Exemplo n.º 1
static void
rdpdr_send_available(RDPCLIENT * This)

	uint8 magic[4] = "rDAD";
	uint32 driverlen, printerlen, bloblen;
	int i;
	PRINTER *printerinfo;

	s = channel_init(This, This->rdpdr.channel, announcedata_size(This));
	out_uint8a(s, magic, 4);
	out_uint32_le(s, This->num_devices);

	for (i = 0; i < This->num_devices; i++)
		out_uint32_le(s, This->rdpdr_device[i].device_type);
		out_uint32_le(s, i);	/* RDP Device ID */
		/* Is it possible to use share names longer than 8 chars?
		   /astrand */
		out_uint8p(s, This->rdpdr_device[i].name, 8);

		switch (This->rdpdr_device[i].device_type)
				printerinfo = (PRINTER *) This->rdpdr_device[i].pdevice_data;

				driverlen = 2 * strlen(printerinfo->driver) + 2;
				printerlen = 2 * strlen(printerinfo->printer) + 2;
				bloblen = printerinfo->bloblen;

				out_uint32_le(s, 24 + driverlen + printerlen + bloblen);	/* length of extra info */
				out_uint32_le(s, printerinfo->default_printer ? 2 : 0);
				out_uint8s(s, 8);	/* unknown */
				out_uint32_le(s, driverlen);
				out_uint32_le(s, printerlen);
				out_uint32_le(s, bloblen);
				rdp_out_unistr(This, s, printerinfo->driver, driverlen - 2);
				rdp_out_unistr(This, s, printerinfo->printer, printerlen - 2);
				out_uint8a(s, printerinfo->blob, bloblen);

				if (printerinfo->blob)
					xfree(printerinfo->blob);	/* Blob is sent twice if reconnecting */
				out_uint32(s, 0);
#if 0
	out_uint32_le(s, 0x20);	/* Device type 0x20 - smart card */
	out_uint32_le(s, 0);
	out_uint8p(s, "SCARD", 5);
	out_uint8s(s, 3);
	out_uint32(s, 0);

	channel_send(This, s, This->rdpdr.channel);
Exemplo n.º 2
/* Output order capability set */
static void rdp_out_order_caps(STREAM s) {
	uint8 order_caps[32];

	memset(order_caps, 0, 32);
	order_caps[0] = 1; /* dest blt */
	order_caps[1] = 1; /* pat blt */
	order_caps[2] = 1; /* screen blt */
	order_caps[3] = (g_bitmap_cache ? 1 : 0); /* memblt */
	order_caps[4] = 0; /* triblt */
	order_caps[8] = 1; /* line */
	order_caps[9] = 1; /* line */
	order_caps[10] = 1; /* rect */
	order_caps[11] = (g_desktop_save ? 1 : 0); /* desksave */
	order_caps[13] = 1; /* memblt */
	order_caps[14] = 1; /* triblt */
	order_caps[20] = (g_polygon_ellipse_orders ? 1 : 0); /* polygon */
	order_caps[21] = (g_polygon_ellipse_orders ? 1 : 0); /* polygon2 */
	order_caps[22] = 1; /* polyline */
	order_caps[25] = (g_polygon_ellipse_orders ? 1 : 0); /* ellipse */
	order_caps[26] = (g_polygon_ellipse_orders ? 1 : 0); /* ellipse2 */
	order_caps[27] = 1; /* text2 */
	out_uint16_le(s, RDP_CAPSET_ORDER);
	out_uint16_le(s, RDP_CAPLEN_ORDER);

	out_uint8s(s, 20);
	/* Terminal desc, pad */
	out_uint16_le(s, 1);
	/* Cache X granularity */
	out_uint16_le(s, 20);
	/* Cache Y granularity */
	out_uint16(s, 0);
	/* Pad */
	out_uint16_le(s, 1);
	/* Max order level */
	out_uint16_le(s, 0x147);
	/* Number of fonts */
	out_uint16_le(s, 0x2a);
	/* Capability flags */
	out_uint8p(s, order_caps, 32);
	/* Orders supported */
	out_uint16_le(s, 0x6a1);
	/* Text capability flags */
	out_uint8s(s, 6);
	/* Pad */
	out_uint32_le(s, g_desktop_save == False ? 0 : 0x38400);
	/* Desktop cache size */
	out_uint32(s, 0);
	/* Unknown */
	out_uint32_le(s, 0x4e4);
	/* Unknown */
Exemplo n.º 3
/* Send a control PDU */
static void
rdp_send_control(uint16 action)
    STREAM s;

    s = rdp_init_data(8);

    out_uint16_le(s, action);
    out_uint16(s, 0);	/* userid */
    out_uint32(s, 0);	/* control id */

    rdp_send_data(s, RDP_DATA_PDU_CONTROL);
Exemplo n.º 4
static void
cliprdr_send_packet(uint16 type, uint16 status, uint8 * data, uint32 length)

