BOOL rdp_send_data_pdu(rdpRdp* rdp, wStream* s, BYTE type, UINT16 channel_id)
{
UINT16 length;
UINT32 sec_bytes;
int sec_hold;
length = Stream_GetPosition(s);
Stream_SetPosition(s, 0);
rdp_write_header(rdp, s, length, MCS_GLOBAL_CHANNEL_ID);
sec_bytes = rdp_get_sec_bytes(rdp);
sec_hold = Stream_GetPosition(s);
Stream_Seek(s, sec_bytes);
rdp_write_share_control_header(s, length - sec_bytes, PDU_TYPE_DATA, channel_id);
rdp_write_share_data_header(s, length - sec_bytes, type, rdp->settings->ShareId);
Stream_SetPosition(s, sec_hold);
length += rdp_security_stream_out(rdp, s, length, 0);
Stream_SetPosition(s, length);
Stream_SealLength(s);
if (transport_write(rdp->transport, s) < 0)
return FALSE;
return TRUE;
}
BOOL rdp_send(rdpRdp* rdp, wStream* s, UINT16 channel_id)
{
int secm;
UINT16 length;
UINT32 sec_bytes;
length = Stream_GetPosition(s);
Stream_SetPosition(s, 0);
rdp_write_header(rdp, s, length, channel_id);
sec_bytes = rdp_get_sec_bytes(rdp);
secm = Stream_GetPosition(s);
Stream_Seek(s, sec_bytes);
Stream_SetPosition(s, secm);
length += rdp_security_stream_out(rdp, s, length);
Stream_SetPosition(s, length);
Stream_SealLength(s);
if (transport_write(rdp->transport, s) < 0)
return FALSE;
return TRUE;
}
BOOL rdp_send(rdpRdp* rdp, STREAM* s, UINT16 channel_id)
{
UINT16 length;
UINT32 sec_bytes;
BYTE* sec_hold;
length = stream_get_length(s);
stream_set_pos(s, 0);
rdp_write_header(rdp, s, length, channel_id);
sec_bytes = rdp_get_sec_bytes(rdp);
sec_hold = s->p;
stream_seek(s, sec_bytes);
s->p = sec_hold;
length += rdp_security_stream_out(rdp, s, length);
stream_set_pos(s, length);
if (transport_write(rdp->transport, s) < 0)
return FALSE;
return TRUE;
}
BOOL rdp_send_data_pdu(rdpRdp* rdp, STREAM* s, BYTE type, UINT16 channel_id)
{
UINT16 length;
UINT32 sec_bytes;
BYTE* sec_hold;
length = stream_get_length(s);
stream_set_pos(s, 0);
rdp_write_header(rdp, s, length, MCS_GLOBAL_CHANNEL_ID);
sec_bytes = rdp_get_sec_bytes(rdp);
sec_hold = s->p;
stream_seek(s, sec_bytes);
rdp_write_share_control_header(s, length - sec_bytes, PDU_TYPE_DATA, channel_id);
rdp_write_share_data_header(s, length - sec_bytes, type, rdp->settings->ShareId);
s->p = sec_hold;
length += rdp_security_stream_out(rdp, s, length);
stream_set_pos(s, length);
if (transport_write(rdp->transport, s) < 0)
return FALSE;
return TRUE;
}
BOOL rdp_send_message_channel_pdu(rdpRdp* rdp, wStream* s, UINT16 sec_flags)
{
UINT16 length;
UINT32 sec_bytes;
int sec_hold;
length = Stream_GetPosition(s);
Stream_SetPosition(s, 0);
rdp_write_header(rdp, s, length, rdp->mcs->messageChannelId);
sec_bytes = rdp_get_sec_bytes(rdp);
sec_hold = Stream_GetPosition(s);
Stream_Seek(s, sec_bytes);
Stream_SetPosition(s, sec_hold);
length += rdp_security_stream_out(rdp, s, length, sec_flags);
Stream_SetPosition(s, length);
Stream_SealLength(s);
if (transport_write(rdp->transport, s) < 0)
return FALSE;
return TRUE;
}
static int cmd_radiotest(int transport, int argc, char *argv[])
{
uint8_t array[8];
uint16_t freq, level, test;
OPT_HELP(3, NULL);
freq = atoi(argv[0]);
if (!strncasecmp(argv[1], "0x", 2))
level = strtol(argv[1], NULL, 16);
else
level = atoi(argv[1]);
test = atoi(argv[2]);
memset(array, 0, sizeof(array));
array[0] = test & 0xff;
array[1] = test >> 8;
array[2] = freq & 0xff;
array[3] = freq >> 8;
array[4] = level & 0xff;
array[5] = level >> 8;
return transport_write(transport, CSR_VARID_RADIOTEST, array, 8);
}
boolean rdp_send_data_pdu(rdpRdp* rdp, STREAM* s, uint8 type, uint16 channel_id)
{
uint16 length;
uint32 sec_bytes;
uint8* sec_hold;
length = stream_get_length(s);
stream_set_pos(s, 0);
rdp_write_header(rdp, s, length, MCS_GLOBAL_CHANNEL_ID);
sec_bytes = rdp_get_sec_bytes(rdp);
sec_hold = s->p;
stream_seek(s, sec_bytes);
rdp_write_share_control_header(s, length - sec_bytes, PDU_TYPE_DATA, channel_id);
rdp_write_share_data_header(s, length - sec_bytes, type, rdp->settings->share_id);
s->p = sec_hold;
length += rdp_security_stream_out(rdp, s, length);
stream_set_pos(s, length);
if (transport_write(rdp->transport, s) < 0)
return false;
return true;
}
boolean license_send(rdpLicense* license, STREAM* s, uint8 type)
{
int length;
uint8 flags;
uint16 wMsgSize;
uint16 sec_flags;
DEBUG_LICENSE("Sending %s Packet", LICENSE_MESSAGE_STRINGS[type & 0x1F]);
length = stream_get_length(s);
stream_set_pos(s, 0);
sec_flags = SEC_LICENSE_PKT;
wMsgSize = length - LICENSE_PACKET_HEADER_MAX_LENGTH + 4;
/**
* Using EXTENDED_ERROR_MSG_SUPPORTED here would cause mstsc to crash when
* running in server mode! This flag seems to be incorrectly documented.
