/src/FreeRDP/libfreerdp/core/info.c
Line | Count | Source |
1 | | /** |
2 | | * FreeRDP: A Remote Desktop Protocol Implementation |
3 | | * RDP Client Info |
4 | | * |
5 | | * Copyright 2011 Marc-Andre Moreau <marcandre.moreau@gmail.com> |
6 | | * Copyright 2015 Thincast Technologies GmbH |
7 | | * Copyright 2015 DI (FH) Martin Haimberger <martin.haimberger@thincast.com> |
8 | | * |
9 | | * Licensed under the Apache License, Version 2.0 (the "License"); |
10 | | * you may not use this file except in compliance with the License. |
11 | | * You may obtain a copy of the License at |
12 | | * |
13 | | * http://www.apache.org/licenses/LICENSE-2.0 |
14 | | * |
15 | | * Unless required by applicable law or agreed to in writing, software |
16 | | * distributed under the License is distributed on an "AS IS" BASIS, |
17 | | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
18 | | * See the License for the specific language governing permissions and |
19 | | * limitations under the License. |
20 | | */ |
21 | | |
22 | | #include <freerdp/config.h> |
23 | | |
24 | | #include "settings.h" |
25 | | |
26 | | #include <winpr/crt.h> |
27 | | #include <winpr/assert.h> |
28 | | |
29 | | #include <freerdp/crypto/crypto.h> |
30 | | #include <freerdp/log.h> |
31 | | #include <freerdp/session.h> |
32 | | #include <stdio.h> |
33 | | |
34 | | #include "timezone.h" |
35 | | |
36 | | #include "info.h" |
37 | | |
38 | 16 | #define TAG FREERDP_TAG("core.info") |
39 | | |
40 | 204 | #define logonInfoV2Size (2u + 4u + 4u + 4u + 4u) |
41 | 144 | #define logonInfoV2ReservedSize 558u |
42 | 102 | #define logonInfoV2TotalSize (logonInfoV2Size + logonInfoV2ReservedSize) |
43 | | |
44 | | static const char* INFO_TYPE_LOGON_STRINGS[4] = { "Logon Info V1", "Logon Info V2", |
45 | | "Logon Plain Notify", "Logon Extended Info" }; |
46 | | |
47 | | /* This define limits the length of the strings in the label field. */ |
48 | 0 | #define MAX_LABEL_LENGTH 40 |
49 | | struct info_flags_t |
50 | | { |
51 | | UINT32 flag; |
52 | | const char* label; |
53 | | }; |
54 | | |
55 | | static const struct info_flags_t info_flags[] = { |
56 | | { INFO_MOUSE, "INFO_MOUSE" }, |
57 | | { INFO_DISABLECTRLALTDEL, "INFO_DISABLECTRLALTDEL" }, |
58 | | { INFO_AUTOLOGON, "INFO_AUTOLOGON" }, |
59 | | { INFO_UNICODE, "INFO_UNICODE" }, |
60 | | { INFO_MAXIMIZESHELL, "INFO_MAXIMIZESHELL" }, |
61 | | { INFO_LOGONNOTIFY, "INFO_LOGONNOTIFY" }, |
62 | | { INFO_COMPRESSION, "INFO_COMPRESSION" }, |
63 | | { INFO_ENABLEWINDOWSKEY, "INFO_ENABLEWINDOWSKEY" }, |
64 | | { INFO_REMOTECONSOLEAUDIO, "INFO_REMOTECONSOLEAUDIO" }, |
65 | | { INFO_FORCE_ENCRYPTED_CS_PDU, "INFO_FORCE_ENCRYPTED_CS_PDU" }, |
66 | | { INFO_RAIL, "INFO_RAIL" }, |
67 | | { INFO_LOGONERRORS, "INFO_LOGONERRORS" }, |
68 | | { INFO_MOUSE_HAS_WHEEL, "INFO_MOUSE_HAS_WHEEL" }, |
69 | | { INFO_PASSWORD_IS_SC_PIN, "INFO_PASSWORD_IS_SC_PIN" }, |
70 | | { INFO_NOAUDIOPLAYBACK, "INFO_NOAUDIOPLAYBACK" }, |
71 | | { INFO_USING_SAVED_CREDS, "INFO_USING_SAVED_CREDS" }, |
72 | | { INFO_AUDIOCAPTURE, "INFO_AUDIOCAPTURE" }, |
73 | | { INFO_VIDEO_DISABLE, "INFO_VIDEO_DISABLE" }, |
74 | | { INFO_HIDEF_RAIL_SUPPORTED, "INFO_HIDEF_RAIL_SUPPORTED" }, |
75 | | }; |
76 | | |
77 | | static BOOL rdp_read_info_null_string(rdpSettings* settings, FreeRDP_Settings_Keys_String id, |
78 | | const char* what, UINT32 flags, wStream* s, size_t cbLen, |
79 | | size_t max) |
80 | 1.97k | { |
81 | 1.97k | const BOOL unicode = (flags & INFO_UNICODE) != 0; |
82 | | |
83 | 1.97k | if (!freerdp_settings_set_string(settings, id, nullptr)) |
84 | 0 | return FALSE; |
85 | | |
86 | 1.97k | if (!Stream_CheckAndLogRequiredLength(TAG, s, (size_t)(cbLen))) |
87 | 132 | return FALSE; |
88 | | |
89 | 1.83k | if (cbLen > 0) |
90 | 401 | { |
91 | 401 | if ((cbLen > max) || (unicode && ((cbLen % 2) != 0))) |
92 | 259 | { |
93 | 259 | WLog_ERR(TAG, "protocol error: %s has invalid value: %" PRIuz "", what, cbLen); |
94 | 259 | return FALSE; |
95 | 259 | } |
96 | | |
97 | 142 | if (unicode) |
98 | 142 | { |
99 | 142 | const WCHAR* domain = Stream_PointerAs(s, WCHAR); |
100 | 142 | if (!freerdp_settings_set_string_from_utf16N(settings, id, domain, |
101 | 142 | cbLen / sizeof(WCHAR))) |
102 | 10 | { |
103 | 10 | WLog_ERR(TAG, "protocol error: no data to read for %s [expected %" PRIuz "]", what, |
104 | 10 | cbLen); |
105 | 10 | return FALSE; |
106 | 10 | } |
107 | 142 | } |
108 | 0 | else |
109 | 0 | { |
110 | 0 | const char* domain = Stream_ConstPointer(s); |
111 | 0 | if (!freerdp_settings_set_string_len(settings, id, domain, cbLen)) |
112 | 0 | return FALSE; |
113 | 0 | } |
114 | 142 | } |
115 | 1.56k | Stream_Seek(s, cbLen); |
116 | | |
117 | 1.56k | return TRUE; |
118 | 1.83k | } |
119 | | |
120 | | static char* rdp_info_package_flags_description(UINT32 flags) |
121 | 0 | { |
122 | 0 | char* result = nullptr; |
123 | 0 | size_t maximum_size = 1 + MAX_LABEL_LENGTH * ARRAYSIZE(info_flags); |
124 | |
|
125 | 0 | result = calloc(maximum_size, sizeof(char)); |
126 | |
|
127 | 0 | if (!result) |
128 | 0 | return nullptr; |
129 | | |
130 | 0 | for (size_t i = 0; i < ARRAYSIZE(info_flags); i++) |
131 | 0 | { |
132 | 0 | const struct info_flags_t* cur = &info_flags[i]; |
133 | 0 | if (cur->flag & flags) |
134 | 0 | { |
135 | 0 | winpr_str_append(cur->label, result, maximum_size, "|"); |
136 | 0 | } |
137 | 0 | } |
138 | |
|
139 | 0 | return result; |
140 | 0 | } |
141 | | |
142 | | static BOOL rdp_compute_client_auto_reconnect_cookie(rdpRdp* rdp) |
143 | 0 | { |
144 | 0 | BYTE ClientRandom[CLIENT_RANDOM_LENGTH] = WINPR_C_ARRAY_INIT; |
145 | 0 | BYTE AutoReconnectRandom[32] = WINPR_C_ARRAY_INIT; |
146 | 0 | ARC_SC_PRIVATE_PACKET* serverCookie = nullptr; |
147 | 0 | ARC_CS_PRIVATE_PACKET* clientCookie = nullptr; |
148 | |
|
149 | 0 | WINPR_ASSERT(rdp); |
150 | 0 | rdpSettings* settings = rdp->settings; |
151 | 0 | WINPR_ASSERT(settings); |
152 | |
|
153 | 0 | serverCookie = settings->ServerAutoReconnectCookie; |
154 | 0 | clientCookie = settings->ClientAutoReconnectCookie; |
155 | 0 | clientCookie->cbLen = 28; |
156 | 0 | clientCookie->version = serverCookie->version; |
157 | 0 | clientCookie->logonId = serverCookie->logonId; |
158 | 0 | ZeroMemory(clientCookie->securityVerifier, sizeof(clientCookie->securityVerifier)); |
159 | 0 | CopyMemory(AutoReconnectRandom, serverCookie->arcRandomBits, |
160 | 0 | sizeof(serverCookie->arcRandomBits)); |
161 | |
|
162 | 0 | if (settings->SelectedProtocol == PROTOCOL_RDP) |
163 | 0 | CopyMemory(ClientRandom, settings->ClientRandom, settings->ClientRandomLength); |
164 | | |
165 | | /* SecurityVerifier = HMAC_MD5(AutoReconnectRandom, ClientRandom) */ |
166 | |
|
167 | 0 | if (!winpr_HMAC(WINPR_MD_MD5, AutoReconnectRandom, 16, ClientRandom, sizeof(ClientRandom), |
168 | 0 | clientCookie->securityVerifier, sizeof(clientCookie->securityVerifier))) |
169 | 0 | return FALSE; |
170 | | |
171 | 0 | return TRUE; |
172 | 0 | } |
173 | | |
174 | | /** |
175 | | * Read Server Auto Reconnect Cookie (ARC_SC_PRIVATE_PACKET). |
176 | | * msdn{cc240540} |
177 | | */ |
178 | | |
179 | | static BOOL rdp_read_server_auto_reconnect_cookie(rdpRdp* rdp, wStream* s, logon_info_ex* info) |
180 | 80 | { |
181 | 80 | BYTE* p = nullptr; |
182 | 80 | ARC_SC_PRIVATE_PACKET* autoReconnectCookie = nullptr; |
183 | 80 | rdpSettings* settings = rdp->settings; |
184 | 80 | autoReconnectCookie = settings->ServerAutoReconnectCookie; |
185 | | |
186 | 80 | if (!Stream_CheckAndLogRequiredLength(TAG, s, 28)) |
187 | 2 | return FALSE; |
188 | | |
189 | 78 | Stream_Read_UINT32(s, autoReconnectCookie->cbLen); /* cbLen (4 bytes) */ |
190 | | |
191 | 78 | if (autoReconnectCookie->cbLen != 28) |
192 | 48 | { |
193 | 48 | WLog_ERR(TAG, "ServerAutoReconnectCookie.cbLen != 28"); |
194 | 48 | return FALSE; |
