);
  settings->MultitransportFlags &= remoteFlags; /* merge with client setting */
  return TRUE;
}

BOOL gcc_write_server_multitransport_channel_data(wStream* s, const rdpMcs* mcs)
{
  const rdpSettings* settings = mcs_get_const_settings(mcs);

  WINPR_ASSERT(s);
  WINPR_ASSERT(settings);

  if (!gcc_write_user_data_header(s, SC_MULTITRANSPORT, 8))
    return FALSE;

  Stream_Write_UINT32(s, settings->MultitransportFlags); /* flags (4 bytes) */
  return TRUE;
}

Coverage Report

Created: 2024-09-08 06:20