BOOL rdp_send_data_pdu(rdpRdp* rdp, wStream* s, BYTE type, UINT16 channel_id) { UINT16 length; UINT32 sec_bytes; int sec_hold; length = Stream_GetPosition(s); Stream_SetPosition(s, 0); rdp_write_header(rdp, s, length, MCS_GLOBAL_CHANNEL_ID); sec_bytes = rdp_get_sec_bytes(rdp); sec_hold = Stream_GetPosition(s); Stream_Seek(s, sec_bytes); rdp_write_share_control_header(s, length - sec_bytes, PDU_TYPE_DATA, channel_id); rdp_write_share_data_header(s, length - sec_bytes, type, rdp->settings->ShareId); Stream_SetPosition(s, sec_hold); length += rdp_security_stream_out(rdp, s, length, 0); Stream_SetPosition(s, length); Stream_SealLength(s); if (transport_write(rdp->transport, s) < 0) return FALSE; return TRUE; }
BOOL rdp_send(rdpRdp* rdp, wStream* s, UINT16 channel_id) { int secm; UINT16 length; UINT32 sec_bytes; length = Stream_GetPosition(s); Stream_SetPosition(s, 0); rdp_write_header(rdp, s, length, channel_id); sec_bytes = rdp_get_sec_bytes(rdp); secm = Stream_GetPosition(s); Stream_Seek(s, sec_bytes); Stream_SetPosition(s, secm); length += rdp_security_stream_out(rdp, s, length); Stream_SetPosition(s, length); Stream_SealLength(s); if (transport_write(rdp->transport, s) < 0) return FALSE; return TRUE; }
BOOL rdp_send(rdpRdp* rdp, STREAM* s, UINT16 channel_id) { UINT16 length; UINT32 sec_bytes; BYTE* sec_hold; length = stream_get_length(s); stream_set_pos(s, 0); rdp_write_header(rdp, s, length, channel_id); sec_bytes = rdp_get_sec_bytes(rdp); sec_hold = s->p; stream_seek(s, sec_bytes); s->p = sec_hold; length += rdp_security_stream_out(rdp, s, length); stream_set_pos(s, length); if (transport_write(rdp->transport, s) < 0) return FALSE; return TRUE; }
BOOL rdp_send_data_pdu(rdpRdp* rdp, STREAM* s, BYTE type, UINT16 channel_id) { UINT16 length; UINT32 sec_bytes; BYTE* sec_hold; length = stream_get_length(s); stream_set_pos(s, 0); rdp_write_header(rdp, s, length, MCS_GLOBAL_CHANNEL_ID); sec_bytes = rdp_get_sec_bytes(rdp); sec_hold = s->p; stream_seek(s, sec_bytes); rdp_write_share_control_header(s, length - sec_bytes, PDU_TYPE_DATA, channel_id); rdp_write_share_data_header(s, length - sec_bytes, type, rdp->settings->ShareId); s->p = sec_hold; length += rdp_security_stream_out(rdp, s, length); stream_set_pos(s, length); if (transport_write(rdp->transport, s) < 0) return FALSE; return TRUE; }
BOOL rdp_send_message_channel_pdu(rdpRdp* rdp, wStream* s, UINT16 sec_flags) { UINT16 length; UINT32 sec_bytes; int sec_hold; length = Stream_GetPosition(s); Stream_SetPosition(s, 0); rdp_write_header(rdp, s, length, rdp->mcs->messageChannelId); sec_bytes = rdp_get_sec_bytes(rdp); sec_hold = Stream_GetPosition(s); Stream_Seek(s, sec_bytes); Stream_SetPosition(s, sec_hold); length += rdp_security_stream_out(rdp, s, length, sec_flags); Stream_SetPosition(s, length); Stream_SealLength(s); if (transport_write(rdp->transport, s) < 0) return FALSE; return TRUE; }
static int cmd_radiotest(int transport, int argc, char *argv[]) { uint8_t array[8]; uint16_t freq, level, test; OPT_HELP(3, NULL); freq = atoi(argv[0]); if (!strncasecmp(argv[1], "0x", 2)) level = strtol(argv[1], NULL, 16); else level = atoi(argv[1]); test = atoi(argv[2]); memset(array, 0, sizeof(array)); array[0] = test & 0xff; array[1] = test >> 8; array[2] = freq & 0xff; array[3] = freq >> 8; array[4] = level & 0xff; array[5] = level >> 8; return transport_write(transport, CSR_VARID_RADIOTEST, array, 8); }
boolean rdp_send_data_pdu(rdpRdp* rdp, STREAM* s, uint8 type, uint16 channel_id) { uint16 length; uint32 sec_bytes; uint8* sec_hold; length = stream_get_length(s); stream_set_pos(s, 0); rdp_write_header(rdp, s, length, MCS_GLOBAL_CHANNEL_ID); sec_bytes = rdp_get_sec_bytes(rdp); sec_hold = s->p; stream_seek(s, sec_bytes); rdp_write_share_control_header(s, length - sec_bytes, PDU_TYPE_DATA, channel_id); rdp_write_share_data_header(s, length - sec_bytes, type, rdp->settings->share_id); s->p = sec_hold; length += rdp_security_stream_out(rdp, s, length); stream_set_pos(s, length); if (transport_write(rdp->transport, s) < 0) return false; return true; }