195 | 48 | } |
196 | | |
197 | 30 | Stream_Read_UINT32(s, autoReconnectCookie->version); /* Version (4 bytes) */ |
198 | 30 | Stream_Read_UINT32(s, autoReconnectCookie->logonId); /* LogonId (4 bytes) */ |
199 | 30 | Stream_Read(s, autoReconnectCookie->arcRandomBits, 16); /* ArcRandomBits (16 bytes) */ |
200 | 30 | p = autoReconnectCookie->arcRandomBits; |
201 | 30 | WLog_DBG(TAG, |
202 | 30 | "ServerAutoReconnectCookie: Version: %" PRIu32 " LogonId: %" PRIu32 |
203 | 30 | " SecurityVerifier: " |
204 | 30 | "%02" PRIX8 "%02" PRIX8 "%02" PRIX8 "%02" PRIX8 "%02" PRIX8 "%02" PRIX8 "%02" PRIX8 |
205 | 30 | "%02" PRIX8 "" |
206 | 30 | "%02" PRIX8 "%02" PRIX8 "%02" PRIX8 "%02" PRIX8 "%02" PRIX8 "%02" PRIX8 "%02" PRIX8 |
207 | 30 | "%02" PRIX8 "", |
208 | 30 | autoReconnectCookie->version, autoReconnectCookie->logonId, p[0], p[1], p[2], p[3], |
209 | 30 | p[4], p[5], p[6], p[7], p[8], p[9], p[10], p[11], p[12], p[13], p[14], p[15]); |
210 | 30 | info->LogonId = autoReconnectCookie->logonId; |
211 | 30 | CopyMemory(info->ArcRandomBits, p, 16); |
212 | | |
213 | 30 | if ((settings->PrintReconnectCookie)) |
214 | 0 | { |
215 | 0 | char* base64 = nullptr; |
216 | 0 | base64 = crypto_base64_encode((BYTE*)autoReconnectCookie, sizeof(ARC_SC_PRIVATE_PACKET)); |
217 | 0 | WLog_INFO(TAG, "Reconnect-cookie: %s", base64); |
218 | 0 | free(base64); |
219 | 0 | } |
220 | | |
221 | 30 | return TRUE; |
222 | 78 | } |
223 | | |
224 | | /** |
225 | | * Read Client Auto Reconnect Cookie (ARC_CS_PRIVATE_PACKET). |
226 | | * msdn{cc240541} |
227 | | */ |
228 | | |
229 | | static BOOL rdp_read_client_auto_reconnect_cookie(rdpRdp* rdp, wStream* s) |
230 | 464 | { |
231 | 464 | ARC_CS_PRIVATE_PACKET* autoReconnectCookie = nullptr; |
232 | 464 | rdpSettings* settings = rdp->settings; |
233 | 464 | autoReconnectCookie = settings->ClientAutoReconnectCookie; |
234 | | |
235 | 464 | if (!Stream_CheckAndLogRequiredLength(TAG, s, 28)) |
236 | 10 | return FALSE; |
237 | | |
238 | 454 | Stream_Read_UINT32(s, autoReconnectCookie->cbLen); /* cbLen (4 bytes) */ |
239 | 454 | Stream_Read_UINT32(s, autoReconnectCookie->version); /* version (4 bytes) */ |
240 | 454 | Stream_Read_UINT32(s, autoReconnectCookie->logonId); /* LogonId (4 bytes) */ |
241 | 454 | Stream_Read(s, autoReconnectCookie->securityVerifier, 16); /* SecurityVerifier */ |
242 | 454 | return TRUE; |
243 | 464 | } |
244 | | |
245 | | /** |
246 | | * Write Client Auto Reconnect Cookie (ARC_CS_PRIVATE_PACKET). |
247 | | * msdn{cc240541} |
248 | | */ |
249 | | |
250 | | static BOOL rdp_write_client_auto_reconnect_cookie(rdpRdp* rdp, wStream* s) |
251 | 0 | { |
252 | 0 | BYTE* p = nullptr; |
253 | 0 | ARC_CS_PRIVATE_PACKET* autoReconnectCookie = nullptr; |
254 | 0 | rdpSettings* settings = nullptr; |
255 | |
|
256 | 0 | WINPR_ASSERT(rdp); |
257 | |
|
258 | 0 | settings = rdp->settings; |
259 | 0 | WINPR_ASSERT(settings); |
260 | |
|
261 | 0 | autoReconnectCookie = settings->ClientAutoReconnectCookie; |
262 | 0 | WINPR_ASSERT(autoReconnectCookie); |
263 | |
|
264 | 0 | p = autoReconnectCookie->securityVerifier; |
265 | 0 | WINPR_ASSERT(p); |
266 | |
|
267 | 0 | WLog_DBG(TAG, |
268 | 0 | "ClientAutoReconnectCookie: Version: %" PRIu32 " LogonId: %" PRIu32 " ArcRandomBits: " |
269 | 0 | "%02" PRIX8 "%02" PRIX8 "%02" PRIX8 "%02" PRIX8 "%02" PRIX8 "%02" PRIX8 "%02" PRIX8 |
270 | 0 | "%02" PRIX8 "" |
271 | 0 | "%02" PRIX8 "%02" PRIX8 "%02" PRIX8 "%02" PRIX8 "%02" PRIX8 "%02" PRIX8 "%02" PRIX8 |
272 | 0 | "%02" PRIX8 "", |
273 | 0 | autoReconnectCookie->version, autoReconnectCookie->logonId, p[0], p[1], p[2], p[3], |
274 | 0 | p[4], p[5], p[6], p[7], p[8], p[9], p[10], p[11], p[12], p[13], p[14], p[15]); |
275 | 0 | if (!Stream_EnsureRemainingCapacity(s, 12ull + 16ull)) |
276 | 0 | return FALSE; |
277 | 0 | Stream_Write_UINT32(s, autoReconnectCookie->cbLen); /* cbLen (4 bytes) */ |
278 | 0 | Stream_Write_UINT32(s, autoReconnectCookie->version); /* version (4 bytes) */ |
279 | 0 | Stream_Write_UINT32(s, autoReconnectCookie->logonId); /* LogonId (4 bytes) */ |
280 | 0 | Stream_Write(s, autoReconnectCookie->securityVerifier, 16); /* SecurityVerifier (16 bytes) */ |
281 | 0 | return TRUE; |
282 | 0 | } |
283 | | |
284 | | /* |
285 | | * Get the cbClientAddress size limit |
286 | | * see [MS-RDPBCGR] 2.2.1.11.1.1.1 Extended Info Packet (TS_EXTENDED_INFO_PACKET) |
287 | | */ |
288 | | |
289 | | static size_t rdp_get_client_address_max_size(const rdpRdp* rdp) |
290 | 708 | { |
291 | 708 | UINT32 version = 0; |
292 | 708 | rdpSettings* settings = nullptr; |
293 | | |
294 | 708 | WINPR_ASSERT(rdp); |
295 | | |
296 | 708 | settings = rdp->settings; |
297 | 708 | WINPR_ASSERT(settings); |
298 | | |
299 | 708 | version = freerdp_settings_get_uint32(settings, FreeRDP_RdpVersion); |
300 | 708 | if (version < RDP_VERSION_10_0) |
301 | 0 | return 64; |
302 | 708 | return 80; |
303 | 708 | } |
304 | | |
305 | | /** |
306 | | * Read Extended Info Packet (TS_EXTENDED_INFO_PACKET). |
307 | | * msdn{cc240476} |
308 | | */ |
309 | | |
310 | | static BOOL rdp_read_extended_info_packet(rdpRdp* rdp, wStream* s) |
311 | 712 | { |
312 | 712 | UINT16 clientAddressFamily = 0; |
313 | 712 | UINT16 cbClientAddress = 0; |
314 | 712 | UINT16 cbClientDir = 0; |
315 | 712 | UINT16 cbAutoReconnectLen = 0; |
316 | | |
317 | 712 | WINPR_ASSERT(rdp); |
318 | | |
319 | 712 | rdpSettings* settings = rdp->settings; |
320 | 712 | WINPR_ASSERT(settings); |
321 | | |
322 | 712 | if (!Stream_CheckAndLogRequiredLength(TAG, s, 4)) |
323 | 4 | return FALSE; |
324 | | |
325 | 708 | Stream_Read_UINT16(s, clientAddressFamily); /* clientAddressFamily (2 bytes) */ |
326 | 708 | Stream_Read_UINT16(s, cbClientAddress); /* cbClientAddress (2 bytes) */ |
327 | | |
328 | 708 | settings->IPv6Enabled = ((clientAddressFamily == ADDRESS_FAMILY_INET6)); |
329 | | |
330 | 708 | if (!rdp_read_info_null_string(settings, FreeRDP_ClientAddress, "cbClientAddress", INFO_UNICODE, |
331 | 708 | s, cbClientAddress, rdp_get_client_address_max_size(rdp))) |
332 | 24 | return FALSE; |
333 | | |
334 | 684 | if (!Stream_CheckAndLogRequiredLength(TAG, s, 2)) |
335 | 7 | return FALSE; |
336 | | |
337 | 677 | Stream_Read_UINT16(s, cbClientDir); /* cbClientDir (2 bytes) */ |
338 | | |
339 | | /* cbClientDir is the size in bytes of the character data in the clientDir field. |
340 | | * This size includes the length of the mandatory null terminator. |
341 | | * The maximum allowed value is 512 bytes. |
342 | | * Note: Although according to [MS-RDPBCGR 2.2.1.11.1.1.1] the null terminator |
343 | | * is mandatory the Microsoft Android client (starting with version 8.1.31.44) |
344 | | * sets cbClientDir to 0. |
345 | | */ |
346 | | |
347 | 677 | if (!rdp_read_info_null_string(settings, FreeRDP_ClientDir, "cbClientDir", INFO_UNICODE, s, |
348 | 677 | cbClientDir, 512)) |
349 | 17 | return FALSE; |
350 | | |
351 | | /** |
352 | | * down below all fields are optional but if one field is not present, |
353 | | * then all of the subsequent fields also MUST NOT be present. |
354 | | */ |
355 | | |
356 | | /* optional: clientTimeZone (172 bytes) */ |
357 | 660 | if (Stream_GetRemainingLength(s) == 0) |
358 | 3 | goto end; |
359 | | |
360 | 657 | if (!rdp_read_client_time_zone(s, settings)) |
361 | 24 | return FALSE; |
362 | | |
363 | | /* optional: clientSessionId (4 bytes), should be set to 0 */ |
364 | 633 | if (Stream_GetRemainingLength(s) == 0) |
365 | 2 | goto end; |
366 | 631 | if (!Stream_CheckAndLogRequiredLength(TAG, s, 4)) |
367 | 5 | return FALSE; |
368 | | |
369 | 626 | Stream_Read_UINT32(s, settings->ClientSessionId); |
370 | | |
371 | | /* optional: performanceFlags (4 bytes) */ |
372 | 626 | if (Stream_GetRemainingLength(s) == 0) |
373 | 4 | goto end; |
374 | | |
375 | 622 | if (!Stream_CheckAndLogRequiredLength(TAG, s, 4)) |
