/* Send a Licensing packet with Platform Challenge Response */
static void
licence_send_authresp(rdpLicence * licence, uint8 * token, uint8 * crypt_hwid, uint8 * signature)
{
uint32 sec_flags = SEC_LICENSE_PKT;
uint16 length = 58;
STREAM s;
s = sec_init(licence->sec, sec_flags, length + 2);
/* Licensing Preamble (LICENSE_PREAMBLE) */
out_uint8(s, PLATFORM_CHALLENGE_RESPONSE); /* PLATFORM_CHALLENGE_RESPONSE */
out_uint8(s, 2); /* PREAMBLE_VERSION_2_0 */
out_uint16_le(s, length);
/* Licensing Binary BLOB with EncryptedPlatformChallengeResponse: */
out_uint16_le(s, 1); /* wBlobType should be 0x0009 (BB_ENCRYPTED_DATA_BLOB) */
out_uint16_le(s, LICENCE_TOKEN_SIZE); /* wBlobLen */
out_uint8p(s, token, LICENCE_TOKEN_SIZE); /* RC4-encrypted challenge data */
/* Licensing Binary BLOB with EncryptedHWID: */
out_uint16_le(s, 1); /* wBlobType should be 0x0009 (BB_ENCRYPTED_DATA_BLOB) */
out_uint16_le(s, LICENCE_HWID_SIZE); /* wBlobLen */
out_uint8p(s, crypt_hwid, LICENCE_HWID_SIZE); /* RC4-encrypted Client Hardware Identification */
out_uint8p(s, signature, LICENCE_SIGNATURE_SIZE); /* MACData */
s_mark_end(s);
sec_send(licence->sec, s, sec_flags);
}
/* Send a platform challenge response packet */
static void
licence_send_platform_challenge_response(uint8 * token, uint8 * crypt_hwid, uint8 * signature)
{
uint32 sec_flags = SEC_LICENSE_PKT;
uint16 length = 58;
STREAM s;
s = sec_init(sec_flags, length + 2);
out_uint8(s, LICENCE_TAG_PLATFORM_CHALLENGE_RESPONSE);
out_uint8(s, ((g_rdp_version >= RDP_V5) ? 3 : 2)); /* version */
out_uint16_le(s, length);
out_uint16_le(s, 1);
out_uint16_le(s, LICENCE_TOKEN_SIZE);
out_uint8p(s, token, LICENCE_TOKEN_SIZE);
out_uint16_le(s, 1);
out_uint16_le(s, LICENCE_HWID_SIZE);
out_uint8p(s, crypt_hwid, LICENCE_HWID_SIZE);
out_uint8p(s, signature, LICENCE_SIGNATURE_SIZE);
s_mark_end(s);
sec_send(s, sec_flags);
}
/* 004 */
enum SCP_CLIENT_STATES_E
scp_v1c_resend_credentials(struct SCP_CONNECTION *c, struct SCP_SESSION *s)
{
tui8 sz;
tui32 size;
init_stream(c->out_s, c->out_s->size);
init_stream(c->in_s, c->in_s->size);
size = 12 + 2 + g_strlen(s->username) + g_strlen(s->password);
/* sending request */
/* header */
out_uint32_be(c->out_s, 1); /* version */
out_uint32_be(c->out_s, size);
out_uint16_be(c->out_s, SCP_COMMAND_SET_DEFAULT);
out_uint16_be(c->out_s, 4);
/* body */
sz = g_strlen(s->username);
out_uint8(c->out_s, sz);
out_uint8p(c->out_s, s->username, sz);
sz = g_strlen(s->password);
out_uint8(c->out_s, sz);
out_uint8p(c->out_s, s->password, sz);
if (0 != scp_tcp_force_send(c->in_sck, c->out_s->data, size))
{
return SCP_CLIENT_STATE_NETWORK_ERR;
}
/* wait for response */
return _scp_v1c_check_response(c, s);
}
/* Send an authentication response packet */
static BOOL
licence_send_authresp(RDPCLIENT * This, uint8 * token, uint8 * crypt_hwid, uint8 * signature)
{
uint32 sec_flags = SEC_LICENCE_NEG;
uint16 length = 58;
STREAM s;
s = sec_init(This, sec_flags, length + 2);
if(s == NULL)
return False;
out_uint8(s, LICENCE_TAG_AUTHRESP);
out_uint8(s, 2); /* version */
out_uint16_le(s, length);
out_uint16_le(s, 1);
out_uint16_le(s, LICENCE_TOKEN_SIZE);
out_uint8p(s, token, LICENCE_TOKEN_SIZE);
out_uint16_le(s, 1);
out_uint16_le(s, LICENCE_HWID_SIZE);
out_uint8p(s, crypt_hwid, LICENCE_HWID_SIZE);
out_uint8p(s, signature, LICENCE_SIGNATURE_SIZE);
s_mark_end(s);
return sec_send(This, s, sec_flags);
}
/* Send an authentication response packet */
static void
licence_send_authresp(uint8 *token, uint8 *crypt_hwid, uint8 *signature)
{
uint32 sec_flags = SEC_LICENCE_NEG;
uint16 length = 58;
STREAM s;
s = sec_init(sec_flags, length + 2);
out_uint16_le(s, LICENCE_TAG_AUTHRESP);
out_uint16_le(s, length);
out_uint16_le(s, 1);
out_uint16_le(s, LICENCE_TOKEN_SIZE);
out_uint8p(s, token, LICENCE_TOKEN_SIZE);
out_uint16_le(s, 1);
out_uint16_le(s, LICENCE_HWID_SIZE);
out_uint8p(s, crypt_hwid, LICENCE_HWID_SIZE);
out_uint8p(s, signature, LICENCE_SIGNATURE_SIZE);
s_mark_end(s);
sec_send(s, sec_flags);
}
/* Send an authentication response packet */
static void