*/
flags = PREAMBLE_VERSION_3_0;
rdp_write_header(license->rdp, s, length, MCS_GLOBAL_CHANNEL_ID);
rdp_write_security_header(s, sec_flags);
license_write_preamble(s, type, flags, wMsgSize);
#ifdef WITH_DEBUG_LICENSE
printf("Sending %s Packet, length %d\n", LICENSE_MESSAGE_STRINGS[type & 0x1F], wMsgSize);
freerdp_hexdump(s->p - 4, wMsgSize);
#endif
stream_set_pos(s, length);
if (transport_write(license->rdp->transport, s) < 0)
return false;
return true;
}
static int cmd_psload(int transport, int argc, char *argv[])
{
uint8_t array[256];
uint16_t pskey, length, size, stores = CSR_STORES_PSRAM;
char *str, val[7];
int err, reset = 0;
OPT_PSKEY(1, &stores, &reset, NULL);
psr_read(argv[0]);
memset(array, 0, sizeof(array));
size = sizeof(array) - 6;
while (psr_get(&pskey, array + 6, &size) == 0) {
str = csr_pskeytoval(pskey);
if (!strcasecmp(str, "UNKNOWN")) {
sprintf(val, "0x%04x", pskey);
str = NULL;
}
printf("Loading %s%s ... ", str ? "PSKEY_" : "",
str ? str : val);
fflush(stdout);
length = size / 2;
array[0] = pskey & 0xff;
array[1] = pskey >> 8;
array[2] = length & 0xff;
array[3] = length >> 8;
array[4] = stores & 0xff;
array[5] = stores >> 8;
err = transport_write(transport, CSR_VARID_PS, array, size + 6);
printf("%s\n", err < 0 ? "failed" : "done");
memset(array, 0, sizeof(array));
size = sizeof(array) - 6;
}
if (reset)
transport_write(transport, CSR_VARID_WARM_RESET, NULL, 0);
return 0;
}
BOOL nla_send(rdpNla* nla)
{
wStream* s;
int length;
int ts_request_length;
int nego_tokens_length;
int pub_key_auth_length;
int auth_info_length;
nego_tokens_length = (nla->negoToken.cbBuffer > 0) ? nla_sizeof_nego_tokens(nla->negoToken.cbBuffer) : 0;
pub_key_auth_length = (nla->pubKeyAuth.cbBuffer > 0) ? nla_sizeof_pub_key_auth(nla->pubKeyAuth.cbBuffer) : 0;
auth_info_length = (nla->authInfo.cbBuffer > 0) ? nla_sizeof_auth_info(nla->authInfo.cbBuffer) : 0;
length = nego_tokens_length + pub_key_auth_length + auth_info_length;
ts_request_length = nla_sizeof_ts_request(length);
s = Stream_New(NULL, ber_sizeof_sequence(ts_request_length));
if (!s)
{
WLog_ERR(TAG, "Stream_New failed!");
return FALSE;
}
/* TSRequest */
ber_write_sequence_tag(s, ts_request_length); /* SEQUENCE */
/* [0] version */
ber_write_contextual_tag(s, 0, 3, TRUE);
ber_write_integer(s, 2); /* INTEGER */
/* [1] negoTokens (NegoData) */
if (nego_tokens_length > 0)
{
length = nego_tokens_length;
length -= ber_write_contextual_tag(s, 1, ber_sizeof_sequence(ber_sizeof_sequence(ber_sizeof_sequence_octet_string(nla->negoToken.cbBuffer))), TRUE); /* NegoData */
length -= ber_write_sequence_tag(s, ber_sizeof_sequence(ber_sizeof_sequence_octet_string(nla->negoToken.cbBuffer))); /* SEQUENCE OF NegoDataItem */
length -= ber_write_sequence_tag(s, ber_sizeof_sequence_octet_string(nla->negoToken.cbBuffer)); /* NegoDataItem */
length -= ber_write_sequence_octet_string(s, 0, (BYTE*) nla->negoToken.pvBuffer, nla->negoToken.cbBuffer); /* OCTET STRING */
}
/* [2] authInfo (OCTET STRING) */
if (auth_info_length > 0)
{
length = auth_info_length;
length -= ber_write_sequence_octet_string(s, 2, nla->authInfo.pvBuffer, nla->authInfo.cbBuffer);
}
/* [3] pubKeyAuth (OCTET STRING) */
if (pub_key_auth_length > 0)
{
length = pub_key_auth_length;
length -= ber_write_sequence_octet_string(s, 3, nla->pubKeyAuth.pvBuffer, nla->pubKeyAuth.cbBuffer);
}
Stream_SealLength(s);
transport_write(nla->transport, s);
Stream_Free(s, TRUE);
return TRUE;
}
void credssp_send(rdpCredssp* credssp)
{
wStream* s;
int length;
int ts_request_length;
int nego_tokens_length;
