projects / reactos.git / blob
? search:


e1b09673324eabe3283c34409b405bae2e97f78b
[reactos.git] / reactos / base / applications / mstsc / rdp.c
1 /* -*- c-basic-offset: 8 -*-
2 rdesktop: A Remote Desktop Protocol client.
3 Protocol services - RDP layer
4 Copyright (C) Matthew Chapman <matthewc.unsw.edu.au> 1999-2008
5 Copyright 2003-2011 Peter Astrand <astrand@cendio.se> for Cendio AB
6 Copyright 2011-2014 Henrik Andersson <hean01@cendio.se> for Cendio AB
7
8 This program is free software: you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation, either version 3 of the License, or
11 (at your option) any later version.
12
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
17
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
20 */
21
22 #include "precomp.h"
23
24 extern uint16 g_mcs_userid;
25 extern char g_username[256];
26 extern char g_password[256];
27 char g_codepage[16];
28 extern RD_BOOL g_bitmap_compression;
29 extern RD_BOOL g_orders;
30 extern RD_BOOL g_encryption;
31 extern RD_BOOL g_desktop_save;
32 extern RD_BOOL g_polygon_ellipse_orders;
33 extern RDP_VERSION g_rdp_version;
34 extern uint16 g_server_rdp_version;
35 extern uint32 g_rdp5_performanceflags;
36 extern int g_server_depth;
37 extern int g_width;
38 extern int g_height;
39 extern RD_BOOL g_bitmap_cache;
40 extern RD_BOOL g_bitmap_cache_persist_enable;
41 extern RD_BOOL g_numlock_sync;
42 extern RD_BOOL g_pending_resize;
43 extern RD_BOOL g_network_error;
44
45 uint8 *g_next_packet;
46 uint32 g_rdp_shareid;
47
48 extern RDPCOMP g_mppc_dict;
49
50 /* Session Directory support */
51 extern RD_BOOL g_redirect;
52 extern char *g_redirect_server;
53 extern uint32 g_redirect_server_len;
54 extern char *g_redirect_domain;
55 extern uint32 g_redirect_domain_len;
56 extern char *g_redirect_username;
57 extern uint32 g_redirect_username_len;
58 extern uint8 *g_redirect_lb_info;
59 extern uint32 g_redirect_lb_info_len;
60 extern uint8 *g_redirect_cookie;
61 extern uint32 g_redirect_cookie_len;
62 extern uint32 g_redirect_flags;
63 extern uint32 g_redirect_session_id;
64
65 /* END Session Directory support */
66
67 extern uint32 g_reconnect_logonid;
68 extern char g_reconnect_random[16];
69 extern time_t g_reconnect_random_ts;
70 extern RD_BOOL g_has_reconnect_random;
71 extern uint8 g_client_random[SEC_RANDOM_SIZE];
72
73 void rdssl_hmac_md5(char* key, int keylen, char* data, int len, char* output);
74
75 #if WITH_DEBUG
76 static uint32 g_packetno;
77 #endif
78
79 #ifdef HAVE_ICONV
80 static RD_BOOL g_iconv_works = True;
81 #endif
82
83 /* Receive an RDP packet */
84 static STREAM
85 rdp_recv(uint8 * type)
86 {
87 static STREAM rdp_s;
88 uint16 length, pdu_type;
89 uint8 rdpver;
90
91 if ((rdp_s == NULL) || (g_next_packet >= rdp_s->end) || (g_next_packet == NULL))
92 {
93 rdp_s = sec_recv(&rdpver);
94 if (rdp_s == NULL)
95 return NULL;
96 if (rdpver == 0xff)
97 {
98 g_next_packet = rdp_s->end;
99 *type = 0;
100 return rdp_s;
101 }
102 else if (rdpver != 3)
103 {
104 /* rdp5_process should move g_next_packet ok */
105 rdp5_process(rdp_s);
106 *type = 0;
107 return rdp_s;
108 }
109
110 g_next_packet = rdp_s->p;
111 }
112 else
113 {
114 rdp_s->p = g_next_packet;
115 }
116
