/* Send a new licence request packet */
static void
licence_send_new_licence_request(uint8 * client_random, uint8 * rsa_data, char *user, char *host)
{
uint32 sec_flags = SEC_LICENSE_PKT;
uint16 userlen = strlen(user) + 1;
uint16 hostlen = strlen(host) + 1;
uint16 length =
24 + SEC_RANDOM_SIZE + SEC_MODULUS_SIZE + SEC_PADDING_SIZE + userlen + hostlen;
STREAM s;
s = sec_init(sec_flags, length + 2);
out_uint8(s, LICENCE_TAG_NEW_LICENCE_REQUEST);
out_uint8(s, ((g_rdp_version >= RDP_V5) ? 3 : 2)); /* version */
out_uint16_le(s, length);
out_uint32_le(s, 1); // KEY_EXCHANGE_ALG_RSA
out_uint16(s, 0);
out_uint16_le(s, 0xff01);
out_uint8p(s, client_random, SEC_RANDOM_SIZE);
out_uint16_le(s, 2);
out_uint16_le(s, (SEC_MODULUS_SIZE + SEC_PADDING_SIZE));
out_uint8p(s, rsa_data, SEC_MODULUS_SIZE);
out_uint8s(s, SEC_PADDING_SIZE);
/* Username LICENSE_BINARY_BLOB */
out_uint16_le(s, BB_CLIENT_USER_NAME_BLOB);
out_uint16_le(s, userlen);
out_uint8p(s, user, userlen);
/* Machinename LICENSE_BINARY_BLOB */
out_uint16_le(s, BB_CLIENT_MACHINE_NAME_BLOB);
out_uint16_le(s, hostlen);
out_uint8p(s, host, hostlen);
s_mark_end(s);
sec_send(s, sec_flags);
}
/* Send an RDP data packet */
static void
rdp_send_data(STREAM s, uint8 data_pdu_type)
{
uint16 length;
s_pop_layer(s, rdp_hdr);
length = s->end - s->p;
out_uint16_le(s, length);
out_uint16_le(s, (RDP_PDU_DATA | 0x10));
out_uint16_le(s, (g_mcs_userid + 1001));
out_uint32_le(s, g_rdp_shareid);
out_uint8(s, 0); /* pad */
out_uint8(s, 1); /* streamid */
out_uint16_le(s, (length - 14));
out_uint8(s, data_pdu_type);
out_uint8(s, 0); /* compress_type */
out_uint16(s, 0); /* compress_len */
sec_send(s, g_encryption ? SEC_ENCRYPT : 0);
}
/* Output order capability set */
static void
rdp_out_order_caps(STREAM s)
{
uint8 order_caps[32];
memset(order_caps, 0, 32);
order_caps[0] = 1; /* dest blt */
order_caps[1] = 1; /* pat blt */
order_caps[2] = 1; /* screen blt */
order_caps[3] = 1; /* required for memblt? */
order_caps[8] = 1; /* line */
order_caps[9] = 1; /* line */
order_caps[10] = 1; /* rect */
order_caps[11] = (g_desktop_save == False ? 0 : 1); /* desksave */
order_caps[13] = 1; /* memblt */
order_caps[14] = 1; /* triblt */
order_caps[22] = 1; /* polyline */
order_caps[27] = 1; /* text2 */
out_uint16_le(s, RDP_CAPSET_ORDER);
out_uint16_le(s, RDP_CAPLEN_ORDER);
out_uint8s(s, 20); /* Terminal desc, pad */
out_uint16_le(s, 1); /* Cache X granularity */
out_uint16_le(s, 20); /* Cache Y granularity */
out_uint16(s, 0); /* Pad */
out_uint16_le(s, 1); /* Max order level */
out_uint16_le(s, 0x147); /* Number of fonts */
out_uint16_le(s, 0x2a); /* Capability flags */
out_uint8p(s, order_caps, 32); /* Orders supported */
out_uint16_le(s, 0x6a1); /* Text capability flags */
out_uint8s(s, 6); /* Pad */
out_uint32_le(s, g_desktop_save == False ? 0 : 0x38400); /* Desktop cache size */
out_uint32(s, 0); /* Unknown */
out_uint32_le(s, 0x4e4); /* Unknown */
}
/* Output general capability set */
static void
rdp_out_general_caps(STREAM s)
{
out_uint16_le(s, RDP_CAPSET_GENERAL);
out_uint16_le(s, RDP_CAPLEN_GENERAL);
out_uint16_le(s, 1); /* OS major type */
out_uint16_le(s, 3); /* OS minor type */
out_uint16_le(s, 0x200); /* Protocol version */
out_uint16(s, 0); /* Pad */
out_uint16(s, 0); /* Compression types */
out_uint16_le(s, (g_rdp_version >= RDP_V5) ? 0x40d : 0);
/* Pad, according to T.128. 0x40d seems to
trigger
the server to start sending RDP5 packets.
