--- sourceforge.net/trunk/rdesktop/rdp.c 2003/04/16 08:19:15 365 +++ sourceforge.net/trunk/rdesktop/rdp.c 2004/03/04 08:11:40 624 @@ -2,38 +2,40 @@ rdesktop: A Remote Desktop Protocol client. Protocol services - RDP layer Copyright (C) Matthew Chapman 1999-2002 - + This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ +#include #include "rdesktop.h" -extern uint16 mcs_userid; -extern char username[16]; -extern BOOL bitmap_compression; -extern BOOL orders; -extern BOOL encryption; -extern BOOL desktop_save; -extern BOOL use_rdp5; -extern uint16 server_rdp_version; +extern uint16 g_mcs_userid; +extern char g_username[16]; +extern BOOL g_bitmap_compression; +extern BOOL g_orders; +extern BOOL g_encryption; +extern BOOL g_desktop_save; +extern BOOL g_use_rdp5; +extern uint16 g_server_rdp_version; +extern int g_server_bpp; -uint8 *next_packet; -uint32 rdp_shareid; +uint8 *g_next_packet; +uint32 g_rdp_shareid; #if WITH_DEBUG -static uint32 packetno; +static uint32 g_packetno; #endif /* Receive an RDP packet */ @@ -43,24 +45,24 @@ static STREAM rdp_s; uint16 length, pdu_type; - if ((rdp_s == NULL) || (next_packet >= rdp_s->end)) + if ((rdp_s == NULL) || (g_next_packet >= rdp_s->end)) { rdp_s = sec_recv(); if (rdp_s == NULL) return NULL; - next_packet = rdp_s->p; + g_next_packet = rdp_s->p; } else { - rdp_s->p = next_packet; + rdp_s->p = g_next_packet; } in_uint16_le(rdp_s, length); /* 32k packets are really 8, keepalive fix */ if (length == 0x8000) { - next_packet += 8; + g_next_packet += 8; *type = 0; return rdp_s; } @@ -69,11 +71,11 @@ *type = pdu_type & 0xf; #if WITH_DEBUG - DEBUG(("RDP packet #%d, (type %x)\n", ++packetno, *type)); - // hexdump(next_packet, length); + DEBUG(("RDP packet #%d, (type %x)\n", ++g_packetno, *type)); + hexdump(g_next_packet, length); #endif /* */ - next_packet += length; + g_next_packet += length; return rdp_s; } @@ -83,7 +85,7 @@ { STREAM s; - s = sec_init(encryption ? SEC_ENCRYPT : 0, maxlen + 18); + s = sec_init(g_encryption ? SEC_ENCRYPT : 0, maxlen + 18); s_push_layer(s, rdp_hdr, 18); return s; @@ -100,9 +102,9 @@ out_uint16_le(s, length); out_uint16_le(s, (RDP_PDU_DATA | 0x10)); - out_uint16_le(s, (mcs_userid + 1001)); + out_uint16_le(s, (g_mcs_userid + 1001)); - out_uint32_le(s, rdp_shareid); + out_uint32_le(s, g_rdp_shareid); out_uint8(s, 0); /* pad */ out_uint8(s, 1); /* streamid */ out_uint16_le(s, (length - 14)); @@ -110,7 +112,7 @@ out_uint8(s, 0); /* compress_type */ out_uint16(s, 0); /* compress_len */ - sec_send(s, encryption ? SEC_ENCRYPT : 0); + sec_send(s, g_encryption ? SEC_ENCRYPT : 0); } /* Output a string in Unicode */ @@ -130,20 +132,50 @@ s->p += len; } +/* Input a string in Unicode + * + * Returns str_len of string + */ +int +rdp_in_unistr(STREAM s, char *string, int uni_len) +{ + int i = 0; + + while (i < uni_len / 2) + { + in_uint8a(s, &string[i++], 1); + in_uint8s(s, 1); + } + + return i - 1; +} + + /* Parse a logon info packet */ static void rdp_send_logon_info(uint32 flags, char *domain, char *user, char *password, char *program, char *directory) { + char *ipaddr = tcp_get_address(); int len_domain = 2 * strlen(domain); int len_user = 2 * strlen(user); int len_password = 2 * strlen(password); int len_program = 2 * strlen(program); int len_directory = 2 * strlen(directory); - uint32 sec_flags = encryption ? (SEC_LOGON_INFO | SEC_ENCRYPT) : SEC_LOGON_INFO; + int len_ip = 2 * strlen(ipaddr); + int len_dll = 2 * strlen("C:\\WINNT\\System32\\mstscax.dll"); + int packetlen = 0; + uint32 sec_flags = g_encryption ? (SEC_LOGON_INFO | SEC_ENCRYPT) : SEC_LOGON_INFO; STREAM s; + time_t t = time(NULL); + time_t tzone; + +#if 0 + // enable rdp compression + flags |= RDP_COMPRESSION; +#endif - if (1 == server_rdp_version) + if (!g_use_rdp5 || 1 == g_server_rdp_version) { DEBUG_RDP5(("Sending RDP4-style Logon packet\n")); @@ -165,55 +197,101 @@ } else { + flags |= RDP_LOGON_BLOB; DEBUG_RDP5(("Sending RDP5-style Logon packet\n")); - s = sec_init(sec_flags, 12 + (flags & RDP_LOGON_AUTO ? 2 : 0) + 6 + (flags & RDP_LOGON_AUTO ? len_password : 0) + len_domain + len_user + 4 + len_program + len_directory + 30 + 2 + 60 + 32 + 20 + 32 + 20); /* Phew! */ + packetlen = 4 + /* Unknown uint32 */ + 4 + /* flags */ + 2 + /* len_domain */ + 2 + /* len_user */ + (flags & RDP_LOGON_AUTO ? 2 : 0) + /* len_password */ + (flags & RDP_LOGON_BLOB ? 2 : 0) + /* Length of BLOB */ + 2 + /* len_program */ + 2 + /* len_directory */ + (0 < len_domain ? len_domain : 2) + /* domain */ + len_user + (flags & RDP_LOGON_AUTO ? len_password : 0) + 0 + /* We have no 512 byte BLOB. Perhaps we must? */ + (flags & RDP_LOGON_BLOB && !(flags & RDP_LOGON_AUTO) ? 2 : 0) + /* After the BLOB is a unknown int16. If there is a BLOB, that is. */ + (0 < len_program ? len_program : 2) + (0 < len_directory ? len_directory : 2) + 2 + /* Unknown (2) */ + 2 + /* Client ip length */ + len_ip + /* Client ip */ + 2 + /* DLL string length */ + len_dll + /* DLL string */ + 2 + /* Unknown */ + 2 + /* Unknown */ + 64 + /* Time zone #0 */ + 2 + /* Unknown */ + 64 + /* Time zone #1 */ + 32; /* Unknown */ - out_uint32(s, 0); + s = sec_init(sec_flags, packetlen); + DEBUG_RDP5(("Called sec_init with packetlen %d\n", packetlen)); + + out_uint32(s, 0); /* Unknown */ out_uint32_le(s, flags); out_uint16_le(s, len_domain); out_uint16_le(s, len_user); if (flags & RDP_LOGON_AUTO) { out_uint16_le(s, len_password); + + } + if (flags & RDP_LOGON_BLOB && !(flags & RDP_LOGON_AUTO)) + { + out_uint16_le(s, 0); } - out_uint16(s, 0); /* Seems to be length of a 512 byte blob with - completely unknown data, but hopefully we'll do - with a 0 length block as well */ out_uint16_le(s, len_program); out_uint16_le(s, len_directory); + if (0 < len_domain) + rdp_out_unistr(s, domain, len_domain); + else + out_uint16_le(s, 0); + rdp_out_unistr(s, user, len_user); if (flags & RDP_LOGON_AUTO) { rdp_out_unistr(s, password, len_password); } - rdp_out_unistr(s, domain, len_domain); - rdp_out_unistr(s, user, len_user); - out_uint16(s, 0); - out_uint16(s, 0); + if (flags & RDP_LOGON_BLOB && !