licence_send_authresp(RDConnectionRef conn, uint8 * token, uint8 * crypt_hwid, uint8 * signature)
{
uint32 sec_flags = SEC_LICENCE_NEG;
uint16 length = 58;
RDStreamRef s;
s = sec_init(conn, sec_flags, length + 2);
out_uint8(s, LICENCE_TAG_AUTHRESP);
out_uint8(s, 2); /* version */
out_uint16_le(s, length);
out_uint16_le(s, 1);
out_uint16_le(s, LICENCE_TOKEN_SIZE);
out_uint8p(s, token, LICENCE_TOKEN_SIZE);
out_uint16_le(s, 1);
out_uint16_le(s, LICENCE_HWID_SIZE);
out_uint8p(s, crypt_hwid, LICENCE_HWID_SIZE);
out_uint8p(s, signature, LICENCE_SIGNATURE_SIZE);
s_mark_end(s);
sec_send(conn, s, sec_flags);
}
static void
iso_send_connection_request(char *username)
{
STREAM s;
int length = 30 + strlen(username);
s = tcp_init(length);
out_uint8(s, 3); /* version */
out_uint8(s, 0); /* reserved */
out_uint16_be(s, length); /* length */
out_uint8(s, length - 5); /* hdrlen */
out_uint8(s, ISO_PDU_CR);
out_uint16(s, 0); /* dst_ref */
out_uint16(s, 0); /* src_ref */
out_uint8(s, 0); /* class */
out_uint8p(s, "Cookie: mstshash=", strlen("Cookie: mstshash="));
out_uint8p(s, username, strlen(username));
out_uint8(s, 0x0d); /* Unknown */
out_uint8(s, 0x0a); /* Unknown */
s_mark_end(s);
tcp_send(s);
}
static void
rdpdr_send_available(RDPCLIENT * This)
{
uint8 magic[4] = "rDAD";
uint32 driverlen, printerlen, bloblen;
int i;
STREAM s;
PRINTER *printerinfo;
s = channel_init(This, This->rdpdr.channel, announcedata_size(This));
out_uint8a(s, magic, 4);
out_uint32_le(s, This->num_devices);
for (i = 0; i < This->num_devices; i++)
{
out_uint32_le(s, This->rdpdr_device[i].device_type);
out_uint32_le(s, i); /* RDP Device ID */
/* Is it possible to use share names longer than 8 chars?
/astrand */
out_uint8p(s, This->rdpdr_device[i].name, 8);
switch (This->rdpdr_device[i].device_type)
{
case DEVICE_TYPE_PRINTER:
printerinfo = (PRINTER *) This->rdpdr_device[i].pdevice_data;
driverlen = 2 * strlen(printerinfo->driver) + 2;
printerlen = 2 * strlen(printerinfo->printer) + 2;
bloblen = printerinfo->bloblen;
out_uint32_le(s, 24 + driverlen + printerlen + bloblen); /* length of extra info */
out_uint32_le(s, printerinfo->default_printer ? 2 : 0);
out_uint8s(s, 8); /* unknown */
out_uint32_le(s, driverlen);
out_uint32_le(s, printerlen);
out_uint32_le(s, bloblen);
rdp_out_unistr(This, s, printerinfo->driver, driverlen - 2);
rdp_out_unistr(This, s, printerinfo->printer, printerlen - 2);
out_uint8a(s, printerinfo->blob, bloblen);
if (printerinfo->blob)
xfree(printerinfo->blob); /* Blob is sent twice if reconnecting */
break;
default:
out_uint32(s, 0);
}
}
#if 0
out_uint32_le(s, 0x20); /* Device type 0x20 - smart card */
out_uint32_le(s, 0);
out_uint8p(s, "SCARD", 5);
out_uint8s(s, 3);
out_uint32(s, 0);
#endif
s_mark_end(s);
channel_send(This, s, This->rdpdr.channel);
}
static STREAM
cssp_encode_tspasswordcreds(char *username, char *password, char *domain)
{
STREAM out, h1, h2;
struct stream tmp = { 0 };
struct stream message = { 0 };
memset(&tmp, 0, sizeof(tmp));
memset(&message, 0, sizeof(message));
// domainName [0]
s_realloc(&tmp, 4 + strlen(domain) * sizeof(uint16));
s_reset(&tmp);
rdp_out_unistr(&tmp, domain, strlen(domain) * sizeof(uint16));
s_mark_end(&tmp);
h2 = ber_wrap_hdr_data(BER_TAG_OCTET_STRING, &tmp);
h1 = ber_wrap_hdr_data(BER_TAG_CTXT_SPECIFIC | BER_TAG_CONSTRUCTED | 0, h2);
s_realloc(&message, s_length(&message) + s_length(h1));
out_uint8p(&message, h1->data, s_length(h1));
s_mark_end(&message);
s_free(h2);
s_free(h1);
// userName [1]
s_realloc(&tmp, 4 + strlen(username) * sizeof(uint16));
s_reset(&tmp);
rdp_out_unistr(&tmp, username, strlen(username) * sizeof(uint16));
s_mark_end(&tmp);
h2 = ber_wrap_hdr_data(BER_TAG_OCTET_STRING, &tmp);
h1 = ber_wrap_hdr_data(BER_TAG_CTXT_SPECIFIC | BER_TAG_CONSTRUCTED | 1, h2);
s_realloc(&message, s_length(&message) + s_length(h1));
out_uint8p(&message, h1->data, s_length(h1));
s_mark_end(&message);
s_free(h2);
s_free(h1);
// password [2]
s_realloc(&tmp, 4 + strlen(password) * sizeof(uint16));
s_reset(&tmp);
rdp_out_unistr(&tmp, password, strlen(password) * sizeof(uint16));
