Ejemplo n.º 1
0
void rdp_out_bitmapcache_rev2_capset(rdpRdp * rdp, STREAM s)
{
	capsetHeaderRef header;
	uint16 flag;

	header = rdp_skip_capset_header(s);
	flag = ALLOW_CACHE_WAITING_LIST_FLAG;
	if (rdp->settings->bitmap_cache_persist_enable)
		flag |= PERSISTENT_KEYS_EXPECTED_FLAG;
	out_uint16_le(s, flag); /* CacheFlags */
	out_uint8s(s, 1); /* pad */
	out_uint8(s, 3); /* numCellCaches */

	/* max cell size for cache 0 is 16x16, 1 = 32x32, 2 = 64x64, etc */
	out_uint32_le(s, BMPCACHE2_C0_CELLS);
	out_uint32_le(s, BMPCACHE2_C1_CELLS);
	if (pstcache_init(rdp->pcache, 2))
	{
		out_uint32_le(s, BMPCACHE2_NUM_PSTCELLS | BMPCACHE2_FLAG_PERSIST);
	}
	else
	{
		out_uint32_le(s, BMPCACHE2_C2_CELLS);
	}
	out_uint8s(s, 20);	/* other bitmap caches not used */
	rdp_out_capset_header(s, header, CAPSET_TYPE_BITMAPCACHE_REV2);
}
Ejemplo n.º 2
0
static void
rdpdr_send_available(RDPCLIENT * This)
{

	uint8 magic[4] = "rDAD";
	uint32 driverlen, printerlen, bloblen;
	int i;
	STREAM s;
	PRINTER *printerinfo;

	s = channel_init(This, This->rdpdr.channel, announcedata_size(This));
	out_uint8a(s, magic, 4);
	out_uint32_le(s, This->num_devices);

	for (i = 0; i < This->num_devices; i++)
	{
		out_uint32_le(s, This->rdpdr_device[i].device_type);
		out_uint32_le(s, i);	/* RDP Device ID */
		/* Is it possible to use share names longer than 8 chars?
		   /astrand */
		out_uint8p(s, This->rdpdr_device[i].name, 8);

		switch (This->rdpdr_device[i].device_type)
		{
			case DEVICE_TYPE_PRINTER:
				printerinfo = (PRINTER *) This->rdpdr_device[i].pdevice_data;

				driverlen = 2 * strlen(printerinfo->driver) + 2;
				printerlen = 2 * strlen(printerinfo->printer) + 2;
				bloblen = printerinfo->bloblen;

				out_uint32_le(s, 24 + driverlen + printerlen + bloblen);	/* length of extra info */
				out_uint32_le(s, printerinfo->default_printer ? 2 : 0);
				out_uint8s(s, 8);	/* unknown */
				out_uint32_le(s, driverlen);
				out_uint32_le(s, printerlen);
				out_uint32_le(s, bloblen);
				rdp_out_unistr(This, s, printerinfo->driver, driverlen - 2);
				rdp_out_unistr(This, s, printerinfo->printer, printerlen - 2);
				out_uint8a(s, printerinfo->blob, bloblen);

				if (printerinfo->blob)
					xfree(printerinfo->blob);	/* Blob is sent twice if reconnecting */
				break;
			default:
				out_uint32(s, 0);
		}
	}
#if 0
	out_uint32_le(s, 0x20);	/* Device type 0x20 - smart card */
	out_uint32_le(s, 0);
	out_uint8p(s, "SCARD", 5);
	out_uint8s(s, 3);
	out_uint32(s, 0);
#endif

	s_mark_end(s);
	channel_send(This, s, This->rdpdr.channel);
}
Ejemplo n.º 3
0
/* Output order capability set */
static void rdp_out_order_caps(STREAM s) {
	uint8 order_caps[32];

	memset(order_caps, 0, 32);
	order_caps[0] = 1; /* dest blt */
	order_caps[1] = 1; /* pat blt */
	order_caps[2] = 1; /* screen blt */
	order_caps[3] = (g_bitmap_cache ? 1 : 0); /* memblt */
	order_caps[4] = 0; /* triblt */
	order_caps[8] = 1; /* line */
	order_caps[9] = 1; /* line */
	order_caps[10] = 1; /* rect */
	order_caps[11] = (g_desktop_save ? 1 : 0); /* desksave */
	order_caps[13] = 1; /* memblt */
	order_caps[14] = 1; /* triblt */
	order_caps[20] = (g_polygon_ellipse_orders ? 1 : 0); /* polygon */
	order_caps[21] = (g_polygon_ellipse_orders ? 1 : 0); /* polygon2 */
	order_caps[22] = 1; /* polyline */
	order_caps[25] = (g_polygon_ellipse_orders ? 1 : 0); /* ellipse */
	order_caps[26] = (g_polygon_ellipse_orders ? 1 : 0); /* ellipse2 */
	order_caps[27] = 1; /* text2 */
	out_uint16_le(s, RDP_CAPSET_ORDER);
	out_uint16_le(s, RDP_CAPLEN_ORDER);

	out_uint8s(s, 20);
	/* Terminal desc, pad */
	out_uint16_le(s, 1);
	/* Cache X granularity */
	out_uint16_le(s, 20);
	/* Cache Y granularity */
	out_uint16(s, 0);
	/* Pad */
	out_uint16_le(s, 1);
	/* Max order level */
	out_uint16_le(s, 0x147);
	/* Number of fonts */
	out_uint16_le(s, 0x2a);
	/* Capability flags */
	out_uint8p(s, order_caps, 32);
	/* Orders supported */
	out_uint16_le(s, 0x6a1);
	/* Text capability flags */
	out_uint8s(s, 6);
	/* Pad */
	out_uint32_le(s, g_desktop_save == False ? 0 : 0x38400);
	/* Desktop cache size */
	out_uint32(s, 0);
	/* Unknown */
	out_uint32_le(s, 0x4e4);
	/* Unknown */
}
Ejemplo n.º 4
0
int APP_CC
dev_redir_process_close_io_request(int completion_id)
{
	struct stream* s;

	log_message(&log_conf, LOG_LEVEL_DEBUG, "chansrv[dev_redir_process_close_io_request]:"
	  		"close file : %s",actions[completion_id].path);
	make_stream(s);
	init_stream(s,1100);
	actions[completion_id].last_req = IRP_MJ_CLOSE;
	out_uint16_le(s, RDPDR_CTYP_CORE);
	out_uint16_le(s, PAKID_CORE_DEVICE_IOREQUEST);
	out_uint32_le(s, actions[completion_id].device);
	out_uint32_le(s, actions[completion_id].file_id);
	out_uint32_le(s, completion_id);
	out_uint32_le(s, IRP_MJ_CLOSE);   	/* major version */
	out_uint32_le(s, 0);								/* minor version */
	out_uint8s(s,32);
	s_mark_end(s);
	dev_redir_send(s);
	actions[completion_id].message_id++;
	free_stream(s);
	return 0;
	free_stream(s);
}
Ejemplo n.º 5
0
void rdp_out_bitmap_codecs_capset(rdpRdp * rdp, STREAM s)
{
	capsetHeaderRef header;
	uint8 * count_ptr;
	int index;
	int out_count;
	int out_bytes;
	STREAM ls;

	//printf("rdp_out_bitmap_codecs_capset:\n");
	out_count = 0;
	header = rdp_skip_capset_header(s);
	count_ptr = s->p;
	out_uint8s(s, 1);
	for (index = 0; index < MAX_BITMAP_CODECS; index++)
	{
		ls = rdp->out_codec_caps[index];
		if (ls != NULL)
		{
			out_bytes = (int) (ls->end - ls->data);
			out_uint8a(s, ls->data, out_bytes);
			stream_delete(ls);
			rdp->out_codec_caps[index] = NULL;
			out_count++;
		}
	}
	*count_ptr = out_count;
	rdp_out_capset_header(s, header, CAPSET_TYPE_BITMAP_CODECS);
	//hexdump(count_ptr, s->p - count_ptr);
}
Ejemplo n.º 6
0
Archivo: sound.c Proyecto: OSgenie/xrdp
static int
sound_send_training(void)
{
    struct stream *s;
    int bytes;
    int time;
    char *size_ptr;

    print_got_here();

    make_stream(s);
    init_stream(s, 8182);
    out_uint16_le(s, SNDC_TRAINING);
    size_ptr = s->p;
    out_uint16_le(s, 0); /* size, set later */
    time = g_time2();
    g_training_sent_time = time;
    out_uint16_le(s, time);
    out_uint16_le(s, 1024);
    out_uint8s(s, (1024 - 4));
    s_mark_end(s);
    bytes = (int)((s->end - s->data) - 4);
    size_ptr[0] = bytes;
    size_ptr[1] = bytes >> 8;
    bytes = (int)(s->end - s->data);
    send_channel_data(g_rdpsnd_chan_id, s->data, bytes);
    free_stream(s);
    return 0;
}
Ejemplo n.º 7
0
void cliprdr_send_capability()
{
	/* this message is ignored by rdp applet */
	struct stream* s;

	make_stream(s);
	init_stream(s,1024);

	log_message(l_config, LOG_LEVEL_DEBUG, "vchannel_cliprdr[cliprdr_send_capability]:");
	/* clip header */
	out_uint16_le(s, CB_CLIP_CAPS);                        /* msg type */
	out_uint16_le(s, 0x00);                                /* msg flag */
	out_uint32_le(s, 0);                                   /* msg size */
	/* we only support one capability for now */
	out_uint16_le(s, 1);                                   /* cCapabilitiesSets */
	out_uint8s(s, 16);                                     /* pad */
	/* CLIPRDR_CAPS_SET */
	out_uint16_le(s, CB_CAPSTYPE_GENERAL);                 /* capabilitySetType */
	out_uint16_le(s, 92);                                  /* lengthCapability */
	out_uint32_le(s, CB_CAPS_VERSION_1);                   /* version */
	out_uint32_le(s, 0);                                   /* general flags */


	s_mark_end(s);
	cliprdr_send(s);
	free_stream(s);

