18 |
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. |
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. |
19 |
*/ |
*/ |
20 |
|
|
21 |
|
#include <time.h> |
22 |
#include "rdesktop.h" |
#include "rdesktop.h" |
23 |
|
|
24 |
extern uint16 g_mcs_userid; |
extern uint16 g_mcs_userid; |
132 |
s->p += len; |
s->p += len; |
133 |
} |
} |
134 |
|
|
135 |
|
/* Input a string in Unicode |
136 |
|
* |
137 |
|
* Returns str_len of string |
138 |
|
*/ |
139 |
|
int |
140 |
|
rdp_in_unistr(STREAM s, char *string, int uni_len) |
141 |
|
{ |
142 |
|
int i = 0; |
143 |
|
|
144 |
|
while (i < uni_len / 2) |
145 |
|
{ |
146 |
|
in_uint8a(s, &string[i++], 1); |
147 |
|
in_uint8s(s, 1); |
148 |
|
} |
149 |
|
|
150 |
|
return i - 1; |
151 |
|
} |
152 |
|
|
153 |
|
|
154 |
/* Parse a logon info packet */ |
/* Parse a logon info packet */ |
155 |
static void |
static void |
156 |
rdp_send_logon_info(uint32 flags, char *domain, char *user, |
rdp_send_logon_info(uint32 flags, char *domain, char *user, |
157 |
char *password, char *program, char *directory) |
char *password, char *program, char *directory) |
158 |
{ |
{ |
159 |
|
char *ipaddr = tcp_get_address(); |
160 |
int len_domain = 2 * strlen(domain); |
int len_domain = 2 * strlen(domain); |
161 |
int len_user = 2 * strlen(user); |
int len_user = 2 * strlen(user); |
162 |
int len_password = 2 * strlen(password); |
int len_password = 2 * strlen(password); |
163 |
int len_program = 2 * strlen(program); |
int len_program = 2 * strlen(program); |
164 |
int len_directory = 2 * strlen(directory); |
int len_directory = 2 * strlen(directory); |
165 |
int len_ip = 2 * strlen("127.0.0.1"); |
int len_ip = 2 * strlen(ipaddr); |
166 |
int len_dll = 2 * strlen("C:\\WINNT\\System32\\mstscax.dll"); |
int len_dll = 2 * strlen("C:\\WINNT\\System32\\mstscax.dll"); |
167 |
int packetlen = 0; |
int packetlen = 0; |
168 |
uint32 sec_flags = g_encryption ? (SEC_LOGON_INFO | SEC_ENCRYPT) : SEC_LOGON_INFO; |
uint32 sec_flags = g_encryption ? (SEC_LOGON_INFO | SEC_ENCRYPT) : SEC_LOGON_INFO; |
169 |
STREAM s; |
STREAM s; |
170 |
|
time_t t = time(NULL); |
171 |
|
time_t tzone; |
172 |
|
|
173 |
|
#if 0 |
174 |
|
// enable rdp compression |
175 |
|
flags |= RDP_COMPRESSION; |
176 |
|
#endif |
177 |
|
|
178 |
if (!g_use_rdp5 || 1 == g_server_rdp_version) |
if (!g_use_rdp5 || 1 == g_server_rdp_version) |
179 |
{ |
{ |
199 |
{ |
{ |
200 |
flags |= RDP_LOGON_BLOB; |
flags |= RDP_LOGON_BLOB; |
201 |
DEBUG_RDP5(("Sending RDP5-style Logon packet\n")); |
DEBUG_RDP5(("Sending RDP5-style Logon packet\n")); |
202 |
packetlen = 4 + // Unknown uint32 |
packetlen = 4 + /* Unknown uint32 */ |
203 |
4 + // flags |
4 + /* flags */ |
204 |
2 + // len_domain |
2 + /* len_domain */ |
205 |
2 + // len_user |
2 + /* len_user */ |
206 |
(flags & RDP_LOGON_AUTO ? 2 : 0) + // len_password |
(flags & RDP_LOGON_AUTO ? 2 : 0) + /* len_password */ |
207 |
(flags & RDP_LOGON_BLOB ? 2 : 0) + // Length of BLOB |
(flags & RDP_LOGON_BLOB ? 2 : 0) + /* Length of BLOB */ |
208 |
2 + // len_program |
2 + /* len_program */ |