s_mark_end(&tmp);
h2 = ber_wrap_hdr_data(BER_TAG_OCTET_STRING, &tmp);
h1 = ber_wrap_hdr_data(BER_TAG_CTXT_SPECIFIC | BER_TAG_CONSTRUCTED | 2, h2);
s_realloc(&message, s_length(&message) + s_length(h1));
out_uint8p(&message, h1->data, s_length(h1));
s_mark_end(&message);
s_free(h2);
s_free(h1);
// build message
out = ber_wrap_hdr_data(BER_TAG_SEQUENCE | BER_TAG_CONSTRUCTED, &message);
// cleanup
xfree(tmp.data);
xfree(message.data);
return out;
}
/* Output and send X.224 Connection Request TPDU with routing for username */
void
x224_send_connection_request(rdpIso * iso)
{
STREAM s;
int length = 11;
int cookie_length;
cookie_length = strlen(iso->cookie);
if (iso->mcs->sec->rdp->redirect_routingtoken)
/* routingToken */
length += iso->mcs->sec->rdp->redirect_routingtoken_len;
else
/* cookie */
length += 19 + cookie_length;
if (iso->nego->requested_protocols > PROTOCOL_RDP)
length += 8;
/* FIXME: Use x224_send_dst_src_class */
s = tcp_init(iso->tcp, length);
tpkt_output_header(s, length);
/* X.224 Connection Request (CR) TPDU */
out_uint8(s, length - 5); /* length indicator */
out_uint8(s, X224_TPDU_CONNECTION_REQUEST);
out_uint16_le(s, 0); /* dst_ref */
out_uint16_le(s, 0); /* src_ref */
out_uint8(s, 0); /* class */
if (iso->mcs->sec->rdp->redirect_routingtoken)
{
/* routingToken */
out_uint8p(s, iso->mcs->sec->rdp->redirect_routingtoken, iso->mcs->sec->rdp->redirect_routingtoken_len);
}
else
{
/* cookie */
out_uint8p(s, "Cookie: mstshash=", strlen("Cookie: mstshash="));
out_uint8p(s, iso->cookie, cookie_length);
out_uint8(s, 0x0D); /* CR */
out_uint8(s, 0x0A); /* LF */
}
if (iso->nego->requested_protocols > PROTOCOL_RDP)
{
out_uint8(s, TYPE_RDP_NEG_REQ); /* When using TLS, NLA, or both, RDP_NEG_DATA should be present */
out_uint8(s, 0x00); /* flags, must be set to zero */
out_uint16_le(s, 8); /* RDP_NEG_DATA length (8) */
out_uint32_le(s, iso->nego->requested_protocols); /* requestedProtocols */
}
s_mark_end(s);
tcp_send(iso->tcp, s);
}
/* Output unknown capability sets */
static void rdp_out_unknown_caps(STREAM s, uint16 id, uint16 length,
uint8 * caps) {
out_uint16_le(s, id);
out_uint16_le(s, length);
out_uint8p(s, caps, length - 4);
}
enum SCP_SERVER_STATES_E
scp_v1s_deny_connection(struct SCP_CONNECTION* c, char* reason)
{
int rlen;
init_stream(c->out_s,c->out_s->size);
/* forcing message not to exceed 64k */
rlen = g_strlen(reason);
if (rlen > 65535)
{
rlen = 65535;
}
out_uint32_be(c->out_s, 1);
/* packet size: 4 + 4 + 2 + 2 + 2 + strlen(reason)*/
/* version + size + cmdset + cmd + msglen + msg */
out_uint32_be(c->out_s, rlen+14);
out_uint16_be(c->out_s, SCP_COMMAND_SET_DEFAULT);
out_uint16_be(c->out_s, 2);
out_uint16_be(c->out_s, rlen);
out_uint8p(c->out_s, reason, rlen);
if (0!=scp_tcp_force_send(c->in_sck, c->out_s->data, rlen+14))
{
log_message(LOG_LEVEL_WARNING, "[v1s:%d] connection aborted: network error", __LINE__);
return SCP_SERVER_STATE_NETWORK_ERR;
}
return SCP_SERVER_STATE_END;
}
static BOOL
iso_send_connection_request(RDPCLIENT * This, char *cookie)
{
STREAM s;
int cookielen = (int)strlen(cookie);
int length = 11 + cookielen;
s = tcp_init(This, length);
if(s == NULL)
return False;
out_uint8(s, 3); /* version */
out_uint8(s, 0); /* reserved */
out_uint16_be(s, length); /* length */
out_uint8(s, length - 5); /* hdrlen */
out_uint8(s, ISO_PDU_CR);
out_uint16(s, 0); /* dst_ref */
out_uint16(s, 0); /* src_ref */
out_uint8(s, 0); /* class */
out_uint8p(s, cookie, cookielen);
s_mark_end(s);
return tcp_send(This, s);
}
/* 003 */
enum SCP_SERVER_STATES_E
scp_v1s_mng_deny_connection(struct SCP_CONNECTION *c, char *reason)
{
int rlen;
init_stream(c->out_s, c->out_s->size);
/* forcing message not to exceed 64k */
rlen = g_strlen(reason);
if (rlen > 65535)
{
rlen = 65535;
}
out_uint32_be(c->out_s, 1);
/* packet size: 4 + 4 + 2 + 2 + 2 + strlen(reason)*/
/* version + size + cmdset + cmd + msglen + msg */
out_uint32_be(c->out_s, rlen + 14);
out_uint16_be(c->out_s, SCP_COMMAND_SET_MANAGE);
out_uint16_be(c->out_s, SCP_CMD_MNG_LOGIN_DENY);