117 in_uint16_le(rdp_s, length);
118 /* 32k packets are really 8, keepalive fix */
119 if (length == 0x8000)
120 {
121 g_next_packet += 8;
122 *type = 0;
123 return rdp_s;
124 }
125 in_uint16_le(rdp_s, pdu_type);
126 in_uint8s(rdp_s, 2); /* userid */
127 *type = pdu_type & 0xf;
128
129 #ifdef WITH_DEBUG
130 DEBUG(("RDP packet #%d, (type %x)\n", ++g_packetno, *type));
131 hexdump(g_next_packet, length);
132 #endif /* */
133
134 g_next_packet += length;
135 return rdp_s;
136 }
137
138 /* Initialise an RDP data packet */
139 static STREAM
140 rdp_init_data(int maxlen)
141 {
142 STREAM s;
143
144 s = sec_init(g_encryption ? SEC_ENCRYPT : 0, maxlen + 18);
145 s_push_layer(s, rdp_hdr, 18);
146
147 return s;
148 }
149
150 /* Send an RDP data packet */
151 static void
152 rdp_send_data(STREAM s, uint8 data_pdu_type)
153 {
154 uint16 length;
155
156 s_pop_layer(s, rdp_hdr);
157 length = s->end - s->p;
158
159 out_uint16_le(s, length);
160 out_uint16_le(s, (RDP_PDU_DATA | 0x10));
161 out_uint16_le(s, (g_mcs_userid + 1001));
162
163 out_uint32_le(s, g_rdp_shareid);
164 out_uint8(s, 0); /* pad */
165 out_uint8(s, 1); /* streamid */
166 out_uint16_le(s, (length - 14));
167 out_uint8(s, data_pdu_type);
168 out_uint8(s, 0); /* compress_type */
169 out_uint16(s, 0); /* compress_len */
170
171 sec_send(s, g_encryption ? SEC_ENCRYPT : 0);
172 }
173
174 /* Output a string in Unicode with mandatory null termination. If
175 string is NULL or len is 0, write an unicode null termination to
176 stream. */
177 void
178 rdp_out_unistr_mandatory_null(STREAM s, char *string, int len)
179 {
180 if (string && len > 0)
181 rdp_out_unistr(s, string, len);
182 else
183 out_uint16_le(s, 0);
184 }
185
186 /* Output a string in Unicode */
187 void
188 rdp_out_unistr(STREAM s, char *string, int len)
189 {
190 if (string == NULL || len == 0)
191 return;
192
193 #ifdef HAVE_ICONV
194 size_t ibl = strlen(string), obl = len + 2;
195 static iconv_t iconv_h = (iconv_t) - 1;
196 char *pin = string, *pout = (char *) s->p;
197
198 memset(pout, 0, len + 4);
199
200 if (g_iconv_works)
201 {
202 if (iconv_h == (iconv_t) - 1)
203 {
204 size_t i = 1, o = 4;
205 if ((iconv_h = iconv_open(WINDOWS_CODEPAGE, g_codepage)) == (iconv_t) - 1)
206 {
207 warning("rdp_out_unistr: iconv_open[%s -> %s] fail %d\n",
208 g_codepage, WINDOWS_CODEPAGE, (int) iconv_h);
209
210 g_iconv_works = False;
211 rdp_out_unistr(s, string, len);
212 return;
213 }
214 if (iconv(iconv_h, (ICONV_CONST char **) &pin, &i, &pout, &o) ==
215 (size_t) - 1)
216 {
217 iconv_close(iconv_h);
218 iconv_h = (iconv_t) - 1;
219 warning("rdp_out_unistr: iconv(1) fail, errno %d\n", errno);
220
221 g_iconv_works = False;
222 rdp_out_unistr(s, string, len);
223 return;
224 }
225 pin = string;
226 pout = (char *) s->p;
227 }
228
229 if (iconv(iconv_h, (ICONV_CONST char **) &pin, &ibl, &pout, &obl) == (size_t) - 1)
230 {
231 iconv_close(iconv_h);
232 iconv_h = (iconv_t) - 1;
233 warning("rdp_out_unistr: iconv(2) fail, errno %d\n", errno);
234
235 g_iconv_works = False;
236 rdp_out_unistr(s, string, len);
237 return;
238 }
239
240 s->p += len + 2;
241
242 }
243 else
244 #endif
245 {
246 int i = 0, j = 0;
247
248 len += 2;
249
250 while (i < len)
251 {