}
Ejemplo n.º 8
0
/* Send a confirm active PDU */
static void rdp_send_confirm_active(void) {
	STREAM s;
	uint32 sec_flags = g_encryption ? (RDP5_FLAG | SEC_ENCRYPT) : RDP5_FLAG;
	uint16 caplen = RDP_CAPLEN_GENERAL + RDP_CAPLEN_BITMAP + RDP_CAPLEN_ORDER
			+ RDP_CAPLEN_COLCACHE + RDP_CAPLEN_ACTIVATE + RDP_CAPLEN_CONTROL
			+ RDP_CAPLEN_SHARE + RDP_CAPLEN_BRUSHCACHE + 0x58 + 0x08 + 0x08
			+ 0x34 /* unknown caps */+ 4 /* w2k fix, sessionid */;

	if (g_use_rdp5) {
		caplen += RDP_CAPLEN_BMPCACHE2;
		caplen += RDP_CAPLEN_NEWPOINTER;
	} else {
		caplen += RDP_CAPLEN_BMPCACHE;
		caplen += RDP_CAPLEN_POINTER;
	}

	s = sec_init(sec_flags, 6 + 14 + caplen + sizeof(RDP_SOURCE));

	out_uint16_le(s, 2 + 14 + caplen + sizeof(RDP_SOURCE));
	out_uint16_le(s, (RDP_PDU_CONFIRM_ACTIVE | 0x10));
	/* Version 1 */
	out_uint16_le(s, (g_mcs_userid + 1001));

	out_uint32_le(s, g_rdp_shareid);
	out_uint16_le(s, 0x3ea);
	/* userid */
	out_uint16_le(s, sizeof(RDP_SOURCE));
	out_uint16_le(s, caplen);

	out_uint8p(s, RDP_SOURCE, sizeof(RDP_SOURCE));
	out_uint16_le(s, 0xe);
	/* num_caps */
	out_uint8s(s, 2);
	/* pad */

	rdp_out_general_caps(s);
	rdp_out_bitmap_caps(s);
	rdp_out_order_caps(s);
	if (g_use_rdp5) {
		rdp_out_bmpcache2_caps(s);
		rdp_out_newpointer_caps(s);
	} else {
		rdp_out_bmpcache_caps(s);
		rdp_out_pointer_caps(s);
	}
	rdp_out_colcache_caps(s);
	rdp_out_activate_caps(s);
	rdp_out_control_caps(s);
	rdp_out_share_caps(s);
	rdp_out_brushcache_caps(s);

	rdp_out_unknown_caps(s, 0x0d, 0x58, caps_0x0d); /* CAPSTYPE_INPUT */
	rdp_out_unknown_caps(s, 0x0c, 0x08, caps_0x0c); /* CAPSTYPE_SOUND */
	rdp_out_unknown_caps(s, 0x0e, 0x08, caps_0x0e); /* CAPSTYPE_FONT */
	rdp_out_unknown_caps(s, 0x10, 0x34, caps_0x10); /* CAPSTYPE_GLYPHCACHE */

	s_mark_end(s);
	sec_send(s, sec_flags);
}
Ejemplo n.º 9
0
void rdp_out_order_capset(rdpRdp * rdp, STREAM s)
{
	uint8 orderSupport[32];
	capsetHeaderRef header;

	header = rdp_skip_capset_header(s);

	memset(orderSupport, 0, 32);
	orderSupport[NEG_DSTBLT_INDEX] = 1;
	orderSupport[NEG_PATBLT_INDEX] = 1;
	orderSupport[NEG_SCRBLT_INDEX] = 1;
	orderSupport[NEG_MEMBLT_INDEX] = (rdp->settings->bitmap_cache ? 1 : 0);
	orderSupport[NEG_MEM3BLT_INDEX] = (rdp->settings->triblt ? 1 : 0);
	// orderSupport[NEG_DRAWNINEGRID_INDEX] = 1;
	orderSupport[NEG_LINETO_INDEX] = 1;
	orderSupport[NEG_MULTI_DRAWNINEGRID_INDEX] = 1;
	orderSupport[NEG_SAVEBITMAP_INDEX] = (rdp->settings->desktop_save ? 1 : 0);
	// orderSupport[NEG_MULTIDSTBLT_INDEX] = 1;
	orderSupport[NEG_MULTIPATBLT_INDEX] = 1;
	// orderSupport[NEG_MULTISCRBLT_INDEX] = 1;
	orderSupport[NEG_MULTIOPAQUERECT_INDEX] = 1;
	orderSupport[NEG_FAST_INDEX_INDEX] = 1;
	orderSupport[NEG_POLYGON_SC_INDEX] = (rdp->settings->polygon_ellipse_orders ? 1 : 0);
	orderSupport[NEG_POLYGON_CB_INDEX] = (rdp->settings->polygon_ellipse_orders ? 1 : 0);
	orderSupport[NEG_POLYLINE_INDEX] = 1;
	orderSupport[NEG_FAST_GLYPH_INDEX] = 1;
/*	orderSupport[NEG_ELLIPSE_SC_INDEX] = (rdp->settings->polygon_ellipse_orders ? 1 : 0);*/
/*	orderSupport[NEG_ELLIPSE_CB_INDEX] = (rdp->settings->polygon_ellipse_orders ? 1 : 0);*/
	orderSupport[NEG_INDEX_INDEX] = 1;

	out_uint8s(s, 16); /* terminalDescriptor, ignored and should be set to zero */
	out_uint32_le(s, 0); /* pad */
	out_uint16_le(s, 1); /* desktopSaveXGranularity */
	out_uint16_le(s, 20); /* desktopSaveYGranularity */
	out_uint16_le(s, 0); /* pad */
	out_uint16_le(s, 1); /* maximumOrderLevel */
	out_uint16_le(s, 0); /* numberFonts, ignored and should be set to zero */

	out_uint16_le(s,
		NEGOTIATEORDERSUPPORT |
		ZEROBOUNDSDELTASSUPPORT |
		COLORINDEXSUPPORT ); /* orderFlags */

	out_uint8p(s, orderSupport, 32); /* orderSupport */
	out_uint16_le(s, 0); /* textFlags, must be ignored */
	out_uint16_le(s, 0); /* orderSupportExFlags */
	out_uint32_le(s, 0); /* pad */
	out_uint32_le(s, rdp->settings->desktop_save == False ? 0 : 0x38400); /* desktopSaveSize */
	out_uint16_le(s, 0); /* pad */
	out_uint16_le(s, 0); /* pad */

	/* See [MSDN-CP]: http://msdn.microsoft.com/en-us/library/dd317756/ */
	out_uint16_le(s, 0x04E4); /* textANSICodePage, 0x04E4 is "ANSI Latin 1 Western European (Windows)" */
	out_uint16_le(s, 0); /* pad */

	rdp_out_capset_header(s, header, CAPSET_TYPE_ORDER);
}
Ejemplo n.º 10
0
Archivo: sound.c Proyecto: OSgenie/xrdp
static int
sound_send_wave_data(char *data, int data_bytes)
{
    struct stream *s;
    int bytes;
    int time;
    char *size_ptr;

    print_got_here();

    if ((data_bytes < 4) || (data_bytes > 128 * 1024))
    {
        LOG(0, ("sound_send_wave_data: bad data_bytes %d", data_bytes));
    }

    /* part one of 2 PDU wave info */

    LOG(10, ("sound_send_wave_data: sending %d bytes", data_bytes));

    make_stream(s);
    init_stream(s, data_bytes);
    out_uint16_le(s, SNDC_WAVE);
    size_ptr = s->p;
    out_uint16_le(s, 0); /* size, set later */
    time = g_time2();
    out_uint16_le(s, time);
    out_uint16_le(s, 0); /* wFormatNo */
    g_cBlockNo++;
    out_uint8(s, g_cBlockNo);

    LOG(10, ("sound_send_wave_data: sending time %d, g_cBlockNo %d",
             time & 0xffff, g_cBlockNo & 0xff));

    out_uint8s(s, 3);
    out_uint8a(s, data, 4);
    s_mark_end(s);
    bytes = (int)((s->end - s->data) - 4);
    bytes += data_bytes;
    bytes -= 4;
    size_ptr[0] = bytes;
    size_ptr[1] = bytes >> 8;
    bytes = (int)(s->end - s->data);
    send_channel_data(g_rdpsnd_chan_id, s->data, bytes);

    /* part two of 2 PDU wave info */
    init_stream(s, data_bytes);
    out_uint32_le(s, 0);
    out_uint8a(s, data + 4, data_bytes - 4);
    s_mark_end(s);
    bytes = (int)(s->end - s->data);
    send_channel_data(g_rdpsnd_chan_id, s->data, bytes);
    free_stream(s);
    return 0;
}
Ejemplo n.º 11
0
void cliprdr_send_format_list()
{
	struct stream* s;

	make_stream(s);
	init_stream(s,1024);

	log_message(l_config, LOG_LEVEL_DEBUG, "vchannel_cliprdr[cliprdr_send_format_list_response]:");
	/* clip header */
	out_uint16_le(s, CB_FORMAT_LIST);                      /* msg type */
	out_uint16_le(s, 0);                                   /* msg flag */
	out_uint32_le(s, 72);                                  /* msg size */
	/* we only send one format */
	out_uint32_le(s, CF_TEXT);                             /* Format Id */
	out_uint8s(s, 32);
	out_uint32_le(s, CF_UNICODETEXT);                      /* Format Id */
	out_uint8s(s, 32);

	s_mark_end(s);
	cliprdr_send(s);
	free_stream(s);

