--- sourceforge.net/trunk/rdesktop/rdp.c 2002/09/24 07:59:14 192 +++ sourceforge.net/trunk/rdesktop/rdp.c 2003/07/02 22:02:23 433 @@ -1,18 +1,18 @@ -/* +/* -*- c-basic-offset: 8 -*- rdesktop: A Remote Desktop Protocol client. Protocol services - RDP layer - Copyright (C) Matthew Chapman 1999-2001 - + Copyright (C) Matthew Chapman 1999-2002 + This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. @@ -20,43 +20,22 @@ #include "rdesktop.h" -extern uint16 mcs_userid; +extern uint16 g_mcs_userid; extern char username[16]; extern BOOL bitmap_compression; extern BOOL orders; extern BOOL encryption; extern BOOL desktop_save; +extern BOOL use_rdp5; +extern uint16 server_rdp_version; +extern int server_bpp; uint8 *next_packet; uint32 rdp_shareid; -/* Initialise an RDP packet */ -static STREAM -rdp_init(int maxlen) -{ - STREAM s; - - s = sec_init(encryption ? SEC_ENCRYPT : 0, maxlen + 6); - s_push_layer(s, rdp_hdr, 6); - - return s; -} - -/* Send an RDP packet */ -static void -rdp_send(STREAM s, uint8 pdu_type) -{ - uint16 length; - - s_pop_layer(s, rdp_hdr); - length = s->end - s->p; - - out_uint16_le(s, length); - out_uint16_le(s, (pdu_type | 0x10)); /* Version 1 */ - out_uint16_le(s, (mcs_userid + 1001)); - - sec_send(s, encryption ? SEC_ENCRYPT : 0); -} +#if WITH_DEBUG +static uint32 packetno; +#endif /* Receive an RDP packet */ static STREAM @@ -79,13 +58,20 @@ } in_uint16_le(rdp_s, length); + /* 32k packets are really 8, keepalive fix */ + if (length == 0x8000) + { + next_packet += 8; + *type = 0; + return rdp_s; + } in_uint16_le(rdp_s, pdu_type); in_uint8s(rdp_s, 2); /* userid */ *type = pdu_type & 0xf; #if WITH_DEBUG - DEBUG(("RDP packet (type %x):\n", *type)); - hexdump(next_packet, length); + DEBUG(("RDP packet #%d, (type %x)\n", ++packetno, *type)); + // hexdump(next_packet, length); #endif /* */ next_packet += length; @@ -115,7 +101,7 @@ out_uint16_le(s, length); out_uint16_le(s, (RDP_PDU_DATA | 0x10)); - out_uint16_le(s, (mcs_userid + 1001)); + out_uint16_le(s, (g_mcs_userid + 1001)); out_uint32_le(s, rdp_shareid); out_uint8(s, 0); /* pad */ @@ -155,25 +141,138 @@ int len_password = 2 * strlen(password); int len_program = 2 * strlen(program); int len_directory = 2 * strlen(directory); + int len_ip = 2 * strlen("127.0.0.1"); + int len_dll = 2 * strlen("C:\\WINNT\\System32\\mstscax.dll"); + int packetlen = 0; uint32 sec_flags = encryption ? (SEC_LOGON_INFO | SEC_ENCRYPT) : SEC_LOGON_INFO; STREAM s; - s = sec_init(sec_flags, 18 + len_domain + len_user + len_password - + len_program + len_directory + 10); + if (!use_rdp5 || 1 == server_rdp_version) + { + DEBUG_RDP5(("Sending RDP4-style Logon packet\n")); - out_uint32(s, 0); - out_uint32_le(s, flags); - out_uint16_le(s, len_domain); - out_uint16_le(s, len_user); - out_uint16_le(s, len_password); - out_uint16_le(s, len_program); - out_uint16_le(s, len_directory); - rdp_out_unistr(s, domain, len_domain); - rdp_out_unistr(s, user, len_user); - rdp_out_unistr(s, password, len_password); - rdp_out_unistr(s, program, len_program); - rdp_out_unistr(s, directory, len_directory); + s = sec_init(sec_flags, 18 + len_domain + len_user + len_password + + len_program + len_directory + 10); + out_uint32(s, 0); + out_uint32_le(s, flags); + out_uint16_le(s, len_domain); + out_uint16_le(s, len_user); + out_uint16_le(s, len_password); + out_uint16_le(s, len_program); + out_uint16_le(s, len_directory); + rdp_out_unistr(s, domain, len_domain); + rdp_out_unistr(s, user, len_user); + rdp_out_unistr(s, password, len_password); + rdp_out_unistr(s, program, len_program); + rdp_out_unistr(s, directory, len_directory); + } + else + { + flags |= RDP_LOGON_BLOB; + DEBUG_RDP5(("Sending RDP5-style Logon packet\n")); + packetlen = 4 + // Unknown uint32 + 4 + // flags + 2 + // len_domain + 2 + // len_user + (flags & RDP_LOGON_AUTO ? 2 : 0) + // len_password + (flags & RDP_LOGON_BLOB ? 2 : 0) + // Length of BLOB + 2 + // len_program + 2 + // len_directory + (0 < len_domain ? len_domain : 2) + // domain + len_user + (flags & RDP_LOGON_AUTO ? len_password : 0) + 0 + // We have no 512 byte BLOB. Perhaps we must? + (flags & RDP_LOGON_BLOB && !(flags & RDP_LOGON_AUTO) ? 2 : 0) + // After the BLOB is a unknown int16. If there is a BLOB, that is. + (0 < len_program ? len_program : 2) + (0 < len_directory ? len_directory : 2) + 2 + // Unknown (2) + 2 + // Client ip length + len_ip + // Client ip + 2 + // DLL string length + len_dll + // DLL string + 2 + // Unknown + 2 + // Unknown + 64 + // Time zone #0 + 2 + // Unknown + 64 + // Time zone #1 + 32; // Unknown + + s = sec_init(sec_flags, packetlen); + DEBUG_RDP5(("Called sec_init with packetlen %d\n", packetlen)); + + out_uint32(s, 0); // Unknown + out_uint32_le(s, flags); + out_uint16_le(s, len_domain); + out_uint16_le(s, len_user); + if (flags & RDP_LOGON_AUTO) + { + out_uint16_le(s, len_password); + + } + if (flags & RDP_LOGON_BLOB && !(flags & RDP_LOGON_AUTO)) + { + out_uint16_le(s, 0); + } + out_uint16_le(s, len_program); + out_uint16_le(s, len_directory); + if (0 < len_domain) + rdp_out_unistr(s, domain, len_domain); + else + out_uint16_le(s, 0); + rdp_out_unistr(s, user, len_user); + if (flags & RDP_LOGON_AUTO) + { + rdp_out_unistr(s, password, len_password); + } + if (flags & RDP_LOGON_BLOB && !(flags & RDP_LOGON_AUTO)) + { + out_uint16_le(s, 0); + } + if (0 < len_program) + { + rdp_out_unistr(s, program, len_program); + + } + else + { + out_uint16_le(s, 0); + } + if (0 < len_directory) + { + rdp_out_unistr(s, directory, len_directory); + } + else + { + out_uint16_le(s, 0); + } + out_uint16_le(s, 2); + out_uint16_le(s, len_ip + 2); // Length of client ip + rdp_out_unistr(s, "127.0.0.1", len_ip); + out_uint16_le(s, len_dll + 2); + rdp_out_unistr(s, "C:\\WINNT\\System32\\mstscax.dll", len_dll); + out_uint16_le(s, 0xffc4); + out_uint16_le(s, 0xffff); + rdp_out_unistr(s, "GTB, normaltid", 2 * strlen("GTB, normaltid")); + out_uint8s(s, 62 - 2 * strlen("GTB, normaltid")); + + + out_uint32_le(s, 0x0a0000); + out_uint32_le(s, 0x050000); + out_uint32_le(s, 3); + out_uint32_le(s, 0); + out_uint32_le(s, 0); + + rdp_out_unistr(s, "GTB, sommartid", 2 * strlen("GTB, sommartid")); + out_uint8s(s, 62 - 2 * strlen("GTB, sommartid")); + + out_uint32_le(s, 0x30000); + out_uint32_le(s, 0x050000); + out_uint32_le(s, 2); + out_uint32(s, 0); + out_uint32_le(s, 0xffffffc4); + out_uint32_le(s, 0xfffffffe); + out_uint32_le(s, 0x0f); + out_uint32(s, 0); + + + } s_mark_end(s); sec_send(s, sec_flags); } @@ -259,7 +358,14 @@ out_uint16_le(s, 0x200); /* Protocol version */ out_uint16(s, 0); /* Pad */ out_uint16(s, 0); /* Compression types */ - out_uint16(s, 0); /* Pad */ + out_uint16_le(s, use_rdp5 ? 0x40d : 0); + /* Pad, according to T.128. 0x40d seems to + trigger + the server to start sending RDP5 packets. + However, the value is 0x1d04 with W2KTSK and + NT4MS. Hmm.. Anyway, thankyou, Microsoft, + for sending such information in a padding + field.. */ out_uint16(s, 0); /* Update capability */ out_uint16(s, 0); /* Remote unshare capability */ out_uint16(s, 0); /* Compression level */ @@ -329,16 +435,18 @@ static void rdp_out_bmpcache_caps(STREAM s) { + int Bpp; out_uint16_le(s, RDP_CAPSET_BMPCACHE); out_uint16_le(s, RDP_CAPLEN_BMPCACHE); + Bpp = (server_bpp + 7) / 8; out_uint8s(s, 24); /* unused */ out_uint16_le(s, 0x258); /* entries */ - out_uint16_le(s, 0x100); /* max cell size */ + out_uint16_le(s, 0x100 * Bpp); /* max cell size */ out_uint16_le(s, 0x12c); /* entries */ - out_uint16_le(s, 0x400); /* max cell size */ + out_uint16_le(s, 0x400 * Bpp); /* max cell size */ out_uint16_le(s, 0x106); /* entries */ - out_uint16_le(s, 0x1000); /* max cell size */ + out_uint16_le(s, 0x1000 * Bpp); /* max cell size */ } /* Output control capability set */ @@ -422,7 +530,7 @@ 0x02, 0x00, 0x00, 0x00 }; -/* Output unknown capability set */ +/* Output unknown capability sets (number 13, 12, 14 and 16) */ static void rdp_out_unknown_caps(STREAM s) { @@ -432,18 +540,24 @@ out_uint8p(s, canned_caps, RDP_CAPLEN_UNKNOWN - 4); } +#define RDP5_FLAG 0x0030 /* Send a confirm active PDU */ static void rdp_send_confirm_active(void) { STREAM s; + uint32 sec_flags = encryption ? (RDP5_FLAG | SEC_ENCRYPT) : RDP5_FLAG; uint16 caplen = RDP_CAPLEN_GENERAL + RDP_CAPLEN_BITMAP + RDP_CAPLEN_ORDER + RDP_CAPLEN_BMPCACHE + RDP_CAPLEN_COLCACHE + RDP_CAPLEN_ACTIVATE + RDP_CAPLEN_CONTROL + RDP_CAPLEN_POINTER + RDP_CAPLEN_SHARE + RDP_CAPLEN_UNKNOWN + 4 /* w2k fix, why? */ ; - s = rdp_init(14 + caplen + sizeof(RDP_SOURCE)); + s = sec_init(sec_flags, 6 + 14 + caplen + sizeof(RDP_SOURCE)); + + out_uint16_le(s, 2 + 14 + caplen + sizeof(RDP_SOURCE)); + out_uint16_le(s, (RDP_PDU_CONFIRM_ACTIVE | 0x10)); /* Version 1 */ + out_uint16_le(s, (g_mcs_userid + 1001)); out_uint32_le(s, rdp_shareid); out_uint16_le(s, 0x3ea); /* userid */ @@ -466,7 +580,7 @@ rdp_out_unknown_caps(s); s_mark_end(s); - rdp_send(s, RDP_PDU_CONFIRM_ACTIVE); + sec_send(s, sec_flags); } /* Respond