boolean license_send(rdpLicense* license, STREAM* s, uint8 type) { int length; uint8 flags; uint16 wMsgSize; uint16 sec_flags; DEBUG_LICENSE("Sending %s Packet", LICENSE_MESSAGE_STRINGS[type & 0x1F]); length = stream_get_length(s); stream_set_pos(s, 0); sec_flags = SEC_LICENSE_PKT; wMsgSize = length - LICENSE_PACKET_HEADER_MAX_LENGTH + 4; /** * Using EXTENDED_ERROR_MSG_SUPPORTED here would cause mstsc to crash when * running in server mode! This flag seems to be incorrectly documented. */ flags = PREAMBLE_VERSION_3_0; rdp_write_header(license->rdp, s, length, MCS_GLOBAL_CHANNEL_ID); rdp_write_security_header(s, sec_flags); license_write_preamble(s, type, flags, wMsgSize); #ifdef WITH_DEBUG_LICENSE printf("Sending %s Packet, length %d\n", LICENSE_MESSAGE_STRINGS[type & 0x1F], wMsgSize); freerdp_hexdump(s->p - 4, wMsgSize); #endif stream_set_pos(s, length); if (transport_write(license->rdp->transport, s) < 0) return false; return true; }
static int cmd_psload(int transport, int argc, char *argv[]) { uint8_t array[256]; uint16_t pskey, length, size, stores = CSR_STORES_PSRAM; char *str, val[7]; int err, reset = 0; OPT_PSKEY(1, &stores, &reset, NULL); psr_read(argv[0]); memset(array, 0, sizeof(array)); size = sizeof(array) - 6; while (psr_get(&pskey, array + 6, &size) == 0) { str = csr_pskeytoval(pskey); if (!strcasecmp(str, "UNKNOWN")) { sprintf(val, "0x%04x", pskey); str = NULL; } printf("Loading %s%s ... ", str ? "PSKEY_" : "", str ? str : val); fflush(stdout); length = size / 2; array[0] = pskey & 0xff; array[1] = pskey >> 8; array[2] = length & 0xff; array[3] = length >> 8; array[4] = stores & 0xff; array[5] = stores >> 8; err = transport_write(transport, CSR_VARID_PS, array, size + 6); printf("%s\n", err < 0 ? "failed" : "done"); memset(array, 0, sizeof(array)); size = sizeof(array) - 6; } if (reset) transport_write(transport, CSR_VARID_WARM_RESET, NULL, 0); return 0; }
BOOL nla_send(rdpNla* nla) { wStream* s; int length; int ts_request_length; int nego_tokens_length; int pub_key_auth_length; int auth_info_length; nego_tokens_length = (nla->negoToken.cbBuffer > 0) ? nla_sizeof_nego_tokens(nla->negoToken.cbBuffer) : 0; pub_key_auth_length = (nla->pubKeyAuth.cbBuffer > 0) ? nla_sizeof_pub_key_auth(nla->pubKeyAuth.cbBuffer) : 0; auth_info_length = (nla->authInfo.cbBuffer > 0) ? nla_sizeof_auth_info(nla->authInfo.cbBuffer) : 0; length = nego_tokens_length + pub_key_auth_length + auth_info_length; ts_request_length = nla_sizeof_ts_request(length); s = Stream_New(NULL, ber_sizeof_sequence(ts_request_length)); if (!s) { WLog_ERR(TAG, "Stream_New failed!"); return FALSE; } /* TSRequest */ ber_write_sequence_tag(s, ts_request_length); /* SEQUENCE */ /* [0] version */ ber_write_contextual_tag(s, 0, 3, TRUE); ber_write_integer(s, 2); /* INTEGER */ /* [1] negoTokens (NegoData) */ if (nego_tokens_length > 0) { length = nego_tokens_length; length -= ber_write_contextual_tag(s, 1, ber_sizeof_sequence(ber_sizeof_sequence(ber_sizeof_sequence_octet_string(nla->negoToken.cbBuffer))), TRUE); /* NegoData */ length -= ber_write_sequence_tag(s, ber_sizeof_sequence(ber_sizeof_sequence_octet_string(nla->negoToken.cbBuffer))); /* SEQUENCE OF NegoDataItem */ length -= ber_write_sequence_tag(s, ber_sizeof_sequence_octet_string(nla->negoToken.cbBuffer)); /* NegoDataItem */ length -= ber_write_sequence_octet_string(s, 0, (BYTE*) nla->negoToken.pvBuffer, nla->negoToken.cbBuffer); /* OCTET STRING */ } /* [2] authInfo (OCTET STRING) */ if (auth_info_length > 0) { length = auth_info_length; length -= ber_write_sequence_octet_string(s, 2, nla->authInfo.pvBuffer, nla->authInfo.cbBuffer); } /* [3] pubKeyAuth (OCTET STRING) */ if (pub_key_auth_length > 0) { length = pub_key_auth_length; length -= ber_write_sequence_octet_string(s, 3, nla->pubKeyAuth.pvBuffer, nla->pubKeyAuth.cbBuffer); } Stream_SealLength(s); transport_write(nla->transport, s); Stream_Free(s, TRUE); return TRUE; }