	DEBUG_CLIPBOARD(("CLIPRDR send: type=%d, status=%d, length=%d\n", type, status, length));

	s = channel_init(cliprdr_channel, length + 12);
	out_uint16_le(s, type);
	out_uint16_le(s, status);
	out_uint32_le(s, length);
	out_uint8p(s, data, length);
	out_uint32(s, 0);	/* pad? */
	channel_send(s, cliprdr_channel);
Exemplo n.º 5
/* Send a control PDU */
static BOOL
rdp_send_control(RDPCLIENT * This, uint16 action)

	s = rdp_init_data(This, 8);

	if(s == NULL)
		return False;

	out_uint16_le(s, action);
	out_uint16(s, 0);	/* userid */
	out_uint32(s, 0);	/* control id */

	return rdp_send_data(This, s, RDP_DATA_PDU_CONTROL);
Exemplo n.º 6
static void
iso_send_connection_request(char *username)
	int length = 30 + strlen(username);

	if (g_rdp_version >= RDP_V5 && g_negotiate_rdp_protocol)
		length += 8;

	s = tcp_init(length);

	out_uint8(s, 3);	/* version */
	out_uint8(s, 0);	/* reserved */
	out_uint16_be(s, length);	/* length */

	out_uint8(s, length - 5);	/* hdrlen */
	out_uint8(s, ISO_PDU_CR);
	out_uint16(s, 0);	/* dst_ref */
	out_uint16(s, 0);	/* src_ref */
	out_uint8(s, 0);	/* class */

	out_uint8p(s, "Cookie: mstshash=", strlen("Cookie: mstshash="));
	out_uint8p(s, username, strlen(username));

	out_uint8(s, 0x0d);	/* cookie termination string: CR+LF */
	out_uint8(s, 0x0a);

	if (g_rdp_version >= RDP_V5 && g_negotiate_rdp_protocol)
		/* optional rdp protocol negotiation request for RDPv5 */
		out_uint8(s, RDP_NEG_REQ);
		out_uint8(s, 0);
		out_uint16(s, 8);
		out_uint32(s, PROTOCOL_SSL);

Exemplo n.º 7
static void
rdpdr_send_name(RDPCLIENT * This)
	uint8 magic[4] = "rDNC";
	uint32 hostlen;

	if (NULL == This->rdpdr_clientname)
		This->rdpdr_clientname = This->hostname;
	hostlen = (strlen(This->rdpdr_clientname) + 1) * 2;

	s = channel_init(This, This->rdpdr.channel, 16 + hostlen);
	out_uint8a(s, magic, 4);
	out_uint16_le(s, 0x63);	/* unknown */
	out_uint16_le(s, 0x72);
	out_uint32(s, 0);
	out_uint32_le(s, hostlen);
	rdp_out_unistr(This, s, This->rdpdr_clientname, hostlen - 2);
	channel_send(This, s, This->rdpdr.channel);
Exemplo n.º 8
static void
	uint8 magic[4] = "rDNC";
	uint32 hostlen;

	if (NULL == g_rdpdr_clientname)
		g_rdpdr_clientname = g_hostname;
	hostlen = (strlen(g_rdpdr_clientname) + 1) * 2;

	s = channel_init(rdpdr_channel, 16 + hostlen);
	out_uint8a(s, magic, 4);
	out_uint16_le(s, 0x63);	/* unknown */
	out_uint16_le(s, 0x72);
	out_uint32(s, 0);
	out_uint32_le(s, hostlen);
	rdp_out_unistr(s, g_rdpdr_clientname, hostlen - 2);
	channel_send(s, rdpdr_channel);
Exemplo n.º 9
/* Parse a logon info packet */
static void
rdp_send_logon_info(uint32 flags, char *domain, char *user,
                    char *password, char *program, char *directory)
    char *ipaddr = tcp_get_address();
    /* length of string in TS_INFO_PACKET excludes null terminator */
    int len_domain = 2 * strlen(domain);
    int len_user = 2 * strlen(user);
    int len_password = 2 * strlen(password);
    int len_program = 2 * strlen(program);
    int len_directory = 2 * strlen(directory);