out_uint16_be(c->out_s, rlen);
out_uint8p(c->out_s, reason, rlen);
if (0 != scp_tcp_force_send(c->in_sck, c->out_s->data, rlen + 14))
{
return SCP_SERVER_STATE_NETWORK_ERR;
}
return SCP_SERVER_STATE_END;
}
static RD_BOOL
cssp_gss_unwrap(gss_ctx_id_t * ctx, STREAM in, STREAM out)
{
OM_uint32 major_status;
OM_uint32 minor_status;
gss_qop_t qop_state;
gss_buffer_desc inbuf, outbuf;
int conf_state;
inbuf.value = in->data;
inbuf.length = s_length(in);
major_status = gss_unwrap(&minor_status, ctx, &inbuf, &outbuf, &conf_state, &qop_state);
if (major_status != GSS_S_COMPLETE)
{
cssp_gss_report_error(GSS_C_GSS_CODE, "Failed to decrypt message",
major_status, minor_status);
return False;
}
out->data = out->p = xmalloc(outbuf.length);
out->size = outbuf.length;
out_uint8p(out, outbuf.value, outbuf.length);
s_mark_end(out);
gss_release_buffer(&minor_status, &outbuf);
return True;
}
void
rdpdr_send_completion(uint32 device, uint32 id, uint32 status, uint32 result, uint8 * buffer,
uint32 length)
{
uint8 magic[4] = "rDCI";
STREAM s;
#ifdef WITH_SCARD
scard_lock(SCARD_LOCK_RDPDR);
#endif
s = channel_init(rdpdr_channel, 20 + length);
out_uint8a(s, magic, 4);
out_uint32_le(s, device);
out_uint32_le(s, id);
out_uint32_le(s, status);
out_uint32_le(s, result);
out_uint8p(s, buffer, length);
s_mark_end(s);
/* JIF */
#ifdef WITH_DEBUG_RDP5
printf("--> rdpdr_send_completion\n");
/* hexdump(s->channel_hdr + 8, s->end - s->channel_hdr - 8); */
#endif
channel_send(s, rdpdr_channel);
#ifdef WITH_SCARD
scard_unlock(SCARD_LOCK_RDPDR);
#endif
}
/* Send a confirm active PDU */
static void rdp_send_confirm_active(void) {
STREAM s;
uint32 sec_flags = g_encryption ? (RDP5_FLAG | SEC_ENCRYPT) : RDP5_FLAG;
uint16 caplen = RDP_CAPLEN_GENERAL + RDP_CAPLEN_BITMAP + RDP_CAPLEN_ORDER
+ RDP_CAPLEN_COLCACHE + RDP_CAPLEN_ACTIVATE + RDP_CAPLEN_CONTROL
+ RDP_CAPLEN_SHARE + RDP_CAPLEN_BRUSHCACHE + 0x58 + 0x08 + 0x08
+ 0x34 /* unknown caps */+ 4 /* w2k fix, sessionid */;
if (g_use_rdp5) {
caplen += RDP_CAPLEN_BMPCACHE2;
caplen += RDP_CAPLEN_NEWPOINTER;
} else {
caplen += RDP_CAPLEN_BMPCACHE;
caplen += RDP_CAPLEN_POINTER;
}
s = sec_init(sec_flags, 6 + 14 + caplen + sizeof(RDP_SOURCE));
out_uint16_le(s, 2 + 14 + caplen + sizeof(RDP_SOURCE));
out_uint16_le(s, (RDP_PDU_CONFIRM_ACTIVE | 0x10));
/* Version 1 */
out_uint16_le(s, (g_mcs_userid + 1001));
out_uint32_le(s, g_rdp_shareid);
out_uint16_le(s, 0x3ea);
/* userid */
out_uint16_le(s, sizeof(RDP_SOURCE));
out_uint16_le(s, caplen);
out_uint8p(s, RDP_SOURCE, sizeof(RDP_SOURCE));
out_uint16_le(s, 0xe);
/* num_caps */
out_uint8s(s, 2);
/* pad */
rdp_out_general_caps(s);
rdp_out_bitmap_caps(s);
rdp_out_order_caps(s);
if (g_use_rdp5) {
rdp_out_bmpcache2_caps(s);
rdp_out_newpointer_caps(s);
} else {
rdp_out_bmpcache_caps(s);
rdp_out_pointer_caps(s);
}
rdp_out_colcache_caps(s);
rdp_out_activate_caps(s);
rdp_out_control_caps(s);
rdp_out_share_caps(s);
rdp_out_brushcache_caps(s);
rdp_out_unknown_caps(s, 0x0d, 0x58, caps_0x0d); /* CAPSTYPE_INPUT */
rdp_out_unknown_caps(s, 0x0c, 0x08, caps_0x0c); /* CAPSTYPE_SOUND */
rdp_out_unknown_caps(s, 0x0e, 0x08, caps_0x0e); /* CAPSTYPE_FONT */
rdp_out_unknown_caps(s, 0x10, 0x34, caps_0x10); /* CAPSTYPE_GLYPHCACHE */
s_mark_end(s);
sec_send(s, sec_flags);
}
/* Output unknown capability sets (number 13, 12, 14 and 16) */
static void
rdp_out_unknown_caps(STREAM s)
{
out_uint16_le(s, RDP_CAPSET_UNKNOWN);
out_uint16_le(s, 0x58);
out_uint8p(s, canned_caps, RDP_CAPLEN_UNKNOWN - 4);
}
void
channel_send(STREAM s, VCHANNEL * channel)
{
uint32 length, flags;
uint32 thislength, remaining;
uint8 *data;
#ifdef WITH_SCARD
scard_lock(SCARD_LOCK_CHANNEL);
#endif
/* first fragment sent in-place */
s_pop_layer(s, channel_hdr);
length = s->end - s->p - 8;
DEBUG_CHANNEL(("channel_send, length = %d\n", length));
thislength = MIN(length, CHANNEL_CHUNK_LENGTH);
/* Note: In the original clipboard implementation, this number was
1592, not 1600. However, I don't remember the reason and 1600 seems
to work so.. This applies only to *this* length, not the length of
