| 18 |
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. |
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. |
| 19 |
*/ |
*/ |
| 20 |
|
|
| 21 |
|
#include <time.h> |
| 22 |
#include "rdesktop.h" |
#include "rdesktop.h" |
| 23 |
|
|
| 24 |
extern uint16 g_mcs_userid; |
extern uint16 g_mcs_userid; |
| 29 |
extern BOOL g_desktop_save; |
extern BOOL g_desktop_save; |
| 30 |
extern BOOL g_use_rdp5; |
extern BOOL g_use_rdp5; |
| 31 |
extern uint16 g_server_rdp_version; |
extern uint16 g_server_rdp_version; |
| 32 |
|
extern uint32 g_rdp5_performanceflags; |
| 33 |
extern int g_server_bpp; |
extern int g_server_bpp; |
| 34 |
|
|
| 35 |
uint8 *g_next_packet; |
uint8 *g_next_packet; |
| 73 |
|
|
| 74 |
#if WITH_DEBUG |
#if WITH_DEBUG |
| 75 |
DEBUG(("RDP packet #%d, (type %x)\n", ++g_packetno, *type)); |
DEBUG(("RDP packet #%d, (type %x)\n", ++g_packetno, *type)); |
| 76 |
// hexdump(g_next_packet, length); |
hexdump(g_next_packet, length); |
| 77 |
#endif /* */ |
#endif /* */ |
| 78 |
|
|
| 79 |
g_next_packet += length; |
g_next_packet += length; |
| 133 |
s->p += len; |
s->p += len; |
| 134 |
} |
} |
| 135 |
|
|
| 136 |
|
/* Input a string in Unicode |
| 137 |
|
* |
| 138 |
|
* Returns str_len of string |
| 139 |
|
*/ |
| 140 |
|
int |
| 141 |
|
rdp_in_unistr(STREAM s, char *string, int uni_len) |
| 142 |
|
{ |
| 143 |
|
int i = 0; |
| 144 |
|
|
| 145 |
|
while (i < uni_len / 2) |
| 146 |
|
{ |
| 147 |
|
in_uint8a(s, &string[i++], 1); |
| 148 |
|
in_uint8s(s, 1); |
| 149 |
|
} |
| 150 |
|
|
| 151 |
|
return i - 1; |
| 152 |
|
} |
| 153 |
|
|
| 154 |
|
|
| 155 |
/* Parse a logon info packet */ |
/* Parse a logon info packet */ |
| 156 |
static void |
static void |
| 157 |
rdp_send_logon_info(uint32 flags, char *domain, char *user, |
rdp_send_logon_info(uint32 flags, char *domain, char *user, |
| 158 |
char *password, char *program, char *directory) |
char *password, char *program, char *directory) |
| 159 |
{ |
{ |
| 160 |
|
char *ipaddr = tcp_get_address(); |
| 161 |
int len_domain = 2 * strlen(domain); |
int len_domain = 2 * strlen(domain); |
| 162 |
int len_user = 2 * strlen(user); |
int len_user = 2 * strlen(user); |
| 163 |
int len_password = 2 * strlen(password); |
int len_password = 2 * strlen(password); |
| 164 |
int len_program = 2 * strlen(program); |
int len_program = 2 * strlen(program); |
| 165 |
int len_directory = 2 * strlen(directory); |
int len_directory = 2 * strlen(directory); |
| 166 |
int len_ip = 2 * strlen("127.0.0.1"); |
int len_ip = 2 * strlen(ipaddr); |
| 167 |
int len_dll = 2 * strlen("C:\\WINNT\\System32\\mstscax.dll"); |
int len_dll = 2 * strlen("C:\\WINNT\\System32\\mstscax.dll"); |
| 168 |
int packetlen = 0; |
int packetlen = 0; |
| 169 |