    /* length of strings in TS_EXTENDED_PACKET includes null terminator */
    int len_ip = 2 * strlen(ipaddr) + 2;
    int len_dll = 2 * strlen("C:\\WINNT\\System32\\mstscax.dll") + 2;

    int packetlen = 0;
    uint32 sec_flags = g_encryption ? (SEC_LOGON_INFO | SEC_ENCRYPT) : SEC_LOGON_INFO;
    STREAM s;
    time_t t = time(NULL);
    time_t tzone;
    uint8 security_verifier[16];

    if (g_rdp_version == RDP_V4 || 1 == g_server_rdp_version)
        DEBUG_RDP5(("Sending RDP4-style Logon packet\n"));

        s = sec_init(sec_flags, 18 + len_domain + len_user + len_password
                     + len_program + len_directory + 10);

        out_uint32(s, 0);
        out_uint32_le(s, flags);
        out_uint16_le(s, len_domain);
        out_uint16_le(s, len_user);
        out_uint16_le(s, len_password);
        out_uint16_le(s, len_program);
        out_uint16_le(s, len_directory);
        rdp_out_unistr(s, domain, len_domain);
        rdp_out_unistr(s, user, len_user);
        rdp_out_unistr(s, password, len_password);
        rdp_out_unistr(s, program, len_program);
        rdp_out_unistr(s, directory, len_directory);

        DEBUG_RDP5(("Sending RDP5-style Logon packet\n"));

        if (g_redirect == True && g_redirect_cookie_len > 0)
            len_password = g_redirect_cookie_len;
            len_password -= 2;	/* substract 2 bytes which is added below */

        packetlen =
            /* size of TS_INFO_PACKET */
            4 +	/* CodePage */
            4 +	/* flags */
            2 +	/* cbDomain */
            2 +	/* cbUserName */
            2 +	/* cbPassword */
            2 +	/* cbAlternateShell */
            2 +	/* cbWorkingDir */
            2 + len_domain +	/* Domain */
            2 + len_user +	/* UserName */
            2 + len_password +	/* Password */
            2 + len_program +	/* AlternateShell */
            2 + len_directory +	/* WorkingDir */
            /* size of TS_EXTENDED_INFO_PACKET */
            2 +	/* clientAdressFamily */
            2 +	/* cbClientAdress */
            len_ip +	/* clientAddress */
            2 +	/* cbClientDir */
            len_dll +	/* clientDir */
            /* size of TS_TIME_ZONE_INFORMATION */
            4 +	/* Bias, (UTC = local time + bias */
            64 +	/* StandardName, 32 unicode char array, Descriptive standard time on client */
            16 +	/* StandardDate */
            4 +	/* StandardBias */
            64 +	/* DaylightName, 32 unicode char array */
            16 +	/* DaylightDate */
            4 +	/* DaylightBias */
            4 +	/* clientSessionId */
            4 +	/* performanceFlags */
            2 +	/* cbAutoReconnectCookie, either 0 or 0x001c */
            /* size of ARC_CS_PRIVATE_PACKET */
            28;	/* autoReconnectCookie */

        s = sec_init(sec_flags, packetlen);
        DEBUG_RDP5(("Called sec_init with packetlen %d\n", packetlen));

        /* TS_INFO_PACKET */
        out_uint32(s, 0);	/* Code Page */
        out_uint32_le(s, flags);
        out_uint16_le(s, len_domain);
        out_uint16_le(s, len_user);
        out_uint16_le(s, len_password);
        out_uint16_le(s, len_program);
        out_uint16_le(s, len_directory);

        if (0 < len_domain)
            rdp_out_unistr(s, domain, len_domain);
            out_uint16_le(s, 0);	/* mandatory 2 bytes null terminator */

        if (0 < len_user)
            rdp_out_unistr(s, user, len_user);
            out_uint16_le(s, 0);	/* mandatory 2 bytes null terminator */