252 s->p[i++] = string[j++];
253 s->p[i++] = 0;
254 }
255
256 s->p += len;
257 }
258 }
259
260 /* Input a string in Unicode
261 *
262 * Returns str_len of string
263 */
264 void
265 rdp_in_unistr(STREAM s, int in_len, char **string, uint32 * str_size)
266 {
267 /* Dynamic allocate of destination string if not provided */
268 *string = xmalloc(in_len * 2);
269 *str_size = in_len * 2;
270
271 #ifdef HAVE_ICONV
272 size_t ibl = in_len, obl = *str_size - 1;
273 char *pin = (char *) s->p, *pout = *string;
274 static iconv_t iconv_h = (iconv_t) - 1;
275
276 if (g_iconv_works)
277 {
278 if (iconv_h == (iconv_t) - 1)
279 {
280 if ((iconv_h = iconv_open(g_codepage, WINDOWS_CODEPAGE)) == (iconv_t) - 1)
281 {
282 warning("rdp_in_unistr: iconv_open[%s -> %s] fail %d\n",
283 WINDOWS_CODEPAGE, g_codepage, (int) iconv_h);
284
285 g_iconv_works = False;
286 return rdp_in_unistr(s, in_len, string, str_size);
287 }
288 }
289
290 if (iconv(iconv_h, (ICONV_CONST char **) &pin, &ibl, &pout, &obl) == (size_t) - 1)
291 {
292 if (errno == E2BIG)
293 {
294 warning("server sent an unexpectedly long string, truncating\n");
295 }
296 else
297 {
298 warning("rdp_in_unistr: iconv fail, errno %d\n", errno);
299
300 free(*string);
301 *string = NULL;
302 *str_size = 0;
303 }
304 }
305
306 /* we must update the location of the current STREAM for future reads of s->p */
307 s->p += in_len;
308
309 *pout = 0;
310
311 if (*string)
312 *str_size = pout - *string;
313 }
314 else
315 #endif
316 {
317 int i = 0;
318 int rem = 0;
319 uint32 len = in_len / 2;
320
321 if (len > *str_size - 1)
322 {
323 warning("server sent an unexpectedly long string, truncating\n");
324 len = *str_size - 1;
325 rem = in_len - 2 * len;
326 }
327
328 while (i < len)
329 {
330 in_uint8a(s, &string[i++], 1);
331 in_uint8s(s, 1);
332 }
333
334 in_uint8s(s, rem);
335 string[len] = 0;
336 *str_size = len;
337 }
338 }
339
340
341 /* Parse a logon info packet */
342 static void
343 rdp_send_logon_info(uint32 flags, char *domain, char *user,
344 char *password, char *program, char *directory)
345 {
346 char *ipaddr = tcp_get_address();
347 /* length of string in TS_INFO_PACKET excludes null terminator */
348 int len_domain = 2 * strlen(domain);
349 int len_user = 2 * strlen(user);
350 int len_password = 2 * strlen(password);
351 int len_program = 2 * strlen(program);
352 int len_directory = 2 * strlen(directory);
353
354 /* length of strings in TS_EXTENDED_PACKET includes null terminator */
355 char dllName[MAX_PATH];
356 int len_ip = 2 * strlen(ipaddr) + 2;
357 int len_dll = 0;
358
359 int packetlen = 0;
360 uint32 sec_flags = g_encryption ? (SEC_INFO_PKT | SEC_ENCRYPT) : SEC_INFO_PKT;
361 STREAM s;
362 time_t t = time(NULL);
363 time_t tzone;
364 uint8 security_verifier[16];
365
366 GetModuleFileNameA(NULL, dllName, ARRAYSIZE(dllName));
367 len_dll = 2 * strlen(dllName) + 2;
368
369 if (g_rdp_version == RDP_V4 || 1 == g_server_rdp_version)
370 {
371 DEBUG_RDP5(("Sending RDP4-style Logon packet\n"));
372
373 s = sec_init(sec_flags, 18 + len_domain + len_user + len_password
374 + len_program + len_directory + 10);
375
376 out_uint32(s, 0);
377 out_uint32_le(s, flags);
378 out_uint16_le(s, len_domain);