209 |
2 + // len_directory |
2 + /* len_directory */ |
210 |
(0 < len_domain ? len_domain : 2) + // domain |
(0 < len_domain ? len_domain : 2) + /* domain */ |
211 |
len_user + (flags & RDP_LOGON_AUTO ? len_password : 0) + 0 + // We have no 512 byte BLOB. Perhaps we must? |
len_user + (flags & RDP_LOGON_AUTO ? len_password : 0) + 0 + /* We have no 512 byte BLOB. Perhaps we must? */ |
212 |
(flags & RDP_LOGON_BLOB && !(flags & RDP_LOGON_AUTO) ? 2 : 0) + // After the BLOB is a unknown int16. If there is a BLOB, that is. |
(flags & RDP_LOGON_BLOB && !(flags & RDP_LOGON_AUTO) ? 2 : 0) + /* After the BLOB is a unknown int16. If there is a BLOB, that is. */ |
213 |
(0 < len_program ? len_program : 2) + (0 < len_directory ? len_directory : 2) + 2 + // Unknown (2) |
(0 < len_program ? len_program : 2) + (0 < len_directory ? len_directory : 2) + 2 + /* Unknown (2) */ |
214 |
2 + // Client ip length |
2 + /* Client ip length */ |
215 |
len_ip + // Client ip |
len_ip + /* Client ip */ |
216 |
2 + // DLL string length |
2 + /* DLL string length */ |
217 |
len_dll + // DLL string |
len_dll + /* DLL string */ |
218 |
2 + // Unknown |
2 + /* Unknown */ |
219 |
2 + // Unknown |
2 + /* Unknown */ |
220 |
64 + // Time zone #0 |
64 + /* Time zone #0 */ |
221 |
2 + // Unknown |
2 + /* Unknown */ |
222 |
64 + // Time zone #1 |
64 + /* Time zone #1 */ |
223 |
32; // Unknown |
32; /* Unknown */ |
224 |
|
|
225 |
s = sec_init(sec_flags, packetlen); |
s = sec_init(sec_flags, packetlen); |
226 |
DEBUG_RDP5(("Called sec_init with packetlen %d\n", packetlen)); |
DEBUG_RDP5(("Called sec_init with packetlen %d\n", packetlen)); |
227 |
|
|
228 |
out_uint32(s, 0); // Unknown |
out_uint32(s, 0); /* Unknown */ |
229 |
out_uint32_le(s, flags); |
out_uint32_le(s, flags); |
230 |
out_uint16_le(s, len_domain); |
out_uint16_le(s, len_domain); |
231 |
out_uint16_le(s, len_user); |
out_uint16_le(s, len_user); |
271 |
out_uint16_le(s, 0); |
out_uint16_le(s, 0); |
272 |
} |
} |
273 |
out_uint16_le(s, 2); |
out_uint16_le(s, 2); |
274 |
out_uint16_le(s, len_ip + 2); // Length of client ip |
out_uint16_le(s, len_ip + 2); /* Length of client ip */ |
275 |
rdp_out_unistr(s, "127.0.0.1", len_ip); |
rdp_out_unistr(s, ipaddr, len_ip); |
276 |
out_uint16_le(s, len_dll + 2); |
out_uint16_le(s, len_dll + 2); |
277 |
rdp_out_unistr(s, "C:\\WINNT\\System32\\mstscax.dll", len_dll); |
rdp_out_unistr(s, "C:\\WINNT\\System32\\mstscax.dll", len_dll); |
278 |
out_uint16_le(s, 0xffc4); |
|
279 |
out_uint16_le(s, 0xffff); |
tzone = (mktime(gmtime(&t)) - mktime(localtime(&t))) / 60; |
280 |
|
out_uint32_le(s, tzone); |
281 |
|
|
282 |
rdp_out_unistr(s, "GTB, normaltid", 2 * strlen("GTB, normaltid")); |
rdp_out_unistr(s, "GTB, normaltid", 2 * strlen("GTB, normaltid")); |
283 |
out_uint8s(s, 62 - 2 * strlen("GTB, normaltid")); |
out_uint8s(s, 62 - 2 * strlen("GTB, normaltid")); |
284 |
|
|
|
|
|
285 |
out_uint32_le(s, 0x0a0000); |
out_uint32_le(s, 0x0a0000); |
286 |
out_uint32_le(s, 0x050000); |
out_uint32_le(s, 0x050000); |
287 |
out_uint32_le(s, 3); |
out_uint32_le(s, 3); |
