3.2.5.3.13.1 Processing Demand Active PDU
The structure and fields of the Demand Active PDU are specified in section 2.2.1.13.1.
If Enhanced RDP Security (section 5.4) is in effect, the External Security Protocol (section 5.4.5) being used to secure the connection MUST be used to decrypt and verify the integrity of the entire PDU prior to any processing taking place.
The embedded length fields within the tpktHeader ([T123] section 8) and mcsSDin ([T125] section 7, parts 7 and 10) fields MUST be examined for consistency with the received data. If there is any discrepancy, the connection SHOULD be dropped.
The embedded channelId field within the mcsSDin is used to route the PDU to the appropriate target channel.
The conditions mandating the presence of the securityHeader field, as well as the type of Security Header structure present in this field, are explained in section 2.2.1.13.1. If the securityHeader field is present, the embedded flags field MUST be examined for the presence of the SEC_ENCRYPT (0x0008) flag (section 2.2.8.1.1.2.1), and if it is present the data following the securityHeader field MUST be verified and decrypted using the methods and techniques described in section 5.3.6. If the MAC signature is incorrect or the data cannot be decrypted correctly, the connection SHOULD be dropped.
The shareControlHeader field (which contains a Share Control Header as specified in section 2.2.8.1.1.1.1) MUST be examined to ensure that the PDU type (present in the pduType field) has the value PDUTYPE_DEMANDACTIVEPDU (1). If this is not the case the received PDU SHOULD be ignored. The value of the totalLength field MUST also be examined for consistency with the received data. If there is any discrepancy, the connection SHOULD be dropped. If there is no length discrepancy, the server MCS channel ID (present in the pduSource field) MUST be stored in the Server Channel ID store (section 3.2.1.6).
The remaining PDU fields and capability data MUST be interpreted and processed according to sections 2.2.1.13.1.1 and 2.2.7. The capabilities received from the server MUST be stored in the Server Capabilities store (section 3.2.1.7) and MUST be used to determine what subset of RDP to send to the server. The contents of the shareID field MUST be stored in the Share ID store (section 3.2.1.8).
After successfully processing the Demand Active PDU, the client MUST send the Confirm Active PDU (section 2.2.1.13.2) to the server. If processing of the Demand Active PDU was unsuccessful, the connection SHOULD be dropped.