        if (0 < len_password)
            if (g_redirect == True && 0 < g_redirect_cookie_len)
                out_uint8p(s, g_redirect_cookie, g_redirect_cookie_len);
                rdp_out_unistr(s, password, len_password);
            out_uint16_le(s, 0);	/* mandatory 2 bytes null terminator */

        if (0 < len_program)
            rdp_out_unistr(s, program, len_program);
            out_uint16_le(s, 0);	/* mandatory 2 bytes null terminator */

        if (0 < len_directory)
            rdp_out_unistr(s, directory, len_directory);
            out_uint16_le(s, 0);	/* mandatory 2 bytes null terminator */

        out_uint16_le(s, 2);	/* clientAddressFamily = AF_INET */
        out_uint16_le(s, len_ip);	/* cbClientAddress, Length of client ip */
        rdp_out_unistr(s, ipaddr, len_ip - 2);	/* clientAddress */
        out_uint16_le(s, len_dll);	/* cbClientDir */
        rdp_out_unistr(s, "C:\\WINNT\\System32\\mstscax.dll", len_dll - 2);	/* clientDir */

        tzone = (mktime(gmtime(&t)) - mktime(localtime(&t))) / 60;
        out_uint32_le(s, tzone);
        rdp_out_unistr(s, "GTB, normaltid", 2 * strlen("GTB, normaltid"));
        out_uint8s(s, 62 - 2 * strlen("GTB, normaltid"));
        out_uint32_le(s, 0x0a0000);
        out_uint32_le(s, 0x050000);
        out_uint32_le(s, 3);
        out_uint32_le(s, 0);
        out_uint32_le(s, 0);
        rdp_out_unistr(s, "GTB, sommartid", 2 * strlen("GTB, sommartid"));
        out_uint8s(s, 62 - 2 * strlen("GTB, sommartid"));
        out_uint32_le(s, 0x30000);
        out_uint32_le(s, 0x050000);
        out_uint32_le(s, 2);
        out_uint32(s, 0);
        out_uint32_le(s, 0xffffffc4);	/* DaylightBias */

        /* Rest of TS_EXTENDED_INFO_PACKET */
        out_uint32_le(s, 0);	/* clientSessionId (Ignored by server MUST be 0) */
        out_uint32_le(s, g_rdp5_performanceflags);

        /* Client Auto-Reconnect */
        if (g_has_reconnect_random)
            out_uint16_le(s, 28);	/* cbAutoReconnectLen */
            /* ARC_CS_PRIVATE_PACKET */
            out_uint32_le(s, 28);	/* cbLen */
            out_uint32_le(s, 1);	/* Version */
            out_uint32_le(s, g_reconnect_logonid);	/* LogonId */
            rdssl_hmac_md5(g_reconnect_random, sizeof(g_reconnect_random),
                           g_client_random, SEC_RANDOM_SIZE, security_verifier);
            out_uint8a(s, security_verifier, sizeof(security_verifier));
            out_uint16_le(s, 0);	/* cbAutoReconnectLen */


    /* clear the redirect flag */
    g_redirect = False;

    sec_send(s, sec_flags);
Exemplo n.º 10
Arquivo: rdp.c Projeto: RPG-7/reactos
/* Parse a logon info packet */
static void
rdp_send_logon_info(uint32 flags, char *domain, char *user,
		    char *password, char *program, char *directory)
	//char *ipaddr = tcp_get_address();
	int len_domain = 2 * strlen(domain);
	int len_user = 2 * strlen(user);
	int len_password = 2 * strlen(password);
	int len_program = 2 * strlen(program);
	int len_directory = 2 * strlen(directory);
	//int len_ip = 2 * strlen(ipaddr);
	//int len_dll = 2 * strlen("C:\\WINNT\\System32\\mstscax.dll");
	//int packetlen = 0;
	uint32 sec_flags = g_encryption ? (SEC_LOGON_INFO | SEC_ENCRYPT) : SEC_LOGON_INFO;
	//time_t t = time(NULL);
	//time_t tzone;

	if (!g_use_rdp5 || 1 == g_server_rdp_version)
		DEBUG_RDP5(("Sending RDP4-style Logon packet\n"));

		s = sec_init(sec_flags, 18 + len_domain + len_user + len_password
			     + len_program + len_directory + 10);