int pub_key_auth_length;
int auth_info_length;
nego_tokens_length = (credssp->negoToken.cbBuffer > 0) ? credssp_skip_nego_tokens(credssp->negoToken.cbBuffer) : 0;
pub_key_auth_length = (credssp->pubKeyAuth.cbBuffer > 0) ? credssp_skip_pub_key_auth(credssp->pubKeyAuth.cbBuffer) : 0;
auth_info_length = (credssp->authInfo.cbBuffer > 0) ? credssp_skip_auth_info(credssp->authInfo.cbBuffer) : 0;
length = nego_tokens_length + pub_key_auth_length + auth_info_length;
ts_request_length = credssp_skip_ts_request(length);
s = stream_new(ts_request_length);
/* TSRequest */
length = der_get_content_length(ts_request_length);
der_write_sequence_tag(s, length); /* SEQUENCE */
/* [0] version */
ber_write_contextual_tag(s, 0, 3, TRUE);
ber_write_integer(s, 2); /* INTEGER */
/* [1] negoTokens (NegoData) */
if (nego_tokens_length > 0)
{
length = nego_tokens_length;
length -= der_write_contextual_tag(s, 1, der_get_content_length(length), TRUE); /* NegoData */
length -= der_write_sequence_tag(s, der_get_content_length(length)); /* SEQUENCE OF NegoDataItem */
length -= der_write_sequence_tag(s, der_get_content_length(length)); /* NegoDataItem */
length -= der_write_contextual_tag(s, 0, der_get_content_length(length), TRUE); /* [0] negoToken */
der_write_octet_string(s, (BYTE*) credssp->negoToken.pvBuffer, credssp->negoToken.cbBuffer); /* OCTET STRING */
}
/* [2] authInfo (OCTET STRING) */
if (auth_info_length > 0)
{
length = auth_info_length;
length -= ber_write_contextual_tag(s, 2, ber_get_content_length(length), TRUE);
ber_write_octet_string(s, credssp->authInfo.pvBuffer, credssp->authInfo.cbBuffer);
}
/* [3] pubKeyAuth (OCTET STRING) */
if (pub_key_auth_length > 0)
{
length = pub_key_auth_length;
length -= ber_write_contextual_tag(s, 3, ber_get_content_length(length), TRUE);
ber_write_octet_string(s, credssp->pubKeyAuth.pvBuffer, credssp->pubKeyAuth.cbBuffer);
}
transport_write(credssp->transport, s);
stream_free(s);
}
BOOL nego_send_negotiation_request(rdpNego* nego)
{
STREAM* s;
int length;
BYTE *bm, *em;
int cookie_length;
s = transport_send_stream_init(nego->transport, 256);
length = TPDU_CONNECTION_REQUEST_LENGTH;
stream_get_mark(s, bm);
stream_seek(s, length);
if (nego->RoutingToken != NULL)
{
stream_write(s, nego->RoutingToken, nego->RoutingTokenLength);
length += nego->RoutingTokenLength;
}
else if (nego->cookie != NULL)
{
cookie_length = strlen(nego->cookie);
if (cookie_length > (int) nego->cookie_max_length)
cookie_length = nego->cookie_max_length;
stream_write(s, "Cookie: mstshash=", 17);
stream_write(s, (BYTE*) nego->cookie, cookie_length);
stream_write_BYTE(s, 0x0D); /* CR */
stream_write_BYTE(s, 0x0A); /* LF */
length += cookie_length + 19;
}
DEBUG_NEGO("requested_protocols: %d", nego->requested_protocols);
if (nego->requested_protocols > PROTOCOL_RDP)
{
/* RDP_NEG_DATA must be present for TLS and NLA */
stream_write_BYTE(s, TYPE_RDP_NEG_REQ);
stream_write_BYTE(s, 0); /* flags, must be set to zero */
stream_write_UINT16(s, 8); /* RDP_NEG_DATA length (8) */
stream_write_UINT32(s, nego->requested_protocols); /* requestedProtocols */
length += 8;
}
stream_get_mark(s, em);
stream_set_mark(s, bm);
tpkt_write_header(s, length);
tpdu_write_connection_request(s, length - 5);
stream_set_mark(s, em);
if (transport_write(nego->transport, s) < 0)
return FALSE;
return TRUE;
}
void credssp_send(rdpCredssp* credssp, rdpBlob* negoToken, rdpBlob* authInfo, rdpBlob* pubKeyAuth)
{
STREAM* s;
int length;
int ts_request_length;
int nego_tokens_length;
int pub_key_auth_length;
int auth_info_length;