}
Ejemplo n.º 12
0
/* Send a confirm active PDU */
static BOOL
rdp_send_confirm_active(RDPCLIENT * This)
{
	STREAM s;
	uint32 sec_flags = This->encryption ? (RDP5_FLAG | SEC_ENCRYPT) : RDP5_FLAG;
	uint16 caplen =
		RDP_CAPLEN_GENERAL + RDP_CAPLEN_BITMAP + RDP_CAPLEN_ORDER +
		RDP_CAPLEN_BMPCACHE + RDP_CAPLEN_COLCACHE +
		RDP_CAPLEN_ACTIVATE + RDP_CAPLEN_CONTROL +
		RDP_CAPLEN_POINTER + RDP_CAPLEN_SHARE +
		0x58 + 0x08 + 0x08 + 0x34 /* unknown caps */  +
		4 /* w2k fix, why? */ ;

	s = sec_init(This, sec_flags, 6 + 14 + caplen + sizeof(RDP_SOURCE));

	if(s == NULL)
		return False;

	out_uint16_le(s, 2 + 14 + caplen + sizeof(RDP_SOURCE));
	out_uint16_le(s, (RDP_PDU_CONFIRM_ACTIVE | 0x10));	/* Version 1 */
	out_uint16_le(s, (This->mcs_userid + 1001));

	out_uint32_le(s, This->rdp_shareid);
	out_uint16_le(s, 0x3ea);	/* userid */
	out_uint16_le(s, sizeof(RDP_SOURCE));
	out_uint16_le(s, caplen);

	out_uint8p(s, RDP_SOURCE, sizeof(RDP_SOURCE));
	out_uint16_le(s, 0xd);	/* num_caps */
	out_uint8s(s, 2);	/* pad */

	rdp_out_general_caps(This, s);
	rdp_out_bitmap_caps(This, s);
	rdp_out_order_caps(This, s);
	This->use_rdp5 ? rdp_out_bmpcache2_caps(This, s) : rdp_out_bmpcache_caps(This, s);
	rdp_out_colcache_caps(s);
	rdp_out_activate_caps(s);
	rdp_out_control_caps(s);
	rdp_out_pointer_caps(s);
	rdp_out_share_caps(s);

	rdp_out_unknown_caps(s, 0x0d, 0x58, caps_0x0d);	/* international? */
	rdp_out_unknown_caps(s, 0x0c, 0x08, caps_0x0c);
	rdp_out_unknown_caps(s, 0x0e, 0x08, caps_0x0e);
	rdp_out_unknown_caps(s, 0x10, 0x34, caps_0x10);	/* glyph cache? */

	s_mark_end(s);
	return sec_send(This, s, sec_flags);
}
Ejemplo n.º 13
0
/* Output bitmap cache capability set */
static void
rdp_out_bmpcache_caps(STREAM s)
{
    int Bpp;
    out_uint16_le(s, RDP_CAPSET_BMPCACHE);
    out_uint16_le(s, RDP_CAPLEN_BMPCACHE);

    Bpp = (g_server_depth + 7) / 8;	/* bytes per pixel */
    out_uint8s(s, 24);	/* unused */
    out_uint16_le(s, 0x258);	/* entries */
    out_uint16_le(s, 0x100 * Bpp);	/* max cell size */
    out_uint16_le(s, 0x12c);	/* entries */
    out_uint16_le(s, 0x400 * Bpp);	/* max cell size */
    out_uint16_le(s, 0x106);	/* entries */
    out_uint16_le(s, 0x1000 * Bpp);	/* max cell size */
}
Ejemplo n.º 14
0
/* Send a Licensing packet with Client License Information */
static void
licence_present(rdpLicence * licence, uint8 * client_random, uint8 * rsa_data,
                uint8 * licence_data, int licence_size, uint8 * hwid, uint8 * signature)
{
    uint32 sec_flags = SEC_LICENSE_PKT;
    uint16 length =
        16 + SEC_RANDOM_SIZE + SEC_MODULUS_SIZE + SEC_PADDING_SIZE +
        licence_size + LICENCE_HWID_SIZE + LICENCE_SIGNATURE_SIZE;
    STREAM s;

    s = sec_init(licence->sec, sec_flags, length + 4);

    /* Licensing Preamble (LICENSE_PREAMBLE) */
    out_uint8(s, LICENSE_INFO);	/* bMsgType LICENSE_INFO */
    out_uint8(s, 2);	/* bVersion PREAMBLE_VERSION_2_0 */
    out_uint16_le(s, length);

    /* Client License Information: */
    out_uint32_le(s, 1);	/* PreferredKeyExchangeAlg KEY_EXCHANGE_ALG_RSA */
    out_uint16_le(s, 0);	/* PlatformId, unknown platform and ISV */
    out_uint16_le(s, 0x0201);	/* PlatformId, build/version */

    out_uint8p(s, client_random, SEC_RANDOM_SIZE);	/* ClientRandom */

    /* Licensing Binary Blob with EncryptedPreMasterSecret: */
    out_uint16_le(s, 0);	/* wBlobType should be 0x0002 (BB_RANDOM_BLOB) */
    out_uint16_le(s, (SEC_MODULUS_SIZE + SEC_PADDING_SIZE));	/* wBlobLen */
    out_uint8p(s, rsa_data, SEC_MODULUS_SIZE);	/* 48 bit random number encrypted for server */
    out_uint8s(s, SEC_PADDING_SIZE);

    /* Licensing Binary Blob with LicenseInfo: */
    out_uint16_le(s, 1);	/* wBlobType BB_DATA_BLOB */
    out_uint16_le(s, licence_size);	/* wBlobLen */
    out_uint8p(s, licence_data, licence_size);	/* CAL issued by servers license server */

    /* Licensing Binary Blob with EncryptedHWID */
    out_uint16_le(s, 1);	/* wBlobType BB_DATA_BLOB */
    out_uint16_le(s, LICENCE_HWID_SIZE);	/* wBlobLen */
    out_uint8p(s, hwid, LICENCE_HWID_SIZE);	/* RC4-encrypted Client Hardware Identification */

    out_uint8p(s, signature, LICENCE_SIGNATURE_SIZE);	/* MACData */

    s_mark_end(s);
    sec_send(licence->sec, s, sec_flags);
}
Ejemplo n.º 15
0
/* Send a Licensing packet with Client New License Request */
static void
licence_send_request(rdpLicence * licence, uint8 * client_random, uint8 * rsa_data, char *user,
                     char *host)
{
    uint32 sec_flags = SEC_LICENSE_PKT;
    uint16 userlen = strlen(user) + 1;
    uint16 hostlen = strlen(host) + 1;
    uint16 length = 128 + userlen + hostlen;
    STREAM s;

    s = sec_init(licence->sec, sec_flags, length + 2);

    /* Licensing Preamble (LICENSE_PREAMBLE) */
    out_uint8(s, NEW_LICENSE_REQUEST);	/* NEW_LICENSE_REQUEST */
    out_uint8(s, 2);	/* PREAMBLE_VERSION_2_0 */
    out_uint16_le(s, length);

    out_uint32_le(s, 1);	/* PreferredKeyExchangeAlg KEY_EXCHANGE_ALG_RSA */
    out_uint16_le(s, 0);	/* PlatformId, unknown platform and ISV */
    out_uint16_le(s, 0xff01);	/* PlatformId, build/version */

    out_uint8p(s, client_random, SEC_RANDOM_SIZE);	/* ClientRandom */

    /* Licensing Binary Blob with EncryptedPreMasterSecret: */
    out_uint16_le(s, 0);	/* wBlobType should be 0x0002 (BB_RANDOM_BLOB) */
    out_uint16_le(s, (SEC_MODULUS_SIZE + SEC_PADDING_SIZE));	/* wBlobLen */
    out_uint8p(s, rsa_data, SEC_MODULUS_SIZE);	/* 48 bit random number encrypted for server */
    out_uint8s(s, SEC_PADDING_SIZE);

    /* Licensing Binary Blob with ClientUserName: */
    out_uint16_le(s, LICENCE_TAG_USER);	/* wBlobType BB_CLIENT_USER_NAME_BLOB */
    out_uint16_le(s, userlen);	/* wBlobLen */
    out_uint8p(s, user, userlen);

    /* Licensing Binary Blob with ClientMachineName: */
    out_uint16_le(s, LICENCE_TAG_HOST);	/* wBlobType BB_CLIENT_MACHINE_NAME_BLOB */
    out_uint16_le(s, hostlen);	/* wBlobLen */
    out_uint8p(s, host, hostlen);

    s_mark_end(s);
    sec_send(licence->sec, s, sec_flags);
}
Ejemplo n.º 16
0
/* Present an existing licence to the server */
static BOOL
licence_present(RDPCLIENT * This, uint8 * client_random, uint8 * rsa_data,
		uint8 * licence_data, int licence_size, uint8 * hwid, uint8 * signature)
{
	uint32 sec_flags = SEC_LICENCE_NEG;
	uint16 length =
		16 + SEC_RANDOM_SIZE + SEC_MODULUS_SIZE + SEC_PADDING_SIZE +
		licence_size + LICENCE_HWID_SIZE + LICENCE_SIGNATURE_SIZE;
	STREAM s;

	s = sec_init(This, sec_flags, length + 4);

	if(s == NULL)
		return False;

	out_uint8(s, LICENCE_TAG_PRESENT);
	out_uint8(s, 2);	/* version */
	out_uint16_le(s, length);

	out_uint32_le(s, 1);
	out_uint16(s, 0);
	out_uint16_le(s, 0x0201);

	out_uint8p(s, client_random, SEC_RANDOM_SIZE);
	out_uint16(s, 0);
	out_uint16_le(s, (SEC_MODULUS_SIZE + SEC_PADDING_SIZE));
	out_uint8p(s, rsa_data, SEC_MODULUS_SIZE);
	out_uint8s(s, SEC_PADDING_SIZE);