continuation or ending packets. */
remaining = length - thislength;
flags = (remaining == 0) ? CHANNEL_FLAG_FIRST | CHANNEL_FLAG_LAST : CHANNEL_FLAG_FIRST;
if (channel->flags & CHANNEL_OPTION_SHOW_PROTOCOL)
flags |= CHANNEL_FLAG_SHOW_PROTOCOL;
out_uint32_le(s, length);
out_uint32_le(s, flags);
data = s->end = s->p + thislength;
DEBUG_CHANNEL(("Sending %d bytes with FLAG_FIRST\n", thislength));
sec_send_to_channel(s, g_encryption ? SEC_ENCRYPT : 0, channel->mcs_id);
/* subsequent segments copied (otherwise would have to generate headers backwards) */
while (remaining > 0)
{
thislength = MIN(remaining, CHANNEL_CHUNK_LENGTH);
remaining -= thislength;
flags = (remaining == 0) ? CHANNEL_FLAG_LAST : 0;
if (channel->flags & CHANNEL_OPTION_SHOW_PROTOCOL)
flags |= CHANNEL_FLAG_SHOW_PROTOCOL;
DEBUG_CHANNEL(("Sending %d bytes with flags %d\n", thislength, flags));
s = sec_init(g_encryption ? SEC_ENCRYPT : 0, thislength + 8);
out_uint32_le(s, length);
out_uint32_le(s, flags);
out_uint8p(s, data, thislength);
s_mark_end(s);
sec_send_to_channel(s, g_encryption ? SEC_ENCRYPT : 0, channel->mcs_id);
data += thislength;
}
#ifdef WITH_SCARD
scard_unlock(SCARD_LOCK_CHANNEL);
#endif
}
/* Send a Licensing packet with Client License Information */
static void
licence_present(rdpLicence * licence, uint8 * client_random, uint8 * rsa_data,
uint8 * licence_data, int licence_size, uint8 * hwid, uint8 * signature)
{
uint32 sec_flags = SEC_LICENSE_PKT;
uint16 length =
16 + SEC_RANDOM_SIZE + SEC_MODULUS_SIZE + SEC_PADDING_SIZE +
licence_size + LICENCE_HWID_SIZE + LICENCE_SIGNATURE_SIZE;
STREAM s;
s = sec_init(licence->sec, sec_flags, length + 4);
/* Licensing Preamble (LICENSE_PREAMBLE) */
out_uint8(s, LICENSE_INFO); /* bMsgType LICENSE_INFO */
out_uint8(s, 2); /* bVersion PREAMBLE_VERSION_2_0 */
out_uint16_le(s, length);
/* Client License Information: */
out_uint32_le(s, 1); /* PreferredKeyExchangeAlg KEY_EXCHANGE_ALG_RSA */
out_uint16_le(s, 0); /* PlatformId, unknown platform and ISV */
out_uint16_le(s, 0x0201); /* PlatformId, build/version */
out_uint8p(s, client_random, SEC_RANDOM_SIZE); /* ClientRandom */
/* Licensing Binary Blob with EncryptedPreMasterSecret: */
out_uint16_le(s, 0); /* wBlobType should be 0x0002 (BB_RANDOM_BLOB) */
out_uint16_le(s, (SEC_MODULUS_SIZE + SEC_PADDING_SIZE)); /* wBlobLen */
out_uint8p(s, rsa_data, SEC_MODULUS_SIZE); /* 48 bit random number encrypted for server */
out_uint8s(s, SEC_PADDING_SIZE);
/* Licensing Binary Blob with LicenseInfo: */
out_uint16_le(s, 1); /* wBlobType BB_DATA_BLOB */
out_uint16_le(s, licence_size); /* wBlobLen */
out_uint8p(s, licence_data, licence_size); /* CAL issued by servers license server */
/* Licensing Binary Blob with EncryptedHWID */
out_uint16_le(s, 1); /* wBlobType BB_DATA_BLOB */
out_uint16_le(s, LICENCE_HWID_SIZE); /* wBlobLen */
out_uint8p(s, hwid, LICENCE_HWID_SIZE); /* RC4-encrypted Client Hardware Identification */
out_uint8p(s, signature, LICENCE_SIGNATURE_SIZE); /* MACData */
s_mark_end(s);
sec_send(licence->sec, s, sec_flags);
}
void rdp_out_order_capset(rdpRdp * rdp, STREAM s)
{
uint8 orderSupport[32];
capsetHeaderRef header;
header = rdp_skip_capset_header(s);
memset(orderSupport, 0, 32);
orderSupport[NEG_DSTBLT_INDEX] = 1;
orderSupport[NEG_PATBLT_INDEX] = 1;
orderSupport[NEG_SCRBLT_INDEX] = 1;
orderSupport[NEG_MEMBLT_INDEX] = (rdp->settings->bitmap_cache ? 1 : 0);
orderSupport[NEG_MEM3BLT_INDEX] = (rdp->settings->triblt ? 1 : 0);
// orderSupport[NEG_DRAWNINEGRID_INDEX] = 1;
orderSupport[NEG_LINETO_INDEX] = 1;
orderSupport[NEG_MULTI_DRAWNINEGRID_INDEX] = 1;
orderSupport[NEG_SAVEBITMAP_INDEX] = (rdp->settings->desktop_save ? 1 : 0);
// orderSupport[NEG_MULTIDSTBLT_INDEX] = 1;
orderSupport[NEG_MULTIPATBLT_INDEX] = 1;
// orderSupport[NEG_MULTISCRBLT_INDEX] = 1;
orderSupport[NEG_MULTIOPAQUERECT_INDEX] = 1;
orderSupport[NEG_FAST_INDEX_INDEX] = 1;
orderSupport[NEG_POLYGON_SC_INDEX] = (rdp->settings->polygon_ellipse_orders ? 1 : 0);
orderSupport[NEG_POLYGON_CB_INDEX] = (rdp->settings->polygon_ellipse_orders ? 1 : 0);