376 | 3 | return FALSE; |
377 | | |
378 | 619 | Stream_Read_UINT32(s, settings->PerformanceFlags); |
379 | 619 | freerdp_performance_flags_split(settings); |
380 | | |
381 | | /* optional: cbAutoReconnectLen (2 bytes) */ |
382 | 619 | if (Stream_GetRemainingLength(s) == 0) |
383 | 3 | goto end; |
384 | | |
385 | 616 | if (!Stream_CheckAndLogRequiredLength(TAG, s, 2)) |
386 | 2 | return FALSE; |
387 | | |
388 | 614 | Stream_Read_UINT16(s, cbAutoReconnectLen); |
389 | | |
390 | | /* optional: autoReconnectCookie (28 bytes) */ |
391 | | /* must be present if cbAutoReconnectLen is > 0 */ |
392 | 614 | if (cbAutoReconnectLen > 0) |
393 | 464 | { |
394 | 464 | if (!rdp_read_client_auto_reconnect_cookie(rdp, s)) |
395 | 10 | return FALSE; |
396 | 464 | } |
397 | | |
398 | | /* skip reserved1 and reserved2 fields */ |
399 | 604 | if (Stream_GetRemainingLength(s) == 0) |
400 | 5 | goto end; |
401 | | |
402 | 599 | if (!Stream_SafeSeek(s, 2)) |
403 | 4 | return FALSE; |
404 | | |
405 | 595 | if (Stream_GetRemainingLength(s) == 0) |
406 | 3 | goto end; |
407 | | |
408 | 592 | if (!Stream_SafeSeek(s, 2)) |
409 | 3 | return FALSE; |
410 | | |
411 | 589 | if (Stream_GetRemainingLength(s) == 0) |
412 | 2 | goto end; |
413 | | |
414 | 587 | if (!Stream_CheckAndLogRequiredLength(TAG, s, 2)) |
415 | 2 | return FALSE; |
416 | | |
417 | 585 | if (freerdp_settings_get_bool(settings, FreeRDP_SupportDynamicTimeZone)) |
418 | 585 | { |
419 | 585 | UINT16 cbDynamicDSTTimeZoneKeyName = 0; |
420 | | |
421 | 585 | Stream_Read_UINT16(s, cbDynamicDSTTimeZoneKeyName); |
422 | | |
423 | 585 | if (!rdp_read_info_null_string(settings, FreeRDP_DynamicDSTTimeZoneKeyName, |
424 | 585 | "cbDynamicDSTTimeZoneKeyName", INFO_UNICODE, s, |
425 | 585 | cbDynamicDSTTimeZoneKeyName, 254)) |
426 | 360 | return FALSE; |
427 | | |
428 | 225 | if (Stream_GetRemainingLength(s) == 0) |
429 | 5 | goto end; |
430 | | |
431 | 220 | if (!Stream_CheckAndLogRequiredLength(TAG, s, 2)) |
432 | 3 | return FALSE; |
433 | 217 | UINT16 DynamicDaylightTimeDisabled = 0; |
434 | 217 | Stream_Read_UINT16(s, DynamicDaylightTimeDisabled); |
435 | 217 | if (DynamicDaylightTimeDisabled > 1) |
436 | 95 | { |
437 | 95 | WLog_WARN(TAG, |
438 | 95 | "[MS-RDPBCGR] 2.2.1.11.1.1.1 Extended Info Packet " |
439 | 95 | "(TS_EXTENDED_INFO_PACKET)::dynamicDaylightTimeDisabled value %d" |
440 | 95 | " not allowed in [0,1]", |
441 | 95 | settings->DynamicDaylightTimeDisabled); |
442 | 95 | return FALSE; |
443 | 95 | } |
444 | 122 | if (!freerdp_settings_set_bool(settings, FreeRDP_DynamicDaylightTimeDisabled, |
445 | 122 | DynamicDaylightTimeDisabled != 0)) |
446 | 0 | return FALSE; |
447 | 122 | DEBUG_TIMEZONE("DynamicTimeZone=%s [%s]", |
448 | 122 | freerdp_settings_get_string(settings, FreeRDP_DynamicDSTTimeZoneKeyName), |
449 | 122 | freerdp_settings_get_bool(settings, FreeRDP_DynamicDaylightTimeDisabled) |
450 | 122 | ? "no-DST" |
451 | 122 | : "DST"); |
452 | 122 | } |
453 | | |
454 | 149 | end: |
455 | 149 | return TRUE; |
456 | 585 | } |
457 | | |
458 | | /** |
459 | | * Write Extended Info Packet (TS_EXTENDED_INFO_PACKET). |
460 | | * msdn{cc240476} |
461 | | */ |
462 | | |
463 | | static BOOL rdp_write_extended_info_packet(rdpRdp* rdp, wStream* s) |
464 | 0 | { |
465 | 0 | BOOL ret = FALSE; |
466 | 0 | size_t cbClientAddress = 0; |
467 | 0 | const size_t cbClientAddressMax = rdp_get_client_address_max_size(rdp); |
468 | 0 | WCHAR* clientDir = nullptr; |
469 | 0 | size_t cbClientDir = 0; |
470 | 0 | const size_t cbClientDirMax = 512; |
471 | 0 | UINT16 cbAutoReconnectCookie = 0; |
472 | |
|
473 | 0 | WINPR_ASSERT(rdp); |
474 | |
|
475 | 0 | rdpSettings* settings = rdp->settings; |
476 | 0 | WINPR_ASSERT(settings); |
477 | |
|
478 | 0 | UINT16 clientAddressFamily = ADDRESS_FAMILY_INET; |
479 | 0 | if (settings->ConnectChildSession) |
480 | 0 | clientAddressFamily = 0x0000; |
481 | 0 | else if (settings->IPv6Enabled) |
482 | 0 | clientAddressFamily = ADDRESS_FAMILY_INET6; |
483 | |
|
484 | 0 | WCHAR* clientAddress = ConvertUtf8ToWCharAlloc(settings->ClientAddress, &cbClientAddress); |
485 | |
|
486 | 0 | if (cbClientAddress > (UINT16_MAX / sizeof(WCHAR))) |
487 | 0 | { |
488 | 0 | WLog_ERR(TAG, "cbClientAddress > UINT16_MAX"); |
489 | 0 | goto fail; |
490 | 0 | } |
491 | | |
492 | 0 | if (cbClientAddress > 0) |
493 | 0 | { |
494 | 0 | cbClientAddress = (UINT16)(cbClientAddress + 1) * sizeof(WCHAR); |
495 | 0 | if (cbClientAddress > cbClientAddressMax) |
496 | 0 | { |
497 | 0 | WLog_WARN(TAG, |
498 | 0 | "the client address %s [%" PRIuz "] exceeds the limit of %" PRIuz |
499 | 0 | ", truncating.", |
500 | 0 | settings->ClientAddress, cbClientAddress, cbClientAddressMax); |
501 | |
|
502 | 0 | clientAddress[(cbClientAddressMax / sizeof(WCHAR)) - 1] = '\0'; |
503 | 0 | cbClientAddress = cbClientAddressMax; |
504 | 0 | } |
505 | 0 | } |
506 | |
|
507 | 0 | clientDir = ConvertUtf8ToWCharAlloc(settings->ClientDir, &cbClientDir); |
508 | 0 | if (cbClientDir > (UINT16_MAX / sizeof(WCHAR))) |
509 | 0 | { |
510 | 0 | WLog_ERR(TAG, "cbClientDir > UINT16_MAX"); |
511 | 0 | goto fail; |
512 | 0 | } |
513 | | |
514 | 0 | if (cbClientDir > 0) |
515 | 0 | { |
516 | 0 | cbClientDir = (UINT16)(cbClientDir + 1) * sizeof(WCHAR); |
517 | 0 | if (cbClientDir > cbClientDirMax) |
518 | 0 | { |
519 | 0 | WLog_WARN(TAG, |
520 | 0 | "the client dir %s [%" PRIuz "] exceeds the limit of %" PRIuz ", truncating.", |
521 | 0 | settings->ClientDir, cbClientDir, cbClientDirMax); |
522 | |
|
523 | 0 | clientDir[(cbClientDirMax / sizeof(WCHAR)) - 1] = '\0'; |
524 | 0 | cbClientDir = cbClientDirMax; |
525 | 0 | } |
526 | 0 | } |
527 | |
|
528 | 0 | if (settings->ServerAutoReconnectCookie->cbLen > UINT16_MAX) |
529 | 0 | { |
530 | 0 | WLog_ERR(TAG, "ServerAutoreconnectCookie::cbLen > UINT16_MAX"); |
531 | 0 | goto fail; |
532 | 0 | } |
533 | | |
534 | 0 | cbAutoReconnectCookie = (UINT16)settings->ServerAutoReconnectCookie->cbLen; |
535 | |
|
536 | 0 | if (!Stream_EnsureRemainingCapacity(s, 4ull + cbClientAddress + 2ull + cbClientDir)) |
537 | 0 | goto fail; |
538 | | |
539 | 0 | Stream_Write_UINT16(s, clientAddressFamily); /* clientAddressFamily (2 bytes) */ |
540 | 0 | Stream_Write_UINT16(s, (UINT16)cbClientAddress); /* cbClientAddress (2 bytes) */ |
541 | |
|
542 | 0 | Stream_Write(s, clientAddress, cbClientAddress); /* clientAddress */ |
543 | |
|
544 | 0 | Stream_Write_UINT16(s, (UINT16)cbClientDir); /* cbClientDir (2 bytes) */ |
545 | |
|
546 | 0 | Stream_Write(s, clientDir, cbClientDir); /* clientDir */ |
547 | |
|
548 | 0 | if (!rdp_write_client_time_zone(s, settings)) /* clientTimeZone (172 bytes) */ |
549 | 0 | goto fail; |
550 | | |
551 | 0 | if (!Stream_EnsureRemainingCapacity(s, 10ull)) |
552 | 0 | goto fail; |
553 | | |
554 | | /* clientSessionId (4 bytes), should be set to 0 */ |
555 | 0 | Stream_Write_UINT32(s, settings->ClientSessionId); |
556 | 0 | freerdp_performance_flags_make(settings); |
557 | 0 | Stream_Write_UINT32(s, settings->PerformanceFlags); /* performanceFlags (4 bytes) */ |
558 | 0 | Stream_Write_UINT16(s, cbAutoReconnectCookie); /* cbAutoReconnectCookie (2 bytes) */ |
559 | |
|
560 | 0 | if (cbAutoReconnectCookie > 0) |
561 | 0 | { |
562 | 0 | if (!rdp_compute_client_auto_reconnect_cookie(rdp)) |
563 | 0 | goto fail; |
564 | 0 | if (!rdp_write_client_auto_reconnect_cookie(rdp, s)) /* autoReconnectCookie */ |
565 | 0 | goto fail; |
566 | 0 | } |
567 | | |
568 | 0 | if (freerdp_settings_get_bool(settings, FreeRDP_SupportDynamicTimeZone)) |
569 | 0 | { |
570 | 0 | if (!Stream_EnsureRemainingCapacity(s, 8 + 254 * sizeof(WCHAR))) |
571 | 0 | goto fail; |
572 | | |
573 | 0 | Stream_Write_UINT16(s, 0); /* reserved1 (2 bytes) */ |
574 | 0 | Stream_Write_UINT16(s, 0); /* reserved2 (2 bytes) */ |
575 | |
|