(flags & RDP_LOGON_AUTO)) + { + out_uint16_le(s, 0); + } if (0 < len_program) + { rdp_out_unistr(s, program, len_program); + + } + else + { + out_uint16_le(s, 0); + } if (0 < len_directory) + { rdp_out_unistr(s, directory, len_directory); - out_uint8s(s, 30); /* Some kind of client data - let's see if the server - handles zeros well.. */ - out_uint16_le(s, 60); - rdp_out_unistr(s, "C:\\WINNT\\System32\\mstscax.dll", 58); - out_uint32_be(s, 0x88ffffff); - rdp_out_unistr(s, "GTB, normaltid", 2 * strlen("GTB, normaltid") - 2); - out_uint8s(s, 30 - 2 * strlen("GTP, normaltid")); + } + else + { + out_uint16_le(s, 0); + } + out_uint16_le(s, 2); + out_uint16_le(s, len_ip + 2); /* Length of client ip */ + rdp_out_unistr(s, ipaddr, len_ip); + out_uint16_le(s, len_dll + 2); + rdp_out_unistr(s, "C:\\WINNT\\System32\\mstscax.dll", len_dll); + + tzone = (mktime(gmtime(&t)) - mktime(localtime(&t))) / 60; + out_uint32_le(s, tzone); + + rdp_out_unistr(s, "GTB, normaltid", 2 * strlen("GTB, normaltid")); + out_uint8s(s, 62 - 2 * strlen("GTB, normaltid")); out_uint32_le(s, 0x0a0000); out_uint32_le(s, 0x050000); - out_uint32_le(s, 2); - out_uint32(s, 0); - out_uint32_le(s, 0xffffffc4); - out_uint32_le(s, 0xfffffffe); - out_uint32_le(s, 0x0f); - out_uint32(s, 0); + out_uint32_le(s, 3); + out_uint32_le(s, 0); + out_uint32_le(s, 0); - rdp_out_unistr(s, "GTB, sommartid", 2 * strlen("GTB, sommartid") - 1); - out_uint8s(s, 30 - 2 * strlen("GTP, sommartid")); + rdp_out_unistr(s, "GTB, sommartid", 2 * strlen("GTB, sommartid")); + out_uint8s(s, 62 - 2 * strlen("GTB, sommartid")); - out_uint32_le(s, 0x030000); + out_uint32_le(s, 0x30000); out_uint32_le(s, 0x050000); out_uint32_le(s, 2); out_uint32(s, 0); @@ -222,6 +300,7 @@ out_uint32_le(s, 0x0f); out_uint32(s, 0); + } s_mark_end(s); sec_send(s, sec_flags); @@ -308,7 +387,7 @@ out_uint16_le(s, 0x200); /* Protocol version */ out_uint16(s, 0); /* Pad */ out_uint16(s, 0); /* Compression types */ - out_uint16_le(s, use_rdp5 ? 0x40d : 0); + out_uint16_le(s, g_use_rdp5 ? 0x40d : 0); /* Pad, according to T.128. 0x40d seems to trigger the server to start sending RDP5 packets. @@ -337,7 +416,7 @@ out_uint16_le(s, 600); /* Desktop height */ out_uint16(s, 0); /* Pad */ out_uint16(s, 0); /* Allow resize */ - out_uint16_le(s, bitmap_compression ? 1 : 0); /* Support compression */ + out_uint16_le(s, g_bitmap_compression ? 1 : 0); /* Support compression */ out_uint16(s, 0); /* Unknown */ out_uint16_le(s, 1); /* Unknown */ out_uint16(s, 0); /* Pad */ @@ -358,7 +437,7 @@ order_caps[8] = 1; /* line */ order_caps[9] = 1; /* line */ order_caps[10] = 1; /* rect */ - order_caps[11] = (desktop_save == False ? 0 : 1); /* desksave */ + order_caps[11] = (g_desktop_save == False ? 0 : 1); /* desksave */ order_caps[13] = 1; /* memblt */ order_caps[14] = 1; /* triblt */ order_caps[22] = 1; /* polyline */ @@ -376,7 +455,7 @@ out_uint8p(s, order_caps, 32); /* Orders supported */ out_uint16_le(s, 0x6a1); /* Text capability flags */ out_uint8s(s, 6); /* Pad */ - out_uint32_le(s, desktop_save == False ? 0 : 0x38400); /* Desktop cache size */ + out_uint32_le(s, g_desktop_save == False ? 