nego_tokens_length = (negoToken != NULL) ? credssp_skip_nego_tokens(negoToken->length) : 0;
pub_key_auth_length = (pubKeyAuth != NULL) ? credssp_skip_pub_key_auth(pubKeyAuth->length) : 0;
auth_info_length = (authInfo != NULL) ? credssp_skip_auth_info(authInfo->length) : 0;
length = nego_tokens_length + pub_key_auth_length + auth_info_length;
ts_request_length = credssp_skip_ts_request(length);
s = stream_new(ts_request_length);
/* TSRequest */
length = ber_get_content_length(ts_request_length);
ber_write_sequence_tag(s, length); /* SEQUENCE */
ber_write_contextual_tag(s, 0, 3, true); /* [0] version */
ber_write_integer(s, 2); /* INTEGER */
/* [1] negoTokens (NegoData) */
if (nego_tokens_length > 0)
{
length = ber_get_content_length(nego_tokens_length);
length -= ber_write_contextual_tag(s, 1, length, true); /* NegoData */
length -= ber_write_sequence_tag(s, length); /* SEQUENCE OF NegoDataItem */
length -= ber_write_sequence_tag(s, length); /* NegoDataItem */
length -= ber_write_contextual_tag(s, 0, length, true); /* [0] negoToken */
ber_write_octet_string(s, negoToken->data, length); /* OCTET STRING */
}
/* [2] authInfo (OCTET STRING) */
if (auth_info_length > 0)
{
length = ber_get_content_length(auth_info_length);
length -= ber_write_contextual_tag(s, 2, length, true);
ber_write_octet_string(s, authInfo->data, authInfo->length);
}
/* [3] pubKeyAuth (OCTET STRING) */
if (pub_key_auth_length > 0)
{
length = ber_get_content_length(pub_key_auth_length);
length -= ber_write_contextual_tag(s, 3, length, true);
ber_write_octet_string(s, pubKeyAuth->data, length);
}
transport_write(credssp->transport, s);
stream_free(s);
}
BOOL nego_send_preconnection_pdu(rdpNego* nego)
{
wStream* s;
UINT32 cbSize;
UINT16 cchPCB = 0;
WCHAR* wszPCB = NULL;
WLog_DBG(TAG, "Sending preconnection PDU");
if (!nego_tcp_connect(nego))
return FALSE;
/* it's easier to always send the version 2 PDU, and it's just 2 bytes overhead */
cbSize = PRECONNECTION_PDU_V2_MIN_SIZE;
if (nego->PreconnectionBlob)
{
cchPCB = (UINT16) ConvertToUnicode(CP_UTF8, 0, nego->PreconnectionBlob, -1, &wszPCB, 0);
cchPCB += 1; /* zero-termination */
cbSize += cchPCB * 2;
}
s = Stream_New(NULL, cbSize);
if (!s)
{
free(wszPCB);
WLog_ERR(TAG, "Stream_New failed!");
return FALSE;
}
Stream_Write_UINT32(s, cbSize); /* cbSize */
Stream_Write_UINT32(s, 0); /* Flags */
Stream_Write_UINT32(s, PRECONNECTION_PDU_V2); /* Version */
Stream_Write_UINT32(s, nego->PreconnectionId); /* Id */
Stream_Write_UINT16(s, cchPCB); /* cchPCB */
if (wszPCB)
{
Stream_Write(s, wszPCB, cchPCB * 2); /* wszPCB */
free(wszPCB);
}
Stream_SealLength(s);
if (transport_write(nego->transport, s) < 0)
{
Stream_Free(s, TRUE);
return FALSE;
}
Stream_Free(s, TRUE);
return TRUE;
}
void rdp_send(rdpRdp* rdp, STREAM* s)
{
int length;
length = stream_get_length(s);
stream_set_pos(s, 0);
rdp_write_header(rdp, s, length);
stream_set_pos(s, length);
transport_write(rdp->transport, s);
}
void rdp_send_pdu(rdpRdp* rdp, STREAM* s, uint16 type, uint16 channel_id)
{
int length;
length = stream_get_length(s);
stream_set_pos(s, 0);
rdp_write_header(rdp, s, length);
rdp_write_share_control_header(s, length, type, channel_id);
stream_set_pos(s, length);
transport_write(rdp->transport, s);
}
boolean nego_send_negotiation_request(rdpNego* nego)
{
STREAM* s;
int length;
uint8 *bm, *em;
s = transport_send_stream_init(nego->transport, 256);
length = TPDU_CONNECTION_REQUEST_LENGTH;
stream_get_mark(s, bm);
stream_seek(s, length);
if (nego->routing_token != NULL)
{
stream_write(s, nego->routing_token->data, nego->routing_token->length);