However, the value is 0x1d04 with W2KTSK and
NT4MS. Hmm.. Anyway, thankyou, Microsoft,
for sending such information in a padding
field.. */
out_uint16(s, 0); /* Update capability */
out_uint16(s, 0); /* Remote unshare capability */
out_uint16(s, 0); /* Compression level */
out_uint16(s, 0); /* Pad */
}
/* Send a licence request packet */
static void
licence_send_request(uint8 *client_random, uint8 *rsa_data,
char *user, char *host)
{
uint32 sec_flags = SEC_LICENCE_NEG;
uint16 userlen = strlen(user) + 1;
uint16 hostlen = strlen(host) + 1;
uint16 length = 120 + userlen + hostlen;
STREAM s;
s = sec_init(sec_flags, length + 2);
out_uint16_le(s, LICENCE_TAG_REQUEST);
out_uint16_le(s, length);
out_uint32_le(s, 1);
out_uint16(s, 0);
out_uint16_le(s, 0xff01);
out_uint8p(s, client_random, SEC_RANDOM_SIZE);
out_uint16(s, 0);
out_uint16_le(s, (SEC_MODULUS_SIZE + SEC_PADDING_SIZE));
out_uint8p(s, rsa_data, SEC_MODULUS_SIZE);
out_uint8s(s, SEC_PADDING_SIZE);
out_uint16(s, LICENCE_TAG_USER);
out_uint16(s, userlen);
out_uint8p(s, user, userlen);
out_uint16(s, LICENCE_TAG_HOST);
out_uint16(s, hostlen);
out_uint8p(s, host, hostlen);
s_mark_end(s);
sec_send(s, sec_flags);
}
static void
rdpsnd_process_negotiate(STREAM in)
{
uint16 in_format_count, i;
uint8 pad;
uint16 version;
RD_WAVEFORMATEX *format;
STREAM out;
RD_BOOL device_available = False;
int readcnt;
int discardcnt;
in_uint8s(in, 14); /* initial bytes not valid from server */
in_uint16_le(in, in_format_count);
in_uint8(in, pad);
in_uint16_le(in, version);
in_uint8s(in, 1); /* padding */
DEBUG_SOUND(("RDPSND: RDPSND_NEGOTIATE(formats: %d, pad: 0x%02x, version: %x)\n",
(int) in_format_count, (unsigned) pad, (unsigned) version));
if (rdpsnd_negotiated)
{
error("RDPSND: Extra RDPSND_NEGOTIATE in the middle of a session\n");
/* Do a complete reset of the sound state */
rdpsnd_reset_state();
}
if (!current_driver && g_rdpsnd)
device_available = rdpsnd_auto_select();
if (current_driver && !device_available && current_driver->wave_out_open())
{
current_driver->wave_out_close();
device_available = True;
}
format_count = 0;
if (s_check_rem(in, 18 * in_format_count))
{
for (i = 0; i < in_format_count; i++)
{
format = &formats[format_count];
in_uint16_le(in, format->wFormatTag);
in_uint16_le(in, format->nChannels);
in_uint32_le(in, format->nSamplesPerSec);
in_uint32_le(in, format->nAvgBytesPerSec);
in_uint16_le(in, format->nBlockAlign);
in_uint16_le(in, format->wBitsPerSample);
in_uint16_le(in, format->cbSize);
/* read in the buffer of unknown use */
readcnt = format->cbSize;
discardcnt = 0;
if (format->cbSize > MAX_CBSIZE)
{
fprintf(stderr, "cbSize too large for buffer: %d\n",
format->cbSize);
readcnt = MAX_CBSIZE;
discardcnt = format->cbSize - MAX_CBSIZE;
}
in_uint8a(in, format->cb, readcnt);
in_uint8s(in, discardcnt);