576 | 0 | size_t rlen = 0; |
577 | 0 | const char* tz = freerdp_settings_get_string(settings, FreeRDP_DynamicDSTTimeZoneKeyName); |
578 | 0 | if (tz) |
579 | 0 | rlen = strnlen(tz, 254); |
580 | 0 | Stream_Write_UINT16(s, (UINT16)rlen * sizeof(WCHAR)); |
581 | 0 | if (Stream_Write_UTF16_String_From_UTF8(s, rlen, tz, rlen, FALSE) < 0) |
582 | 0 | goto fail; |
583 | 0 | Stream_Write_UINT16(s, settings->DynamicDaylightTimeDisabled ? 0x01 : 0x00); |
584 | 0 | } |
585 | | |
586 | 0 | ret = TRUE; |
587 | 0 | fail: |
588 | 0 | free(clientAddress); |
589 | 0 | free(clientDir); |
590 | 0 | return ret; |
591 | 0 | } |
592 | | |
593 | | static BOOL rdp_read_info_string(rdpSettings* settings, FreeRDP_Settings_Keys_String id, |
594 | | UINT32 flags, wStream* s, size_t cbLenNonNull, size_t max) |
595 | 3.98k | { |
596 | 3.98k | union |
597 | 3.98k | { |
598 | 3.98k | char c; |
599 | 3.98k | WCHAR w; |
600 | 3.98k | BYTE b[2]; |
601 | 3.98k | } terminator; |
602 | | |
603 | 3.98k | const BOOL unicode = (flags & INFO_UNICODE) != 0; |
604 | 3.98k | const size_t nullSize = unicode ? sizeof(WCHAR) : sizeof(CHAR); |
605 | | |
606 | 3.98k | if (!freerdp_settings_set_string(settings, id, nullptr)) |
607 | 0 | return FALSE; |
608 | | |
609 | 3.98k | if (!Stream_CheckAndLogRequiredLength(TAG, s, (size_t)(cbLenNonNull + nullSize))) |
610 | 38 | return FALSE; |
611 | | |
612 | 3.94k | if (cbLenNonNull > 0) |
613 | 276 | { |
614 | | /* cbDomain is the size in bytes of the character data in the Domain field. |
615 | | * This size excludes (!) the length of the mandatory null terminator. |
616 | | * Maximum value including the mandatory null terminator: 512 |
617 | | */ |
618 | 276 | if ((cbLenNonNull % 2) || (cbLenNonNull > (max - nullSize))) |
619 | 37 | { |
620 | 37 | WLog_ERR(TAG, "protocol error: invalid value: %" PRIuz "", cbLenNonNull); |
621 | 37 | return FALSE; |
622 | 37 | } |
623 | | |
624 | 239 | if (unicode) |
625 | 186 | { |
626 | 186 | const WCHAR* domain = Stream_PointerAs(s, WCHAR); |
627 | 186 | if (!freerdp_settings_set_string_from_utf16N(settings, id, domain, |
628 | 186 | cbLenNonNull / sizeof(WCHAR))) |
629 | 30 | return FALSE; |
630 | 186 | } |
631 | 53 | else |
632 | 53 | { |
633 | 53 | const char* domain = Stream_PointerAs(s, char); |
634 | 53 | if (!freerdp_settings_set_string_len(settings, id, domain, cbLenNonNull)) |
635 | 0 | return FALSE; |
636 | 53 | } |
637 | 239 | } |
638 | | |
639 | 3.87k | Stream_Seek(s, cbLenNonNull); |
640 | | |
641 | 3.87k | terminator.w = L'\0'; |
642 | 3.87k | Stream_Read(s, terminator.b, nullSize); |
643 | | |
644 | 3.87k | if (terminator.w != L'\0') |
645 | 138 | { |
646 | 138 | WLog_ERR(TAG, "protocol error: Domain must be null terminated"); |
647 | 138 | if (!freerdp_settings_set_string(settings, id, nullptr)) |
648 | 0 | WLog_ERR(TAG, "freerdp_settings_set_string(settings, id=%d, nullptr) failed", id); |
649 | | |
650 | 138 | return FALSE; |
651 | 138 | } |
652 | | |
653 | 3.74k | return TRUE; |
654 | 3.87k | } |
655 | | |
656 | | /** |
657 | | * Read Info Packet (TS_INFO_PACKET). |
658 | | * msdn{cc240475} |
659 | | */ |
660 | | |
661 | | static BOOL rdp_read_info_packet(rdpRdp* rdp, wStream* s, UINT16 tpktlength) |
662 | 970 | { |
663 | 970 | BOOL smallsize = FALSE; |
664 | 970 | UINT32 flags = 0; |
665 | 970 | UINT16 cbDomain = 0; |
666 | 970 | UINT16 cbUserName = 0; |
667 | 970 | UINT16 cbPassword = 0; |
668 | 970 | UINT16 cbAlternateShell = 0; |
669 | 970 | UINT16 cbWorkingDir = 0; |
670 | 970 | UINT32 CompressionLevel = 0; |
671 | 970 | rdpSettings* settings = rdp->settings; |
672 | | |
673 | 970 | if (!Stream_CheckAndLogRequiredLengthWLog(rdp->log, s, 18)) |
674 | 15 | return FALSE; |
675 | | |
676 | 955 | Stream_Read_UINT32(s, settings->KeyboardCodePage); /* CodePage (4 bytes ) */ |
677 | 955 | Stream_Read_UINT32(s, flags); /* flags (4 bytes) */ |
678 | 955 | settings->AudioCapture = ((flags & INFO_AUDIOCAPTURE) != 0); |
679 | 955 | settings->AudioPlayback = (!(flags & INFO_NOAUDIOPLAYBACK)); |
680 | 955 | settings->AutoLogonEnabled = ((flags & INFO_AUTOLOGON) != 0); |
681 | 955 | settings->RemoteApplicationMode = ((flags & INFO_RAIL) != 0); |
682 | 955 | settings->HiDefRemoteApp = ((flags & INFO_HIDEF_RAIL_SUPPORTED) != 0); |
683 | 955 | settings->RemoteConsoleAudio = ((flags & INFO_REMOTECONSOLEAUDIO) != 0); |
684 | 955 | settings->CompressionEnabled = ((flags & INFO_COMPRESSION) != 0); |
685 | 955 | settings->LogonNotify = ((flags & INFO_LOGONNOTIFY) != 0); |
686 | 955 | settings->MouseHasWheel = ((flags & INFO_MOUSE_HAS_WHEEL) != 0); |
687 | 955 | settings->DisableCtrlAltDel = ((flags & INFO_DISABLECTRLALTDEL) != 0); |
688 | 955 | settings->ForceEncryptedCsPdu = ((flags & INFO_FORCE_ENCRYPTED_CS_PDU) != 0); |
689 | 955 | settings->PasswordIsSmartcardPin = ((flags & INFO_PASSWORD_IS_SC_PIN) != 0); |
690 | | |
691 | 955 | if (flags & INFO_COMPRESSION) |
692 | 154 | { |
693 | 154 | CompressionLevel = ((flags & 0x00001E00) >> 9); |
694 | 154 | settings->CompressionLevel = CompressionLevel; |
695 | 154 | } |
696 | 801 | else |
697 | 801 | { |
698 | 801 | settings->CompressionLevel = 0; |
699 | 801 | } |
700 | | |
701 | | /* RDP 4 and 5 have smaller credential limits */ |
702 | 955 | if (settings->RdpVersion < RDP_VERSION_5_PLUS) |
703 | 0 | smallsize = TRUE; |
704 | | |
705 | 955 | Stream_Read_UINT16(s, cbDomain); /* cbDomain (2 bytes) */ |
706 | 955 | Stream_Read_UINT16(s, cbUserName); /* cbUserName (2 bytes) */ |
707 | 955 | Stream_Read_UINT16(s, cbPassword); /* cbPassword (2 bytes) */ |
708 | 955 | Stream_Read_UINT16(s, cbAlternateShell); /* cbAlternateShell (2 bytes) */ |
709 | 955 | Stream_Read_UINT16(s, cbWorkingDir); /* cbWorkingDir (2 bytes) */ |
710 | | |
711 | 955 | if (!rdp_read_info_string(settings, FreeRDP_Domain, flags, s, cbDomain, smallsize ? 52 : 512)) |
712 | 158 | return FALSE; |
713 | | |
714 | 797 | if (!rdp_read_info_string(settings, FreeRDP_Username, flags, s, cbUserName, |
715 | 797 | smallsize ? 44 : 512)) |
716 | 35 | return FALSE; |
717 | | |
718 | 762 | if (!rdp_read_info_string(settings, FreeRDP_Password, flags, s, cbPassword, |
719 | 762 | smallsize ? 32 : 512)) |
720 | 19 | return FALSE; |
721 | | |
722 | 743 | if (!rdp_read_info_string(settings, FreeRDP_AlternateShell, flags, s, cbAlternateShell, 512)) |
723 | 17 | return FALSE; |
724 | | |
725 | 726 | if (!rdp_read_info_string(settings, FreeRDP_ShellWorkingDirectory, flags, s, cbWorkingDir, 512)) |
726 | 14 | return FALSE; |
727 | | |
728 | 712 | if (settings->RdpVersion >= RDP_VERSION_5_PLUS) |
729 | 712 | { |
730 | 712 | if (!rdp_read_extended_info_packet(rdp, s)) /* extraInfo */ |
731 | 563 | return FALSE; |
732 | 712 | } |
733 | | |
734 | 149 | const size_t xrem = Stream_GetRemainingLength(s); |
735 | 149 | if (!tpkt_ensure_stream_consumed(rdp->log, s, tpktlength)) |
736 | 120 | Stream_Seek(s, xrem); |
737 | 149 | return TRUE; |
738 | 712 | } |
739 | | |
740 | | /** |
741 | | * Write Info Packet (TS_INFO_PACKET). |
742 | | * msdn{cc240475} |
743 | | */ |
744 | | |
745 | | static BOOL rdp_write_info_packet(rdpRdp* rdp, wStream* s) |
746 | 0 | { |
747 | 0 | BOOL ret = FALSE; |
748 | 0 | UINT32 flags = 0; |
749 | 0 | WCHAR* domainW = nullptr; |
750 | 0 | size_t cbDomain = 0; |
751 | 0 | WCHAR* userNameW = nullptr; |
752 | 0 | size_t cbUserName = 0; |
753 | 0 | WCHAR* passwordW = nullptr; |
754 | 0 | size_t cbPassword = 0; |
755 | 0 | WCHAR* alternateShellW = nullptr; |
756 | 0 | size_t cbAlternateShell = 0; |
757 | 0 | WCHAR* workingDirW = nullptr; |
758 | 0 | size_t cbWorkingDir = 0; |
759 | 0 | BOOL usedPasswordCookie = FALSE; |
760 | 0 | rdpSettings* settings = nullptr; |
761 | |
|
762 | 0 | WINPR_ASSERT(rdp); |
763 | 0 | settings = rdp->settings; |
764 | 0 | WINPR_ASSERT(settings); |
765 | |
|