0 : 0x38400); /* Desktop cache size */ out_uint32(s, 0); /* Unknown */ out_uint32_le(s, 0x4e4); /* Unknown */ } @@ -385,16 +464,18 @@ static void rdp_out_bmpcache_caps(STREAM s) { + int Bpp; out_uint16_le(s, RDP_CAPSET_BMPCACHE); out_uint16_le(s, RDP_CAPLEN_BMPCACHE); + Bpp = (g_server_bpp + 7) / 8; out_uint8s(s, 24); /* unused */ out_uint16_le(s, 0x258); /* entries */ - out_uint16_le(s, 0x100); /* max cell size */ + out_uint16_le(s, 0x100 * Bpp); /* max cell size */ out_uint16_le(s, 0x12c); /* entries */ - out_uint16_le(s, 0x400); /* max cell size */ + out_uint16_le(s, 0x400 * Bpp); /* max cell size */ out_uint16_le(s, 0x106); /* entries */ - out_uint16_le(s, 0x1000); /* max cell size */ + out_uint16_le(s, 0x1000 * Bpp); /* max cell size */ } /* Output control capability set */ @@ -494,7 +575,7 @@ rdp_send_confirm_active(void) { STREAM s; - uint32 sec_flags = encryption ? (RDP5_FLAG | SEC_ENCRYPT) : RDP5_FLAG; + uint32 sec_flags = g_encryption ? (RDP5_FLAG | SEC_ENCRYPT) : RDP5_FLAG; uint16 caplen = RDP_CAPLEN_GENERAL + RDP_CAPLEN_BITMAP + RDP_CAPLEN_ORDER + RDP_CAPLEN_BMPCACHE + RDP_CAPLEN_COLCACHE + @@ -505,9 +586,9 @@ out_uint16_le(s, 2 + 14 + caplen + sizeof(RDP_SOURCE)); out_uint16_le(s, (RDP_PDU_CONFIRM_ACTIVE | 0x10)); /* Version 1 */ - out_uint16_le(s, (mcs_userid + 1001)); + out_uint16_le(s, (g_mcs_userid + 1001)); - out_uint32_le(s, rdp_shareid); + out_uint32_le(s, g_rdp_shareid); out_uint16_le(s, 0x3ea); /* userid */ out_uint16_le(s, sizeof(RDP_SOURCE)); out_uint16_le(s, caplen); @@ -537,9 +618,9 @@ { uint8 type; - in_uint32_le(s, rdp_shareid); + in_uint32_le(s, g_rdp_shareid); - DEBUG(("DEMAND_ACTIVE(id=0x%x)\n", rdp_shareid)); + DEBUG(("DEMAND_ACTIVE(id=0x%x)\n", g_rdp_shareid)); rdp_send_confirm_active(); rdp_send_synchronise(); @@ -548,22 +629,13 @@ rdp_recv(&type); /* RDP_PDU_SYNCHRONIZE */ rdp_recv(&type); /* RDP_CTL_COOPERATE */ rdp_recv(&type); /* RDP_CTL_GRANT_CONTROL */ - rdp_send_input(0, RDP_INPUT_SYNCHRONIZE, 0, 0, 0); + rdp_send_input(0, RDP_INPUT_SYNCHRONIZE, 0, ui_get_numlock_state(read_keyboard_state()), 0); rdp_send_fonts(1); rdp_send_fonts(2); rdp_recv(&type); /* RDP_PDU_UNKNOWN 0x28 */ reset_order_state(); } -/* Process a null system pointer PDU */ -void -process_null_system_pointer_pdu(STREAM s) -{ - // FIXME: We should probably set another cursor here, - // like the X window system base cursor or something. - ui_set_cursor(cache_get_cursor(0)); -} - /* Process a colour pointer PDU */ void process_colour_pointer_pdu(STREAM s) @@ -596,6 +668,23 @@ ui_set_cursor(cache_get_cursor(cache_idx)); } +/* Process a system pointer PDU */ +void +process_system_pointer_pdu(STREAM s) +{ + uint16 system_pointer_type; + + in_uint16(s, system_pointer_type); + switch (system_pointer_type) + { + case RDP_NULL_POINTER: + ui_set_null_cursor(); + break; + + default: + unimpl("System pointer message 0x%x\n", system_pointer_type); + } +} /* Process a pointer PDU */ static void @@ -624,8 +713,12 @@ process_cached_pointer_pdu(s); break; + case RDP_POINTER_SYSTEM: + process_system_pointer_pdu(s); + break; + default: - DEBUG(("Pointer message 0x%x\n", message_type)); + unimpl("Pointer message 0x%x\n", message_type); } } @@ -660,10 +753,17 @@ DEBUG(("BITMAP_UPDATE(l=%d,t=%d,r=%d,b=%d,w=%d,h=%d,Bpp=%d,cmp=%d)\n", left, top, right, bottom, width, height, Bpp, compress)); + /* Server may limit bpp - this is how we find out */ + if (g_server_bpp != bpp) + { + warning("Server limited colour depth to %d bits\n", bpp); + g_server_bpp = bpp; + } + if (!compress) { int y; - bmpdata = xmalloc(width * height * Bpp); + bmpdata = (uint8 *) xmalloc(width * height * Bpp); for (y = 0; y < height; y++) { in_uint8a(s, &bmpdata[(height - y - 1) * (width * Bpp)], @@ -686,7 +786,7 @@ in_uint8s(s, 4); /* line_size, final_size */ } in_uint8p(s, data, size); - bmpdata = xmalloc(width * height * Bpp); + bmpdata = (uint8 *) xmalloc(width * height * Bpp); if (bitmap_decompress(bmpdata, width, height, data, size, Bpp)) { ui_paint_bitmap(left, top, cx, cy, width, height, bmpdata); @@ -713,7 +813,7 @@ in_uint16_le(s, map.ncolours); in_uint8s(s, 2); /* pad */ - map.colours = xmalloc(3 * map.ncolours); + map.colours = (COLOURENTRY *) xmalloc(sizeof(COLOURENTRY) * map.ncolours); DEBUG(("PALETTE(c=%d)\n", map.ncolours)); @@ -770,10 +870,44 @@ process_data_pdu(STREAM s) { uint8 data_pdu_type; + uint8 ctype; + uint16 clen; + int roff, rlen, len, ret; + static struct stream ns; + static signed char *dict = 0; - in_uint8s(s, 8); /* shareid, pad, streamid, length */ + in_uint8s(s, 6); /* shareid, pad, streamid */ + in_uint16(s, len); in_uint8(s, data_pdu_type); - in_uint8s(s, 3); /* compress_type, compress_len */ + in_uint8(s, ctype); + in_uint16(s, clen); + clen -= 18; + +#if 0 + if (ctype & 0x20) + { + if (!dict) + { + dict = (signed char *) malloc(8200 * sizeof(signed char)); + dict = (signed char *) memset(dict, 0, 8200 * sizeof(signed char)); + } + + ret = decompress(s->p, clen, ctype, (signed char *) dict, &roff, &rlen); + + len -= 18; + + ns.data = xrealloc(ns.data, len); + + ns.data = (unsigned char *) memcpy(ns.data, (unsigned char *) (dict + roff), len); + + ns.size = len; + ns.end = ns.data + ns.size; + ns.p = ns.data; + ns.rdp_hdr = ns.p; + + s = &ns; + } +#endif switch (data_pdu_type) { @@ -794,13 +928,19 @@ /* User logged on */ break; + case RDP_DATA_PDU_DISCONNECT: + /* Normally received when user logs out or disconnects from a + console session on Windows XP and 2003 Server */ + DEBUG(("Received disconnect PDU\n")); + break; + default: unimpl("data PDU %d\n", data_pdu_type); } } /* Process incoming packets */ -void +BOOL rdp_main_loop(void) { uint8 type; @@ -815,6 +955,13 @@ break; case RDP_PDU_DEACTIVATE: + DEBUG(("RDP_PDU_DEACTIVATE\n")); + /* We thought we could detect a clean + shutdown of the session by this + packet, but it seems Windows 2003 + is sending us one of these when we + reconnect to a disconnected session + return True; */ break; case RDP_PDU_DATA: @@ -828,6 +975,10 @@ unimpl("PDU %d\n", type); } } + return True; + /* We want to detect if we got a clean shutdown, but we + can't. Se above. + return False; */ } /* Establish a connection up to the RDP layer */ @@ -835,10 +986,10 @@ rdp_connect(char *server, uint32 flags, char *domain, char *password, char *command, char *directory) { - if (!sec_connect(server, username)) + if (!sec_connect(server, g_username)) return False; - rdp_send_logon_info(flags, domain, username, password, command, directory); + rdp_send_logon_info(flags, domain, g_username, password, command, directory); return True; }