void credssp_send(rdpCredssp* credssp) { wStream* s; int length; int ts_request_length; int nego_tokens_length; int pub_key_auth_length; int auth_info_length; nego_tokens_length = (credssp->negoToken.cbBuffer > 0) ? credssp_skip_nego_tokens(credssp->negoToken.cbBuffer) : 0; pub_key_auth_length = (credssp->pubKeyAuth.cbBuffer > 0) ? credssp_skip_pub_key_auth(credssp->pubKeyAuth.cbBuffer) : 0; auth_info_length = (credssp->authInfo.cbBuffer > 0) ? credssp_skip_auth_info(credssp->authInfo.cbBuffer) : 0; length = nego_tokens_length + pub_key_auth_length + auth_info_length; ts_request_length = credssp_skip_ts_request(length); s = stream_new(ts_request_length); /* TSRequest */ length = der_get_content_length(ts_request_length); der_write_sequence_tag(s, length); /* SEQUENCE */ /* [0] version */ ber_write_contextual_tag(s, 0, 3, TRUE); ber_write_integer(s, 2); /* INTEGER */ /* [1] negoTokens (NegoData) */ if (nego_tokens_length > 0) { length = nego_tokens_length; length -= der_write_contextual_tag(s, 1, der_get_content_length(length), TRUE); /* NegoData */ length -= der_write_sequence_tag(s, der_get_content_length(length)); /* SEQUENCE OF NegoDataItem */ length -= der_write_sequence_tag(s, der_get_content_length(length)); /* NegoDataItem */ length -= der_write_contextual_tag(s, 0, der_get_content_length(length), TRUE); /* [0] negoToken */ der_write_octet_string(s, (BYTE*) credssp->negoToken.pvBuffer, credssp->negoToken.cbBuffer); /* OCTET STRING */ } /* [2] authInfo (OCTET STRING) */ if (auth_info_length > 0) { length = auth_info_length; length -= ber_write_contextual_tag(s, 2, ber_get_content_length(length), TRUE); ber_write_octet_string(s, credssp->authInfo.pvBuffer, credssp->authInfo.cbBuffer); } /* [3] pubKeyAuth (OCTET STRING) */ if (pub_key_auth_length > 0) { length = pub_key_auth_length; length -= ber_write_contextual_tag(s, 3, ber_get_content_length(length), TRUE); ber_write_octet_string(s, credssp->pubKeyAuth.pvBuffer, credssp->pubKeyAuth.cbBuffer); } transport_write(credssp->transport, s); stream_free(s); }
BOOL nego_send_negotiation_request(rdpNego* nego) { STREAM* s; int length; BYTE *bm, *em; int cookie_length; s = transport_send_stream_init(nego->transport, 256); length = TPDU_CONNECTION_REQUEST_LENGTH; stream_get_mark(s, bm); stream_seek(s, length); if (nego->RoutingToken != NULL) { stream_write(s, nego->RoutingToken, nego->RoutingTokenLength); length += nego->RoutingTokenLength; } else if (nego->cookie != NULL) { cookie_length = strlen(nego->cookie); if (cookie_length > (int) nego->cookie_max_length) cookie_length = nego->cookie_max_length; stream_write(s, "Cookie: mstshash=", 17); stream_write(s, (BYTE*) nego->cookie, cookie_length); stream_write_BYTE(s, 0x0D); /* CR */ stream_write_BYTE(s, 0x0A); /* LF */ length += cookie_length + 19; } DEBUG_NEGO("requested_protocols: %d", nego->requested_protocols); if (nego->requested_protocols > PROTOCOL_RDP) { /* RDP_NEG_DATA must be present for TLS and NLA */ stream_write_BYTE(s, TYPE_RDP_NEG_REQ); stream_write_BYTE(s, 0); /* flags, must be set to zero */ stream_write_UINT16(s, 8); /* RDP_NEG_DATA length (8) */ stream_write_UINT32(s, nego->requested_protocols); /* requestedProtocols */ length += 8; } stream_get_mark(s, em); stream_set_mark(s, bm); tpkt_write_header(s, length); tpdu_write_connection_request(s, length - 5); stream_set_mark(s, em); if (transport_write(nego->transport, s) < 0) return FALSE; return TRUE; }