766 | 0 | flags = INFO_MOUSE | INFO_UNICODE | INFO_LOGONERRORS | INFO_MAXIMIZESHELL | |
767 | 0 | INFO_ENABLEWINDOWSKEY | INFO_DISABLECTRLALTDEL | INFO_MOUSE_HAS_WHEEL | |
768 | 0 | INFO_FORCE_ENCRYPTED_CS_PDU; |
769 | |
|
770 | 0 | if (settings->SmartcardLogon) |
771 | 0 | { |
772 | 0 | flags |= INFO_AUTOLOGON; |
773 | 0 | flags |= INFO_PASSWORD_IS_SC_PIN; |
774 | 0 | } |
775 | |
|
776 | 0 | if (settings->AudioCapture) |
777 | 0 | flags |= INFO_AUDIOCAPTURE; |
778 | |
|
779 | 0 | if (!settings->AudioPlayback) |
780 | 0 | flags |= INFO_NOAUDIOPLAYBACK; |
781 | |
|
782 | 0 | if (settings->VideoDisable) |
783 | 0 | flags |= INFO_VIDEO_DISABLE; |
784 | |
|
785 | 0 | if (settings->AutoLogonEnabled) |
786 | 0 | flags |= INFO_AUTOLOGON; |
787 | |
|
788 | 0 | if (settings->RemoteApplicationMode) |
789 | 0 | { |
790 | 0 | if (settings->HiDefRemoteApp) |
791 | 0 | { |
792 | 0 | if (settings->RdpVersion >= RDP_VERSION_5_PLUS) |
793 | 0 | flags |= INFO_HIDEF_RAIL_SUPPORTED; |
794 | 0 | } |
795 | |
|
796 | 0 | flags |= INFO_RAIL; |
797 | 0 | } |
798 | |
|
799 | 0 | if (settings->RemoteConsoleAudio) |
800 | 0 | flags |= INFO_REMOTECONSOLEAUDIO; |
801 | |
|
802 | 0 | if (settings->CompressionEnabled) |
803 | 0 | { |
804 | 0 | flags |= INFO_COMPRESSION; |
805 | 0 | flags |= ((settings->CompressionLevel << 9) & 0x00001E00); |
806 | 0 | } |
807 | |
|
808 | 0 | if (settings->LogonNotify) |
809 | 0 | flags |= INFO_LOGONNOTIFY; |
810 | |
|
811 | 0 | if (settings->PasswordIsSmartcardPin) |
812 | 0 | flags |= INFO_PASSWORD_IS_SC_PIN; |
813 | |
|
814 | 0 | { |
815 | 0 | char* flags_description = rdp_info_package_flags_description(flags); |
816 | |
|
817 | 0 | if (flags_description) |
818 | 0 | { |
819 | 0 | WLog_DBG(TAG, "Client Info Packet Flags = %s", flags_description); |
820 | 0 | free(flags_description); |
821 | 0 | } |
822 | 0 | } |
823 | |
|
824 | 0 | domainW = freerdp_settings_get_string_as_utf16(settings, FreeRDP_Domain, &cbDomain); |
825 | 0 | if (cbDomain > UINT16_MAX / sizeof(WCHAR)) |
826 | 0 | { |
827 | 0 | WLog_ERR(TAG, "cbDomain > UINT16_MAX"); |
828 | 0 | goto fail; |
829 | 0 | } |
830 | 0 | cbDomain *= sizeof(WCHAR); |
831 | | |
832 | | /* user name provided by the expert for connecting to the novice computer */ |
833 | 0 | userNameW = freerdp_settings_get_string_as_utf16(settings, FreeRDP_Username, &cbUserName); |
834 | 0 | if (cbUserName > UINT16_MAX / sizeof(WCHAR)) |
835 | 0 | { |
836 | 0 | WLog_ERR(TAG, "cbUserName > UINT16_MAX"); |
837 | 0 | goto fail; |
838 | 0 | } |
839 | 0 | cbUserName *= sizeof(WCHAR); |
840 | |
|
841 | 0 | { |
842 | 0 | const char* pin = "*"; |
843 | 0 | if (!settings->RemoteAssistanceMode) |
844 | 0 | { |
845 | | /* Ignore redirection password if we´re using smartcard and have the pin as password */ |
846 | 0 | if (((flags & INFO_PASSWORD_IS_SC_PIN) == 0) && settings->RedirectionPassword && |
847 | 0 | (settings->RedirectionPasswordLength > 0)) |
848 | 0 | { |
849 | 0 | union |
850 | 0 | { |
851 | 0 | BYTE* bp; |
852 | 0 | WCHAR* wp; |
853 | 0 | } ptrconv; |
854 | |
|
855 | 0 | if (settings->RedirectionPasswordLength > UINT16_MAX) |
856 | 0 | { |
857 | 0 | WLog_ERR(TAG, "RedirectionPasswordLength > UINT16_MAX"); |
858 | 0 | goto fail; |
859 | 0 | } |
860 | 0 | usedPasswordCookie = TRUE; |
861 | |
|
862 | 0 | ptrconv.bp = settings->RedirectionPassword; |
863 | 0 | passwordW = ptrconv.wp; |
864 | 0 | cbPassword = (UINT16)settings->RedirectionPasswordLength; |
865 | 0 | } |
866 | 0 | else |
867 | 0 | pin = freerdp_settings_get_string(settings, FreeRDP_Password); |
868 | 0 | } |
869 | | |
870 | 0 | if (!usedPasswordCookie && pin) |
871 | 0 | { |
872 | 0 | passwordW = ConvertUtf8ToWCharAlloc(pin, &cbPassword); |
873 | 0 | if (cbPassword > UINT16_MAX / sizeof(WCHAR)) |
874 | 0 | { |
875 | 0 | WLog_ERR(TAG, "cbPassword > UINT16_MAX"); |
876 | 0 | goto fail; |
877 | 0 | } |
878 | 0 | cbPassword = (UINT16)cbPassword * sizeof(WCHAR); |
879 | 0 | } |
880 | 0 | } |
881 | | |
882 | 0 | { |
883 | 0 | const char* altShell = nullptr; |
884 | 0 | if (!settings->RemoteAssistanceMode) |
885 | 0 | altShell = freerdp_settings_get_string(settings, FreeRDP_AlternateShell); |
886 | 0 | else if (settings->RemoteAssistancePassStub) |
887 | 0 | altShell = "*"; /* This field MUST be filled with "*" */ |
888 | 0 | else |
889 | 0 | altShell = freerdp_settings_get_string(settings, FreeRDP_RemoteAssistancePassword); |
890 | |
|
891 | 0 | if (altShell && strlen(altShell) > 0) |
892 | 0 | { |
893 | 0 | alternateShellW = ConvertUtf8ToWCharAlloc(altShell, &cbAlternateShell); |
894 | 0 | if (!alternateShellW) |
895 | 0 | { |
896 | 0 | WLog_ERR(TAG, "alternateShellW == nullptr"); |
897 | 0 | goto fail; |
898 | 0 | } |
899 | 0 | if (cbAlternateShell > (UINT16_MAX / sizeof(WCHAR))) |
900 | 0 | { |
901 | 0 | WLog_ERR(TAG, "cbAlternateShell > UINT16_MAX"); |
902 | 0 | goto fail; |
903 | 0 | } |
904 | 0 | cbAlternateShell = (UINT16)cbAlternateShell * sizeof(WCHAR); |
905 | 0 | } |
906 | 0 | } |
907 | | |
908 | 0 | { |
909 | 0 | FreeRDP_Settings_Keys_String inputId = FreeRDP_RemoteAssistanceSessionId; |
910 | 0 | if (!freerdp_settings_get_bool(settings, FreeRDP_RemoteAssistanceMode)) |
911 | 0 | inputId = FreeRDP_ShellWorkingDirectory; |
912 | |
|
913 | 0 | workingDirW = freerdp_settings_get_string_as_utf16(settings, inputId, &cbWorkingDir); |
914 | 0 | } |
915 | 0 | if (cbWorkingDir > (UINT16_MAX / sizeof(WCHAR))) |
916 | 0 | { |
917 | 0 | WLog_ERR(TAG, "cbWorkingDir > UINT16_MAX"); |
918 | 0 | goto fail; |
919 | 0 | } |
920 | 0 | cbWorkingDir = (UINT16)cbWorkingDir * sizeof(WCHAR); |
921 | |
|
922 | 0 | if (!Stream_EnsureRemainingCapacity(s, 18ull + cbDomain + cbUserName + cbPassword + |
923 | 0 | cbAlternateShell + cbWorkingDir + 5 * sizeof(WCHAR))) |
924 | 0 | goto fail; |
925 | | |
926 | 0 | Stream_Write_UINT32(s, settings->KeyboardCodePage); /* CodePage (4 bytes) */ |
927 | 0 | Stream_Write_UINT32(s, flags); /* flags (4 bytes) */ |
928 | 0 | Stream_Write_UINT16(s, (UINT16)cbDomain); /* cbDomain (2 bytes) */ |
929 | 0 | Stream_Write_UINT16(s, (UINT16)cbUserName); /* cbUserName (2 bytes) */ |
930 | 0 | Stream_Write_UINT16(s, (UINT16)cbPassword); /* cbPassword (2 bytes) */ |
931 | 0 | Stream_Write_UINT16(s, (UINT16)cbAlternateShell); /* cbAlternateShell (2 bytes) */ |
932 | 0 | Stream_Write_UINT16(s, (UINT16)cbWorkingDir); /* cbWorkingDir (2 bytes) */ |
933 | |
|
934 | 0 | Stream_Write(s, domainW, cbDomain); |
935 | | |
936 | | /* the mandatory null terminator */ |
937 | 0 | Stream_Write_UINT16(s, 0); |
938 | |
|
939 | 0 | Stream_Write(s, userNameW, cbUserName); |
940 | | |
941 | | /* the mandatory null terminator */ |
942 | 0 | Stream_Write_UINT16(s, 0); |
943 | |
|
944 | 0 | Stream_Write(s, passwordW, cbPassword); |
945 | | |
946 | | /* the mandatory null terminator */ |
947 | 0 | Stream_Write_UINT16(s, 0); |
948 | |
|
949 | 0 | Stream_Write(s, alternateShellW, cbAlternateShell); |
950 | | |
951 | | /* the mandatory null terminator */ |
952 | 0 | Stream_Write_UINT16(s, 0); |
953 | |
|
954 | 0 | Stream_Write(s, workingDirW, cbWorkingDir); |
955 | | |
956 | | /* the mandatory null terminator */ |
957 | 0 | Stream_Write_UINT16(s, 0); |
958 | 0 | ret = TRUE; |
959 | 0 | fail: |
960 | 0 | free(domainW); |
961 | 0 | free(userNameW); |
962 | 0 | free(alternateShellW); |
963 | 0 | free(workingDirW); |
964 | |
|
965 | 0 | if (!usedPasswordCookie) |
966 | 0 | free(passwordW); |
967 | |
|
968 | 0 | if (!ret) |
969 | 0 | return FALSE; |
970 | | |
971 | 0 | if (settings->RdpVersion >= RDP_VERSION_5_PLUS) |
972 | 0 | ret = rdp_write_extended_info_packet(rdp, s); /* extraInfo */ |
973 | |
|
974 | 0 | return ret; |
975 | 0 | } |
976 | | |
977 | | /** |
978 | | * Read Client Info PDU (CLIENT_INFO_PDU). |
979 | | * msdn{cc240474} |
980 | | * @param rdp RDP module |
981 | | * @param s stream |