379 out_uint16_le(s, len_user);
380 out_uint16_le(s, len_password);
381 out_uint16_le(s, len_program);
382 out_uint16_le(s, len_directory);
383
384 rdp_out_unistr_mandatory_null(s, domain, len_domain);
385 rdp_out_unistr_mandatory_null(s, user, len_user);
386 rdp_out_unistr_mandatory_null(s, password, len_password);
387 rdp_out_unistr_mandatory_null(s, program, len_program);
388 rdp_out_unistr_mandatory_null(s, directory, len_directory);
389 }
390 else
391 {
392 DEBUG_RDP5(("Sending RDP5-style Logon packet\n"));
393
394 if (g_redirect == True && g_redirect_cookie_len > 0)
395 {
396 flags |= RDP_INFO_AUTOLOGON;
397 len_password = g_redirect_cookie_len;
398 len_password -= 2; /* substract 2 bytes which is added below */
399 }
400
401 packetlen =
402 /* size of TS_INFO_PACKET */
403 4 + /* CodePage */
404 4 + /* flags */
405 2 + /* cbDomain */
406 2 + /* cbUserName */
407 2 + /* cbPassword */
408 2 + /* cbAlternateShell */
409 2 + /* cbWorkingDir */
410 2 + len_domain + /* Domain */
411 2 + len_user + /* UserName */
412 2 + len_password + /* Password */
413 2 + len_program + /* AlternateShell */
414 2 + len_directory + /* WorkingDir */
415 /* size of TS_EXTENDED_INFO_PACKET */
416 2 + /* clientAddressFamily */
417 2 + /* cbClientAddress */
418 len_ip + /* clientAddress */
419 2 + /* cbClientDir */
420 len_dll + /* clientDir */
421 /* size of TS_TIME_ZONE_INFORMATION */
422 4 + /* Bias, (UTC = local time + bias */
423 64 + /* StandardName, 32 unicode char array, Descriptive standard time on client */
424 16 + /* StandardDate */
425 4 + /* StandardBias */
426 64 + /* DaylightName, 32 unicode char array */
427 16 + /* DaylightDate */
428 4 + /* DaylightBias */
429 4 + /* clientSessionId */
430 4 + /* performanceFlags */
431 2 + /* cbAutoReconnectCookie, either 0 or 0x001c */
432 /* size of ARC_CS_PRIVATE_PACKET */
433 28; /* autoReconnectCookie */
434
435
436 s = sec_init(sec_flags, packetlen);
437 DEBUG_RDP5(("Called sec_init with packetlen %d\n", packetlen));
438
439 /* TS_INFO_PACKET */
440 out_uint32(s, 0); /* Code Page */
441 out_uint32_le(s, flags);
442 out_uint16_le(s, len_domain);
443 out_uint16_le(s, len_user);
444 out_uint16_le(s, len_password);
445 out_uint16_le(s, len_program);
446 out_uint16_le(s, len_directory);
447
448 rdp_out_unistr_mandatory_null(s, domain, len_domain);
449 rdp_out_unistr_mandatory_null(s, user, len_user);
450
451 if (g_redirect == True && 0 < g_redirect_cookie_len)
452 {
453 out_uint8p(s, g_redirect_cookie, g_redirect_cookie_len);
454 }
455 else
456 {
457 rdp_out_unistr_mandatory_null(s, password, len_password);
458 }
459
460
461 rdp_out_unistr_mandatory_null(s, program, len_program);
462 rdp_out_unistr_mandatory_null(s, directory, len_directory);
463
464 /* TS_EXTENDED_INFO_PACKET */
465 out_uint16_le(s, 2); /* clientAddressFamily = AF_INET */
466 out_uint16_le(s, len_ip); /* cbClientAddress */
467 rdp_out_unistr_mandatory_null(s, ipaddr, len_ip - 2); /* clientAddress */
468 out_uint16_le(s, len_dll); /* cbClientDir */
469 rdp_out_unistr(s, dllName, len_dll - 2); /* clientDir */
470
471 /* TS_TIME_ZONE_INFORMATION */
472 tzone = (mktime(gmtime(&t)) - mktime(localtime(&t))) / 60;
473 out_uint32_le(s, tzone);