uint32 sec_flags = g_encryption ? (SEC_LOGON_INFO | SEC_ENCRYPT) : SEC_LOGON_INFO; |
uint32 sec_flags = g_encryption ? (SEC_LOGON_INFO | SEC_ENCRYPT) : SEC_LOGON_INFO; |
| 170 |
STREAM s; |
STREAM s; |
| 171 |
|
time_t t = time(NULL); |
| 172 |
|
time_t tzone; |
| 173 |
|
|
| 174 |
|
#if 0 |
| 175 |
|
// enable rdp compression |
| 176 |
|
flags |= RDP_COMPRESSION; |
| 177 |
|
#endif |
| 178 |
|
|
| 179 |
if (!g_use_rdp5 || 1 == g_server_rdp_version) |
if (!g_use_rdp5 || 1 == g_server_rdp_version) |
| 180 |
{ |
{ |
| 200 |
{ |
{ |
| 201 |
flags |= RDP_LOGON_BLOB; |
flags |= RDP_LOGON_BLOB; |
| 202 |
DEBUG_RDP5(("Sending RDP5-style Logon packet\n")); |
DEBUG_RDP5(("Sending RDP5-style Logon packet\n")); |
| 203 |
packetlen = 4 + // Unknown uint32 |
packetlen = 4 + /* Unknown uint32 */ |
| 204 |
4 + // flags |
4 + /* flags */ |
| 205 |
2 + // len_domain |
2 + /* len_domain */ |
| 206 |
2 + // len_user |
2 + /* len_user */ |
| 207 |
(flags & RDP_LOGON_AUTO ? 2 : 0) + // len_password |
(flags & RDP_LOGON_AUTO ? 2 : 0) + /* len_password */ |
| 208 |
(flags & RDP_LOGON_BLOB ? 2 : 0) + // Length of BLOB |
(flags & RDP_LOGON_BLOB ? 2 : 0) + /* Length of BLOB */ |
| 209 |
2 + // len_program |
2 + /* len_program */ |
| 210 |
2 + // len_directory |
2 + /* len_directory */ |
| 211 |
(0 < len_domain ? len_domain : 2) + // domain |
(0 < len_domain ? len_domain : 2) + /* domain */ |
| 212 |
len_user + (flags & RDP_LOGON_AUTO ? len_password : 0) + 0 + // We have no 512 byte BLOB. Perhaps we must? |
len_user + (flags & RDP_LOGON_AUTO ? len_password : 0) + 0 + /* We have no 512 byte BLOB. Perhaps we must? */ |
| 213 |
(flags & RDP_LOGON_BLOB && !(flags & RDP_LOGON_AUTO) ? 2 : 0) + // After the BLOB is a unknown int16. If there is a BLOB, that is. |
(flags & RDP_LOGON_BLOB && !(flags & RDP_LOGON_AUTO) ? 2 : 0) + /* After the BLOB is a unknown int16. If there is a BLOB, that is. */ |
| 214 |
(0 < len_program ? len_program : 2) + (0 < len_directory ? len_directory : 2) + 2 + // Unknown (2) |
(0 < len_program ? len_program : 2) + (0 < len_directory ? len_directory : 2) + 2 + /* Unknown (2) */ |
| 215 |
2 + // Client ip length |
2 + /* Client ip length */ |
| 216 |
len_ip + // Client ip |
len_ip + /* Client ip */ |
| 217 |
2 + // DLL string length |
2 + /* DLL string length */ |
| 218 |
len_dll + // DLL string |
len_dll + /* DLL string */ |
| 219 |
2 + // Unknown |
2 + /* Unknown */ |
| 220 |
2 + // Unknown |
2 + /* Unknown */ |
| 221 |
64 + // Time zone #0 |
64 + /* Time zone #0 */ |
| 222 |
2 + // Unknown |
2 + /* Unknown */ |
| 223 |
64 + // Time zone #1 |
64 + /* Time zone #1 */ |
| 224 |
32; // Unknown |
32; /* Unknown */ |
| 225 |
|
|
| 226 |
s = sec_init(sec_flags, packetlen); |