if (current_driver && current_driver->wave_out_format_supported(format))
{
format_count++;
if (format_count == MAX_FORMATS)
break;
}
}
}
out = rdpsnd_init_packet(RDPSND_NEGOTIATE | 0x200, 20 + 18 * format_count);
uint32 flags = TSSNDCAPS_VOLUME;
/* if sound is enabled, set snd caps to alive to enable
transmision of audio from server */
if (g_rdpsnd)
{
flags |= TSSNDCAPS_ALIVE;
}
out_uint32_le(out, flags); /* TSSNDCAPS flags */
out_uint32(out, 0xffffffff); /* volume */
out_uint32(out, 0); /* pitch */
out_uint16(out, 0); /* UDP port */
out_uint16_le(out, format_count);
out_uint8(out, 0); /* padding */
out_uint16_le(out, 2); /* version */
out_uint8(out, 0); /* padding */
for (i = 0; i < format_count; i++)
{
format = &formats[i];
out_uint16_le(out, format->wFormatTag);
out_uint16_le(out, format->nChannels);
out_uint32_le(out, format->nSamplesPerSec);
out_uint32_le(out, format->nAvgBytesPerSec);
out_uint16_le(out, format->nBlockAlign);
out_uint16_le(out, format->wBitsPerSample);
out_uint16(out, 0); /* cbSize */
}
s_mark_end(out);
DEBUG_SOUND(("RDPSND: -> RDPSND_NEGOTIATE(formats: %d)\n", (int) format_count));
rdpsnd_send(out);
rdpsnd_negotiated = True;
}
static void rdpsnd_process_rec_negotiate(STREAM in) {
uint16 in_format_count, i;
uint16 version;
RD_WAVEFORMATEX *format;
STREAM out;
RD_BOOL device_available = False;
int readcnt;
int discardcnt;
in_uint8s(in, 8);
/* initial bytes not valid from server */
in_uint16_le(in, in_format_count);
in_uint16_le(in, version);
DEBUG_SOUND(("RDPSND: RDPSND_REC_NEGOTIATE(formats: %d, version: %x)\n",
(int) in_format_count, (unsigned) version));
if (rdpsnd_rec_negotiated) {
error(
"RDPSND: Extra RDPSND_REC_NEGOTIATE in the middle of a session\n");
/* Do a complete reset of the sound state */
rdpsnd_reset_state();
}
if (!current_driver)
device_available = rdpsnd_auto_select();
if (current_driver && !device_available && current_driver->wave_in_open
&& current_driver->wave_in_open()) {
current_driver->wave_in_close();
device_available = True;
}
rec_format_count = 0;
if (s_check_rem(in, 18 * in_format_count)) {
for (i = 0; i < in_format_count; i++) {
format = &rec_formats[rec_format_count];
in_uint16_le(in, format->wFormatTag);
in_uint16_le(in, format->nChannels);
in_uint32_le(in, format->nSamplesPerSec);
in_uint32_le(in, format->nAvgBytesPerSec);
in_uint16_le(in, format->nBlockAlign);
in_uint16_le(in, format->wBitsPerSample);
in_uint16_le(in, format->cbSize);
/* read in the buffer of unknown use */
readcnt = format->cbSize;
discardcnt = 0;
if (format->cbSize > MAX_CBSIZE)
{
fprintf(stderr, "cbSize too large for buffer: %d\n",
format->cbSize);
readcnt = MAX_CBSIZE;
discardcnt = format->cbSize - MAX_CBSIZE;
}in_uint8a(in, format->cb, readcnt);
in_uint8s(in, discardcnt);
if (current_driver && current_driver->wave_in_format_supported