474 rdp_out_unistr(s, "GTB, normaltid", 2 * strlen("GTB, normaltid"));
475 out_uint8s(s, 62 - 2 * strlen("GTB, normaltid"));
476 out_uint32_le(s, 0x0a0000);
477 out_uint32_le(s, 0x050000);
478 out_uint32_le(s, 3);
479 out_uint32_le(s, 0);
480 out_uint32_le(s, 0);
481 rdp_out_unistr(s, "GTB, sommartid", 2 * strlen("GTB, sommartid"));
482 out_uint8s(s, 62 - 2 * strlen("GTB, sommartid"));
483 out_uint32_le(s, 0x30000);
484 out_uint32_le(s, 0x050000);
485 out_uint32_le(s, 2);
486 out_uint32(s, 0);
487 out_uint32_le(s, 0xffffffc4); /* DaylightBias */
488
489 /* Rest of TS_EXTENDED_INFO_PACKET */
490 out_uint32_le(s, 0); /* clientSessionId (Ignored by server MUST be 0) */
491 out_uint32_le(s, g_rdp5_performanceflags);
492
493 /* Client Auto-Reconnect */
494 if (g_has_reconnect_random)
495 {
496 out_uint16_le(s, 28); /* cbAutoReconnectLen */
497 /* ARC_CS_PRIVATE_PACKET */
498 out_uint32_le(s, 28); /* cbLen */
499 out_uint32_le(s, 1); /* Version */
500 out_uint32_le(s, g_reconnect_logonid); /* LogonId */
501 rdssl_hmac_md5(g_reconnect_random, sizeof(g_reconnect_random),
502 (char *)g_client_random, SEC_RANDOM_SIZE, (char *)security_verifier);
503 out_uint8a(s, security_verifier, sizeof(security_verifier));
504 }
505 else
506 {
507 out_uint16_le(s, 0); /* cbAutoReconnectLen */
508 }
509 }
510 s_mark_end(s);
511
512 /* clear the redirect flag */
513 g_redirect = False;
514
515 sec_send(s, sec_flags);
516 }
517
518 /* Send a control PDU */
519 static void
520 rdp_send_control(uint16 action)
521 {
522 STREAM s;
523
524 s = rdp_init_data(8);
525
526 out_uint16_le(s, action);
527 out_uint16(s, 0); /* userid */
528 out_uint32(s, 0); /* control id */
529
530 s_mark_end(s);
531 rdp_send_data(s, RDP_DATA_PDU_CONTROL);
532 }
533
534 /* Send a synchronisation PDU */
535 static void
536 rdp_send_synchronise(void)
537 {
538 STREAM s;
539
540 s = rdp_init_data(4);
541
542 out_uint16_le(s, 1); /* type */
543 out_uint16_le(s, 1002);
544
545 s_mark_end(s);
546 rdp_send_data(s, RDP_DATA_PDU_SYNCHRONISE);
547 }
548
549 /* Send a single input event */
550 void
551 rdp_send_input(uint32 time, uint16 message_type, uint16 device_flags, uint16 param1, uint16 param2)
552 {
553 STREAM s;
554
555 s = rdp_init_data(16);
556
557 out_uint16_le(s, 1); /* number of events */
558 out_uint16(s, 0); /* pad */
559
560 out_uint32_le(s, time);
561 out_uint16_le(s, message_type);
562 out_uint16_le(s, device_flags);
563 out_uint16_le(s, param1);
564 out_uint16_le(s, param2);
565
566 s_mark_end(s);
567 rdp_send_data(s, RDP_DATA_PDU_INPUT);
568 }
569
570 /* Send a client window information PDU */
571 void
572 rdp_send_client_window_status(int status)
573 {
574 STREAM s;
575 static int current_status = 1;
576
577 if (current_status == status)
578 return;
579
580 s = rdp_init_data(12);
581
582 out_uint32_le(s, status);
583
584 switch (status)
585 {
586 case 0: /* shut the server up */
587 break;
588
589 case 1: /* receive data again */
590 out_uint32_le(s, 0); /* unknown */
591 out_uint16_le(s, g_width);
592 out_uint16_le(s, g_height);
593 break;
594 }
595
596 s_mark_end(s);
597 rdp_send_data(s, RDP_DATA_PDU_CLIENT_WINDOW_STATUS);
598 current_status = status;
599 }
600
601 /* Send persistent bitmap cache enumeration PDU's */