s = sec_init(sec_flags, packetlen); |
| 227 |
DEBUG_RDP5(("Called sec_init with packetlen %d\n", packetlen)); |
DEBUG_RDP5(("Called sec_init with packetlen %d\n", packetlen)); |
| 228 |
|
|
| 229 |
out_uint32(s, 0); // Unknown |
out_uint32(s, 0); /* Unknown */ |
| 230 |
out_uint32_le(s, flags); |
out_uint32_le(s, flags); |
| 231 |
out_uint16_le(s, len_domain); |
out_uint16_le(s, len_domain); |
| 232 |
out_uint16_le(s, len_user); |
out_uint16_le(s, len_user); |
| 272 |
out_uint16_le(s, 0); |
out_uint16_le(s, 0); |
| 273 |
} |
} |
| 274 |
out_uint16_le(s, 2); |
out_uint16_le(s, 2); |
| 275 |
out_uint16_le(s, len_ip + 2); // Length of client ip |
out_uint16_le(s, len_ip + 2); /* Length of client ip */ |
| 276 |
rdp_out_unistr(s, "127.0.0.1", len_ip); |
rdp_out_unistr(s, ipaddr, len_ip); |
| 277 |
out_uint16_le(s, len_dll + 2); |
out_uint16_le(s, len_dll + 2); |
| 278 |
rdp_out_unistr(s, "C:\\WINNT\\System32\\mstscax.dll", len_dll); |
rdp_out_unistr(s, "C:\\WINNT\\System32\\mstscax.dll", len_dll); |
| 279 |
out_uint16_le(s, 0xffc4); |
|
| 280 |
out_uint16_le(s, 0xffff); |
tzone = (mktime(gmtime(&t)) - mktime(localtime(&t))) / 60; |
| 281 |
|
out_uint32_le(s, tzone); |
| 282 |
|
|
| 283 |
rdp_out_unistr(s, "GTB, normaltid", 2 * strlen("GTB, normaltid")); |
rdp_out_unistr(s, "GTB, normaltid", 2 * strlen("GTB, normaltid")); |
| 284 |
out_uint8s(s, 62 - 2 * strlen("GTB, normaltid")); |
out_uint8s(s, 62 - 2 * strlen("GTB, normaltid")); |
| 285 |
|
|
|
|
|
| 286 |
out_uint32_le(s, 0x0a0000); |
out_uint32_le(s, 0x0a0000); |
| 287 |
out_uint32_le(s, 0x050000); |
out_uint32_le(s, 0x050000); |
| 288 |
out_uint32_le(s, 3); |
out_uint32_le(s, 3); |
| 298 |
out_uint32(s, 0); |
out_uint32(s, 0); |
| 299 |
out_uint32_le(s, 0xffffffc4); |
out_uint32_le(s, 0xffffffc4); |
| 300 |
out_uint32_le(s, 0xfffffffe); |
out_uint32_le(s, 0xfffffffe); |
| 301 |
out_uint32_le(s, 0x0f); |
out_uint32_le(s, g_rdp5_performanceflags); |
| 302 |
out_uint32(s, 0); |
out_uint32(s, 0); |
| 303 |
|
|
| 304 |
|
|
| 409 |
out_uint16_le(s, RDP_CAPSET_BITMAP); |
out_uint16_le(s, RDP_CAPSET_BITMAP); |
| 410 |
out_uint16_le(s, RDP_CAPLEN_BITMAP); |
out_uint16_le(s, RDP_CAPLEN_BITMAP); |
| 411 |
|
|
| 412 |
out_uint16_le(s, 8); /* Preferred BPP */ |
out_uint16_le(s, g_server_bpp); /* Preferred BPP */ |
| 413 |
out_uint16_le(s, 1); /* Receive 1 BPP */ |
out_uint16_le(s, 1); /* Receive 1 BPP */ |
| 414 |
out_uint16_le(s, 1); /* Receive 4 BPP */ |
out_uint16_le(s, 1); /* Receive 4 BPP */ |
| 415 |
out_uint16_le(s, 1); /* Receive 8 BPP */ |
out_uint16_le(s, 1); /* Receive 8 BPP */ |
| 618 |
process_demand_active(STREAM s) |
process_demand_active(STREAM s) |
| 619 |
{ |
{ |
| 620 |
uint8 type; |
uint8 type; |
| 621 |
|
uint16 i; |
| 622 |
|