void credssp_send(rdpCredssp* credssp, rdpBlob* negoToken, rdpBlob* authInfo, rdpBlob* pubKeyAuth) { STREAM* s; int length; int ts_request_length; int nego_tokens_length; int pub_key_auth_length; int auth_info_length; nego_tokens_length = (negoToken != NULL) ? credssp_skip_nego_tokens(negoToken->length) : 0; pub_key_auth_length = (pubKeyAuth != NULL) ? credssp_skip_pub_key_auth(pubKeyAuth->length) : 0; auth_info_length = (authInfo != NULL) ? credssp_skip_auth_info(authInfo->length) : 0; length = nego_tokens_length + pub_key_auth_length + auth_info_length; ts_request_length = credssp_skip_ts_request(length); s = stream_new(ts_request_length); /* TSRequest */ length = ber_get_content_length(ts_request_length); ber_write_sequence_tag(s, length); /* SEQUENCE */ ber_write_contextual_tag(s, 0, 3, true); /* [0] version */ ber_write_integer(s, 2); /* INTEGER */ /* [1] negoTokens (NegoData) */ if (nego_tokens_length > 0) { length = ber_get_content_length(nego_tokens_length); length -= ber_write_contextual_tag(s, 1, length, true); /* NegoData */ length -= ber_write_sequence_tag(s, length); /* SEQUENCE OF NegoDataItem */ length -= ber_write_sequence_tag(s, length); /* NegoDataItem */ length -= ber_write_contextual_tag(s, 0, length, true); /* [0] negoToken */ ber_write_octet_string(s, negoToken->data, length); /* OCTET STRING */ } /* [2] authInfo (OCTET STRING) */ if (auth_info_length > 0) { length = ber_get_content_length(auth_info_length); length -= ber_write_contextual_tag(s, 2, length, true); ber_write_octet_string(s, authInfo->data, authInfo->length); } /* [3] pubKeyAuth (OCTET STRING) */ if (pub_key_auth_length > 0) { length = ber_get_content_length(pub_key_auth_length); length -= ber_write_contextual_tag(s, 3, length, true); ber_write_octet_string(s, pubKeyAuth->data, length); } transport_write(credssp->transport, s); stream_free(s); }
BOOL nego_send_preconnection_pdu(rdpNego* nego) { wStream* s; UINT32 cbSize; UINT16 cchPCB = 0; WCHAR* wszPCB = NULL; WLog_DBG(TAG, "Sending preconnection PDU"); if (!nego_tcp_connect(nego)) return FALSE; /* it's easier to always send the version 2 PDU, and it's just 2 bytes overhead */ cbSize = PRECONNECTION_PDU_V2_MIN_SIZE; if (nego->PreconnectionBlob) { cchPCB = (UINT16) ConvertToUnicode(CP_UTF8, 0, nego->PreconnectionBlob, -1, &wszPCB, 0); cchPCB += 1; /* zero-termination */ cbSize += cchPCB * 2; } s = Stream_New(NULL, cbSize); if (!s) { free(wszPCB); WLog_ERR(TAG, "Stream_New failed!"); return FALSE; } Stream_Write_UINT32(s, cbSize); /* cbSize */ Stream_Write_UINT32(s, 0); /* Flags */ Stream_Write_UINT32(s, PRECONNECTION_PDU_V2); /* Version */ Stream_Write_UINT32(s, nego->PreconnectionId); /* Id */ Stream_Write_UINT16(s, cchPCB); /* cchPCB */ if (wszPCB) { Stream_Write(s, wszPCB, cchPCB * 2); /* wszPCB */ free(wszPCB); } Stream_SealLength(s); if (transport_write(nego->transport, s) < 0) { Stream_Free(s, TRUE); return FALSE; } Stream_Free(s, TRUE); return TRUE; }
void rdp_send(rdpRdp* rdp, STREAM* s) { int length; length = stream_get_length(s); stream_set_pos(s, 0); rdp_write_header(rdp, s, length); stream_set_pos(s, length); transport_write(rdp->transport, s); }
void rdp_send_pdu(rdpRdp* rdp, STREAM* s, uint16 type, uint16 channel_id) { int length; length = stream_get_length(s); stream_set_pos(s, 0); rdp_write_header(rdp, s, length); rdp_write_share_control_header(s, length, type, channel_id); stream_set_pos(s, length); transport_write(rdp->transport, s); }