to a demand active PDU */ @@ -493,14 +607,54 @@ reset_order_state(); } +/* Process a null system pointer PDU */ +void +process_null_system_pointer_pdu(STREAM s) +{ + // FIXME: We should probably set another cursor here, + // like the X window system base cursor or something. + ui_set_cursor(cache_get_cursor(0)); +} + +/* Process a colour pointer PDU */ +void +process_colour_pointer_pdu(STREAM s) +{ + uint16 x, y, width, height, cache_idx, masklen, datalen; + uint8 *mask, *data; + HCURSOR cursor; + + in_uint16_le(s, cache_idx); + in_uint16_le(s, x); + in_uint16_le(s, y); + in_uint16_le(s, width); + in_uint16_le(s, height); + in_uint16_le(s, masklen); + in_uint16_le(s, datalen); + in_uint8p(s, data, datalen); + in_uint8p(s, mask, masklen); + cursor = ui_create_cursor(x, y, width, height, mask, data); + ui_set_cursor(cursor); + cache_put_cursor(cache_idx, cursor); +} + +/* Process a cached pointer PDU */ +void +process_cached_pointer_pdu(STREAM s) +{ + uint16 cache_idx; + + in_uint16_le(s, cache_idx); + ui_set_cursor(cache_get_cursor(cache_idx)); +} + + /* Process a pointer PDU */ static void process_pointer_pdu(STREAM s) { uint16 message_type; - uint16 x, y, width, height, cache_idx, masklen, datalen; - uint8 *mask, *data; - HCURSOR cursor; + uint16 x, y; in_uint16_le(s, message_type); in_uint8s(s, 2); /* pad */ @@ -515,23 +669,11 @@ break; case RDP_POINTER_COLOR: - in_uint16_le(s, cache_idx); - in_uint16_le(s, x); - in_uint16_le(s, y); - in_uint16_le(s, width); - in_uint16_le(s, height); - in_uint16_le(s, masklen); - in_uint16_le(s, datalen); - in_uint8p(s, data, datalen); - in_uint8p(s, mask, masklen); - cursor = ui_create_cursor(x, y, width, height, mask, data); - ui_set_cursor(cursor); - cache_put_cursor(cache_idx, cursor); + process_colour_pointer_pdu(s); break; case RDP_POINTER_CACHED: - in_uint16_le(s, cache_idx); - ui_set_cursor(cache_get_cursor(cache_idx)); + process_cached_pointer_pdu(s); break; default: @@ -540,12 +682,12 @@ } /* Process bitmap updates */ -static void +void process_bitmap_updates(STREAM s) { uint16 num_updates; uint16 left, top, right, bottom, width, height; - uint16 cx, cy, bpp, compress, bufsize, size; + uint16 cx, cy, bpp, Bpp, compress, bufsize, size; uint8 *data, *bmpdata; int i; @@ -560,73 +702,102 @@ in_uint16_le(s, width); in_uint16_le(s, height); in_uint16_le(s, bpp); + Bpp = (bpp + 7) / 8; in_uint16_le(s, compress); in_uint16_le(s, bufsize); cx = right - left + 1; cy = bottom - top + 1; - DEBUG(("UPDATE(l=%d,t=%d,r=%d,b=%d,w=%d,h=%d,cmp=%d)\n", - left, top, right, bottom, width, height, compress)); + DEBUG(("BITMAP_UPDATE(l=%d,t=%d,r=%d,b=%d,w=%d,h=%d,Bpp=%d,cmp=%d)\n", + left, top, right, bottom, width, height, Bpp, compress)); if (!compress) { int y; - bmpdata = xmalloc(width * height); + bmpdata = (uint8 *) xmalloc(width * height * Bpp); for (y = 0; y < height; y++) { - in_uint8a(s, &bmpdata[(height - y - 1) * width], width); + in_uint8a(s, &bmpdata[(height - y - 1) * (width * Bpp)], + width * Bpp); } ui_paint_bitmap(left, top, cx, cy, width, height, bmpdata); xfree(bmpdata); continue; } - in_uint8s(s, 2); /* pad */ - in_uint16_le(s, size); - in_uint8s(s, 4); /* line_size, final_size */ - in_uint8p(s, data, size); - bmpdata = xmalloc(width * height); - if (bitmap_decompress(bmpdata, width, height, data, size)) + if (compress & 0x400) + { + size = bufsize; + } + else + { + in_uint8s(s, 2); /* pad */ + in_uint16_le(s, size); + in_uint8s(s, 4); /* line_size, final_size */ + } + in_uint8p(s, data, size); + bmpdata = (uint8 *) xmalloc(width * height * Bpp); + if (bitmap_decompress(bmpdata, width, height, data, size, Bpp)) { ui_paint_bitmap(left, top, cx, cy, width, height, bmpdata); } + else + { + DEBUG_RDP5(("Failed to decompress data\n")); + } xfree(bmpdata); } } /* Process a palette update */ -static void +void process_palette(STREAM s) { - HCOLOURMAP hmap; + COLOURENTRY *entry; COLOURMAP map; - uint8 *colours; + HCOLOURMAP hmap; + int i; in_uint8s(s, 2); /* pad */ in_uint16_le(s, map.ncolours); in_uint8s(s, 2); /* pad */ - in_uint8p(s, colours, (map.ncolours * 3)); - map.colours = (COLOURENTRY *) colours; + + map.colours = (COLOURENTRY *) xmalloc(3 * map.ncolours); + + DEBUG(("PALETTE(c=%d)\n", map.ncolours)); + + for (i = 0; i < map.ncolours; i++) + { + entry = &map.colours[i]; + in_uint8(s, entry->red); + in_uint8(s, entry->green); + in_uint8(s, entry->blue); + } hmap = ui_create_colourmap(&map); ui_set_colourmap(hmap); + + xfree(map.colours); } /* Process an update PDU */ static void process_update_pdu(STREAM s) { - uint16 update_type; + uint16 update_type, count; in_uint16_le(s, update_type); switch (update_type) { case RDP_UPDATE_ORDERS: - process_orders(s); + in_uint8s(s, 2); /* pad */ + in_uint16_le(s, count); + in_uint8s(s, 2); /* pad */ + process_orders(s, count); break; case RDP_UPDATE_BITMAP: @@ -671,6 +842,7 @@ break; case RDP_DATA_PDU_LOGON: + DEBUG(("Received Logon PDU\n")); /* User logged on */ break; @@ -680,7 +852,7 @@ } /* Process incoming packets */ -void +BOOL rdp_main_loop(void) { uint8 type; @@ -695,16 +867,30 @@ break; case RDP_PDU_DEACTIVATE: + DEBUG(("RDP_PDU_DEACTIVATE\n")); + /* We thought we could detect a clean + shutdown of the session by this + packet, but it seems Windows 2003 + is sending us one of these when we + reconnect to a disconnected session + return True; */ break; case RDP_PDU_DATA: process_data_pdu(s); break; + case 0: + break; + default: unimpl("PDU %d\n", type); } } + return True; + /* We want to detect if we got a clean shutdown, but we + can't. Se above. + return False; */ } /* Establish a connection up to the RDP layer */ @@ -712,7 +898,7 @@ rdp_connect(char *server, uint32 flags, char *domain, char *password, char *command, char *directory) { - if (!sec_connect(server)) + if (!sec_connect(server, username)) return False; rdp_send_logon_info(flags, domain, username, password, command, directory);