uint16 p_bpp; |
| 623 |
|
|
| 624 |
in_uint32_le(s, g_rdp_shareid); |
in_uint32_le(s, g_rdp_shareid); |
| 625 |
|
|
| 626 |
|
/* scan for prefered bpp */ |
| 627 |
|
while (s_check_rem(s, 6)) |
| 628 |
|
{ |
| 629 |
|
in_uint16_le(s, i); |
| 630 |
|
if (i == RDP_CAPSET_BITMAP) |
| 631 |
|
{ |
| 632 |
|
in_uint16_le(s, i); |
| 633 |
|
if (i == RDP_CAPLEN_BITMAP) |
| 634 |
|
{ |
| 635 |
|
in_uint16_le(s, p_bpp); |
| 636 |
|
if (p_bpp == 8 || p_bpp == 15 || p_bpp == 16 || p_bpp == 24) |
| 637 |
|
{ |
| 638 |
|
if (p_bpp < g_server_bpp) |
| 639 |
|
{ |
| 640 |
|
warning("Server limited colour depth to %d bits\n", |
| 641 |
|
p_bpp); |
| 642 |
|
g_server_bpp = p_bpp; |
| 643 |
|
} |
| 644 |
|
break; |
| 645 |
|
} |
| 646 |
|
} |
| 647 |
|
} |
| 648 |
|
} |
| 649 |
|
|
| 650 |
|
|
| 651 |
DEBUG(("DEMAND_ACTIVE(id=0x%x)\n", g_rdp_shareid)); |
DEBUG(("DEMAND_ACTIVE(id=0x%x)\n", g_rdp_shareid)); |
| 652 |
|
|
| 653 |
rdp_send_confirm_active(); |
rdp_send_confirm_active(); |
| 657 |
rdp_recv(&type); /* RDP_PDU_SYNCHRONIZE */ |
rdp_recv(&type); /* RDP_PDU_SYNCHRONIZE */ |
| 658 |
rdp_recv(&type); /* RDP_CTL_COOPERATE */ |
rdp_recv(&type); /* RDP_CTL_COOPERATE */ |
| 659 |
rdp_recv(&type); /* RDP_CTL_GRANT_CONTROL */ |
rdp_recv(&type); /* RDP_CTL_GRANT_CONTROL */ |
| 660 |
rdp_send_input(0, RDP_INPUT_SYNCHRONIZE, 0, 0, 0); |
rdp_send_input(0, RDP_INPUT_SYNCHRONIZE, 0, ui_get_numlock_state(read_keyboard_state()), 0); |
| 661 |
rdp_send_fonts(1); |
rdp_send_fonts(1); |
| 662 |
rdp_send_fonts(2); |
rdp_send_fonts(2); |
| 663 |
rdp_recv(&type); /* RDP_PDU_UNKNOWN 0x28 */ |
rdp_recv(&type); /* RDP_PDU_UNKNOWN 0x28 */ |
| 664 |
reset_order_state(); |
reset_order_state(); |
| 665 |
} |
} |
| 666 |
|
|
|
/* Process a null system pointer PDU */ |
|
|
void |
|
|
process_null_system_pointer_pdu(STREAM s) |
|
|
{ |
|
|
// FIXME: We should probably set another cursor here, |
|
|
// like the X window system base cursor or something. |
|
|
ui_set_cursor(cache_get_cursor(0)); |
|
|
} |
|
|
|
|
| 667 |
/* Process a colour pointer PDU */ |
/* Process a colour pointer PDU */ |
| 668 |
void |
void |
| 669 |
process_colour_pointer_pdu(STREAM s) |
process_colour_pointer_pdu(STREAM s) |
| 696 |
ui_set_cursor(cache_get_cursor(cache_idx)); |
ui_set_cursor(cache_get_cursor(cache_idx)); |
| 697 |
} |
} |
| 698 |
|
|
| 699 |
|
/* Process a system pointer PDU */ |
| 700 |
|
void |
| 701 |
|
process_system_pointer_pdu(STREAM s) |
| 702 |
|
{ |
| 703 |
|
uint16 system_pointer_type; |
| 704 |
|
|
| 705 |
|
in_uint16(s, system_pointer_type); |
| 706 |
|
switch (system_pointer_type) |
| 707 |
|
{ |
| 708 |
|
case RDP_NULL_POINTER: |
| 709 |
|
ui_set_null_cursor(); |
| 710 |
|
break; |
| 711 |
|
|
| 712 |
|
default: |
| 713 |
|