boolean nego_send_negotiation_request(rdpNego* nego) { STREAM* s; int length; uint8 *bm, *em; s = transport_send_stream_init(nego->transport, 256); length = TPDU_CONNECTION_REQUEST_LENGTH; stream_get_mark(s, bm); stream_seek(s, length); if (nego->routing_token != NULL) { stream_write(s, nego->routing_token->data, nego->routing_token->length); length += nego->routing_token->length; } else if (nego->cookie != NULL) { int cookie_length = strlen(nego->cookie); stream_write(s, "Cookie: mstshash=", 17); stream_write(s, (uint8*) nego->cookie, cookie_length); stream_write_uint8(s, 0x0D); /* CR */ stream_write_uint8(s, 0x0A); /* LF */ length += cookie_length + 19; } DEBUG_NEGO("requested_protocols: %d", nego->requested_protocols); if (nego->requested_protocols > PROTOCOL_RDP) { /* RDP_NEG_DATA must be present for TLS and NLA */ stream_write_uint8(s, TYPE_RDP_NEG_REQ); stream_write_uint8(s, 0); /* flags, must be set to zero */ stream_write_uint16(s, 8); /* RDP_NEG_DATA length (8) */ stream_write_uint32(s, nego->requested_protocols); /* requestedProtocols */ length += 8; } stream_get_mark(s, em); stream_set_mark(s, bm); tpkt_write_header(s, length); tpdu_write_connection_request(s, length - 5); stream_set_mark(s, em); if (transport_write(nego->transport, s) < 0) return false; return true; }
static int cmd_psclr(int transport, int argc, char *argv[]) { uint8_t array[8]; uint16_t pskey, stores = CSR_STORES_PSRAM; int i, err, reset = 0; OPT_PSKEY(1, &stores, &reset, NULL); if (strncasecmp(argv[0], "0x", 2)) { pskey = atoi(argv[0]); for (i = 0; storage[i].pskey; i++) { if (strcasecmp(storage[i].str, argv[0])) continue; pskey = storage[i].pskey; break; } } else pskey = strtol(argv[0] + 2, NULL, 16); memset(array, 0, sizeof(array)); array[0] = pskey & 0xff; array[1] = pskey >> 8; array[2] = stores & 0xff; array[3] = stores >> 8; err = transport_write(transport, CSR_VARID_PS_CLR_STORES, array, 8); if (err < 0) return err; if (reset) transport_write(transport, CSR_VARID_WARM_RESET, NULL, 0); return err; }
boolean nego_send_preconnection_pdu(rdpNego* nego) { STREAM* s; uint32 cbSize; UNICONV* uniconv; uint16 cchPCB_times2 = 0; char* wszPCB = NULL; if (!nego->send_preconnection_pdu) return true; DEBUG_NEGO("Sending preconnection PDU"); if (!nego_tcp_connect(nego)) return false; /* it's easier to always send the version 2 PDU, and it's just 2 bytes overhead */ cbSize = PRECONNECTION_PDU_V2_MIN_SIZE; if (nego->preconnection_blob) { size_t size; uniconv = freerdp_uniconv_new(); wszPCB = freerdp_uniconv_out(uniconv, nego->preconnection_blob, &size); cchPCB_times2 = (uint16) size; freerdp_uniconv_free(uniconv); cchPCB_times2 += 2; /* zero-termination */ cbSize += cchPCB_times2; } s = transport_send_stream_init(nego->transport, cbSize); stream_write_uint32(s, cbSize); /* cbSize */ stream_write_uint32(s, 0); /* Flags */ stream_write_uint32(s, PRECONNECTION_PDU_V2); /* Version */ stream_write_uint32(s, nego->preconnection_id); /* Id */ stream_write_uint16(s, cchPCB_times2 / 2); /* cchPCB */ if (wszPCB) { stream_write(s, wszPCB, cchPCB_times2); /* wszPCB */ xfree(wszPCB); } if (transport_write(nego->transport, s) < 0) return false; return true; }
void rdp_send_data_pdu(rdpRdp* rdp, STREAM* s, uint16 type, uint16 channel_id) { int length; length = stream_get_length(s); stream_set_pos(s, 0); rdp_write_header(rdp, s, length); rdp_write_share_control_header(s, length, PDU_TYPE_DATA, channel_id); rdp_write_share_data_header(s, length, type, rdp->settings->share_id); printf("send %s Data PDU (0x%02X), length:%d\n", DATA_PDU_TYPE_STRINGS[type], type, length); stream_set_pos(s, length); transport_write(rdp->transport, s); }