	out_uint16_le(s, 1);
	out_uint16_le(s, licence_size);
	out_uint8p(s, licence_data, licence_size);

	out_uint16_le(s, 1);
	out_uint16_le(s, LICENCE_HWID_SIZE);
	out_uint8p(s, hwid, LICENCE_HWID_SIZE);

	out_uint8p(s, signature, LICENCE_SIGNATURE_SIZE);

	s_mark_end(s);
	return sec_send(This, s, sec_flags);
}
Ejemplo n.º 17
0
void rdp_out_bitmapcache_capset(rdpRdp * rdp, STREAM s)
{
	int Bpp;
	int size;
	capsetHeaderRef header;

	header = rdp_skip_capset_header(s);
	Bpp = (rdp->settings->server_depth + 7) / 8; /* bytes per pixel */
	out_uint8s(s, 24); /* pad */
	out_uint16_le(s, 0x258); /* Cache1Entries */
	size = 0x100 * Bpp;
	out_uint16_le(s, size); /* Cache1MaximumCellSize */
	out_uint16_le(s, 0x12c); /* Cache2Entries */
	size = 0x400 * Bpp;
	out_uint16_le(s, size); /* Cache2MaximumCellSize */
	out_uint16_le(s, 0x106); /* Cache3Entries */
	size = 0x1000 * Bpp;
	out_uint16_le(s, size); /* Cache3MaximumCellSize */
	rdp_out_capset_header(s, header, CAPSET_TYPE_BITMAPCACHE);
}
Ejemplo n.º 18
0
/* Output bitmap cache v2 capability set */
static void rdp_out_bmpcache2_caps(STREAM s) {
	out_uint16_le(s, RDP_CAPSET_BMPCACHE2);
	out_uint16_le(s, RDP_CAPLEN_BMPCACHE2);

	out_uint16_le(s, g_bitmap_cache_persist_enable ? 2 : 0);
	/* version */

	out_uint16_be(s, 3);
	/* number of caches in this set */

	/* max cell size for cache 0 is 16x16, 1 = 32x32, 2 = 64x64, etc */
	out_uint32_le(s, BMPCACHE2_C0_CELLS);
	out_uint32_le(s, BMPCACHE2_C1_CELLS);
	if (pstcache_init(2)) {
		out_uint32_le(s, BMPCACHE2_NUM_PSTCELLS | BMPCACHE2_FLAG_PERSIST);
	} else {
		out_uint32_le(s, BMPCACHE2_C2_CELLS);
	}out_uint8s(s, 20);
	/* other bitmap caches not used */
}
Ejemplo n.º 19
0
/* Send a confirm active PDU */
static void
rdp_send_confirm_active(void)
{
	STREAM s;
	uint32 sec_flags = g_encryption ? (RDP5_FLAG | SEC_ENCRYPT) : RDP5_FLAG;
	uint16 caplen =
		RDP_CAPLEN_GENERAL + RDP_CAPLEN_BITMAP + RDP_CAPLEN_ORDER +
		RDP_CAPLEN_BMPCACHE + RDP_CAPLEN_COLCACHE +
		RDP_CAPLEN_ACTIVATE + RDP_CAPLEN_CONTROL +
		RDP_CAPLEN_POINTER + RDP_CAPLEN_SHARE + RDP_CAPLEN_UNKNOWN + 4 /* w2k fix, why? */ ;

	s = sec_init(sec_flags, 6 + 14 + caplen + sizeof(RDP_SOURCE));

	out_uint16_le(s, 2 + 14 + caplen + sizeof(RDP_SOURCE));
	out_uint16_le(s, (RDP_PDU_CONFIRM_ACTIVE | 0x10));	/* Version 1 */
	out_uint16_le(s, (g_mcs_userid + 1001));

	out_uint32_le(s, g_rdp_shareid);
	out_uint16_le(s, 0x3ea);	/* userid */
	out_uint16_le(s, sizeof(RDP_SOURCE));
	out_uint16_le(s, caplen);

	out_uint8p(s, RDP_SOURCE, sizeof(RDP_SOURCE));
	out_uint16_le(s, 0xd);	/* num_caps */
	out_uint8s(s, 2);	/* pad */

	rdp_out_general_caps(s);
	rdp_out_bitmap_caps(s);
	rdp_out_order_caps(s);
	rdp_out_bmpcache_caps(s);
	rdp_out_colcache_caps(s);
	rdp_out_activate_caps(s);
	rdp_out_control_caps(s);
	rdp_out_pointer_caps(s);
	rdp_out_share_caps(s);
	rdp_out_unknown_caps(s);

	s_mark_end(s);
	sec_send(s, sec_flags);
}
Ejemplo n.º 20
0
/* Present an existing licence to the server */
static void
licence_present(RDConnectionRef conn, uint8 * client_random, uint8 * rsa_data,
		uint8 * licence_data, int licence_size, uint8 * hwid, uint8 * signature)
{
	uint32 sec_flags = SEC_LICENCE_NEG;
	uint16 length =
		16 + SEC_RANDOM_SIZE + SEC_MODULUS_SIZE + SEC_PADDING_SIZE +
		licence_size + LICENCE_HWID_SIZE + LICENCE_SIGNATURE_SIZE;
	RDStreamRef s;

	s = sec_init(conn, sec_flags, length + 4);

	out_uint8(s, LICENCE_TAG_PRESENT);
	out_uint8(s, 2);	/* version */
	out_uint16_le(s, length);

	out_uint32_le(s, 1);
	out_uint16(s, 0);
	out_uint16_le(s, 0x0201);

	out_uint8p(s, client_random, SEC_RANDOM_SIZE);
	out_uint16(s, 0);
	out_uint16_le(s, (SEC_MODULUS_SIZE + SEC_PADDING_SIZE));
	out_uint8p(s, rsa_data, SEC_MODULUS_SIZE);
	out_uint8s(s, SEC_PADDING_SIZE);

	out_uint16_le(s, 1);
	out_uint16_le(s, licence_size);
	out_uint8p(s, licence_data, licence_size);

	out_uint16_le(s, 1);
	out_uint16_le(s, LICENCE_HWID_SIZE);
	out_uint8p(s, hwid, LICENCE_HWID_SIZE);

	out_uint8p(s, signature, LICENCE_SIGNATURE_SIZE);

	s_mark_end(s);
	sec_send(conn, s, sec_flags);
}
Ejemplo n.º 21
0
/* Send a licence request packet */
static BOOL
licence_send_request(RDPCLIENT * This, uint8 * client_random, uint8 * rsa_data, char *user, char *host)
{
	uint32 sec_flags = SEC_LICENCE_NEG;
	uint16 userlen = (uint16)strlen(user) + 1;
	uint16 hostlen = (uint16)strlen(host) + 1;
	uint16 length = 128 + userlen + hostlen;
	STREAM s;

	s = sec_init(This, sec_flags, length + 2);

	if(s == NULL)
		return False;

	out_uint8(s, LICENCE_TAG_REQUEST);
	out_uint8(s, 2);	/* version */
	out_uint16_le(s, length);

	out_uint32_le(s, 1);
	out_uint16(s, 0);
	out_uint16_le(s, 0xff01);

	out_uint8p(s, client_random, SEC_RANDOM_SIZE);
	out_uint16(s, 0);
	out_uint16_le(s, (SEC_MODULUS_SIZE + SEC_PADDING_SIZE));
	out_uint8p(s, rsa_data, SEC_MODULUS_SIZE);
	out_uint8s(s, SEC_PADDING_SIZE);

	out_uint16_le(s, LICENCE_TAG_USER);
	out_uint16_le(s, userlen);
	out_uint8p(s, user, userlen);

	out_uint16_le(s, LICENCE_TAG_HOST);
	out_uint16_le(s, hostlen);
	out_uint8p(s, host, hostlen);

	s_mark_end(s);
	return sec_send(This, s, sec_flags);
}
Ejemplo n.º 22
0
int APP_CC
dev_redir_process_write_io_request(int completion_id, int offset)
{
	struct stream* s;
	int fd;
	char buffer[1024];
	int size;

	make_stream(s);
	init_stream(s,1100);
	actions[completion_id].last_req = IRP_MJ_WRITE;
	log_message(&log_conf, LOG_LEVEL_DEBUG, "chansrv[dev_redir_process_write_io_request]:"
  		"process next io request[%s]",actions[completion_id].path);
	out_uint16_le(s, RDPDR_CTYP_CORE);
  out_uint16_le(s, PAKID_CORE_DEVICE_IOREQUEST);
	out_uint32_le(s, actions[completion_id].device);
	out_uint32_le(s, actions[completion_id].file_id);
	out_uint32_le(s, completion_id);
	out_uint32_le(s, IRP_MJ_WRITE);   	/* major version */
	out_uint32_le(s, 0);								/* minor version */
	if(g_file_exist(actions[completion_id].path)){
		fd = g_file_open(actions[completion_id].path);
		g_file_seek(fd, offset);
		size = g_file_read(fd, buffer, 1024);
		out_uint32_le(s,size);
		out_uint64_le(s,offset);
		out_uint8s(s,20);
		out_uint8p(s,buffer,size);
		s_mark_end(s);
		dev_redir_send(s);
		actions[completion_id].message_id++;
		free_stream(s);
		return 0;
	}
	log_message(&log_conf, LOG_LEVEL_DEBUG, "chansrv[dev_redir_process_write_io_request]:"
  		"the file %s did not exists",actions[completion_id].path);
	free_stream(s);
	return 1;
}
Ejemplo n.º 23
0
/* Send a new licence request packet */
static void
licence_send_new_licence_request(uint8 * client_random, uint8 * rsa_data, char *user, char *host)
{
	uint32 sec_flags = SEC_LICENSE_PKT;
	uint16 userlen = strlen(user) + 1;
	uint16 hostlen = strlen(host) + 1;
	uint16 length =
		24 + SEC_RANDOM_SIZE + SEC_MODULUS_SIZE + SEC_PADDING_SIZE + userlen + hostlen;
	STREAM s;

	s = sec_init(sec_flags, length + 2);

	out_uint8(s, LICENCE_TAG_NEW_LICENCE_REQUEST);
	out_uint8(s, ((g_rdp_version >= RDP_V5) ? 3 : 2));	/* version */
	out_uint16_le(s, length);

	out_uint32_le(s, 1);	// KEY_EXCHANGE_ALG_RSA
	out_uint16(s, 0);
	out_uint16_le(s, 0xff01);

	out_uint8p(s, client_random, SEC_RANDOM_SIZE);
	out_uint16_le(s, 2);
	out_uint16_le(s, (SEC_MODULUS_SIZE + SEC_PADDING_SIZE));
	out_uint8p(s, rsa_data, SEC_MODULUS_SIZE);
	out_uint8s(s, SEC_PADDING_SIZE);