length += nego->routing_token->length;
}
else if (nego->cookie != NULL)
{
int cookie_length = strlen(nego->cookie);
stream_write(s, "Cookie: mstshash=", 17);
stream_write(s, (uint8*) nego->cookie, cookie_length);
stream_write_uint8(s, 0x0D); /* CR */
stream_write_uint8(s, 0x0A); /* LF */
length += cookie_length + 19;
}
DEBUG_NEGO("requested_protocols: %d", nego->requested_protocols);
if (nego->requested_protocols > PROTOCOL_RDP)
{
/* RDP_NEG_DATA must be present for TLS and NLA */
stream_write_uint8(s, TYPE_RDP_NEG_REQ);
stream_write_uint8(s, 0); /* flags, must be set to zero */
stream_write_uint16(s, 8); /* RDP_NEG_DATA length (8) */
stream_write_uint32(s, nego->requested_protocols); /* requestedProtocols */
length += 8;
}
stream_get_mark(s, em);
stream_set_mark(s, bm);
tpkt_write_header(s, length);
tpdu_write_connection_request(s, length - 5);
stream_set_mark(s, em);
if (transport_write(nego->transport, s) < 0)
return false;
return true;
}
static int cmd_psclr(int transport, int argc, char *argv[])
{
uint8_t array[8];
uint16_t pskey, stores = CSR_STORES_PSRAM;
int i, err, reset = 0;
OPT_PSKEY(1, &stores, &reset, NULL);
if (strncasecmp(argv[0], "0x", 2)) {
pskey = atoi(argv[0]);
for (i = 0; storage[i].pskey; i++) {
if (strcasecmp(storage[i].str, argv[0]))
continue;
pskey = storage[i].pskey;
break;
}
} else
pskey = strtol(argv[0] + 2, NULL, 16);
memset(array, 0, sizeof(array));
array[0] = pskey & 0xff;
array[1] = pskey >> 8;
array[2] = stores & 0xff;
array[3] = stores >> 8;
err = transport_write(transport, CSR_VARID_PS_CLR_STORES, array, 8);
if (err < 0)
return err;
if (reset)
transport_write(transport, CSR_VARID_WARM_RESET, NULL, 0);
return err;
}
boolean nego_send_preconnection_pdu(rdpNego* nego)
{
STREAM* s;
uint32 cbSize;
UNICONV* uniconv;
uint16 cchPCB_times2 = 0;
char* wszPCB = NULL;
if (!nego->send_preconnection_pdu)
return true;
DEBUG_NEGO("Sending preconnection PDU");
if (!nego_tcp_connect(nego))
return false;
/* it's easier to always send the version 2 PDU, and it's just 2 bytes overhead */
cbSize = PRECONNECTION_PDU_V2_MIN_SIZE;
if (nego->preconnection_blob)
{
size_t size;
uniconv = freerdp_uniconv_new();
wszPCB = freerdp_uniconv_out(uniconv, nego->preconnection_blob, &size);
cchPCB_times2 = (uint16) size;
freerdp_uniconv_free(uniconv);
cchPCB_times2 += 2; /* zero-termination */
cbSize += cchPCB_times2;
}
s = transport_send_stream_init(nego->transport, cbSize);
stream_write_uint32(s, cbSize); /* cbSize */
stream_write_uint32(s, 0); /* Flags */
stream_write_uint32(s, PRECONNECTION_PDU_V2); /* Version */
stream_write_uint32(s, nego->preconnection_id); /* Id */
stream_write_uint16(s, cchPCB_times2 / 2); /* cchPCB */
if (wszPCB)
{
stream_write(s, wszPCB, cchPCB_times2); /* wszPCB */
xfree(wszPCB);
}
if (transport_write(nego->transport, s) < 0)
return false;
return true;
}
void rdp_send_data_pdu(rdpRdp* rdp, STREAM* s, uint16 type, uint16 channel_id)
{
int length;
length = stream_get_length(s);
stream_set_pos(s, 0);
rdp_write_header(rdp, s, length);
rdp_write_share_control_header(s, length, PDU_TYPE_DATA, channel_id);
rdp_write_share_data_header(s, length, type, rdp->settings->share_id);
printf("send %s Data PDU (0x%02X), length:%d\n", DATA_PDU_TYPE_STRINGS[type], type, length);
stream_set_pos(s, length);
transport_write(rdp->transport, s);
}
static int cmd_pslist(int transport, int argc, char *argv[])
{
uint8_t array[8];
uint16_t pskey = 0x0000, length, stores = CSR_STORES_DEFAULT;
int err, reset = 0;
OPT_PSKEY(0, &stores, &reset, NULL);
while (1) {
memset(array, 0, sizeof(array));