orderSupport[NEG_POLYLINE_INDEX] = 1;
orderSupport[NEG_FAST_GLYPH_INDEX] = 1;
/* orderSupport[NEG_ELLIPSE_SC_INDEX] = (rdp->settings->polygon_ellipse_orders ? 1 : 0);*/
/* orderSupport[NEG_ELLIPSE_CB_INDEX] = (rdp->settings->polygon_ellipse_orders ? 1 : 0);*/
orderSupport[NEG_INDEX_INDEX] = 1;
out_uint8s(s, 16); /* terminalDescriptor, ignored and should be set to zero */
out_uint32_le(s, 0); /* pad */
out_uint16_le(s, 1); /* desktopSaveXGranularity */
out_uint16_le(s, 20); /* desktopSaveYGranularity */
out_uint16_le(s, 0); /* pad */
out_uint16_le(s, 1); /* maximumOrderLevel */
out_uint16_le(s, 0); /* numberFonts, ignored and should be set to zero */
out_uint16_le(s,
NEGOTIATEORDERSUPPORT |
ZEROBOUNDSDELTASSUPPORT |
COLORINDEXSUPPORT ); /* orderFlags */
out_uint8p(s, orderSupport, 32); /* orderSupport */
out_uint16_le(s, 0); /* textFlags, must be ignored */
out_uint16_le(s, 0); /* orderSupportExFlags */
out_uint32_le(s, 0); /* pad */
out_uint32_le(s, rdp->settings->desktop_save == False ? 0 : 0x38400); /* desktopSaveSize */
out_uint16_le(s, 0); /* pad */
out_uint16_le(s, 0); /* pad */
/* See [MSDN-CP]: http://msdn.microsoft.com/en-us/library/dd317756/ */
out_uint16_le(s, 0x04E4); /* textANSICodePage, 0x04E4 is "ANSI Latin 1 Western European (Windows)" */
out_uint16_le(s, 0); /* pad */
rdp_out_capset_header(s, header, CAPSET_TYPE_ORDER);
}
int DEFAULT_CC
xml_send_error(int client, const char* message)
{
xmlChar* xmlbuff;
xmlDocPtr doc;
xmlNodePtr node;
struct stream* s;
int buff_size, size;
xmlChar* version;
xmlChar* error;
xmlChar* msg;
version = xmlCharStrdup("1.0");
doc = xmlNewDoc(version);
if (doc == NULL)
{
log_message(&(g_cfg->log), LOG_LEVEL_WARNING, "sesman[xml_send_error]: "
"Unable to create the document");
xmlFree(version);
return 0;
}
error = xmlCharStrdup("error");
msg = xmlCharStrdup(message);
doc->encoding = xmlCharStrdup("UTF-8");
node = xmlNewNode(NULL, error);
xmlNodeSetContent(node, msg);
xmlDocSetRootElement(doc, node);
xmlDocDumpFormatMemory(doc, &xmlbuff, &buff_size, 1);
log_message(&(g_cfg->log), LOG_LEVEL_WARNING, "sesman[xml_send_error]: "
"data send : %s",xmlbuff);
make_stream(s);
init_stream(s, buff_size + 6);
out_uint32_be(s,buff_size);
out_uint8p(s, xmlbuff, buff_size)
size = s->p - s->data;
if (g_tcp_can_send(client, 10))
{
buff_size = g_tcp_send(client, s->data, size, 0);
}
else
{
log_message(&(g_cfg->log), LOG_LEVEL_DEBUG_PLUS, "sesman[xml_send_error]: "
"Unable to send xml response: %s, cause: %s", xmlbuff, strerror(g_get_errno()));
}
free_stream(s);
xmlFreeDoc(doc);
xmlFree(xmlbuff);
xmlFree(version);
xmlFree(error);
xmlFree(msg);
return buff_size;
}
/* Present an existing licence to the server */
static BOOL
licence_present(RDPCLIENT * This, uint8 * client_random, uint8 * rsa_data,
uint8 * licence_data, int licence_size, uint8 * hwid, uint8 * signature)
{
uint32 sec_flags = SEC_LICENCE_NEG;
uint16 length =
16 + SEC_RANDOM_SIZE + SEC_MODULUS_SIZE + SEC_PADDING_SIZE +
licence_size + LICENCE_HWID_SIZE + LICENCE_SIGNATURE_SIZE;
STREAM s;
s = sec_init(This, sec_flags, length + 4);
if(s == NULL)
return False;
out_uint8(s, LICENCE_TAG_PRESENT);
out_uint8(s, 2); /* version */
out_uint16_le(s, length);
out_uint32_le(s, 1);
out_uint16(s, 0);
out_uint16_le(s, 0x0201);
out_uint8p(s, client_random, SEC_RANDOM_SIZE);
out_uint16(s, 0);
out_uint16_le(s, (SEC_MODULUS_SIZE + SEC_PADDING_SIZE));
out_uint8p(s, rsa_data, SEC_MODULUS_SIZE);
out_uint8s(s, SEC_PADDING_SIZE);
out_uint16_le(s, 1);
out_uint16_le(s, licence_size);
out_uint8p(s, licence_data, licence_size);
out_uint16_le(s, 1);
out_uint16_le(s, LICENCE_HWID_SIZE);
out_uint8p(s, hwid, LICENCE_HWID_SIZE);
out_uint8p(s, signature, LICENCE_SIGNATURE_SIZE);
s_mark_end(s);
return sec_send(This, s, sec_flags);
}
/* Send a Licensing packet with Client New License Request */
static void
licence_send_request(rdpLicence * licence, uint8 * client_random, uint8 * rsa_data, char *user,
char *host)
{
uint32 sec_flags = SEC_LICENSE_PKT;
uint16 userlen = strlen(user) + 1;
uint16 hostlen = strlen(host) + 1;