	/* Username LICENSE_BINARY_BLOB */
	out_uint16_le(s, BB_CLIENT_USER_NAME_BLOB);
	out_uint16_le(s, userlen);
	out_uint8p(s, user, userlen);

	/* Machinename LICENSE_BINARY_BLOB */
	out_uint16_le(s, BB_CLIENT_MACHINE_NAME_BLOB);
	out_uint16_le(s, hostlen);
	out_uint8p(s, host, hostlen);

	s_mark_end(s);
	sec_send(s, sec_flags);
}
Ejemplo n.º 24
0
/* Send a licence info packet to server */
static void
licence_info(uint8 * client_random, uint8 * rsa_data,
	     uint8 * licence_data, int licence_size, uint8 * hwid, uint8 * signature)
{
	uint32 sec_flags = SEC_LICENSE_PKT;
	uint16 length =
		24 + SEC_RANDOM_SIZE + SEC_MODULUS_SIZE + SEC_PADDING_SIZE +
		licence_size + LICENCE_HWID_SIZE + LICENCE_SIGNATURE_SIZE;
	STREAM s;

	s = sec_init(sec_flags, length + 2);

	out_uint8(s, LICENCE_TAG_LICENCE_INFO);
	out_uint8(s, ((g_rdp_version >= RDP_V5) ? 3 : 2));	/* version */
	out_uint16_le(s, length);

	out_uint32_le(s, 1);
	out_uint16(s, 0);
	out_uint16_le(s, 0x0201);

	out_uint8p(s, client_random, SEC_RANDOM_SIZE);
	out_uint16_le(s, 2);
	out_uint16_le(s, (SEC_MODULUS_SIZE + SEC_PADDING_SIZE));
	out_uint8p(s, rsa_data, SEC_MODULUS_SIZE);
	out_uint8s(s, SEC_PADDING_SIZE);

	out_uint16_le(s, 1);
	out_uint16_le(s, licence_size);
	out_uint8p(s, licence_data, licence_size);

	out_uint16_le(s, 1);
	out_uint16_le(s, LICENCE_HWID_SIZE);
	out_uint8p(s, hwid, LICENCE_HWID_SIZE);

	out_uint8p(s, signature, LICENCE_SIGNATURE_SIZE);

	s_mark_end(s);
	sec_send(s, sec_flags);
}
Ejemplo n.º 25
0
void rdp_out_input_capset(rdpRdp * rdp, STREAM s)
{
	capsetHeaderRef header;
	uint32 flags;

	header = rdp_skip_capset_header(s);
	flags = INPUT_FLAG_SCANCODES | INPUT_FLAG_MOUSEX | INPUT_FLAG_UNICODE;
	if (rdp->use_input_fast_path)
	{
		flags |= rdp->input_flags & (INPUT_FLAG_FASTPATH_INPUT | INPUT_FLAG_FASTPATH_INPUT2);
	}
	out_uint16_le(s, flags); /* inputFlags */
	out_uint16_le(s, 0); /* pad */
	out_uint32_le(s, rdp->settings->keyboard_layout); /* keyboardLayout */
	out_uint32_le(s, rdp->settings->keyboard_type); /* keyboardType */
	out_uint32_le(s, rdp->settings->keyboard_subtype); /* keyboardSubType */
	out_uint32_le(s, rdp->settings->keyboard_functionkeys); /* keyboardFunctionKeys */

	//rdp_out_unistr(rdp, s, rdp->settings->keyboard_ime, 2 * strlen(rdp->settings->keyboard_ime));
	//out_uint8s(s, 62 - 2 * strlen(rdp->settings->keyboard_ime)); /* imeFileName (64 bytes)
	out_uint8s(s, 64);
	rdp_out_capset_header(s, header, CAPSET_TYPE_INPUT);
}
Ejemplo n.º 26
0
/* Send a licence request packet */
static void
licence_send_request(uint8 *client_random, uint8 *rsa_data,
		     char *user, char *host)
{
	uint32 sec_flags = SEC_LICENCE_NEG;
	uint16 userlen = strlen(user) + 1;
	uint16 hostlen = strlen(host) + 1;
	uint16 length = 120 + userlen + hostlen;
	STREAM s;

	s = sec_init(sec_flags, length + 2);

	out_uint16_le(s, LICENCE_TAG_REQUEST);
	out_uint16_le(s, length);

	out_uint32_le(s, 1);
	out_uint16(s, 0);
	out_uint16_le(s, 0xff01);

	out_uint8p(s, client_random, SEC_RANDOM_SIZE);
	out_uint16(s, 0);
	out_uint16_le(s, (SEC_MODULUS_SIZE + SEC_PADDING_SIZE));
	out_uint8p(s, rsa_data, SEC_MODULUS_SIZE);
	out_uint8s(s, SEC_PADDING_SIZE);

	out_uint16(s, LICENCE_TAG_USER);
	out_uint16(s, userlen);
	out_uint8p(s, user, userlen);

	out_uint16(s, LICENCE_TAG_HOST);
	out_uint16(s, hostlen);
	out_uint8p(s, host, hostlen);

	s_mark_end(s);
	sec_send(s, sec_flags);
}
Ejemplo n.º 27
0
/* Parse a logon info packet */
static void
rdp_send_logon_info(uint32 flags, char *domain, char *user,
                    char *password, char *program, char *directory)
{
    char *ipaddr = tcp_get_address();
    /* length of string in TS_INFO_PACKET excludes null terminator */
    int len_domain = 2 * strlen(domain);
    int len_user = 2 * strlen(user);
    int len_password = 2 * strlen(password);
    int len_program = 2 * strlen(program);
    int len_directory = 2 * strlen(directory);

    /* length of strings in TS_EXTENDED_PACKET includes null terminator */
    int len_ip = 2 * strlen(ipaddr) + 2;
    int len_dll = 2 * strlen("C:\\WINNT\\System32\\mstscax.dll") + 2;

    int packetlen = 0;
    uint32 sec_flags = g_encryption ? (SEC_LOGON_INFO | SEC_ENCRYPT) : SEC_LOGON_INFO;
    STREAM s;
    time_t t = time(NULL);
    time_t tzone;
    uint8 security_verifier[16];

    if (g_rdp_version == RDP_V4 || 1 == g_server_rdp_version)
    {
        DEBUG_RDP5(("Sending RDP4-style Logon packet\n"));

        s = sec_init(sec_flags, 18 + len_domain + len_user + len_password
                     + len_program + len_directory + 10);

        out_uint32(s, 0);
        out_uint32_le(s, flags);
        out_uint16_le(s, len_domain);
        out_uint16_le(s, len_user);
        out_uint16_le(s, len_password);
        out_uint16_le(s, len_program);
        out_uint16_le(s, len_directory);
        rdp_out_unistr(s, domain, len_domain);
        rdp_out_unistr(s, user, len_user);
        rdp_out_unistr(s, password, len_password);
        rdp_out_unistr(s, program, len_program);
        rdp_out_unistr(s, directory, len_directory);
    }
    else
    {

        DEBUG_RDP5(("Sending RDP5-style Logon packet\n"));

        if (g_redirect == True && g_redirect_cookie_len > 0)
        {
            len_password = g_redirect_cookie_len;
            len_password -= 2;	/* substract 2 bytes which is added below */
        }

        packetlen =
            /* size of TS_INFO_PACKET */
            4 +	/* CodePage */
            4 +	/* flags */
            2 +	/* cbDomain */
            2 +	/* cbUserName */
            2 +	/* cbPassword */
            2 +	/* cbAlternateShell */
            2 +	/* cbWorkingDir */
            2 + len_domain +	/* Domain */
            2 + len_user +	/* UserName */
            2 + len_password +	/* Password */
            2 + len_program +	/* AlternateShell */
            2 + len_directory +	/* WorkingDir */
            /* size of TS_EXTENDED_INFO_PACKET */
            2 +	/* clientAdressFamily */
            2 +	/* cbClientAdress */
            len_ip +	/* clientAddress */
            2 +	/* cbClientDir */
            len_dll +	/* clientDir */
            /* size of TS_TIME_ZONE_INFORMATION */
            4 +	/* Bias, (UTC = local time + bias */
            64 +	/* StandardName, 32 unicode char array, Descriptive standard time on client */
            16 +	/* StandardDate */
            4 +	/* StandardBias */
            64 +	/* DaylightName, 32 unicode char array */
            16 +	/* DaylightDate */
            4 +	/* DaylightBias */
            4 +	/* clientSessionId */
            4 +	/* performanceFlags */
            2 +	/* cbAutoReconnectCookie, either 0 or 0x001c */
            /* size of ARC_CS_PRIVATE_PACKET */
            28;	/* autoReconnectCookie */


        s = sec_init(sec_flags, packetlen);
        DEBUG_RDP5(("Called sec_init with packetlen %d\n", packetlen));