array[0] = pskey & 0xff;
array[1] = pskey >> 8;
array[2] = stores & 0xff;
array[3] = stores >> 8;
err = transport_read(transport, CSR_VARID_PS_NEXT, array, 8);
if (err < 0)
break;
pskey = array[4] + (array[5] << 8);
if (pskey == 0x0000)
break;
memset(array, 0, sizeof(array));
array[0] = pskey & 0xff;
array[1] = pskey >> 8;
array[2] = stores & 0xff;
array[3] = stores >> 8;
err = transport_read(transport, CSR_VARID_PS_SIZE, array, 8);
if (err < 0)
continue;
length = array[2] + (array[3] << 8);
printf("0x%04x - %s (%d bytes)\n", pskey,
csr_pskeytostr(pskey), length * 2);
}
if (reset)
transport_write(transport, CSR_VARID_WARM_RESET, NULL, 0);
return 0;
}
BOOL rdp_send(rdpRdp* rdp, wStream* s, UINT16 channel_id)
{
UINT16 length;
length = Stream_GetPosition(s);
Stream_SetPosition(s, 0);
rdp_write_header(rdp, s, length, channel_id);
length += rdp_security_stream_out(rdp, s, length, 0);
Stream_SetPosition(s, length);
Stream_SealLength(s);
if (transport_write(rdp->transport, s) < 0)
return FALSE;
return TRUE;
}
BOOL nego_send_preconnection_pdu(rdpNego* nego)
{
STREAM* s;
UINT32 cbSize;
UINT16 cchPCB = 0;
WCHAR* wszPCB = NULL;
if (!nego->send_preconnection_pdu)
return TRUE;
DEBUG_NEGO("Sending preconnection PDU");
if (!nego_tcp_connect(nego))
return FALSE;
/* it's easier to always send the version 2 PDU, and it's just 2 bytes overhead */
cbSize = PRECONNECTION_PDU_V2_MIN_SIZE;
if (nego->preconnection_blob)
{
cchPCB = (UINT16) ConvertToUnicode(CP_UTF8, 0, nego->preconnection_blob, -1, &wszPCB, 0);
cchPCB += 1; /* zero-termination */
cbSize += cchPCB * 2;
}
s = transport_send_stream_init(nego->transport, cbSize);
stream_write_UINT32(s, cbSize); /* cbSize */
stream_write_UINT32(s, 0); /* Flags */
stream_write_UINT32(s, PRECONNECTION_PDU_V2); /* Version */
stream_write_UINT32(s, nego->preconnection_id); /* Id */
stream_write_UINT16(s, cchPCB); /* cchPCB */
if (wszPCB)
{
stream_write(s, wszPCB, cchPCB * 2); /* wszPCB */
free(wszPCB);
}
if (transport_write(nego->transport, s) < 0)
return FALSE;
return TRUE;
}
BOOL license_send(rdpLicense* license, wStream* s, BYTE type)
{
int length;
BYTE flags;
UINT16 wMsgSize;
UINT16 sec_flags;
DEBUG_LICENSE("Sending %s Packet", LICENSE_MESSAGE_STRINGS[type & 0x1F]);
length = Stream_GetPosition(s);
Stream_SetPosition(s, 0);
sec_flags = SEC_LICENSE_PKT;
wMsgSize = length - LICENSE_PACKET_HEADER_MAX_LENGTH + 4;
/**
* Using EXTENDED_ERROR_MSG_SUPPORTED here would cause mstsc to crash when
* running in server mode! This flag seems to be incorrectly documented.
*/
flags = PREAMBLE_VERSION_3_0;
rdp_write_header(license->rdp, s, length, MCS_GLOBAL_CHANNEL_ID);
rdp_write_security_header(s, sec_flags);
license_write_preamble(s, type, flags, wMsgSize);
#ifdef WITH_DEBUG_LICENSE
fprintf(stderr, "Sending %s Packet, length %d\n", LICENSE_MESSAGE_STRINGS[type & 0x1F], wMsgSize);
winpr_HexDump(Stream_Pointer(s) - 4, wMsgSize);
#endif
Stream_SetPosition(s, length);
Stream_SealLength(s);
if (transport_write(license->rdp->transport, s) < 0)
return FALSE;
Stream_Free(s, TRUE);
return TRUE;
}
static int cmd_singlechan(int transport, int argc, char *argv[])
{
uint8_t array[8];
uint16_t channel;
OPT_HELP(1, NULL);
channel = atoi(argv[0]);
if (channel > 2401 && channel < 2481)
channel -= 2402;
if (channel > 78) {
errno = EINVAL;
return -1;
}
memset(array, 0, sizeof(array));
array[0] = channel & 0xff;
array[1] = channel >> 8;
return transport_write(transport, CSR_VARID_SINGLE_CHAN, array, 8);
}
boolean rdp_send(rdpRdp* rdp, STREAM* s, uint16 channel_id)
{
uint16 length;
uint32 sec_bytes;