static int cmd_pslist(int transport, int argc, char *argv[]) { uint8_t array[8]; uint16_t pskey = 0x0000, length, stores = CSR_STORES_DEFAULT; int err, reset = 0; OPT_PSKEY(0, &stores, &reset, NULL); while (1) { memset(array, 0, sizeof(array)); array[0] = pskey & 0xff; array[1] = pskey >> 8; array[2] = stores & 0xff; array[3] = stores >> 8; err = transport_read(transport, CSR_VARID_PS_NEXT, array, 8); if (err < 0) break; pskey = array[4] + (array[5] << 8); if (pskey == 0x0000) break; memset(array, 0, sizeof(array)); array[0] = pskey & 0xff; array[1] = pskey >> 8; array[2] = stores & 0xff; array[3] = stores >> 8; err = transport_read(transport, CSR_VARID_PS_SIZE, array, 8); if (err < 0) continue; length = array[2] + (array[3] << 8); printf("0x%04x - %s (%d bytes)\n", pskey, csr_pskeytostr(pskey), length * 2); } if (reset) transport_write(transport, CSR_VARID_WARM_RESET, NULL, 0); return 0; }
BOOL rdp_send(rdpRdp* rdp, wStream* s, UINT16 channel_id) { UINT16 length; length = Stream_GetPosition(s); Stream_SetPosition(s, 0); rdp_write_header(rdp, s, length, channel_id); length += rdp_security_stream_out(rdp, s, length, 0); Stream_SetPosition(s, length); Stream_SealLength(s); if (transport_write(rdp->transport, s) < 0) return FALSE; return TRUE; }
BOOL nego_send_preconnection_pdu(rdpNego* nego) { STREAM* s; UINT32 cbSize; UINT16 cchPCB = 0; WCHAR* wszPCB = NULL; if (!nego->send_preconnection_pdu) return TRUE; DEBUG_NEGO("Sending preconnection PDU"); if (!nego_tcp_connect(nego)) return FALSE; /* it's easier to always send the version 2 PDU, and it's just 2 bytes overhead */ cbSize = PRECONNECTION_PDU_V2_MIN_SIZE; if (nego->preconnection_blob) { cchPCB = (UINT16) ConvertToUnicode(CP_UTF8, 0, nego->preconnection_blob, -1, &wszPCB, 0); cchPCB += 1; /* zero-termination */ cbSize += cchPCB * 2; } s = transport_send_stream_init(nego->transport, cbSize); stream_write_UINT32(s, cbSize); /* cbSize */ stream_write_UINT32(s, 0); /* Flags */ stream_write_UINT32(s, PRECONNECTION_PDU_V2); /* Version */ stream_write_UINT32(s, nego->preconnection_id); /* Id */ stream_write_UINT16(s, cchPCB); /* cchPCB */ if (wszPCB) { stream_write(s, wszPCB, cchPCB * 2); /* wszPCB */ free(wszPCB); } if (transport_write(nego->transport, s) < 0) return FALSE; return TRUE; }
BOOL license_send(rdpLicense* license, wStream* s, BYTE type) { int length; BYTE flags; UINT16 wMsgSize; UINT16 sec_flags; DEBUG_LICENSE("Sending %s Packet", LICENSE_MESSAGE_STRINGS[type & 0x1F]); length = Stream_GetPosition(s); Stream_SetPosition(s, 0); sec_flags = SEC_LICENSE_PKT; wMsgSize = length - LICENSE_PACKET_HEADER_MAX_LENGTH + 4; /** * Using EXTENDED_ERROR_MSG_SUPPORTED here would cause mstsc to crash when * running in server mode! This flag seems to be incorrectly documented. */ flags = PREAMBLE_VERSION_3_0; rdp_write_header(license->rdp, s, length, MCS_GLOBAL_CHANNEL_ID); rdp_write_security_header(s, sec_flags); license_write_preamble(s, type, flags, wMsgSize); #ifdef WITH_DEBUG_LICENSE fprintf(stderr, "Sending %s Packet, length %d\n", LICENSE_MESSAGE_STRINGS[type & 0x1F], wMsgSize); winpr_HexDump(Stream_Pointer(s) - 4, wMsgSize); #endif Stream_SetPosition(s, length); Stream_SealLength(s); if (transport_write(license->rdp->transport, s) < 0) return FALSE; Stream_Free(s, TRUE); return TRUE; }
static int cmd_singlechan(int transport, int argc, char *argv[]) { uint8_t array[8]; uint16_t channel; OPT_HELP(1, NULL); channel = atoi(argv[0]); if (channel > 2401 && channel < 2481) channel -= 2402; if (channel > 78) { errno = EINVAL; return -1; } memset(array, 0, sizeof(array)); array[0] = channel & 0xff; array[1] = channel >> 8; return transport_write(transport, CSR_VARID_SINGLE_CHAN, array, 8); }
boolean rdp_send(rdpRdp* rdp, STREAM* s, uint16 channel_id) { uint16 length; uint32 sec_bytes; uint8* sec_hold; length = stream_get_length(s); stream_set_pos(s, 0); rdp_write_header(rdp, s, length, channel_id); sec_bytes = rdp_get_sec_bytes(rdp); sec_hold = s->p; stream_seek(s, sec_bytes); s->p = sec_hold; length += rdp_security_stream_out(rdp, s, length); stream_set_pos(s, length); if (transport_write(rdp->transport, s) < 0) return false; return true; }