&& current_driver->wave_in_format_supported(format)) {
rec_format_count++;
if (rec_format_count == MAX_FORMATS
)
break;
}
}
}
out = rdpsnd_init_packet(RDPSND_REC_NEGOTIATE, 12 + 18 * rec_format_count);
out_uint32_le(out, 0x00000000);
/* flags */
out_uint32_le(out, 0xffffffff);
/* volume */
out_uint16_le(out, rec_format_count);
out_uint16_le(out, 1);
/* version */
for (i = 0; i < rec_format_count; i++) {
format = &rec_formats[i];
out_uint16_le(out, format->wFormatTag);
out_uint16_le(out, format->nChannels);
out_uint32_le(out, format->nSamplesPerSec);
out_uint32_le(out, format->nAvgBytesPerSec);
out_uint16_le(out, format->nBlockAlign);
out_uint16_le(out, format->wBitsPerSample);
out_uint16(out, 0);
/* cbSize */
}
s_mark_end(out);
DEBUG_SOUND(("RDPSND: -> RDPSND_REC_NEGOTIATE(formats: %d)\n", (int) rec_format_count));
rdpsnd_send(out);
rdpsnd_rec_negotiated = True;
}
void
rdpsnd_process_negotiate(STREAM in)
{
unsigned int in_format_count, i;
WAVEFORMATEX *format;
STREAM out;
BOOL device_available = False;
int readcnt;
int discardcnt;
in_uint8s(in, 14); /* flags, volume, pitch, UDP port */
in_uint16_le(in, in_format_count);
in_uint8s(in, 4); /* pad, status, pad */
if (wave_out_open())
{
wave_out_close();
device_available = True;
}
format_count = 0;
if (s_check_rem(in, 18 * in_format_count))
{
for (i = 0; i < in_format_count; i++)
{
format = &formats[format_count];
in_uint16_le(in, format->wFormatTag);
in_uint16_le(in, format->nChannels);
in_uint32_le(in, format->nSamplesPerSec);
in_uint32_le(in, format->nAvgBytesPerSec);
in_uint16_le(in, format->nBlockAlign);
in_uint16_le(in, format->wBitsPerSample);
in_uint16_le(in, format->cbSize);
/* read in the buffer of unknown use */
readcnt = format->cbSize;
discardcnt = 0;
if (format->cbSize > MAX_CBSIZE)
{
fprintf(stderr, "cbSize too large for buffer: %d\n",
format->cbSize);
readcnt = MAX_CBSIZE;
discardcnt = format->cbSize - MAX_CBSIZE;
}
in_uint8a(in, format->cb, readcnt);
in_uint8s(in, discardcnt);
if (device_available && wave_out_format_supported(format))
{
format_count++;
if (format_count == MAX_FORMATS)
break;
}
}
}
out = rdpsnd_init_packet(RDPSND_NEGOTIATE | 0x200, 20 + 18 * format_count);
out_uint32_le(out, 3); /* flags */
out_uint32(out, 0xffffffff); /* volume */
out_uint32(out, 0); /* pitch */
out_uint16(out, 0); /* UDP port */
out_uint16_le(out, format_count);
out_uint8(out, 0x95); /* pad? */
out_uint16_le(out, 2); /* status */
out_uint8(out, 0x77); /* pad? */
for (i = 0; i < format_count; i++)
{
format = &formats[i];
out_uint16_le(out, format->wFormatTag);
out_uint16_le(out, format->nChannels);
out_uint32_le(out, format->nSamplesPerSec);
out_uint32_le(out, format->nAvgBytesPerSec);
out_uint16_le(out, format->nBlockAlign);
out_uint16_le(out, format->wBitsPerSample);
out_uint16(out, 0); /* cbSize */
}
s_mark_end(out);
rdpsnd_send(out);
}