uint8* sec_hold;
length = stream_get_length(s);
stream_set_pos(s, 0);
rdp_write_header(rdp, s, length, channel_id);
sec_bytes = rdp_get_sec_bytes(rdp);
sec_hold = s->p;
stream_seek(s, sec_bytes);
s->p = sec_hold;
length += rdp_security_stream_out(rdp, s, length);
stream_set_pos(s, length);
if (transport_write(rdp->transport, s) < 0)
return false;
return true;
}
boolean nego_send_negotiation_response(rdpNego* nego)
{
STREAM* s;
int length;
uint8 *bm, *em;
s = transport_send_stream_init(nego->transport, 256);
length = TPDU_CONNECTION_CONFIRM_LENGTH;
stream_get_mark(s, bm);
stream_seek(s, length);
if (nego->selected_protocol > PROTOCOL_RDP)
{
/* RDP_NEG_DATA must be present for TLS and NLA */
stream_write_uint8(s, TYPE_RDP_NEG_RSP);
stream_write_uint8(s, EXTENDED_CLIENT_DATA_SUPPORTED); /* flags */
stream_write_uint16(s, 8); /* RDP_NEG_DATA length (8) */
stream_write_uint32(s, nego->selected_protocol); /* selectedProtocol */
length += 8;
}
stream_get_mark(s, em);
stream_set_mark(s, bm);
tpkt_write_header(s, length);
tpdu_write_connection_confirm(s, length - 5);
stream_set_mark(s, em);
if (transport_write(nego->transport, s) < 0)
return false;
/* update settings with negotiated protocol security */
nego->transport->settings->requested_protocols = nego->requested_protocols;
nego->transport->settings->selected_protocol = nego->selected_protocol;
return true;
}
BOOL nego_send_negotiation_response(rdpNego* nego)
{
int length;
int bm, em;
BOOL status;
wStream* s;
BYTE flags;
rdpSettings* settings;
status = TRUE;
settings = nego->transport->settings;
s = Stream_New(NULL, 512);
if (!s)
return FALSE;
length = TPDU_CONNECTION_CONFIRM_LENGTH;
bm = Stream_GetPosition(s);
Stream_Seek(s, length);
if (nego->SelectedProtocol & PROTOCOL_FAILED_NEGO)
{
UINT32 errorCode = (nego->SelectedProtocol & ~PROTOCOL_FAILED_NEGO);
flags = 0;
Stream_Write_UINT8(s, TYPE_RDP_NEG_FAILURE);
Stream_Write_UINT8(s, flags); /* flags */
Stream_Write_UINT16(s, 8); /* RDP_NEG_DATA length (8) */
Stream_Write_UINT32(s, errorCode);
length += 8;
status = FALSE;
}
else
{
flags = EXTENDED_CLIENT_DATA_SUPPORTED;
if (settings->SupportGraphicsPipeline)
flags |= DYNVC_GFX_PROTOCOL_SUPPORTED;
/* RDP_NEG_DATA must be present for TLS, NLA, and RDP */
Stream_Write_UINT8(s, TYPE_RDP_NEG_RSP);
Stream_Write_UINT8(s, flags); /* flags */
Stream_Write_UINT16(s, 8); /* RDP_NEG_DATA length (8) */
Stream_Write_UINT32(s, nego->SelectedProtocol); /* selectedProtocol */
length += 8;
}
em = Stream_GetPosition(s);
Stream_SetPosition(s, bm);
tpkt_write_header(s, length);
tpdu_write_connection_confirm(s, length - 5);
Stream_SetPosition(s, em);
Stream_SealLength(s);
if (transport_write(nego->transport, s) < 0)
{
Stream_Free(s, TRUE);
return FALSE;
}
Stream_Free(s, TRUE);
if (status)
{
/* update settings with negotiated protocol security */
settings->RequestedProtocols = nego->RequestedProtocols;
settings->SelectedProtocol = nego->SelectedProtocol;
if (settings->SelectedProtocol == PROTOCOL_RDP)
{
settings->TlsSecurity = FALSE;
settings->NlaSecurity = FALSE;
settings->RdpSecurity = TRUE;
settings->UseRdpSecurityLayer = TRUE;
if (settings->EncryptionLevel == ENCRYPTION_LEVEL_NONE)
{
/**
* If the server implementation did not explicitely set a
* encryption level we default to client compatible
*/
settings->EncryptionLevel = ENCRYPTION_LEVEL_CLIENT_COMPATIBLE;
}
if (settings->LocalConnection)
{
/**
* Note: This hack was firstly introduced in commit 95f5e115 to
* disable the unnecessary encryption with peers connecting to
* 127.0.0.1 or local unix sockets.