		out_uint32(s, 0);
		out_uint32_le(s, flags);
		out_uint16_le(s, len_domain);
		out_uint16_le(s, len_user);
		out_uint16_le(s, len_password);
		out_uint16_le(s, len_program);
		out_uint16_le(s, len_directory);
		rdp_out_unistr(s, domain, len_domain);
		rdp_out_unistr(s, user, len_user);
		rdp_out_unistr(s, password, len_password);
		rdp_out_unistr(s, program, len_program);
		rdp_out_unistr(s, directory, len_directory);
#if 0
		flags |= RDP_LOGON_BLOB;
		DEBUG_RDP5(("Sending RDP5-style Logon packet\n"));
		packetlen = 4 +	/* Unknown uint32 */
			4 +	/* flags */
			2 +	/* len_domain */
			2 +	/* len_user */
			(flags & RDP_LOGON_AUTO ? 2 : 0) +	/* len_password */
			(flags & RDP_LOGON_BLOB ? 2 : 0) +	/* Length of BLOB */
			2 +	/* len_program */
			2 +	/* len_directory */
			(0 < len_domain ? len_domain : 2) +	/* domain */
			len_user + (flags & RDP_LOGON_AUTO ? len_password : 0) + 0 +	/* We have no 512 byte BLOB. Perhaps we must? */
			(flags & RDP_LOGON_BLOB && !(flags & RDP_LOGON_AUTO) ? 2 : 0) +	/* After the BLOB is a unknown int16. If there is a BLOB, that is. */
			(0 < len_program ? len_program : 2) + (0 < len_directory ? len_directory : 2) + 2 +	/* Unknown (2) */
			2 +	/* Client ip length */
			len_ip +	/* Client ip */
			2 +	/* DLL string length */
			len_dll +	/* DLL string */
			2 +	/* Unknown */
			2 +	/* Unknown */
			64 +	/* Time zone #0 */
			2 +	/* Unknown */
			64 +	/* Time zone #1 */
			32;	/* Unknown */

		s = sec_init(sec_flags, packetlen);
		DEBUG_RDP5(("Called sec_init with packetlen %d\n", packetlen));

		out_uint32(s, 0);	/* Unknown */
		out_uint32_le(s, flags);
		out_uint16_le(s, len_domain);
		out_uint16_le(s, len_user);
		if (flags & RDP_LOGON_AUTO)
			out_uint16_le(s, len_password);

		if (flags & RDP_LOGON_BLOB && !(flags & RDP_LOGON_AUTO))
			out_uint16_le(s, 0);
		out_uint16_le(s, len_program);
		out_uint16_le(s, len_directory);
		if (0 < len_domain)
			rdp_out_unistr(s, domain, len_domain);
			out_uint16_le(s, 0);
		rdp_out_unistr(s, user, len_user);
		if (flags & RDP_LOGON_AUTO)
			rdp_out_unistr(s, password, len_password);
		if (flags & RDP_LOGON_BLOB && !(flags & RDP_LOGON_AUTO))
			out_uint16_le(s, 0);
		if (0 < len_program)
			rdp_out_unistr(s, program, len_program);

			out_uint16_le(s, 0);
		if (0 < len_directory)
			rdp_out_unistr(s, directory, len_directory);
			out_uint16_le(s, 0);
		out_uint16_le(s, 2);
		out_uint16_le(s, len_ip + 2);	/* Length of client ip */
		rdp_out_unistr(s, ipaddr, len_ip);
		out_uint16_le(s, len_dll + 2);
		rdp_out_unistr(s, "C:\\WINNT\\System32\\mstscax.dll", len_dll);

		tzone = (mktime(gmtime(&t)) - mktime(localtime(&t))) / 60;
		out_uint32_le(s, tzone);

		rdp_out_unistr(s, "GTB, normaltid", 2 * strlen("GTB, normaltid"));
		out_uint8s(s, 62 - 2 * strlen("GTB, normaltid"));

		out_uint32_le(s, 0x0a0000);
		out_uint32_le(s, 0x050000);
		out_uint32_le(s, 3);
		out_uint32_le(s, 0);
		out_uint32_le(s, 0);

		rdp_out_unistr(s, "GTB, sommartid", 2 * strlen("GTB, sommartid"));
		out_uint8s(s, 62 - 2 * strlen("GTB, sommartid"));