uint16 length = 128 + userlen + hostlen;
STREAM s;
s = sec_init(licence->sec, sec_flags, length + 2);
/* Licensing Preamble (LICENSE_PREAMBLE) */
out_uint8(s, NEW_LICENSE_REQUEST); /* NEW_LICENSE_REQUEST */
out_uint8(s, 2); /* PREAMBLE_VERSION_2_0 */
out_uint16_le(s, length);
out_uint32_le(s, 1); /* PreferredKeyExchangeAlg KEY_EXCHANGE_ALG_RSA */
out_uint16_le(s, 0); /* PlatformId, unknown platform and ISV */
out_uint16_le(s, 0xff01); /* PlatformId, build/version */
out_uint8p(s, client_random, SEC_RANDOM_SIZE); /* ClientRandom */
/* Licensing Binary Blob with EncryptedPreMasterSecret: */
out_uint16_le(s, 0); /* wBlobType should be 0x0002 (BB_RANDOM_BLOB) */
out_uint16_le(s, (SEC_MODULUS_SIZE + SEC_PADDING_SIZE)); /* wBlobLen */
out_uint8p(s, rsa_data, SEC_MODULUS_SIZE); /* 48 bit random number encrypted for server */
out_uint8s(s, SEC_PADDING_SIZE);
/* Licensing Binary Blob with ClientUserName: */
out_uint16_le(s, LICENCE_TAG_USER); /* wBlobType BB_CLIENT_USER_NAME_BLOB */
out_uint16_le(s, userlen); /* wBlobLen */
out_uint8p(s, user, userlen);
/* Licensing Binary Blob with ClientMachineName: */
out_uint16_le(s, LICENCE_TAG_HOST); /* wBlobType BB_CLIENT_MACHINE_NAME_BLOB */
out_uint16_le(s, hostlen); /* wBlobLen */
out_uint8p(s, host, hostlen);
s_mark_end(s);
sec_send(licence->sec, s, sec_flags);
}
static void
iso_send_connection_request(char *username)
{
STREAM s;
int length = 30 + strlen(username);
if (g_rdp_version >= RDP_V5 && g_negotiate_rdp_protocol)
length += 8;
s = tcp_init(length);
out_uint8(s, 3); /* version */
out_uint8(s, 0); /* reserved */
out_uint16_be(s, length); /* length */
out_uint8(s, length - 5); /* hdrlen */
out_uint8(s, ISO_PDU_CR);
out_uint16(s, 0); /* dst_ref */
out_uint16(s, 0); /* src_ref */
out_uint8(s, 0); /* class */
out_uint8p(s, "Cookie: mstshash=", strlen("Cookie: mstshash="));
out_uint8p(s, username, strlen(username));
out_uint8(s, 0x0d); /* cookie termination string: CR+LF */
out_uint8(s, 0x0a);
if (g_rdp_version >= RDP_V5 && g_negotiate_rdp_protocol)
{
/* optional rdp protocol negotiation request for RDPv5 */
out_uint8(s, RDP_NEG_REQ);
out_uint8(s, 0);
out_uint16(s, 8);
out_uint32(s, PROTOCOL_SSL);
}
s_mark_end(s);
tcp_send(s);
}
/* Present an existing licence to the server */
static void
licence_present(RDConnectionRef conn, uint8 * client_random, uint8 * rsa_data,
uint8 * licence_data, int licence_size, uint8 * hwid, uint8 * signature)
{
uint32 sec_flags = SEC_LICENCE_NEG;
uint16 length =
16 + SEC_RANDOM_SIZE + SEC_MODULUS_SIZE + SEC_PADDING_SIZE +
licence_size + LICENCE_HWID_SIZE + LICENCE_SIGNATURE_SIZE;
RDStreamRef s;
s = sec_init(conn, sec_flags, length + 4);
out_uint8(s, LICENCE_TAG_PRESENT);
out_uint8(s, 2); /* version */
out_uint16_le(s, length);
out_uint32_le(s, 1);
out_uint16(s, 0);
out_uint16_le(s, 0x0201);
out_uint8p(s, client_random, SEC_RANDOM_SIZE);
out_uint16(s, 0);
out_uint16_le(s, (SEC_MODULUS_SIZE + SEC_PADDING_SIZE));
out_uint8p(s, rsa_data, SEC_MODULUS_SIZE);
out_uint8s(s, SEC_PADDING_SIZE);
out_uint16_le(s, 1);
out_uint16_le(s, licence_size);
out_uint8p(s, licence_data, licence_size);
out_uint16_le(s, 1);
out_uint16_le(s, LICENCE_HWID_SIZE);
out_uint8p(s, hwid, LICENCE_HWID_SIZE);
out_uint8p(s, signature, LICENCE_SIGNATURE_SIZE);
s_mark_end(s);
sec_send(conn, s, sec_flags);
}
/* Send a licence request packet */
static BOOL
licence_send_request(RDPCLIENT * This, uint8 * client_random, uint8 * rsa_data, char *user, char *host)
{
uint32 sec_flags = SEC_LICENCE_NEG;
uint16 userlen = (uint16)strlen(user) + 1;
uint16 hostlen = (uint16)strlen(host) + 1;
uint16 length = 128 + userlen + hostlen;
STREAM s;
s = sec_init(This, sec_flags, length + 2);
if(s == NULL)
return False;
out_uint8(s, LICENCE_TAG_REQUEST);
out_uint8(s, 2); /* version */
out_uint16_le(s, length);
out_uint32_le(s, 1);
out_uint16(s, 0);
out_uint16_le(s, 0xff01);
out_uint8p(s, client_random, SEC_RANDOM_SIZE);
out_uint16(s, 0);
out_uint16_le(s, (SEC_MODULUS_SIZE + SEC_PADDING_SIZE));
out_uint8p(s, rsa_data, SEC_MODULUS_SIZE);