* This also affects connections via port tunnels! (e.g. ssh -L)
*/
WLog_INFO(TAG, "Turning off encryption for local peer with standard rdp security");
settings->UseRdpSecurityLayer = FALSE;
settings->EncryptionLevel = ENCRYPTION_LEVEL_NONE;
}
if (!settings->RdpServerRsaKey && !settings->RdpKeyFile)
{
WLog_ERR(TAG, "Missing server certificate");
return FALSE;
}
}
else if (settings->SelectedProtocol == PROTOCOL_TLS)
{
settings->TlsSecurity = TRUE;
settings->NlaSecurity = FALSE;
settings->RdpSecurity = FALSE;
settings->UseRdpSecurityLayer = FALSE;
settings->EncryptionLevel = ENCRYPTION_LEVEL_NONE;
}
else if (settings->SelectedProtocol == PROTOCOL_NLA)
{
settings->TlsSecurity = TRUE;
settings->NlaSecurity = TRUE;
settings->RdpSecurity = FALSE;
settings->UseRdpSecurityLayer = FALSE;
settings->EncryptionLevel = ENCRYPTION_LEVEL_NONE;
}
}
return status;
}
BOOL nego_send_negotiation_request(rdpNego* nego)
{
wStream* s;
int length;
int bm, em;
BYTE flags = 0;
int cookie_length;
s = Stream_New(NULL, 512);
length = TPDU_CONNECTION_REQUEST_LENGTH;
bm = Stream_GetPosition(s);
Stream_Seek(s, length);
if (nego->RoutingToken)
{
Stream_Write(s, nego->RoutingToken, nego->RoutingTokenLength);
/* Ensure Routing Token is correctly terminated - may already be present in string */
if ((nego->RoutingTokenLength > 2) &&
(nego->RoutingToken[nego->RoutingTokenLength - 2] == 0x0D) &&
(nego->RoutingToken[nego->RoutingTokenLength - 1] == 0x0A))
{
WLog_DBG(TAG, "Routing token looks correctly terminated - use verbatim");
length +=nego->RoutingTokenLength;
}
else
{
WLog_DBG(TAG, "Adding terminating CRLF to routing token");
Stream_Write_UINT8(s, 0x0D); /* CR */
Stream_Write_UINT8(s, 0x0A); /* LF */
length += nego->RoutingTokenLength + 2;
}
}
else if (nego->cookie)
{
cookie_length = strlen(nego->cookie);
if (cookie_length > (int) nego->CookieMaxLength)
cookie_length = nego->CookieMaxLength;
Stream_Write(s, "Cookie: mstshash=", 17);
Stream_Write(s, (BYTE*) nego->cookie, cookie_length);
Stream_Write_UINT8(s, 0x0D); /* CR */
Stream_Write_UINT8(s, 0x0A); /* LF */
length += cookie_length + 19;
}
WLog_DBG(TAG, "RequestedProtocols: %d", nego->RequestedProtocols);
if ((nego->RequestedProtocols > PROTOCOL_RDP) || (nego->sendNegoData))
{
/* RDP_NEG_DATA must be present for TLS and NLA */
if (nego->RestrictedAdminModeRequired)
flags |= RESTRICTED_ADMIN_MODE_REQUIRED;
Stream_Write_UINT8(s, TYPE_RDP_NEG_REQ);
Stream_Write_UINT8(s, flags);
Stream_Write_UINT16(s, 8); /* RDP_NEG_DATA length (8) */
Stream_Write_UINT32(s, nego->RequestedProtocols); /* requestedProtocols */
length += 8;
}
em = Stream_GetPosition(s);
Stream_SetPosition(s, bm);
tpkt_write_header(s, length);
tpdu_write_connection_request(s, length - 5);
Stream_SetPosition(s, em);
Stream_SealLength(s);
if (transport_write(nego->transport, s) < 0)
{
Stream_Free(s, TRUE);
return FALSE;
}
Stream_Free(s, TRUE);
return TRUE;
}
static int cmd_psread(int transport, int argc, char *argv[])
{
uint8_t array[256];
uint16_t pskey = 0x0000, length, stores = CSR_STORES_DEFAULT;
char *str, val[7];
int i, err, reset = 0;
OPT_PSKEY(0, &stores, &reset, NULL);
while (1) {
memset(array, 0, sizeof(array));
array[0] = pskey & 0xff;
array[1] = pskey >> 8;
array[2] = stores & 0xff;
array[3] = stores >> 8;
err = transport_read(transport, CSR_VARID_PS_NEXT, array, 8);
if (err < 0)
break;
pskey = array[4] + (array[5] << 8);
if (pskey == 0x0000)
break;
memset(array, 0, sizeof(array));
array[0] = pskey & 0xff;
array[1] = pskey >> 8;
array[2] = stores & 0xff;
array[3] = stores >> 8;
err = transport_read(transport, CSR_VARID_PS_SIZE, array, 8);
if (err < 0)
continue;
length = array[2] + (array[3] << 8);
if (length + 6 > sizeof(array) / 2)
continue;
memset(array, 0, sizeof(array));
array[0] = pskey & 0xff;
array[1] = pskey >> 8;
array[2] = length & 0xff;
array[3] = length >> 8;
array[4] = stores & 0xff;
array[5] = stores >> 8;
err = transport_read(transport, CSR_VARID_PS, array, (length + 3) * 2);
if (err < 0)
continue;
str = csr_pskeytoval(pskey);
if (!strcasecmp(str, "UNKNOWN")) {
sprintf(val, "0x%04x", pskey);
str = NULL;
}
printf("// %s%s\n&%04x =", str ? "PSKEY_" : "",
str ? str : val, pskey);
for (i = 0; i < length; i++)
printf(" %02x%02x", array[(i * 2) + 7], array[(i * 2) + 6]);
printf("\n");
}
if (reset)
transport_write(transport, CSR_VARID_WARM_RESET, NULL, 0);
return 0;
}