982 | | */ |
983 | | |
984 | | BOOL rdp_recv_client_info(rdpRdp* rdp, wStream* s) |
985 | 17.7k | { |
986 | 17.7k | UINT16 length = 0; |
987 | 17.7k | UINT16 channelId = 0; |
988 | 17.7k | UINT16 securityFlags = 0; |
989 | | |
990 | 17.7k | WINPR_ASSERT(rdp_get_state(rdp) == CONNECTION_STATE_SECURE_SETTINGS_EXCHANGE); |
991 | | |
992 | 17.7k | if (!rdp_read_header(rdp, s, &length, &channelId)) |
993 | 16.7k | return FALSE; |
994 | | |
995 | 992 | if (!rdp_read_security_header(rdp, s, &securityFlags, &length)) |
996 | 9 | return FALSE; |
997 | | |
998 | 983 | if ((securityFlags & SEC_INFO_PKT) == 0) |
999 | 13 | return FALSE; |
1000 | | |
1001 | 970 | if (rdp->settings->UseRdpSecurityLayer) |
1002 | 0 | { |
1003 | 0 | if (securityFlags & SEC_REDIRECTION_PKT) |
1004 | 0 | { |
1005 | 0 | WLog_ERR(TAG, "Error: SEC_REDIRECTION_PKT unsupported"); |
1006 | 0 | return FALSE; |
1007 | 0 | } |
1008 | | |
1009 | 0 | if (securityFlags & SEC_ENCRYPT) |
1010 | 0 | { |
1011 | 0 | if (!rdp_decrypt(rdp, s, &length, securityFlags)) |
1012 | 0 | return FALSE; |
1013 | 0 | } |
1014 | 0 | } |
1015 | | |
1016 | 970 | return rdp_read_info_packet(rdp, s, length); |
1017 | 970 | } |
1018 | | |
1019 | | /** |
1020 | | * Send Client Info PDU (CLIENT_INFO_PDU). |
1021 | | * msdn{cc240474} |
1022 | | * @param rdp RDP module |
1023 | | */ |
1024 | | |
1025 | | BOOL rdp_send_client_info(rdpRdp* rdp) |
1026 | 0 | { |
1027 | 0 | UINT16 sec_flags = SEC_INFO_PKT; |
1028 | 0 | wStream* s = nullptr; |
1029 | 0 | WINPR_ASSERT(rdp); |
1030 | 0 | s = rdp_send_stream_init(rdp, &sec_flags); |
1031 | |
|
1032 | 0 | if (!s) |
1033 | 0 | { |
1034 | 0 | WLog_ERR(TAG, "Stream_New failed!"); |
1035 | 0 | return FALSE; |
1036 | 0 | } |
1037 | | |
1038 | 0 | if (!rdp_write_info_packet(rdp, s)) |
1039 | 0 | { |
1040 | 0 | Stream_Release(s); |
1041 | 0 | return FALSE; |
1042 | 0 | } |
1043 | 0 | return rdp_send(rdp, s, MCS_GLOBAL_CHANNEL_ID, sec_flags); |
1044 | 0 | } |
1045 | | |
1046 | | static void rdp_free_logon_info(logon_info* info) |
1047 | 758 | { |
1048 | 758 | if (!info) |
1049 | 0 | return; |
1050 | 758 | free(info->domain); |
1051 | 758 | free(info->username); |
1052 | | |
1053 | 758 | const logon_info empty = WINPR_C_ARRAY_INIT; |
1054 | 758 | *info = empty; |
1055 | 758 | } |
1056 | | |
1057 | | static BOOL rdp_info_read_string(const char* what, wStream* s, size_t size, size_t max, |
1058 | | BOOL skipMax, char** dst) |
1059 | 912 | { |
1060 | 912 | WINPR_ASSERT(dst); |
1061 | 912 | *dst = nullptr; |
1062 | | |
1063 | 912 | if (size == 0) |
1064 | 590 | { |
1065 | 590 | if (skipMax) |
1066 | 535 | return Stream_SafeSeek(s, max); |
1067 | 55 | return TRUE; |
1068 | 590 | } |
1069 | | |
1070 | 322 | if (((size % sizeof(WCHAR)) != 0) || (size > max)) |
1071 | 287 | { |
1072 | 287 | WLog_ERR(TAG, "protocol error: invalid %s value: %" PRIuz "", what, size); |
1073 | 287 | return FALSE; |
1074 | 287 | } |
1075 | | |
1076 | 35 | const WCHAR* str = Stream_ConstPointer(s); |
1077 | 35 | if (!Stream_SafeSeek(s, skipMax ? max : size)) |
1078 | 2 | return FALSE; |
1079 | | |
1080 | 33 | if (str[size / sizeof(WCHAR) - 1]) |
1081 | 6 | { |
1082 | 6 | WLog_ERR(TAG, "protocol error: %s must be null terminated", what); |
1083 | 6 | return FALSE; |
1084 | 6 | } |
1085 | | |
1086 | 27 | size_t len = 0; |
1087 | 27 | char* rc = ConvertWCharNToUtf8Alloc(str, size / sizeof(WCHAR), &len); |
1088 | 27 | if (!rc) |
1089 | 1 | { |
1090 | 1 | WLog_ERR(TAG, "failed to convert the %s string", what); |
1091 | 1 | free(rc); |
1092 | 1 | return FALSE; |
1093 | 1 | } |
1094 | | |
1095 | 26 | *dst = rc; |
1096 | 26 | return TRUE; |
1097 | 27 | } |
1098 | | |
1099 | | static BOOL rdp_recv_logon_info_v1(rdpRdp* rdp, wStream* s, logon_info* info) |
1100 | 628 | { |
1101 | 628 | UINT32 cbDomain = 0; |
1102 | 628 | UINT32 cbUserName = 0; |
1103 | | |
1104 | 628 | WINPR_UNUSED(rdp); |
1105 | 628 | WINPR_ASSERT(info); |
1106 | | |
1107 | 628 | if (!Stream_CheckAndLogRequiredLength(TAG, s, 576)) |
1108 | 153 | return FALSE; |
1109 | | |
1110 | 475 | Stream_Read_UINT32(s, cbDomain); /* cbDomain (4 bytes) */ |
1111 | | |
1112 | | /* cbDomain is the size of the Unicode character data (including the mandatory |
1113 | | * null terminator) in bytes present in the fixed-length (52 bytes) Domain field |
1114 | | */ |
1115 | 475 | if (!rdp_info_read_string("Domain", s, cbDomain, 52, TRUE, &info->domain)) |
1116 | 111 | goto fail; |
1117 | | |
1118 | 364 | Stream_Read_UINT32(s, cbUserName); /* cbUserName (4 bytes) */ |
1119 | | |
1120 | | /* cbUserName is the size of the Unicode character data (including the mandatory |
1121 | | * null terminator) in bytes present in the fixed-length (512 bytes) UserName field. |
1122 | | */ |
1123 | 364 | if (!rdp_info_read_string("UserName", s, cbUserName, 512, TRUE, &info->username)) |
1124 | 168 | goto fail; |
1125 | | |
1126 | 196 | Stream_Read_UINT32(s, info->sessionId); /* SessionId (4 bytes) */ |
1127 | 196 | WLog_DBG(TAG, "LogonInfoV1: SessionId: 0x%08" PRIX32 " UserName: [%s] Domain: [%s]", |
1128 | 196 | info->sessionId, info->username, info->domain); |
1129 | 196 | return TRUE; |
1130 | 279 | fail: |
1131 | 279 | return FALSE; |
1132 | 364 | } |
1133 | | |
1134 | | static BOOL rdp_recv_logon_info_v2(rdpRdp* rdp, wStream* s, logon_info* info) |
1135 | 130 | { |
1136 | 130 | UINT16 Version = 0; |
1137 | 130 | UINT32 Size = 0; |
1138 | 130 | UINT32 cbDomain = 0; |
1139 | 130 | UINT32 cbUserName = 0; |
1140 | | |
1141 | 130 | WINPR_ASSERT(rdp); |
1142 | 130 | WINPR_ASSERT(s); |
1143 | 130 | WINPR_ASSERT(info); |
1144 | | |
1145 | 130 | WINPR_UNUSED(rdp); |
1146 | | |
1147 | 130 | if (!Stream_CheckAndLogRequiredLength(TAG, s, logonInfoV2TotalSize)) |
1148 | 8 | return FALSE; |
1149 | | |
1150 | 122 | Stream_Read_UINT16(s, Version); /* Version (2 bytes) */ |
1151 | 122 | if (Version != SAVE_SESSION_PDU_VERSION_ONE) |
1152 | 20 | { |
1153 | 20 | WLog_WARN(TAG, "LogonInfoV2::Version expected %d bytes, got %" PRIu16, |
1154 | 20 | SAVE_SESSION_PDU_VERSION_ONE, Version); |
1155 | 20 | return FALSE; |
1156 | 20 | } |
1157 | | |
1158 | 102 | Stream_Read_UINT32(s, Size); /* Size (4 bytes) */ |
1159 | | |
1160 | | /* [MS-RDPBCGR] 2.2.10.1.1.2 Logon Info Version 2 (TS_LOGON_INFO_VERSION_2) |
1161 | | * should be logonInfoV2TotalSize |
1162 | | * but even MS server 2019 sends logonInfoV2Size |
1163 | | */ |
1164 | 102 | if (Size != logonInfoV2TotalSize) |
1165 | 102 | { |
1166 | 102 | if (Size != logonInfoV2Size) |
1167 | 60 | { |
1168 | 60 | WLog_WARN(TAG, "LogonInfoV2::Size expected %" PRIu32 " bytes, got %" PRIu32, |
1169 | 60 | logonInfoV2TotalSize, Size); |
1170 | 60 | return FALSE; |
1171 | 60 | } |
1172 | 102 | } |
1173 | | |
1174 | 42 | Stream_Read_UINT32(s, info->sessionId); /* SessionId (4 bytes) */ |
1175 | 42 | Stream_Read_UINT32(s, cbDomain); /* cbDomain (4 bytes) */ |
1176 | 42 | Stream_Read_UINT32(s, cbUserName); /* cbUserName (4 bytes) */ |
1177 | 42 | Stream_Seek(s, logonInfoV2ReservedSize); /* pad (558 bytes) */ |
1178 | | |
1179 | | /* cbDomain is the size in bytes of the Unicode character data in the Domain field. |
1180 | | * The size of the mandatory null terminator is include in this value. |
1181 | | * Note: Since MS-RDPBCGR 2.2.10.1.1.2 does not mention any size limits we assume |
1182 | | * that the maximum value is 52 bytes, according to the fixed size of the |
1183 | | * Domain field in the Logon Info Version 1 (TS_LOGON_INFO) structure. |
1184 | | */ |
1185 | 42 | if (!rdp_info_read_string("Domain", s, cbDomain, 52, FALSE, &info->domain)) |
1186 | 11 | goto fail; |
1187 | | |
1188 | | /* cbUserName is the size in bytes of the Unicode character data in the UserName field. |
1189 | | * The size of the mandatory null terminator is include in this value. |