		out_uint32_le(s, 0x30000);
		out_uint32_le(s, 0x050000);
		out_uint32_le(s, 2);
		out_uint32(s, 0);
		out_uint32_le(s, 0xffffffc4);
		out_uint32_le(s, 0xfffffffe);
		out_uint32_le(s, g_rdp5_performanceflags);
		out_uint32(s, 0);

	sec_send(s, sec_flags);
Exemplo n.º 11
static void
rdpsnd_process_negotiate(STREAM in)
	uint16 in_format_count, i;
	uint8 pad;
	uint16 version;
	STREAM out;
	RD_BOOL device_available = False;
	int readcnt;
	int discardcnt;

	in_uint8s(in, 14);	/* initial bytes not valid from server */
	in_uint16_le(in, in_format_count);
	in_uint8(in, pad);
	in_uint16_le(in, version);
	in_uint8s(in, 1);	/* padding */

	DEBUG_SOUND(("RDPSND: RDPSND_NEGOTIATE(formats: %d, pad: 0x%02x, version: %x)\n",
		     (int) in_format_count, (unsigned) pad, (unsigned) version));

	if (rdpsnd_negotiated)
		error("RDPSND: Extra RDPSND_NEGOTIATE in the middle of a session\n");
		/* Do a complete reset of the sound state */

	if (!current_driver && g_rdpsnd)
		device_available = rdpsnd_auto_select();

	if (current_driver && !device_available && current_driver->wave_out_open())
		device_available = True;

	format_count = 0;
	if (s_check_rem(in, 18 * in_format_count))
		for (i = 0; i < in_format_count; i++)
			format = &formats[format_count];
			in_uint16_le(in, format->wFormatTag);
			in_uint16_le(in, format->nChannels);
			in_uint32_le(in, format->nSamplesPerSec);
			in_uint32_le(in, format->nAvgBytesPerSec);
			in_uint16_le(in, format->nBlockAlign);
			in_uint16_le(in, format->wBitsPerSample);
			in_uint16_le(in, format->cbSize);

			/* read in the buffer of unknown use */
			readcnt = format->cbSize;
			discardcnt = 0;
			if (format->cbSize > MAX_CBSIZE)
				fprintf(stderr, "cbSize too large for buffer: %d\n",
				readcnt = MAX_CBSIZE;
				discardcnt = format->cbSize - MAX_CBSIZE;
			in_uint8a(in, format->cb, readcnt);
			in_uint8s(in, discardcnt);

			if (current_driver && current_driver->wave_out_format_supported(format))
				if (format_count == MAX_FORMATS)

	out = rdpsnd_init_packet(RDPSND_NEGOTIATE | 0x200, 20 + 18 * format_count);

	uint32 flags = TSSNDCAPS_VOLUME;

	/* if sound is enabled, set snd caps to alive to enable
	   transmision of audio from server */
	if (g_rdpsnd)
	out_uint32_le(out, flags);	/* TSSNDCAPS flags */

	out_uint32(out, 0xffffffff);	/* volume */
	out_uint32(out, 0);	/* pitch */
	out_uint16(out, 0);	/* UDP port */

	out_uint16_le(out, format_count);
	out_uint8(out, 0);	/* padding */
	out_uint16_le(out, 2);	/* version */
	out_uint8(out, 0);	/* padding */

	for (i = 0; i < format_count; i++)
		format = &formats[i];
		out_uint16_le(out, format->wFormatTag);
		out_uint16_le(out, format->nChannels);
		out_uint32_le(out, format->nSamplesPerSec);
		out_uint32_le(out, format->nAvgBytesPerSec);
		out_uint16_le(out, format->nBlockAlign);
		out_uint16_le(out, format->wBitsPerSample);
		out_uint16(out, 0);	/* cbSize */


	DEBUG_SOUND(("RDPSND: -> RDPSND_NEGOTIATE(formats: %d)\n", (int) format_count));


	rdpsnd_negotiated = True;
Exemplo n.º 12
/* Parse a logon info packet */
static void
rdp_send_logon_info(uint32 flags, char *domain, char *user,
		    char *password, char *program, char *directory)
	char *ipaddr = tcp_get_address();
	int len_domain = 2 * strlen(domain);
	int len_user = 2 * strlen(user);
	int len_password = 2 * strlen(password);
	int len_program = 2 * strlen(program);
	int len_directory = 2 * strlen(directory);
	int len_ip = 2 * strlen(ipaddr);
	int len_dll = 2 * strlen("C:\\WINNT\\System32\\mstscax.dll");
	int packetlen = 0;
	uint32 sec_flags = g_encryption ? (SEC_LOGON_INFO | SEC_ENCRYPT) : SEC_LOGON_INFO;
	time_t t = time(NULL);
	time_t tzone;
	uint8 security_verifier[16];

