Without these changes, RDP-specific resources like the CLIPRDR and RDPEI
channels may remain from past connections if the RDP connection is
dynamically reconnected via the "Reconnect" display resize method,
resulting in assertion failures or memory errors if those stale
resources are reused after reconnect is completed.
The FreeRDP library is intended to be threadsafe, but is not reliably so
with respect to legacy RDP encryption and outbound messages. When
outbound messages are sent by multiple threads, the encryption key used
for legacy RDP encryption may not be updated correctly, resulting in a
fatal connection error like:
"ERRINFO_DECRYPT_FAILED (0x00001192):(a) Decryption using Standard RDP
Security mechanisms (section 5.3.6) failed. (b) Session key creation
using Standard RDP Security mechanisms (section 5.3.5) failed."
This commit effectively reverts commit 9855d875c794e9517567e89ad13acccd7e7e03d0.
With relaxed order checks enabled, FreeRDP will indeed invoke the
OpaqueRect and PatBlt handlers (even though we do not announce support
for those orders) as long as handlers are provided.
If the admin intentionally disables both copy and paste, then there is
no need to log a warning that this is the case; it was intentional. A
warning will likely set off alarm bells within production log monitoring
systems.
On some platforms, the libguacai-client.so plugin for FreeRDP reports an
unlinked symbol:
undefined symbol: guac_freerdp_dynamic_channel_collection_add (/usr/local/lib/freerdp2/libguacai-client.so)
This symbol is actually unused within the plugin, but may be referenced
due to being defined within a function in a common piece of source
shared between the plugin and the RDP support.
Separating the actual common components such that they can be included
by both the RDP support and the libguacai-client.so plugin removes the
potential for unused pieces being flagged as missing.
We set the values within the OrderSupport array to match which RDP
messages we have implemented within guac_rdp_push_settings(). This array
is reset to its default values prior to the preconnect handler being
invoked, thus guac_rdp_push_settings() MUST be invoked within the
preconnect handler for its settings to have the intended effect.
Without proper values within OrderSupport, the initial RDP negotiation
process will claim support for messages that we don't actually support,
resulting in graphical artifacts and unexpected behavior.