1190 | | * Note: Since MS-RDPBCGR 2.2.10.1.1.2 does not mention any size limits we assume |
1191 | | * that the maximum value is 512 bytes, according to the fixed size of the |
1192 | | * Username field in the Logon Info Version 1 (TS_LOGON_INFO) structure. |
1193 | | */ |
1194 | 31 | if (!rdp_info_read_string("UserName", s, cbUserName, 512, FALSE, &info->username)) |
1195 | 6 | goto fail; |
1196 | | |
1197 | | /* We´ve seen undocumented padding with windows 11 here. |
1198 | | * unless it has actual data in it ignore it. |
1199 | | * if there is unexpected data, print a warning and dump the contents |
1200 | | */ |
1201 | 25 | { |
1202 | 25 | const size_t rem = Stream_GetRemainingLength(s); |
1203 | 25 | if (rem > 0) |
1204 | 24 | { |
1205 | 24 | BOOL warn = FALSE; |
1206 | 24 | const char* str = Stream_ConstPointer(s); |
1207 | 18.1k | for (size_t x = 0; x < rem; x++) |
1208 | 18.1k | { |
1209 | 18.1k | if (str[x] != '\0') |
1210 | 14.1k | warn = TRUE; |
1211 | 18.1k | } |
1212 | 24 | if (warn) |
1213 | 16 | { |
1214 | 16 | WLog_WARN(TAG, "unexpected padding of %" PRIuz " bytes, data not '\\0'", rem); |
1215 | 16 | winpr_HexDump(TAG, WLOG_TRACE, str, rem); |
1216 | 16 | } |
1217 | | |
1218 | 24 | if (!Stream_SafeSeek(s, rem)) |
1219 | 0 | goto fail; |
1220 | 24 | } |
1221 | 25 | } |
1222 | | |
1223 | 25 | WLog_DBG(TAG, "LogonInfoV2: SessionId: 0x%08" PRIX32 " UserName: [%s] Domain: [%s]", |
1224 | 25 | info->sessionId, info->username, info->domain); |
1225 | 25 | return TRUE; |
1226 | 17 | fail: |
1227 | 17 | return FALSE; |
1228 | 25 | } |
1229 | | |
1230 | | static BOOL rdp_recv_logon_plain_notify(rdpRdp* rdp, wStream* s) |
1231 | 35 | { |
1232 | 35 | WINPR_UNUSED(rdp); |
1233 | 35 | if (!Stream_CheckAndLogRequiredLength(TAG, s, 576)) |
1234 | 8 | return FALSE; |
1235 | | |
1236 | 27 | Stream_Seek(s, 576); /* pad (576 bytes) */ |
1237 | 27 | WLog_DBG(TAG, "LogonPlainNotify"); |
1238 | 27 | return TRUE; |
1239 | 35 | } |
1240 | | |
1241 | | static BOOL rdp_recv_logon_error_info(rdpRdp* rdp, wStream* s, logon_info_ex* info) |
1242 | 115 | { |
1243 | 115 | freerdp* instance = nullptr; |
1244 | 115 | UINT32 errorNotificationType = 0; |
1245 | 115 | UINT32 errorNotificationData = 0; |
1246 | | |
1247 | 115 | WINPR_ASSERT(rdp); |
1248 | 115 | WINPR_ASSERT(rdp->context); |
1249 | 115 | WINPR_ASSERT(s); |
1250 | 115 | WINPR_ASSERT(info); |
1251 | | |
1252 | 115 | instance = rdp->context->instance; |
1253 | 115 | WINPR_ASSERT(instance); |
1254 | | |
1255 | 115 | if (!Stream_CheckAndLogRequiredLength(TAG, s, 8)) |
1256 | 4 | return FALSE; |
1257 | | |
1258 | 111 | Stream_Read_UINT32(s, errorNotificationType); /* errorNotificationType (4 bytes) */ |
1259 | 111 | Stream_Read_UINT32(s, errorNotificationData); /* errorNotificationData (4 bytes) */ |
1260 | 111 | WLog_DBG(TAG, "LogonErrorInfo: Data: 0x%08" PRIX32 " Type: 0x%08" PRIX32 "", |
1261 | 111 | errorNotificationData, errorNotificationType); |
1262 | 111 | if (instance->LogonErrorInfo) |
1263 | 111 | { |
1264 | 111 | const int rc = |
1265 | 111 | instance->LogonErrorInfo(instance, errorNotificationData, errorNotificationType); |
1266 | 111 | if (rc < 0) |
1267 | 0 | return FALSE; |
1268 | 111 | } |
1269 | 111 | info->ErrorNotificationType = errorNotificationType; |
1270 | 111 | info->ErrorNotificationData = errorNotificationData; |
1271 | 111 | return TRUE; |
1272 | 111 | } |
1273 | | |
1274 | | static BOOL rdp_recv_logon_info_extended(rdpRdp* rdp, wStream* s, logon_info_ex* info) |
1275 | 222 | { |
1276 | 222 | UINT32 cbFieldData = 0; |
1277 | 222 | UINT32 fieldsPresent = 0; |
1278 | 222 | UINT16 Length = 0; |
1279 | | |
1280 | 222 | WINPR_ASSERT(rdp); |
1281 | 222 | WINPR_ASSERT(s); |
1282 | 222 | WINPR_ASSERT(info); |
1283 | | |
1284 | 222 | if (!Stream_CheckAndLogRequiredLength(TAG, s, 6)) |
1285 | 2 | { |
1286 | 2 | WLog_WARN(TAG, "received short logon info extended, need 6 bytes, got %" PRIuz, |
1287 | 2 | Stream_GetRemainingLength(s)); |
1288 | 2 | return FALSE; |
1289 | 2 | } |
1290 | | |
1291 | 220 | Stream_Read_UINT16(s, Length); /* Length (2 bytes) */ |
1292 | 220 | Stream_Read_UINT32(s, fieldsPresent); /* fieldsPresent (4 bytes) */ |
1293 | | |
1294 | 220 | if ((Length < 6) || (!Stream_CheckAndLogRequiredLength(TAG, s, (Length - 6U)))) |
1295 | 25 | { |
1296 | 25 | WLog_WARN(TAG, |
1297 | 25 | "received short logon info extended, need %" PRIu16 " - 6 bytes, got %" PRIuz, |
1298 | 25 | Length, Stream_GetRemainingLength(s)); |
1299 | 25 | return FALSE; |
1300 | 25 | } |
1301 | | |
1302 | 195 | WLog_DBG(TAG, "LogonInfoExtended: fieldsPresent: 0x%08" PRIX32 "", fieldsPresent); |
1303 | | |
1304 | | /* logonFields */ |
1305 | | |
1306 | 195 | if (fieldsPresent & LOGON_EX_AUTORECONNECTCOOKIE) |
1307 | 90 | { |
1308 | 90 | if (!Stream_CheckAndLogRequiredLength(TAG, s, 4)) |
1309 | 1 | return FALSE; |
1310 | | |
1311 | 89 | info->haveCookie = TRUE; |
1312 | 89 | Stream_Read_UINT32(s, cbFieldData); /* cbFieldData (4 bytes) */ |
1313 | | |
1314 | 89 | if (!Stream_CheckAndLogRequiredLength(TAG, s, cbFieldData)) |
1315 | 9 | return FALSE; |
1316 | | |
1317 | 80 | if (!rdp_read_server_auto_reconnect_cookie(rdp, s, info)) |
1318 | 50 | return FALSE; |
1319 | 80 | } |
1320 | | |
1321 | 135 | if (fieldsPresent & LOGON_EX_LOGONERRORS) |
1322 | 124 | { |
1323 | 124 | info->haveErrorInfo = TRUE; |
1324 | | |
1325 | 124 | if (!Stream_CheckAndLogRequiredLength(TAG, s, 4)) |
1326 | 2 | return FALSE; |
1327 | | |
1328 | 122 | Stream_Read_UINT32(s, cbFieldData); /* cbFieldData (4 bytes) */ |
1329 | | |
1330 | 122 | if (!Stream_CheckAndLogRequiredLength(TAG, s, cbFieldData)) |
1331 | 7 | return FALSE; |
1332 | | |
1333 | 115 | if (!rdp_recv_logon_error_info(rdp, s, info)) |
1334 | 4 | return FALSE; |
1335 | 115 | } |
1336 | | |
1337 | 122 | if (!Stream_CheckAndLogRequiredLength(TAG, s, 570)) |
1338 | 77 | return FALSE; |
1339 | | |
1340 | 45 | Stream_Seek(s, 570); /* pad (570 bytes) */ |
1341 | 45 | return TRUE; |
1342 | 122 | } |
1343 | | |
1344 | | BOOL rdp_recv_save_session_info(rdpRdp* rdp, wStream* s) |
1345 | 9.46k | { |
1346 | 9.46k | UINT32 infoType = 0; |
1347 | 9.46k | BOOL status = 0; |
1348 | 9.46k | logon_info logonInfo = WINPR_C_ARRAY_INIT; |
1349 | 9.46k | logon_info_ex logonInfoEx = WINPR_C_ARRAY_INIT; |
1350 | 9.46k | rdpContext* context = rdp->context; |
1351 | 9.46k | rdpUpdate* update = rdp->context->update; |
1352 | | |
1353 | 9.46k | if (!Stream_CheckAndLogRequiredLength(TAG, s, 4)) |
1354 | 5.90k | return FALSE; |
1355 | | |
1356 | 3.56k | Stream_Read_UINT32(s, infoType); /* infoType (4 bytes) */ |
1357 | | |
1358 | 3.56k | switch (infoType) |
1359 | 3.56k | { |
1360 | 628 | case INFO_TYPE_LOGON: |
1361 | 628 | status = rdp_recv_logon_info_v1(rdp, s, &logonInfo); |
1362 | | |
1363 | 628 | if (status && update->SaveSessionInfo) |
1364 | 0 | status = update->SaveSessionInfo(context, infoType, &logonInfo); |
1365 | | |
1366 | 628 | rdp_free_logon_info(&logonInfo); |
1367 | 628 | break; |
1368 | | |
1369 | 130 | case INFO_TYPE_LOGON_LONG: |
1370 | 130 | status = rdp_recv_logon_info_v2(rdp, s, &logonInfo); |
1371 | | |
1372 | 130 | if (status && update->SaveSessionInfo) |
1373 | 0 | status = update->SaveSessionInfo(context, infoType, &logonInfo); |
1374 | | |
1375 | 130 | rdp_free_logon_info(&logonInfo); |
1376 | 130 | break; |
1377 | | |
1378 | 35 | case INFO_TYPE_LOGON_PLAIN_NOTIFY: |
1379 | 35 | status = rdp_recv_logon_plain_notify(rdp, s); |
1380 | | |
1381 | 35 | if (status && update->SaveSessionInfo) |
1382 | 0 | status = update->SaveSessionInfo(context, infoType, nullptr); |
1383 | | |
1384 | 35 | break; |
1385 | | |
1386 | 222 | case INFO_TYPE_LOGON_EXTENDED_INF: |
1387 | 222 | status = rdp_recv_logon_info_extended(rdp, s, &logonInfoEx); |
1388 | | |