	if (g_rdp_version == RDP_V4 || 1 == g_server_rdp_version)
		DEBUG_RDP5(("Sending RDP4-style Logon packet\n"));

		s = sec_init(sec_flags, 18 + len_domain + len_user + len_password
			     + len_program + len_directory + 10);

		out_uint32(s, 0);
		out_uint32_le(s, flags);
		out_uint16_le(s, len_domain);
		out_uint16_le(s, len_user);
		out_uint16_le(s, len_password);
		out_uint16_le(s, len_program);
		out_uint16_le(s, len_directory);
		rdp_out_unistr(s, domain, len_domain);
		rdp_out_unistr(s, user, len_user);
		rdp_out_unistr(s, password, len_password);
		rdp_out_unistr(s, program, len_program);
		rdp_out_unistr(s, directory, len_directory);

		flags |= RDP_LOGON_BLOB;
		DEBUG_RDP5(("Sending RDP5-style Logon packet\n"));
		packetlen = 4 +	/* Unknown uint32 */
			4 +	/* flags */
			2 +	/* len_domain */
			2 +	/* len_user */
			(flags & RDP_LOGON_AUTO ? 2 : 0) +	/* len_password */
			(flags & RDP_LOGON_BLOB ? 2 : 0) +	/* Length of BLOB */
			2 +	/* len_program */
			2 +	/* len_directory */
			(0 < len_domain ? len_domain : 2) +	/* domain */
			len_user + (flags & RDP_LOGON_AUTO ? len_password : 0) + 0 +	/* We have no 512 byte BLOB. Perhaps we must? */
			(flags & RDP_LOGON_BLOB && !(flags & RDP_LOGON_AUTO) ? 2 : 0) +	/* After the BLOB is a unknown int16. If there is a BLOB, that is. */
			(0 < len_program ? len_program : 2) + (0 < len_directory ? len_directory : 2) + 2 +	/* Unknown (2) */
			2 +	/* Client ip length */
			len_ip +	/* Client ip */
			2 +	/* DLL string length */
			len_dll +	/* DLL string */
			2 +	/* Unknown */
			2 +	/* Unknown */
			64 +	/* Time zone #0 */
			2 +	/* Unknown */
			64 +	/* Time zone #1 */
			32;	/* Unknown */

		s = sec_init(sec_flags, packetlen);
		DEBUG_RDP5(("Called sec_init with packetlen %d\n", packetlen));

		out_uint32(s, 0);	/* Unknown */
		out_uint32_le(s, flags);
		out_uint16_le(s, len_domain);
		out_uint16_le(s, len_user);
		if (flags & RDP_LOGON_AUTO)
			out_uint16_le(s, len_password);

		if (flags & RDP_LOGON_BLOB && !(flags & RDP_LOGON_AUTO))
			out_uint16_le(s, 0);
		out_uint16_le(s, len_program);
		out_uint16_le(s, len_directory);
		if (0 < len_domain)
			rdp_out_unistr(s, domain, len_domain);
			out_uint16_le(s, 0);
		rdp_out_unistr(s, user, len_user);
		if (flags & RDP_LOGON_AUTO)
			rdp_out_unistr(s, password, len_password);
		if (flags & RDP_LOGON_BLOB && !(flags & RDP_LOGON_AUTO))
			out_uint16_le(s, 0);
		if (0 < len_program)
			rdp_out_unistr(s, program, len_program);

			out_uint16_le(s, 0);
		if (0 < len_directory)
			rdp_out_unistr(s, directory, len_directory);
			out_uint16_le(s, 0);
		out_uint16_le(s, 2);	/* clientAddressFamily = AF_INET */
		out_uint16_le(s, len_ip + 2);	/* cbClientAddress, Length of client ip */
		rdp_out_unistr(s, ipaddr, len_ip);	/* clientAddress */
		out_uint16_le(s, len_dll + 2);	/* cbClientDir */
		rdp_out_unistr(s, "C:\\WINNT\\System32\\mstscax.dll", len_dll);	/* clientDir */