        /* TS_INFO_PACKET */
        out_uint32(s, 0);	/* Code Page */
        out_uint32_le(s, flags);
        out_uint16_le(s, len_domain);
        out_uint16_le(s, len_user);
        out_uint16_le(s, len_password);
        out_uint16_le(s, len_program);
        out_uint16_le(s, len_directory);

        if (0 < len_domain)
            rdp_out_unistr(s, domain, len_domain);
        else
            out_uint16_le(s, 0);	/* mandatory 2 bytes null terminator */

        if (0 < len_user)
            rdp_out_unistr(s, user, len_user);
        else
            out_uint16_le(s, 0);	/* mandatory 2 bytes null terminator */

        if (0 < len_password)
        {
            if (g_redirect == True && 0 < g_redirect_cookie_len)
            {
                out_uint8p(s, g_redirect_cookie, g_redirect_cookie_len);
            }
            else
            {
                rdp_out_unistr(s, password, len_password);
            }
        }
        else
            out_uint16_le(s, 0);	/* mandatory 2 bytes null terminator */

        if (0 < len_program)
            rdp_out_unistr(s, program, len_program);
        else
            out_uint16_le(s, 0);	/* mandatory 2 bytes null terminator */

        if (0 < len_directory)
            rdp_out_unistr(s, directory, len_directory);
        else
            out_uint16_le(s, 0);	/* mandatory 2 bytes null terminator */

        /* TS_EXTENDED_INFO_PACKET */
        out_uint16_le(s, 2);	/* clientAddressFamily = AF_INET */
        out_uint16_le(s, len_ip);	/* cbClientAddress, Length of client ip */
        rdp_out_unistr(s, ipaddr, len_ip - 2);	/* clientAddress */
        out_uint16_le(s, len_dll);	/* cbClientDir */
        rdp_out_unistr(s, "C:\\WINNT\\System32\\mstscax.dll", len_dll - 2);	/* clientDir */

        /* TS_TIME_ZONE_INFORMATION */
        tzone = (mktime(gmtime(&t)) - mktime(localtime(&t))) / 60;
        out_uint32_le(s, tzone);
        rdp_out_unistr(s, "GTB, normaltid", 2 * strlen("GTB, normaltid"));
        out_uint8s(s, 62 - 2 * strlen("GTB, normaltid"));
        out_uint32_le(s, 0x0a0000);
        out_uint32_le(s, 0x050000);
        out_uint32_le(s, 3);
        out_uint32_le(s, 0);
        out_uint32_le(s, 0);
        rdp_out_unistr(s, "GTB, sommartid", 2 * strlen("GTB, sommartid"));
        out_uint8s(s, 62 - 2 * strlen("GTB, sommartid"));
        out_uint32_le(s, 0x30000);
        out_uint32_le(s, 0x050000);
        out_uint32_le(s, 2);
        out_uint32(s, 0);
        out_uint32_le(s, 0xffffffc4);	/* DaylightBias */

        /* Rest of TS_EXTENDED_INFO_PACKET */
        out_uint32_le(s, 0);	/* clientSessionId (Ignored by server MUST be 0) */
        out_uint32_le(s, g_rdp5_performanceflags);

        /* Client Auto-Reconnect */
        if (g_has_reconnect_random)
        {
            out_uint16_le(s, 28);	/* cbAutoReconnectLen */
            /* ARC_CS_PRIVATE_PACKET */
            out_uint32_le(s, 28);	/* cbLen */
            out_uint32_le(s, 1);	/* Version */
            out_uint32_le(s, g_reconnect_logonid);	/* LogonId */
            rdssl_hmac_md5(g_reconnect_random, sizeof(g_reconnect_random),
                           g_client_random, SEC_RANDOM_SIZE, security_verifier);
            out_uint8a(s, security_verifier, sizeof(security_verifier));
        }
        else
        {
            out_uint16_le(s, 0);	/* cbAutoReconnectLen */
        }

    }
    s_mark_end(s);

    /* clear the redirect flag */
    g_redirect = False;

    sec_send(s, sec_flags);
}
Ejemplo n.º 28
0
int EXPORT_CC
libxrdp_send_bitmap(struct xrdp_session *session, int width, int height,
                    int bpp, char *data, int x, int y, int cx, int cy)
{
    int line_size = 0;
    int i = 0;
    int j = 0;
    int total_lines = 0;
    int lines_sending = 0;
    int Bpp = 0;
    int e = 0;
    int bufsize = 0;
    int total_bufsize = 0;
    int num_updates = 0;
    char *p_num_updates = (char *)NULL;
    char *p = (char *)NULL;
    char *q = (char *)NULL;
    struct stream *s = (struct stream *)NULL;
    struct stream *temp_s = (struct stream *)NULL;

    DEBUG(("libxrdp_send_bitmap sending bitmap"));
    Bpp = (bpp + 7) / 8;
    e = width % 4;

    if (e != 0)
    {
        e = 4 - e;
    }

    line_size = width * Bpp;
    make_stream(s);
    init_stream(s, 8192);

    if (session->client_info->use_bitmap_comp)
    {
        make_stream(temp_s);
        init_stream(temp_s, 65536);
        i = 0;

        if (cy <= height)
        {
            i = cy;
        }

        while (i > 0)
        {
            total_bufsize = 0;
            num_updates = 0;
            xrdp_rdp_init_data((struct xrdp_rdp *)session->rdp, s);
            out_uint16_le(s, RDP_UPDATE_BITMAP);
            p_num_updates = s->p;
            out_uint8s(s, 2); /* num_updates set later */

            do
            {
                if (session->client_info->op1)
                {
                    s_push_layer(s, channel_hdr, 18);
                }
                else
                {
                    s_push_layer(s, channel_hdr, 26);
                }

                p = s->p;
                lines_sending = xrdp_bitmap_compress(data, width, height,
                                                     s, bpp,
                                                     4096 - total_bufsize,
                                                     i - 1, temp_s, e);

                if (lines_sending == 0)
                {
                    break;
                }

                num_updates++;
                bufsize = s->p - p;
                total_bufsize += bufsize;
                i = i - lines_sending;
                s_mark_end(s);
                s_pop_layer(s, channel_hdr);
                out_uint16_le(s, x); /* left */
                out_uint16_le(s, y + i); /* top */
                out_uint16_le(s, (x + cx) - 1); /* right */
                out_uint16_le(s, (y + i + lines_sending) - 1); /* bottom */
                out_uint16_le(s, width + e); /* width */
                out_uint16_le(s, lines_sending); /* height */
                out_uint16_le(s, bpp); /* bpp */

                if (session->client_info->op1)
                {
                    out_uint16_le(s, 0x401); /* compress */
                    out_uint16_le(s, bufsize); /* compressed size */
                    j = (width + e) * Bpp;
                    j = j * lines_sending;
                }
                else
                {
                    out_uint16_le(s, 0x1); /* compress */
                    out_uint16_le(s, bufsize + 8);
                    out_uint8s(s, 2); /* pad */
                    out_uint16_le(s, bufsize); /* compressed size */
                    j = (width + e) * Bpp;
                    out_uint16_le(s, j); /* line size */
                    j = j * lines_sending;
                    out_uint16_le(s, j); /* final size */
                }

                if (j > 32768)
                {
                    g_writeln("error, decompressed size too big, its %d", j);
                }

                if (bufsize > 8192)
                {
                    g_writeln("error, compressed size too big, its %d", bufsize);
                }

                s->p = s->end;
            }
            while (total_bufsize < 4096 && i > 0);

            p_num_updates[0] = num_updates;
            p_num_updates[1] = num_updates >> 8;
            xrdp_rdp_send_data((struct xrdp_rdp *)session->rdp, s,
                               RDP_DATA_PDU_UPDATE);

            if (total_bufsize > 8192)
            {
                g_writeln("error, total compressed size too big, its %d",
                          total_bufsize);
            }
        }

        free_stream(temp_s);
    }
Ejemplo n.º 29
0
Archivo: rdp.c Proyecto: RPG-7/reactos
/* Parse a logon info packet */
static void
rdp_send_logon_info(uint32 flags, char *domain, char *user,
		    char *password, char *program, char *directory)
{
	//char *ipaddr = tcp_get_address();
	int len_domain = 2 * strlen(domain);
	int len_user = 2 * strlen(user);
	int len_password = 2 * strlen(password);
	int len_program = 2 * strlen(program);
	int len_directory = 2 * strlen(directory);
	//int len_ip = 2 * strlen(ipaddr);
	//int len_dll = 2 * strlen("C:\\WINNT\\System32\\mstscax.dll");
	//int packetlen = 0;
	uint32 sec_flags = g_encryption ? (SEC_LOGON_INFO | SEC_ENCRYPT) : SEC_LOGON_INFO;
	STREAM s = NULL;
	//time_t t = time(NULL);
	//time_t tzone;

	if (!g_use_rdp5 || 1 == g_server_rdp_version)
	{
		DEBUG_RDP5(("Sending RDP4-style Logon packet\n"));

		s = sec_init(sec_flags, 18 + len_domain + len_user + len_password
			     + len_program + len_directory + 10);