boolean nego_send_negotiation_response(rdpNego* nego) { STREAM* s; int length; uint8 *bm, *em; s = transport_send_stream_init(nego->transport, 256); length = TPDU_CONNECTION_CONFIRM_LENGTH; stream_get_mark(s, bm); stream_seek(s, length); if (nego->selected_protocol > PROTOCOL_RDP) { /* RDP_NEG_DATA must be present for TLS and NLA */ stream_write_uint8(s, TYPE_RDP_NEG_RSP); stream_write_uint8(s, EXTENDED_CLIENT_DATA_SUPPORTED); /* flags */ stream_write_uint16(s, 8); /* RDP_NEG_DATA length (8) */ stream_write_uint32(s, nego->selected_protocol); /* selectedProtocol */ length += 8; } stream_get_mark(s, em); stream_set_mark(s, bm); tpkt_write_header(s, length); tpdu_write_connection_confirm(s, length - 5); stream_set_mark(s, em); if (transport_write(nego->transport, s) < 0) return false; /* update settings with negotiated protocol security */ nego->transport->settings->requested_protocols = nego->requested_protocols; nego->transport->settings->selected_protocol = nego->selected_protocol; return true; }
BOOL nego_send_negotiation_response(rdpNego* nego) { int length; int bm, em; BOOL status; wStream* s; BYTE flags; rdpSettings* settings; status = TRUE; settings = nego->transport->settings; s = Stream_New(NULL, 512); if (!s) return FALSE; length = TPDU_CONNECTION_CONFIRM_LENGTH; bm = Stream_GetPosition(s); Stream_Seek(s, length); if (nego->SelectedProtocol & PROTOCOL_FAILED_NEGO) { UINT32 errorCode = (nego->SelectedProtocol & ~PROTOCOL_FAILED_NEGO); flags = 0; Stream_Write_UINT8(s, TYPE_RDP_NEG_FAILURE); Stream_Write_UINT8(s, flags); /* flags */ Stream_Write_UINT16(s, 8); /* RDP_NEG_DATA length (8) */ Stream_Write_UINT32(s, errorCode); length += 8; status = FALSE; } else { flags = EXTENDED_CLIENT_DATA_SUPPORTED; if (settings->SupportGraphicsPipeline) flags |= DYNVC_GFX_PROTOCOL_SUPPORTED; /* RDP_NEG_DATA must be present for TLS, NLA, and RDP */ Stream_Write_UINT8(s, TYPE_RDP_NEG_RSP); Stream_Write_UINT8(s, flags); /* flags */ Stream_Write_UINT16(s, 8); /* RDP_NEG_DATA length (8) */ Stream_Write_UINT32(s, nego->SelectedProtocol); /* selectedProtocol */ length += 8; } em = Stream_GetPosition(s); Stream_SetPosition(s, bm); tpkt_write_header(s, length); tpdu_write_connection_confirm(s, length - 5); Stream_SetPosition(s, em); Stream_SealLength(s); if (transport_write(nego->transport, s) < 0) { Stream_Free(s, TRUE); return FALSE; } Stream_Free(s, TRUE); if (status) { /* update settings with negotiated protocol security */ settings->RequestedProtocols = nego->RequestedProtocols; settings->SelectedProtocol = nego->SelectedProtocol; if (settings->SelectedProtocol == PROTOCOL_RDP) { settings->TlsSecurity = FALSE; settings->NlaSecurity = FALSE; settings->RdpSecurity = TRUE; settings->UseRdpSecurityLayer = TRUE; if (settings->EncryptionLevel == ENCRYPTION_LEVEL_NONE) { /** * If the server implementation did not explicitely set a * encryption level we default to client compatible */ settings->EncryptionLevel = ENCRYPTION_LEVEL_CLIENT_COMPATIBLE; } if (settings->LocalConnection) { /** * Note: This hack was firstly introduced in commit 95f5e115 to * disable the unnecessary encryption with peers connecting to * 127.0.0.1 or local unix sockets. * This also affects connections via port tunnels! (e.g. ssh -L) */ WLog_INFO(TAG, "Turning off encryption for local peer with standard rdp security"); settings->UseRdpSecurityLayer = FALSE; settings->EncryptionLevel = ENCRYPTION_LEVEL_NONE; } if (!settings->RdpServerRsaKey && !settings->RdpKeyFile) { WLog_ERR(TAG, "Missing server certificate"); return FALSE; } } else if (settings->SelectedProtocol == PROTOCOL_TLS) { settings->TlsSecurity = TRUE; settings->NlaSecurity = FALSE; settings->RdpSecurity = FALSE; settings->UseRdpSecurityLayer = FALSE; settings->EncryptionLevel = ENCRYPTION_LEVEL_NONE; } else if (settings->SelectedProtocol == PROTOCOL_NLA) { settings->TlsSecurity = TRUE; settings->NlaSecurity = TRUE; settings->RdpSecurity = FALSE; settings->UseRdpSecurityLayer = FALSE; settings->EncryptionLevel = ENCRYPTION_LEVEL_NONE; } } return status; }
