447 |
out_uint16_le(s, 0xca04); |
out_uint16_le(s, 0xca04); |
448 |
break; |
break; |
449 |
} |
} |
450 |
out_uint16(s, 1); |
out_uint16_le(s, 1); |
451 |
|
|
452 |
out_uint32(s, 0); |
out_uint32(s, 0); |
453 |
out_uint32_le(s, 0x070008); |
out_uint8(s, server_bpp); |
454 |
|
out_uint16_le(s, 0x0700); |
455 |
|
out_uint8(s, 0); |
456 |
out_uint32_le(s, 1); |
out_uint32_le(s, 1); |
457 |
out_uint8s(s, 64); /* End of client info */ |
out_uint8s(s, 64); /* End of client info */ |
458 |
|
|
459 |
out_uint16_le(s, SEC_TAG_CLI_4); |
out_uint16_le(s, SEC_TAG_CLI_4); |
460 |
out_uint16_le(s, 12); |
out_uint16_le(s, 12); |
461 |
out_uint32_le(s, 9); |
out_uint32_le(s, 9); |
462 |
out_uint32_le(s, 0); |
out_uint32(s, 0); |
463 |
|
|
464 |
/* Client encryption settings */ |
/* Client encryption settings */ |
465 |
out_uint16_le(s, SEC_TAG_CLI_CRYPT); |
out_uint16_le(s, SEC_TAG_CLI_CRYPT); |
466 |
out_uint16_le(s, 12); /* length */ |
out_uint16_le(s, 12); /* length */ |
467 |
out_uint32_le(s, encryption ? 0x3 : 0); /* encryption supported, 128-bit supported */ |
out_uint32_le(s, encryption ? 0x3 : 0); /* encryption supported, 128-bit supported */ |
468 |
out_uint32_le(s, 0); /* Unknown */ |
out_uint32(s, 0); /* Unknown */ |
469 |
|
|
470 |
out_uint16_le(s, SEC_TAG_CLI_CHANNELS); |
out_uint16_le(s, SEC_TAG_CLI_CHANNELS); |
471 |
out_uint16_le(s, 20); /* length */ |
out_uint16_le(s, 20); /* length */ |
538 |
uint8 ** server_random, uint8 ** modulus, uint8 ** exponent) |
uint8 ** server_random, uint8 ** modulus, uint8 ** exponent) |
539 |
{ |
{ |
540 |
uint32 crypt_level, random_len, rsa_info_len; |
uint32 crypt_level, random_len, rsa_info_len; |
541 |
uint32 cacert_len, cert_len; |
uint32 cacert_len, cert_len, flags; |
542 |
X509 *cacert, *server_cert; |
X509 *cacert, *server_cert; |
543 |
uint16 tag, length; |
uint16 tag, length; |
544 |
uint8 *next_tag, *end; |
uint8 *next_tag, *end; |
563 |
if (end > s->end) |
if (end > s->end) |
564 |
return False; |
return False; |
565 |
|
|
566 |
if (!use_rdp5 || 1 == server_rdp_version) |
in_uint32_le(s, flags); /* 1 = RDP4-style, 0x80000002 = X.509 */ |
567 |
|
if (flags & 1) |
568 |
{ |
{ |
569 |
DEBUG_RDP5(("We're going for the RDP4-style encryption\n")); |
DEBUG_RDP5(("We're going for the RDP4-style encryption\n")); |
570 |
in_uint8s(s, 12); /* unknown */ |
in_uint8s(s, 8); /* unknown */ |
571 |
|
|
572 |
while (s->p < end) |
while (s->p < end) |
573 |
{ |
{ |
599 |
s->p = next_tag; |
s->p = next_tag; |
600 |
} |
} |
601 |
} |
} |
602 |
else if (4 == server_rdp_version) |
else |
603 |
{ |
{ |
604 |
DEBUG_RDP5(("We're going for the RDP5-style encryption\n")); |
DEBUG_RDP5(("We're going for the RDP5-style encryption\n")); |
605 |
in_uint8s(s, 8); /* Unknown */ |
in_uint8s(s, 4); /* Number of certificates */ |
606 |
|
|
607 |
/* Do da funky X.509 stuffy |
/* Do da funky X.509 stuffy |
608 |
|
|
654 |
} |
} |
655 |
return True; /* There's some garbage here we don't care about */ |
return True; /* There's some garbage here we don't care about */ |
656 |
} |
} |
|
else |
|
|
{ |
|
|
error("Unknown Server RDP version %d", server_rdp_version); |
|
|
return False; |
|
|
} |
|
657 |
return s_check_end(s); |
return s_check_end(s); |
658 |
} |
} |
659 |
|
|
673 |
} |
} |
674 |
|
|
675 |
DEBUG(("Generating client random\n")); |
DEBUG(("Generating client random\n")); |
|
/* Generate a client random, and hence determine encryption keys */ |
|
|
generate_random(inr); |
|
676 |
// This is what the MS client do: |
// This is what the MS client do: |
677 |
// memset(inr, 0, SEC_RANDOM_SIZE); |
memset(inr, 0, SEC_RANDOM_SIZE); |
678 |
// *ARIGL!* |
/* *ARIGL!* Plaintext attack, anyone? |
679 |
|
I tried doing: |
680 |
|
generate_random(inr); |
681 |
|
..but that generates connection errors now and then (yes, |
682 |
|
"now and then". Something like 0 to 3 attempts needed before a |
683 |
|
successful connection. Nice. Not! |
684 |
|
*/ |
685 |
|
|
686 |
generate_random(client_random); |
generate_random(client_random); |
687 |
if (NULL != server_public_key) |
if (NULL != server_public_key) |
688 |
{ /* Which means we should use |
{ /* Which means we should use |
775 |
|
|
776 |
if (sec_flags & SEC_LICENCE_NEG) |
if (sec_flags & SEC_LICENCE_NEG) |
777 |
{ |
{ |
778 |
|
if (sec_flags & SEC_ENCRYPT) { |
779 |
|
DEBUG_RDP5(("Encrypted license detected\n")); |
780 |
|
} |
781 |
licence_process(s); |
licence_process(s); |
782 |
continue; |
continue; |
783 |
} |
} |
809 |
|
|
810 |
/* We exchange some RDP data during the MCS-Connect */ |
/* We exchange some RDP data during the MCS-Connect */ |
811 |
mcs_data.size = 512; |
mcs_data.size = 512; |
812 |
mcs_data.p = mcs_data.data = xmalloc(mcs_data.size); |
mcs_data.p = mcs_data.data = (uint8*)xmalloc(mcs_data.size); |
813 |
sec_out_mcs_data(&mcs_data); |
sec_out_mcs_data(&mcs_data); |
814 |
|
|
815 |
if (!mcs_connect(server, &mcs_data, username)) |
if (!mcs_connect(server, &mcs_data, username)) |