unimpl("System pointer message 0x%x\n", system_pointer_type); |
| 714 |
|
} |
| 715 |
|
} |
| 716 |
|
|
| 717 |
/* Process a pointer PDU */ |
/* Process a pointer PDU */ |
| 718 |
static void |
static void |
| 741 |
process_cached_pointer_pdu(s); |
process_cached_pointer_pdu(s); |
| 742 |
break; |
break; |
| 743 |
|
|
| 744 |
|
case RDP_POINTER_SYSTEM: |
| 745 |
|
process_system_pointer_pdu(s); |
| 746 |
|
break; |
| 747 |
|
|
| 748 |
default: |
default: |
| 749 |
DEBUG(("Pointer message 0x%x\n", message_type)); |
unimpl("Pointer message 0x%x\n", message_type); |
| 750 |
} |
} |
| 751 |
} |
} |
| 752 |
|
|
| 891 |
process_data_pdu(STREAM s) |
process_data_pdu(STREAM s) |
| 892 |
{ |
{ |
| 893 |
uint8 data_pdu_type; |
uint8 data_pdu_type; |
| 894 |
|
uint8 ctype; |
| 895 |
|
uint16 clen; |
| 896 |
|
int len; |
| 897 |
|
#if 0 |
| 898 |
|
int roff, rlen, ret; |
| 899 |
|
static struct stream ns; |
| 900 |
|
static signed char *dict = 0; |
| 901 |
|
#endif |
| 902 |
|
|
| 903 |
in_uint8s(s, 8); /* shareid, pad, streamid, length */ |
in_uint8s(s, 6); /* shareid, pad, streamid */ |
| 904 |
|
in_uint16(s, len); |
| 905 |
in_uint8(s, data_pdu_type); |
in_uint8(s, data_pdu_type); |
| 906 |
in_uint8s(s, 3); /* compress_type, compress_len */ |
in_uint8(s, ctype); |
| 907 |
|
in_uint16(s, clen); |
| 908 |
|
clen -= 18; |
| 909 |
|
|
| 910 |
|
#if 0 |
| 911 |
|
if (ctype & 0x20) |
| 912 |
|
{ |
| 913 |
|
if (!dict) |
| 914 |
|
{ |
| 915 |
|
dict = (signed char *) malloc(8200 * sizeof(signed char)); |
| 916 |
|
dict = (signed char *) memset(dict, 0, 8200 * sizeof(signed char)); |
| 917 |
|
} |
| 918 |
|
|
| 919 |
|
ret = decompress(s->p, clen, ctype, (signed char *) dict, &roff, &rlen); |
| 920 |
|
|
| 921 |
|
len -= 18; |
| 922 |
|
|
| 923 |
|
ns.data = xrealloc(ns.data, len); |
| 924 |
|
|
| 925 |
|
ns.data = (unsigned char *) memcpy(ns.data, (unsigned char *) (dict + roff), len); |
| 926 |
|
|
| 927 |
|
ns.size = len; |
| 928 |
|
ns.end = ns.data + ns.size; |
| 929 |
|
ns.p = ns.data; |
| 930 |
|
ns.rdp_hdr = ns.p; |
| 931 |
|
|
| 932 |
|
s = &ns; |
| 933 |
|
} |
| 934 |
|
#endif |
| 935 |
|
|
| 936 |
switch (data_pdu_type) |
switch (data_pdu_type) |
| 937 |
{ |
{ |
| 952 |
/* User logged on */ |
/* User logged on */ |
| 953 |
break; |
break; |
| 954 |
|
|
| 955 |
|
case RDP_DATA_PDU_DISCONNECT: |
| 956 |
|
/* Normally received when user logs out or disconnects from a |
| 957 |
|
console session on Windows XP and 2003 Server */ |
| 958 |
|
DEBUG(("Received disconnect PDU\n")); |
| 959 |
|
break; |
| 960 |
|
|
| 961 |
default: |
default: |
| 962 |
unimpl("data PDU %d\n", data_pdu_type); |
unimpl("data PDU %d\n", data_pdu_type); |
| 963 |
} |
} |
Parent Directory
| 
Revision Log
| 
Patch