		out_uint32(s, 0);
		out_uint32_le(s, flags);
		out_uint16_le(s, len_domain);
		out_uint16_le(s, len_user);
		out_uint16_le(s, len_password);
		out_uint16_le(s, len_program);
		out_uint16_le(s, len_directory);
		rdp_out_unistr(s, domain, len_domain);
		rdp_out_unistr(s, user, len_user);
		rdp_out_unistr(s, password, len_password);
		rdp_out_unistr(s, program, len_program);
		rdp_out_unistr(s, directory, len_directory);
	}
	else
	{
#if 0
		flags |= RDP_LOGON_BLOB;
		DEBUG_RDP5(("Sending RDP5-style Logon packet\n"));
		packetlen = 4 +	/* Unknown uint32 */
			4 +	/* flags */
			2 +	/* len_domain */
			2 +	/* len_user */
			(flags & RDP_LOGON_AUTO ? 2 : 0) +	/* len_password */
			(flags & RDP_LOGON_BLOB ? 2 : 0) +	/* Length of BLOB */
			2 +	/* len_program */
			2 +	/* len_directory */
			(0 < len_domain ? len_domain : 2) +	/* domain */
			len_user + (flags & RDP_LOGON_AUTO ? len_password : 0) + 0 +	/* We have no 512 byte BLOB. Perhaps we must? */
			(flags & RDP_LOGON_BLOB && !(flags & RDP_LOGON_AUTO) ? 2 : 0) +	/* After the BLOB is a unknown int16. If there is a BLOB, that is. */
			(0 < len_program ? len_program : 2) + (0 < len_directory ? len_directory : 2) + 2 +	/* Unknown (2) */
			2 +	/* Client ip length */
			len_ip +	/* Client ip */
			2 +	/* DLL string length */
			len_dll +	/* DLL string */
			2 +	/* Unknown */
			2 +	/* Unknown */
			64 +	/* Time zone #0 */
			2 +	/* Unknown */
			64 +	/* Time zone #1 */
			32;	/* Unknown */

		s = sec_init(sec_flags, packetlen);
		DEBUG_RDP5(("Called sec_init with packetlen %d\n", packetlen));

		out_uint32(s, 0);	/* Unknown */
		out_uint32_le(s, flags);
		out_uint16_le(s, len_domain);
		out_uint16_le(s, len_user);
		if (flags & RDP_LOGON_AUTO)
		{
			out_uint16_le(s, len_password);

		}
		if (flags & RDP_LOGON_BLOB && !(flags & RDP_LOGON_AUTO))
		{
			out_uint16_le(s, 0);
		}
		out_uint16_le(s, len_program);
		out_uint16_le(s, len_directory);
		if (0 < len_domain)
			rdp_out_unistr(s, domain, len_domain);
		else
			out_uint16_le(s, 0);
		rdp_out_unistr(s, user, len_user);
		if (flags & RDP_LOGON_AUTO)
		{
			rdp_out_unistr(s, password, len_password);
		}
		if (flags & RDP_LOGON_BLOB && !(flags & RDP_LOGON_AUTO))
		{
			out_uint16_le(s, 0);
		}
		if (0 < len_program)
		{
			rdp_out_unistr(s, program, len_program);

		}
		else
		{
			out_uint16_le(s, 0);
		}
		if (0 < len_directory)
		{
			rdp_out_unistr(s, directory, len_directory);
		}
		else
		{
			out_uint16_le(s, 0);
		}
		out_uint16_le(s, 2);
		out_uint16_le(s, len_ip + 2);	/* Length of client ip */
		rdp_out_unistr(s, ipaddr, len_ip);
		out_uint16_le(s, len_dll + 2);
		rdp_out_unistr(s, "C:\\WINNT\\System32\\mstscax.dll", len_dll);

		tzone = (mktime(gmtime(&t)) - mktime(localtime(&t))) / 60;
		out_uint32_le(s, tzone);

		rdp_out_unistr(s, "GTB, normaltid", 2 * strlen("GTB, normaltid"));
		out_uint8s(s, 62 - 2 * strlen("GTB, normaltid"));

		out_uint32_le(s, 0x0a0000);
		out_uint32_le(s, 0x050000);
		out_uint32_le(s, 3);
		out_uint32_le(s, 0);
		out_uint32_le(s, 0);

		rdp_out_unistr(s, "GTB, sommartid", 2 * strlen("GTB, sommartid"));
		out_uint8s(s, 62 - 2 * strlen("GTB, sommartid"));

		out_uint32_le(s, 0x30000);
		out_uint32_le(s, 0x050000);
		out_uint32_le(s, 2);
		out_uint32(s, 0);
		out_uint32_le(s, 0xffffffc4);
		out_uint32_le(s, 0xfffffffe);
		out_uint32_le(s, g_rdp5_performanceflags);
		out_uint32(s, 0);

#endif
	}
	s_mark_end(s);
	sec_send(s, sec_flags);
}
Ejemplo n.º 30
0
int APP_CC
xrdp_caps_send_demand_active(struct xrdp_rdp *self)
{
    struct stream *s;
    int caps_count;
    int caps_size;
    int codec_caps_count;
    int codec_caps_size;
    int flags;
    char *caps_count_ptr;
    char *caps_size_ptr;
    char *caps_ptr;
    char *codec_caps_count_ptr;
    char *codec_caps_size_ptr;

    make_stream(s);
    init_stream(s, 8192);

    DEBUG(("in xrdp_caps_send_demand_active"));

    if (xrdp_rdp_init(self, s) != 0)
    {
        free_stream(s);
        return 1;
    }

    caps_count = 0;
    out_uint32_le(s, self->share_id);
    out_uint16_le(s, 4); /* 4 chars for RDP\0 */
    /* 2 bytes size after num caps, set later */
    caps_size_ptr = s->p;
    out_uint8s(s, 2);
    out_uint8a(s, "RDP", 4);
    /* 4 byte num caps, set later */
    caps_count_ptr = s->p;
    out_uint8s(s, 4);
    caps_ptr = s->p;

    /* Output share capability set */
    caps_count++;
    out_uint16_le(s, RDP_CAPSET_SHARE);
    out_uint16_le(s, RDP_CAPLEN_SHARE);
    out_uint16_le(s, self->mcs_channel);
    out_uint16_be(s, 0xb5e2); /* 0x73e1 */

    /* Output general capability set */
    caps_count++;
    out_uint16_le(s, RDP_CAPSET_GENERAL); /* 1 */
    out_uint16_le(s, RDP_CAPLEN_GENERAL); /* 24(0x18) */
    out_uint16_le(s, 1); /* OS major type */
    out_uint16_le(s, 3); /* OS minor type */
    out_uint16_le(s, 0x200); /* Protocol version */
    out_uint16_le(s, 0); /* pad */
    out_uint16_le(s, 0); /* Compression types */
    /* NO_BITMAP_COMPRESSION_HDR 0x0400
       FASTPATH_OUTPUT_SUPPORTED 0x0001 */
    if (self->client_info.use_fast_path & 1)
    {
        out_uint16_le(s, 0x401);
    }
    else
    {
        out_uint16_le(s, 0x400);
    }
    out_uint16_le(s, 0); /* Update capability */
    out_uint16_le(s, 0); /* Remote unshare capability */
    out_uint16_le(s, 0); /* Compression level */
    out_uint16_le(s, 0); /* Pad */

    /* Output bitmap capability set */
    caps_count++;
    out_uint16_le(s, RDP_CAPSET_BITMAP); /* 2 */
    out_uint16_le(s, RDP_CAPLEN_BITMAP); /* 28(0x1c) */
    out_uint16_le(s, self->client_info.bpp); /* Preferred BPP */
    out_uint16_le(s, 1); /* Receive 1 BPP */
    out_uint16_le(s, 1); /* Receive 4 BPP */
    out_uint16_le(s, 1); /* Receive 8 BPP */
    out_uint16_le(s, self->client_info.width); /* width */
    out_uint16_le(s, self->client_info.height); /* height */
    out_uint16_le(s, 0); /* Pad */
    out_uint16_le(s, 1); /* Allow resize */
    out_uint16_le(s, 1); /* bitmap compression */
    out_uint16_le(s, 0); /* unknown */
    out_uint16_le(s, 0); /* unknown */
    out_uint16_le(s, 0); /* pad */

    /* Output font capability set */
    caps_count++;
    out_uint16_le(s, RDP_CAPSET_FONT); /* 14 */
    out_uint16_le(s, RDP_CAPLEN_FONT); /* 4 */