out_uint8s(s, SEC_PADDING_SIZE);
out_uint16_le(s, LICENCE_TAG_USER);
out_uint16_le(s, userlen);
out_uint8p(s, user, userlen);
out_uint16_le(s, LICENCE_TAG_HOST);
out_uint16_le(s, hostlen);
out_uint8p(s, host, hostlen);
s_mark_end(s);
return sec_send(This, s, sec_flags);
}
/* Send a new licence request packet */
static void
licence_send_new_licence_request(uint8 * client_random, uint8 * rsa_data, char *user, char *host)
{
uint32 sec_flags = SEC_LICENSE_PKT;
uint16 userlen = strlen(user) + 1;
uint16 hostlen = strlen(host) + 1;
uint16 length =
24 + SEC_RANDOM_SIZE + SEC_MODULUS_SIZE + SEC_PADDING_SIZE + userlen + hostlen;
STREAM s;
s = sec_init(sec_flags, length + 2);
out_uint8(s, LICENCE_TAG_NEW_LICENCE_REQUEST);
out_uint8(s, ((g_rdp_version >= RDP_V5) ? 3 : 2)); /* version */
out_uint16_le(s, length);
out_uint32_le(s, 1); // KEY_EXCHANGE_ALG_RSA
out_uint16(s, 0);
out_uint16_le(s, 0xff01);
out_uint8p(s, client_random, SEC_RANDOM_SIZE);
out_uint16_le(s, 2);
out_uint16_le(s, (SEC_MODULUS_SIZE + SEC_PADDING_SIZE));
out_uint8p(s, rsa_data, SEC_MODULUS_SIZE);
out_uint8s(s, SEC_PADDING_SIZE);
/* Username LICENSE_BINARY_BLOB */
out_uint16_le(s, BB_CLIENT_USER_NAME_BLOB);
out_uint16_le(s, userlen);
out_uint8p(s, user, userlen);
/* Machinename LICENSE_BINARY_BLOB */
out_uint16_le(s, BB_CLIENT_MACHINE_NAME_BLOB);
out_uint16_le(s, hostlen);
out_uint8p(s, host, hostlen);
s_mark_end(s);
sec_send(s, sec_flags);
}
/* Send a licence info packet to server */
static void
licence_info(uint8 * client_random, uint8 * rsa_data,
uint8 * licence_data, int licence_size, uint8 * hwid, uint8 * signature)
{
uint32 sec_flags = SEC_LICENSE_PKT;
uint16 length =
24 + SEC_RANDOM_SIZE + SEC_MODULUS_SIZE + SEC_PADDING_SIZE +
licence_size + LICENCE_HWID_SIZE + LICENCE_SIGNATURE_SIZE;
STREAM s;
s = sec_init(sec_flags, length + 2);
out_uint8(s, LICENCE_TAG_LICENCE_INFO);
out_uint8(s, ((g_rdp_version >= RDP_V5) ? 3 : 2)); /* version */
out_uint16_le(s, length);
out_uint32_le(s, 1);
out_uint16(s, 0);
out_uint16_le(s, 0x0201);
out_uint8p(s, client_random, SEC_RANDOM_SIZE);
out_uint16_le(s, 2);
out_uint16_le(s, (SEC_MODULUS_SIZE + SEC_PADDING_SIZE));
out_uint8p(s, rsa_data, SEC_MODULUS_SIZE);
out_uint8s(s, SEC_PADDING_SIZE);
out_uint16_le(s, 1);
out_uint16_le(s, licence_size);
out_uint8p(s, licence_data, licence_size);
out_uint16_le(s, 1);
out_uint16_le(s, LICENCE_HWID_SIZE);
out_uint8p(s, hwid, LICENCE_HWID_SIZE);
out_uint8p(s, signature, LICENCE_SIGNATURE_SIZE);
s_mark_end(s);
sec_send(s, sec_flags);
}
/* Output order capability set */
static void rdp_out_order_caps(STREAM s) {
uint8 order_caps[32];
memset(order_caps, 0, 32);
order_caps[0] = 1; /* dest blt */
order_caps[1] = 1; /* pat blt */
order_caps[2] = 1; /* screen blt */
order_caps[3] = (g_bitmap_cache ? 1 : 0); /* memblt */
order_caps[4] = 0; /* triblt */
order_caps[8] = 1; /* line */
order_caps[9] = 1; /* line */
order_caps[10] = 1; /* rect */
order_caps[11] = (g_desktop_save ? 1 : 0); /* desksave */
order_caps[13] = 1; /* memblt */
order_caps[14] = 1; /* triblt */
order_caps[20] = (g_polygon_ellipse_orders ? 1 : 0); /* polygon */
order_caps[21] = (g_polygon_ellipse_orders ? 1 : 0); /* polygon2 */
order_caps[22] = 1; /* polyline */
order_caps[25] = (g_polygon_ellipse_orders ? 1 : 0); /* ellipse */
order_caps[26] = (g_polygon_ellipse_orders ? 1 : 0); /* ellipse2 */
order_caps[27] = 1; /* text2 */
out_uint16_le(s, RDP_CAPSET_ORDER);
out_uint16_le(s, RDP_CAPLEN_ORDER);
out_uint8s(s, 20);
/* Terminal desc, pad */
out_uint16_le(s, 1);
/* Cache X granularity */
out_uint16_le(s, 20);
/* Cache Y granularity */
out_uint16(s, 0);
/* Pad */
out_uint16_le(s, 1);
/* Max order level */
out_uint16_le(s, 0x147);
/* Number of fonts */
out_uint16_le(s, 0x2a);
/* Capability flags */
out_uint8p(s, order_caps, 32);
/* Orders supported */
out_uint16_le(s, 0x6a1);
/* Text capability flags */
out_uint8s(s, 6);
/* Pad */
out_uint32_le(s, g_desktop_save == False ? 0 : 0x38400);
/* Desktop cache size */
out_uint32(s, 0);
/* Unknown */
out_uint32_le(s, 0x4e4);
/* Unknown */
}