629 |
rdp_recv(&type); /* RDP_PDU_SYNCHRONIZE */ |
rdp_recv(&type); /* RDP_PDU_SYNCHRONIZE */ |
630 |
rdp_recv(&type); /* RDP_CTL_COOPERATE */ |
rdp_recv(&type); /* RDP_CTL_COOPERATE */ |
631 |
rdp_recv(&type); /* RDP_CTL_GRANT_CONTROL */ |
rdp_recv(&type); /* RDP_CTL_GRANT_CONTROL */ |
632 |
rdp_send_input(0, RDP_INPUT_SYNCHRONIZE, 0, 0, 0); |
rdp_send_input(0, RDP_INPUT_SYNCHRONIZE, 0, ui_get_numlock_state(read_keyboard_state()), 0); |
633 |
rdp_send_fonts(1); |
rdp_send_fonts(1); |
634 |
rdp_send_fonts(2); |
rdp_send_fonts(2); |
635 |
rdp_recv(&type); /* RDP_PDU_UNKNOWN 0x28 */ |
rdp_recv(&type); /* RDP_PDU_UNKNOWN 0x28 */ |
754 |
left, top, right, bottom, width, height, Bpp, compress)); |
left, top, right, bottom, width, height, Bpp, compress)); |
755 |
|
|
756 |
/* Server may limit bpp - this is how we find out */ |
/* Server may limit bpp - this is how we find out */ |
757 |
if (g_server_bpp != bpp) { |
if (g_server_bpp != bpp) |
758 |
|
{ |
759 |
warning("Server limited colour depth to %d bits\n", bpp); |
warning("Server limited colour depth to %d bits\n", bpp); |
760 |
g_server_bpp = bpp; |
g_server_bpp = bpp; |
761 |
} |
} |
870 |
process_data_pdu(STREAM s) |
process_data_pdu(STREAM s) |
871 |
{ |
{ |
872 |
uint8 data_pdu_type; |
uint8 data_pdu_type; |
873 |
|
uint8 ctype; |
874 |
|
uint16 clen; |
875 |
|
int roff, rlen, len, ret; |
876 |
|
static struct stream ns; |
877 |
|
static signed char *dict = 0; |
878 |
|
|
879 |
in_uint8s(s, 8); /* shareid, pad, streamid, length */ |
in_uint8s(s, 6); /* shareid, pad, streamid */ |
880 |
|
in_uint16(s, len); |
881 |
in_uint8(s, data_pdu_type); |
in_uint8(s, data_pdu_type); |
882 |
in_uint8s(s, 3); /* compress_type, compress_len */ |
in_uint8(s, ctype); |
883 |
|
in_uint16(s, clen); |
884 |
|
clen -= 18; |
885 |
|
|
886 |
|
#if 0 |
887 |
|
if (ctype & 0x20) |
888 |
|
{ |
889 |
|
if (!dict) |
890 |
|
{ |
891 |
|
dict = (signed char *) malloc(8200 * sizeof(signed char)); |
892 |
|
dict = (signed char *) memset(dict, 0, 8200 * sizeof(signed char)); |
893 |
|
} |
894 |
|
|
895 |
|
ret = decompress(s->p, clen, ctype, (signed char *) dict, &roff, &rlen); |
896 |
|
|
897 |
|
len -= 18; |
898 |
|
|
899 |
|
ns.data = xrealloc(ns.data, len); |
900 |
|
|
901 |
|
ns.data = (unsigned char *) memcpy(ns.data, (unsigned char *) (dict + roff), len); |
902 |
|
|
903 |
|
ns.size = len; |
904 |
|
ns.end = ns.data + ns.size; |
905 |
|
ns.p = ns.data; |
906 |
|
ns.rdp_hdr = ns.p; |
907 |
|
|
908 |
|
s = &ns; |
909 |
|
} |
910 |
|
#endif |
911 |
|
|
912 |
switch (data_pdu_type) |
switch (data_pdu_type) |
913 |
{ |
{ |
928 |
/* User logged on */ |
/* User logged on */ |
929 |
break; |
break; |
930 |
|
|
931 |
|
case RDP_DATA_PDU_DISCONNECT: |
932 |
|
/* Normally received when user logs out or disconnects from a |
933 |
|
console session on Windows XP and 2003 Server */ |
934 |
|
DEBUG(("Received disconnect PDU\n")); |
935 |
|
break; |
936 |
|
|
937 |
default: |
default: |
938 |
unimpl("data PDU %d\n", data_pdu_type); |
unimpl("data PDU %d\n", data_pdu_type); |
939 |
} |
} |