BOOL nego_send_negotiation_request(rdpNego* nego) { wStream* s; int length; int bm, em; BYTE flags = 0; int cookie_length; s = Stream_New(NULL, 512); length = TPDU_CONNECTION_REQUEST_LENGTH; bm = Stream_GetPosition(s); Stream_Seek(s, length); if (nego->RoutingToken) { Stream_Write(s, nego->RoutingToken, nego->RoutingTokenLength); /* Ensure Routing Token is correctly terminated - may already be present in string */ if ((nego->RoutingTokenLength > 2) && (nego->RoutingToken[nego->RoutingTokenLength - 2] == 0x0D) && (nego->RoutingToken[nego->RoutingTokenLength - 1] == 0x0A)) { WLog_DBG(TAG, "Routing token looks correctly terminated - use verbatim"); length +=nego->RoutingTokenLength; } else { WLog_DBG(TAG, "Adding terminating CRLF to routing token"); Stream_Write_UINT8(s, 0x0D); /* CR */ Stream_Write_UINT8(s, 0x0A); /* LF */ length += nego->RoutingTokenLength + 2; } } else if (nego->cookie) { cookie_length = strlen(nego->cookie); if (cookie_length > (int) nego->CookieMaxLength) cookie_length = nego->CookieMaxLength; Stream_Write(s, "Cookie: mstshash=", 17); Stream_Write(s, (BYTE*) nego->cookie, cookie_length); Stream_Write_UINT8(s, 0x0D); /* CR */ Stream_Write_UINT8(s, 0x0A); /* LF */ length += cookie_length + 19; } WLog_DBG(TAG, "RequestedProtocols: %d", nego->RequestedProtocols); if ((nego->RequestedProtocols > PROTOCOL_RDP) || (nego->sendNegoData)) { /* RDP_NEG_DATA must be present for TLS and NLA */ if (nego->RestrictedAdminModeRequired) flags |= RESTRICTED_ADMIN_MODE_REQUIRED; Stream_Write_UINT8(s, TYPE_RDP_NEG_REQ); Stream_Write_UINT8(s, flags); Stream_Write_UINT16(s, 8); /* RDP_NEG_DATA length (8) */ Stream_Write_UINT32(s, nego->RequestedProtocols); /* requestedProtocols */ length += 8; } em = Stream_GetPosition(s); Stream_SetPosition(s, bm); tpkt_write_header(s, length); tpdu_write_connection_request(s, length - 5); Stream_SetPosition(s, em); Stream_SealLength(s); if (transport_write(nego->transport, s) < 0) { Stream_Free(s, TRUE); return FALSE; } Stream_Free(s, TRUE); return TRUE; }
static int cmd_psread(int transport, int argc, char *argv[]) { uint8_t array[256]; uint16_t pskey = 0x0000, length, stores = CSR_STORES_DEFAULT; char *str, val[7]; int i, err, reset = 0; OPT_PSKEY(0, &stores, &reset, NULL); while (1) { memset(array, 0, sizeof(array)); array[0] = pskey & 0xff; array[1] = pskey >> 8; array[2] = stores & 0xff; array[3] = stores >> 8; err = transport_read(transport, CSR_VARID_PS_NEXT, array, 8); if (err < 0) break; pskey = array[4] + (array[5] << 8); if (pskey == 0x0000) break; memset(array, 0, sizeof(array)); array[0] = pskey & 0xff; array[1] = pskey >> 8; array[2] = stores & 0xff; array[3] = stores >> 8; err = transport_read(transport, CSR_VARID_PS_SIZE, array, 8); if (err < 0) continue; length = array[2] + (array[3] << 8); if (length + 6 > sizeof(array) / 2) continue; memset(array, 0, sizeof(array)); array[0] = pskey & 0xff; array[1] = pskey >> 8; array[2] = length & 0xff; array[3] = length >> 8; array[4] = stores & 0xff; array[5] = stores >> 8; err = transport_read(transport, CSR_VARID_PS, array, (length + 3) * 2); if (err < 0) continue; str = csr_pskeytoval(pskey); if (!strcasecmp(str, "UNKNOWN")) { sprintf(val, "0x%04x", pskey); str = NULL; } printf("// %s%s\n&%04x =", str ? "PSKEY_" : "", str ? str : val, pskey); for (i = 0; i < length; i++) printf(" %02x%02x", array[(i * 2) + 7], array[(i * 2) + 6]); printf("\n"); } if (reset) transport_write(transport, CSR_VARID_WARM_RESET, NULL, 0); return 0; }