    /* Output order capability set */
    caps_count++;
    out_uint16_le(s, RDP_CAPSET_ORDER); /* 3 */
    out_uint16_le(s, RDP_CAPLEN_ORDER); /* 88(0x58) */
    out_uint8s(s, 16);
    out_uint32_be(s, 0x40420f00);
    out_uint16_le(s, 1); /* Cache X granularity */
    out_uint16_le(s, 20); /* Cache Y granularity */
    out_uint16_le(s, 0); /* Pad */
    out_uint16_le(s, 1); /* Max order level */
    out_uint16_le(s, 0x2f); /* Number of fonts */
    out_uint16_le(s, 0x22); /* Capability flags */
    /* caps */
    out_uint8(s, 1); /* NEG_DSTBLT_INDEX                0x00 0 */
    out_uint8(s, 1); /* NEG_PATBLT_INDEX                0x01 1 */
    out_uint8(s, 1); /* NEG_SCRBLT_INDEX                0x02 2 */
    out_uint8(s, 1); /* NEG_MEMBLT_INDEX                0x03 3 */
    out_uint8(s, 0); /* NEG_MEM3BLT_INDEX               0x04 4 */
    out_uint8(s, 0); /* NEG_ATEXTOUT_INDEX              0x05 5 */
    out_uint8(s, 0); /* NEG_AEXTTEXTOUT_INDEX           0x06 6 */
    out_uint8(s, 0); /* NEG_DRAWNINEGRID_INDEX          0x07 7 */
    out_uint8(s, 1); /* NEG_LINETO_INDEX                0x08 8 */
    out_uint8(s, 0); /* NEG_MULTI_DRAWNINEGRID_INDEX    0x09 9 */
    out_uint8(s, 1); /* NEG_OPAQUE_RECT_INDEX           0x0A 10 */
    out_uint8(s, 0); /* NEG_SAVEBITMAP_INDEX            0x0B 11 */
    out_uint8(s, 0); /* NEG_WTEXTOUT_INDEX              0x0C 12 */
    out_uint8(s, 0); /* NEG_MEMBLT_V2_INDEX             0x0D 13 */
    out_uint8(s, 0); /* NEG_MEM3BLT_V2_INDEX            0x0E 14 */
    out_uint8(s, 0); /* NEG_MULTIDSTBLT_INDEX           0x0F 15 */
    out_uint8(s, 0); /* NEG_MULTIPATBLT_INDEX           0x10 16 */
    out_uint8(s, 0); /* NEG_MULTISCRBLT_INDEX           0x11 17 */
    out_uint8(s, 1); /* NEG_MULTIOPAQUERECT_INDEX       0x12 18 */
    out_uint8(s, 0); /* NEG_FAST_INDEX_INDEX            0x13 19 */
    out_uint8(s, 0); /* NEG_POLYGON_SC_INDEX            0x14 20 */
    out_uint8(s, 0); /* NEG_POLYGON_CB_INDEX            0x15 21 */
    out_uint8(s, 0); /* NEG_POLYLINE_INDEX              0x16 22 */
    out_uint8(s, 0); /* unused                          0x17 23 */
    out_uint8(s, 0); /* NEG_FAST_GLYPH_INDEX            0x18 24 */
    out_uint8(s, 0); /* NEG_ELLIPSE_SC_INDEX            0x19 25 */
    out_uint8(s, 0); /* NEG_ELLIPSE_CB_INDEX            0x1A 26 */
    out_uint8(s, 1); /* NEG_GLYPH_INDEX_INDEX           0x1B 27 */
    out_uint8(s, 0); /* NEG_GLYPH_WEXTTEXTOUT_INDEX     0x1C 28 */
    out_uint8(s, 0); /* NEG_GLYPH_WLONGTEXTOUT_INDEX    0x1D 29 */
    out_uint8(s, 0); /* NEG_GLYPH_WLONGEXTTEXTOUT_INDEX 0x1E 30 */
    out_uint8(s, 0); /* unused                          0x1F 31 */
    out_uint16_le(s, 0x6a1);
    /* declare support of bitmap cache rev3 */
    out_uint16_le(s, XR_ORDERFLAGS_EX_CACHE_BITMAP_REV3_SUPPORT);
    out_uint32_le(s, 0x0f4240); /* desk save */
    out_uint32_le(s, 0x0f4240); /* desk save */
    out_uint32_le(s, 1); /* ? */
    out_uint32_le(s, 0); /* ? */

    /* Output bmpcodecs capability set */
    caps_count++;
    out_uint16_le(s, RDP_CAPSET_BMPCODECS);
    codec_caps_size_ptr = s->p;
    out_uint8s(s, 2); /* cap len set later */
    codec_caps_count = 0;
    codec_caps_count_ptr = s->p;
    out_uint8s(s, 1); /* bitmapCodecCount set later */
    /* nscodec */
    codec_caps_count++;
    out_uint8a(s, XR_CODEC_GUID_NSCODEC, 16);
    out_uint8(s, 1); /* codec id, must be 1 */
    out_uint16_le(s, 3); /* codecPropertiesLength */
    out_uint8(s, 0x01); /* fAllowDynamicFidelity */
    out_uint8(s, 0x01); /* fAllowSubsampling */
    out_uint8(s, 0x03); /* colorLossLevel */
#if defined(XRDP_RFXCODEC) || defined(XRDP_NEUTRINORDP)
    /* remotefx */
    codec_caps_count++;
    out_uint8a(s, XR_CODEC_GUID_REMOTEFX, 16);
    out_uint8(s, 0); /* codec id, client sets */
    out_uint16_le(s, 4); /* codecPropertiesLength */
    out_uint32_le(s, 0); /* reserved */
    /* image remotefx */
    codec_caps_count++;
    out_uint8a(s, XR_CODEC_GUID_IMAGE_REMOTEFX, 16);
    out_uint8(s, 0); /* codec id, client sets */
    out_uint16_le(s, 4); /* codecPropertiesLength */
    out_uint32_le(s, 0); /* reserved */
#endif
    /* jpeg */
    codec_caps_count++;
    out_uint8a(s, XR_CODEC_GUID_JPEG, 16);
    out_uint8(s, 0); /* codec id, client sets */
    out_uint16_le(s, 1); /* codecPropertiesLength */
    out_uint8(s, 75); /* jpeg compression ratio */
    /* calculate and set size and count */
    codec_caps_size = (int)(s->p - codec_caps_size_ptr);
    codec_caps_size += 2; /* 2 bytes for RDP_CAPSET_BMPCODECS above */
    codec_caps_size_ptr[0] = codec_caps_size;
    codec_caps_size_ptr[1] = codec_caps_size >> 8;
    codec_caps_count_ptr[0] = codec_caps_count;

    /* Output color cache capability set */
    caps_count++;
    out_uint16_le(s, RDP_CAPSET_COLCACHE);
    out_uint16_le(s, RDP_CAPLEN_COLCACHE);
    out_uint16_le(s, 6); /* cache size */
    out_uint16_le(s, 0); /* pad */

    /* Output pointer capability set */
    caps_count++;
    out_uint16_le(s, RDP_CAPSET_POINTER);
    out_uint16_le(s, RDP_CAPLEN_POINTER);
    out_uint16_le(s, 1); /* Colour pointer */
    out_uint16_le(s, 0x19); /* Cache size */
    out_uint16_le(s, 0x19); /* Cache size */

    /* Output input capability set */
    caps_count++;
    out_uint16_le(s, RDP_CAPSET_INPUT); /* 13(0xd) */
    out_uint16_le(s, RDP_CAPLEN_INPUT); /* 88(0x58) */

    flags = INPUT_FLAG_SCANCODES | INPUT_FLAG_MOUSEX | INPUT_FLAG_UNICODE;
    if (self->client_info.use_fast_path & 2)
    {
        flags |= INPUT_FLAG_FASTPATH_INPUT | INPUT_FLAG_FASTPATH_INPUT2;
    }
    out_uint16_le(s, flags);
    out_uint8s(s, 82);

    /* Remote Programs Capability Set */
    caps_count++;
    out_uint16_le(s, 0x0017); /* CAPSETTYPE_RAIL */
    out_uint16_le(s, 8);
    out_uint32_le(s, 3); /* TS_RAIL_LEVEL_SUPPORTED
                          TS_RAIL_LEVEL_DOCKED_LANGBAR_SUPPORTED */

    /* Window List Capability Set */
    caps_count++;
    out_uint16_le(s, 0x0018); /* CAPSETTYPE_WINDOW */
    out_uint16_le(s, 11);
    out_uint32_le(s, 2); /* TS_WINDOW_LEVEL_SUPPORTED_EX */
    out_uint8(s, 3); /* NumIconCaches */
    out_uint16_le(s, 12); /* NumIconCacheEntries */

    /* 6 - bitmap cache v3 codecid */
    caps_count++;
    out_uint16_le(s, 0x0006);
    out_uint16_le(s, 5);
    out_uint8(s, 0); /* client sets */

    if (self->client_info.use_fast_path & FASTPATH_OUTPUT_SUPPORTED) /* fastpath output on */
    {
        /* multifragment update */
        caps_count++;
        out_uint16_le(s, RDP_CAPSET_MULTIFRAGMENT); /* 26 CAPSETTYPE_MULTIFRAGMENTUPDATE */
        out_uint16_le(s, RDP_CAPLEN_MULTIFRAGMENT);
        out_uint32_le(s, 3 * 1024 * 1024); /* 3MB */

        /* frame acks */
        caps_count++;
        out_uint16_le(s, RDP_CAPSET_FRAME_ACKNOWLEDGE); /* CAPSETTYPE_FRAME_ACKNOWLEDGE */
        out_uint16_le(s, RDP_CAPLEN_FRAME_ACKNOWLEDGE);
        out_uint32_le(s, 2); /* 2 frames in flight */

        /* surface commands */
        caps_count++;
        out_uint16_le(s, RDP_CAPSET_SURFCMDS); /* CAPSETTYPE_SURFACE_COMMANDS */
        out_uint16_le(s, RDP_CAPLEN_SURFCMDS); /* lengthCapability */
        out_uint32_le(s, (SURFCMDS_SETSURFACEBITS |
                          SURFCMDS_FRAMEMARKER |
                          SURFCMDS_STREAMSUFRACEBITS)); /* cmdFlags */
        out_uint32_le(s, 0); /* reserved */
    }

    out_uint8s(s, 4); /* pad */

    s_mark_end(s);

    caps_size = (int)(s->end - caps_ptr);
    caps_size_ptr[0] = caps_size;
    caps_size_ptr[1] = caps_size >> 8;

    caps_count_ptr[0] = caps_count;
    caps_count_ptr[1] = caps_count >> 8;
    caps_count_ptr[2] = caps_count >> 16;
    caps_count_ptr[3] = caps_count >> 24;

    if (xrdp_rdp_send(self, s, RDP_PDU_DEMAND_ACTIVE) != 0)
    {
        free_stream(s);
        return 1;
    }
    DEBUG(("out (1) xrdp_caps_send_demand_active"));

    /* send Monitor Layout PDU for dual monitor */
    if (self->client_info.monitorCount > 0 &&
        self->client_info.multimon == 1)
    {
        DEBUG(("xrdp_caps_send_demand_active: sending monitor layout pdu"));
        if (xrdp_caps_send_monitorlayout(self) != 0)
        {
          g_writeln("xrdp_caps_send_demand_active: error sending monitor layout pdu");
        }
    }

    free_stream(s);
    return 0;
}