447 |
out_uint16_le(s, 0xca04); |
out_uint16_le(s, 0xca04); |
448 |
break; |
break; |
449 |
} |
} |
450 |
out_uint16(s, 1); |
out_uint16_le(s, 1); |
451 |
|
|
452 |
out_uint32(s, 0); |
out_uint32(s, 0); |
453 |
out_uint8(s, server_bpp); |
out_uint8(s, server_bpp); |
459 |
out_uint16_le(s, SEC_TAG_CLI_4); |
out_uint16_le(s, SEC_TAG_CLI_4); |
460 |
out_uint16_le(s, 12); |
out_uint16_le(s, 12); |
461 |
out_uint32_le(s, 9); |
out_uint32_le(s, 9); |
462 |
out_uint32_le(s, 0); |
out_uint32(s, 0); |
463 |
|
|
464 |
/* Client encryption settings */ |
/* Client encryption settings */ |
465 |
out_uint16_le(s, SEC_TAG_CLI_CRYPT); |
out_uint16_le(s, SEC_TAG_CLI_CRYPT); |
466 |
out_uint16_le(s, 12); /* length */ |
out_uint16_le(s, 12); /* length */ |
467 |
out_uint32_le(s, encryption ? 0x3 : 0); /* encryption supported, 128-bit supported */ |
out_uint32_le(s, encryption ? 0x3 : 0); /* encryption supported, 128-bit supported */ |
468 |
out_uint32_le(s, 0); /* Unknown */ |
out_uint32(s, 0); /* Unknown */ |
469 |
|
|
470 |
out_uint16_le(s, SEC_TAG_CLI_CHANNELS); |
out_uint16_le(s, SEC_TAG_CLI_CHANNELS); |
471 |
out_uint16_le(s, 20); /* length */ |
out_uint16_le(s, 20); /* length */ |
673 |
} |
} |
674 |
|
|
675 |
DEBUG(("Generating client random\n")); |
DEBUG(("Generating client random\n")); |
|
/* Generate a client random, and hence determine encryption keys */ |
|
|
generate_random(inr); |
|
676 |
// This is what the MS client do: |
// This is what the MS client do: |
677 |
// memset(inr, 0, SEC_RANDOM_SIZE); |
memset(inr, 0, SEC_RANDOM_SIZE); |
678 |
// *ARIGL!* |
/* *ARIGL!* Plaintext attack, anyone? |
679 |
|
I tried doing: |
680 |
|
generate_random(inr); |
681 |
|
..but that generates connection errors now and then (yes, |
682 |
|
"now and then". Something like 0 to 3 attempts needed before a |
683 |
|
successful connection. Nice. Not! |
684 |
|
*/ |
685 |
|
|
686 |
generate_random(client_random); |
generate_random(client_random); |
687 |
if (NULL != server_public_key) |
if (NULL != server_public_key) |
688 |
{ /* Which means we should use |
{ /* Which means we should use |
809 |
|
|
810 |
/* We exchange some RDP data during the MCS-Connect */ |
/* We exchange some RDP data during the MCS-Connect */ |
811 |
mcs_data.size = 512; |
mcs_data.size = 512; |
812 |
mcs_data.p = mcs_data.data = xmalloc(mcs_data.size); |
mcs_data.p = mcs_data.data = (uint8*)xmalloc(mcs_data.size); |
813 |
sec_out_mcs_data(&mcs_data); |
sec_out_mcs_data(&mcs_data); |
814 |
|
|
815 |
if (!mcs_connect(server, &mcs_data, username)) |
if (!mcs_connect(server, &mcs_data, username)) |