1389 | 222 | if (status && update->SaveSessionInfo) |
1390 | 0 | status = update->SaveSessionInfo(context, infoType, &logonInfoEx); |
1391 | | |
1392 | 222 | break; |
1393 | | |
1394 | 2.54k | default: |
1395 | 2.54k | WLog_ERR(TAG, "Unhandled saveSessionInfo type 0x%" PRIx32 "", infoType); |
1396 | 2.54k | status = TRUE; |
1397 | 2.54k | break; |
1398 | 3.56k | } |
1399 | | |
1400 | 3.56k | if (!status) |
1401 | 722 | { |
1402 | 722 | WLog_DBG(TAG, "SaveSessionInfo error: infoType: %s (%" PRIu32 ")", |
1403 | 722 | infoType < 4 ? INFO_TYPE_LOGON_STRINGS[infoType % 4] : "Unknown", infoType); |
1404 | 722 | } |
1405 | | |
1406 | 3.56k | return status; |
1407 | 3.56k | } |
1408 | | |
1409 | | static BOOL rdp_write_logon_info_v1(wStream* s, logon_info* info) |
1410 | 0 | { |
1411 | 0 | const size_t charLen = 52 / sizeof(WCHAR); |
1412 | 0 | const size_t userCharLen = 512 / sizeof(WCHAR); |
1413 | |
|
1414 | 0 | size_t sz = 4 + 52 + 4 + 512 + 4; |
1415 | |
|
1416 | 0 | if (!Stream_EnsureRemainingCapacity(s, sz)) |
1417 | 0 | return FALSE; |
1418 | | |
1419 | | /* domain */ |
1420 | 0 | { |
1421 | 0 | WINPR_ASSERT(info); |
1422 | 0 | if (!info->domain || !info->username) |
1423 | 0 | return FALSE; |
1424 | 0 | const size_t len = strnlen(info->domain, charLen + 1); |
1425 | 0 | if (len > charLen) |
1426 | 0 | return FALSE; |
1427 | | |
1428 | 0 | const size_t wlen = len * sizeof(WCHAR); |
1429 | 0 | if (wlen > UINT32_MAX) |
1430 | 0 | return FALSE; |
1431 | | |
1432 | 0 | Stream_Write_UINT32(s, (UINT32)wlen); |
1433 | 0 | if (Stream_Write_UTF16_String_From_UTF8(s, charLen, info->domain, len, TRUE) < 0) |
1434 | 0 | return FALSE; |
1435 | 0 | } |
1436 | | |
1437 | | /* username */ |
1438 | 0 | { |
1439 | 0 | const size_t len = strnlen(info->username, userCharLen + 1); |
1440 | 0 | if (len > userCharLen) |
1441 | 0 | return FALSE; |
1442 | | |
1443 | 0 | const size_t wlen = len * sizeof(WCHAR); |
1444 | 0 | if (wlen > UINT32_MAX) |
1445 | 0 | return FALSE; |
1446 | | |
1447 | 0 | Stream_Write_UINT32(s, (UINT32)wlen); |
1448 | |
|
1449 | 0 | if (Stream_Write_UTF16_String_From_UTF8(s, userCharLen, info->username, len, TRUE) < 0) |
1450 | 0 | return FALSE; |
1451 | 0 | } |
1452 | | |
1453 | | /* sessionId */ |
1454 | 0 | Stream_Write_UINT32(s, info->sessionId); |
1455 | 0 | return TRUE; |
1456 | 0 | } |
1457 | | |
1458 | | static BOOL rdp_write_logon_info_v2(wStream* s, const logon_info* info) |
1459 | 0 | { |
1460 | 0 | size_t domainLen = 0; |
1461 | 0 | size_t usernameLen = 0; |
1462 | |
|
1463 | 0 | if (!Stream_EnsureRemainingCapacity(s, logonInfoV2TotalSize)) |
1464 | 0 | return FALSE; |
1465 | | |
1466 | 0 | Stream_Write_UINT16(s, SAVE_SESSION_PDU_VERSION_ONE); |
1467 | | /* [MS-RDPBCGR] 2.2.10.1.1.2 Logon Info Version 2 (TS_LOGON_INFO_VERSION_2) |
1468 | | * should be logonInfoV2TotalSize |
1469 | | * but even MS server 2019 sends logonInfoV2Size |
1470 | | */ |
1471 | 0 | Stream_Write_UINT32(s, logonInfoV2Size); |
1472 | 0 | Stream_Write_UINT32(s, info->sessionId); |
1473 | 0 | if (info->domain) |
1474 | 0 | domainLen = strnlen(info->domain, 256); /* lmcons.h UNLEN */ |
1475 | 0 | if (domainLen >= UINT32_MAX / sizeof(WCHAR)) |
1476 | 0 | return FALSE; |
1477 | 0 | Stream_Write_UINT32(s, (UINT32)(domainLen + 1) * sizeof(WCHAR)); |
1478 | |
|
1479 | 0 | if (info->username) |
1480 | 0 | usernameLen = strnlen(info->username, 256); /* lmcons.h UNLEN */ |
1481 | 0 | if (usernameLen >= UINT32_MAX / sizeof(WCHAR)) |
1482 | 0 | return FALSE; |
1483 | 0 | Stream_Write_UINT32(s, (UINT32)(usernameLen + 1) * sizeof(WCHAR)); |
1484 | 0 | Stream_Seek(s, logonInfoV2ReservedSize); |
1485 | 0 | if (Stream_Write_UTF16_String_From_UTF8(s, domainLen + 1, info->domain, domainLen, TRUE) < 0) |
1486 | 0 | return FALSE; |
1487 | 0 | if (Stream_Write_UTF16_String_From_UTF8(s, usernameLen + 1, info->username, usernameLen, TRUE) < |
1488 | 0 | 0) |
1489 | 0 | return FALSE; |
1490 | 0 | return TRUE; |
1491 | 0 | } |
1492 | | |
1493 | | static BOOL rdp_write_logon_info_plain(wStream* s) |
1494 | 0 | { |
1495 | 0 | if (!Stream_EnsureRemainingCapacity(s, 576)) |
1496 | 0 | return FALSE; |
1497 | | |
1498 | 0 | Stream_Seek(s, 576); |
1499 | 0 | return TRUE; |
1500 | 0 | } |
1501 | | |
1502 | | static BOOL rdp_write_logon_info_ex(wStream* s, logon_info_ex* info) |
1503 | 0 | { |
1504 | 0 | UINT32 FieldsPresent = 0; |
1505 | 0 | UINT16 Size = 2 + 4 + 570; |
1506 | |
|
1507 | 0 | if (info->haveCookie) |
1508 | 0 | { |
1509 | 0 | FieldsPresent |= LOGON_EX_AUTORECONNECTCOOKIE; |
1510 | 0 | Size += 28; |
1511 | 0 | } |
1512 | |
|
1513 | 0 | if (info->haveErrorInfo) |
1514 | 0 | { |
1515 | 0 | FieldsPresent |= LOGON_EX_LOGONERRORS; |
1516 | 0 | Size += 8; |
1517 | 0 | } |
1518 | |
|
1519 | 0 | if (!Stream_EnsureRemainingCapacity(s, Size)) |
1520 | 0 | return FALSE; |
1521 | | |
1522 | 0 | Stream_Write_UINT16(s, Size); |
1523 | 0 | Stream_Write_UINT32(s, FieldsPresent); |
1524 | |
|
1525 | 0 | if (info->haveCookie) |
1526 | 0 | { |
1527 | 0 | Stream_Write_UINT32(s, 28); /* cbFieldData (4 bytes) */ |
1528 | 0 | Stream_Write_UINT32(s, 28); /* cbLen (4 bytes) */ |
1529 | 0 | Stream_Write_UINT32(s, AUTO_RECONNECT_VERSION_1); /* Version (4 bytes) */ |
1530 | 0 | Stream_Write_UINT32(s, info->LogonId); /* LogonId (4 bytes) */ |
1531 | 0 | Stream_Write(s, info->ArcRandomBits, 16); /* ArcRandomBits (16 bytes) */ |
1532 | 0 | } |
1533 | |
|
1534 | 0 | if (info->haveErrorInfo) |
1535 | 0 | { |
1536 | 0 | Stream_Write_UINT32(s, 8); /* cbFieldData (4 bytes) */ |
1537 | 0 | Stream_Write_UINT32(s, info->ErrorNotificationType); /* ErrorNotificationType (4 bytes) */ |
1538 | 0 | Stream_Write_UINT32(s, info->ErrorNotificationData); /* ErrorNotificationData (4 bytes) */ |
1539 | 0 | } |
1540 | |
|
1541 | 0 | Stream_Seek(s, 570); |
1542 | 0 | return TRUE; |
1543 | 0 | } |
1544 | | |
1545 | | BOOL rdp_send_save_session_info(rdpContext* context, UINT32 type, void* data) |
1546 | 0 | { |
1547 | 0 | UINT16 sec_flags = 0; |
1548 | 0 | BOOL status = 0; |
1549 | |
|
1550 | 0 | WINPR_ASSERT(context); |
1551 | 0 | rdpRdp* rdp = context->rdp; |
1552 | 0 | wStream* s = rdp_data_pdu_init(rdp, &sec_flags); |
1553 | |
|
1554 | 0 | if (!s) |
1555 | 0 | return FALSE; |
1556 | | |
1557 | 0 | Stream_Write_UINT32(s, type); |
1558 | |
|
1559 | 0 | switch (type) |
1560 | 0 | { |
1561 | 0 | case INFO_TYPE_LOGON: |
1562 | 0 | status = rdp_write_logon_info_v1(s, (logon_info*)data); |
1563 | 0 | break; |
1564 | | |
1565 | 0 | case INFO_TYPE_LOGON_LONG: |
1566 | 0 | status = rdp_write_logon_info_v2(s, (logon_info*)data); |
1567 | 0 | break; |
1568 | | |
1569 | 0 | case INFO_TYPE_LOGON_PLAIN_NOTIFY: |
1570 | 0 | status = rdp_write_logon_info_plain(s); |
1571 | 0 | break; |
1572 | | |
1573 | 0 | case INFO_TYPE_LOGON_EXTENDED_INF: |
1574 | 0 | status = rdp_write_logon_info_ex(s, (logon_info_ex*)data); |
1575 | 0 | break; |
1576 | | |
1577 | 0 | default: |
1578 | 0 | WLog_ERR(TAG, "saveSessionInfo type 0x%" PRIx32 " not handled", type); |
1579 | 0 | status = FALSE; |
1580 | 0 | break; |
1581 | 0 | } |
1582 | | |
1583 | 0 | if (status) |
1584 | 0 | status = |
1585 | 0 | rdp_send_data_pdu(rdp, s, DATA_PDU_TYPE_SAVE_SESSION_INFO, rdp->mcs->userId, sec_flags); |
1586 | 0 | else |
1587 | 0 | Stream_Release(s); |
1588 | |
|
1589 | 0 | return status; |
1590 | 0 | } |
1591 | | |
1592 | | BOOL rdp_send_server_status_info(rdpContext* context, UINT32 status) |
1593 | 0 | { |
1594 | 0 | UINT16 sec_flags = 0; |
1595 | 0 | wStream* s = nullptr; |
1596 | 0 | rdpRdp* rdp = context->rdp; |
1597 | 0 | s = rdp_data_pdu_init(rdp, &sec_flags); |
1598 | |
|
1599 | 0 | if (!s) |
1600 | 0 | return FALSE; |
1601 | | |
1602 | 0 | Stream_Write_UINT32(s, status); |
1603 | 0 | return rdp_send_data_pdu(rdp, s, DATA_PDU_TYPE_STATUS_INFO, rdp->mcs->userId, sec_flags); |
1604 | 0 | } |