		tzone = (mktime(gmtime(&t)) - mktime(localtime(&t))) / 60;
		out_uint32_le(s, tzone);
		rdp_out_unistr(s, "GTB, normaltid", 2 * strlen("GTB, normaltid"));
		out_uint8s(s, 62 - 2 * strlen("GTB, normaltid"));
		out_uint32_le(s, 0x0a0000);
		out_uint32_le(s, 0x050000);
		out_uint32_le(s, 3);
		out_uint32_le(s, 0);
		out_uint32_le(s, 0);
		rdp_out_unistr(s, "GTB, sommartid", 2 * strlen("GTB, sommartid"));
		out_uint8s(s, 62 - 2 * strlen("GTB, sommartid"));
		out_uint32_le(s, 0x30000);
		out_uint32_le(s, 0x050000);
		out_uint32_le(s, 2);
		out_uint32(s, 0);
		out_uint32_le(s, 0xffffffc4);	/* DaylightBias */

		out_uint32_le(s, 0xfffffffe);	/* clientSessionId, consider changing to 0 */
		out_uint32_le(s, g_rdp5_performanceflags);

		/* Client Auto-Reconnect */
		if (g_has_reconnect_random)
			out_uint16_le(s, 28);	/* cbAutoReconnectLen */
			out_uint32_le(s, 28);	/* cbLen */
			out_uint32_le(s, 1);	/* Version */
			out_uint32_le(s, g_reconnect_logonid);	/* LogonId */
			rdssl_hmac_md5(g_reconnect_random, sizeof(g_reconnect_random),
				       g_client_random, SEC_RANDOM_SIZE, security_verifier);
			out_uint8a(s, security_verifier, sizeof(security_verifier));
			out_uint16_le(s, 0);	/* cbAutoReconnectLen */

	sec_send(s, sec_flags);
Exemplo n.º 13
rdpsnd_process_negotiate(STREAM in)
	unsigned int in_format_count, i;
	STREAM out;
	BOOL device_available = False;
	int readcnt;
	int discardcnt;

	in_uint8s(in, 14);	/* flags, volume, pitch, UDP port */
	in_uint16_le(in, in_format_count);
	in_uint8s(in, 4);	/* pad, status, pad */

	if (wave_out_open())
		device_available = True;

	format_count = 0;
	if (s_check_rem(in, 18 * in_format_count))
		for (i = 0; i < in_format_count; i++)
			format = &formats[format_count];
			in_uint16_le(in, format->wFormatTag);
			in_uint16_le(in, format->nChannels);
			in_uint32_le(in, format->nSamplesPerSec);
			in_uint32_le(in, format->nAvgBytesPerSec);
			in_uint16_le(in, format->nBlockAlign);
			in_uint16_le(in, format->wBitsPerSample);
			in_uint16_le(in, format->cbSize);

			/* read in the buffer of unknown use */
			readcnt = format->cbSize;
			discardcnt = 0;
			if (format->cbSize > MAX_CBSIZE)
				fprintf(stderr, "cbSize too large for buffer: %d\n",
				readcnt = MAX_CBSIZE;
				discardcnt = format->cbSize - MAX_CBSIZE;
			in_uint8a(in, format->cb, readcnt);
			in_uint8s(in, discardcnt);

			if (device_available && wave_out_format_supported(format))
				if (format_count == MAX_FORMATS)

	out = rdpsnd_init_packet(RDPSND_NEGOTIATE | 0x200, 20 + 18 * format_count);
	out_uint32_le(out, 3);	/* flags */
	out_uint32(out, 0xffffffff);	/* volume */
	out_uint32(out, 0);	/* pitch */
	out_uint16(out, 0);	/* UDP port */

	out_uint16_le(out, format_count);
	out_uint8(out, 0x95);	/* pad? */
	out_uint16_le(out, 2);	/* status */
	out_uint8(out, 0x77);	/* pad? */

	for (i = 0; i < format_count; i++)
		format = &formats[i];
		out_uint16_le(out, format->wFormatTag);
		out_uint16_le(out, format->nChannels);
		out_uint32_le(out, format->nSamplesPerSec);
		out_uint32_le(out, format->nAvgBytesPerSec);
		out_uint16_le(out, format->nBlockAlign);
		out_uint16_le(out, format->wBitsPerSample);
		out_uint16(out, 0);	/* cbSize */