602 static void
603 rdp_enum_bmpcache2(void)
604 {
605 STREAM s;
606 HASH_KEY keylist[BMPCACHE2_NUM_PSTCELLS];
607 uint32 num_keys, offset, count, flags;
608
609 offset = 0;
610 num_keys = pstcache_enumerate(2, keylist);
611
612 while (offset < num_keys)
613 {
614 count = MIN(num_keys - offset, 169);
615
616 s = rdp_init_data(24 + count * sizeof(HASH_KEY));
617
618 flags = 0;
619 if (offset == 0)
620 flags |= PDU_FLAG_FIRST;
621 if (num_keys - offset <= 169)
622 flags |= PDU_FLAG_LAST;
623
624 /* header */
625 out_uint32_le(s, 0);
626 out_uint16_le(s, count);
627 out_uint16_le(s, 0);
628 out_uint16_le(s, 0);
629 out_uint16_le(s, 0);
630 out_uint16_le(s, 0);
631 out_uint16_le(s, num_keys);
632 out_uint32_le(s, 0);
633 out_uint32_le(s, flags);
634
635 /* list */
636 out_uint8a(s, keylist[offset], count * sizeof(HASH_KEY));
637
638 s_mark_end(s);
639 rdp_send_data(s, 0x2b);
640
641 offset += 169;
642 }
643 }
644
645 /* Send an (empty) font information PDU */
646 static void
647 rdp_send_fonts(uint16 seq)
648 {
649 STREAM s;
650
651 s = rdp_init_data(8);
652
653 out_uint16(s, 0); /* number of fonts */
654 out_uint16_le(s, 0); /* pad? */
655 out_uint16_le(s, seq); /* unknown */
656 out_uint16_le(s, 0x32); /* entry size */
657
658 s_mark_end(s);
659 rdp_send_data(s, RDP_DATA_PDU_FONT2);
660 }
661
662 /* Output general capability set */
663 static void
664 rdp_out_general_caps(STREAM s)
665 {
666 out_uint16_le(s, RDP_CAPSET_GENERAL);
667 out_uint16_le(s, RDP_CAPLEN_GENERAL);
668
669 out_uint16_le(s, 1); /* OS major type */
670 out_uint16_le(s, 3); /* OS minor type */
671 out_uint16_le(s, 0x200); /* Protocol version */
672 out_uint16(s, 0); /* Pad */
673 out_uint16(s, 0); /* Compression types */
674 out_uint16_le(s, (g_rdp_version >= RDP_V5) ? 0x40d : 0);
675 /* Pad, according to T.128. 0x40d seems to
676 trigger
677 the server to start sending RDP5 packets.
678 However, the value is 0x1d04 with W2KTSK and
679 NT4MS. Hmm.. Anyway, thankyou, Microsoft,
680 for sending such information in a padding
681 field.. */
682 out_uint16(s, 0); /* Update capability */
683 out_uint16(s, 0); /* Remote unshare capability */
684 out_uint16(s, 0); /* Compression level */
685 out_uint16(s, 0); /* Pad */
686 }
687
688 /* Output bitmap capability set */
689 static void
690 rdp_out_bitmap_caps(STREAM s)
691 {
692 out_uint16_le(s, RDP_CAPSET_BITMAP);
693 out_uint16_le(s, RDP_CAPLEN_BITMAP);
694
695 out_uint16_le(s, g_server_depth); /* Preferred colour depth */
696 out_uint16_le(s, 1); /* Receive 1 BPP */
697 out_uint16_le(s, 1); /* Receive 4 BPP */
698 out_uint16_le(s, 1); /* Receive 8 BPP */
699 out_uint16_le(s, 800); /* Desktop width */
700 out_uint16_le(s, 600); /* Desktop height */
701 out_uint16(s, 0); /* Pad */
702 out_uint16(s, 1); /* Allow resize */
703 out_uint16_le(s, g_bitmap_compression ? 1 : 0); /* Support compression */
704 out_uint16(s, 0); /* Unknown */
705 out_uint16_le(s, 1); /* Unknown */
706 out_uint16(s, 0); /* Pad */
707 }
708
709 /* Output order capability set */
710 static void
711 rdp_out_order_caps(STREAM s)
712 {
713 uint8 order_caps[32];
714
715 memset(order_caps, 0, 32);
716 order_caps[0] = 1; /* dest blt */
717 order_caps[1] = 1; /* pat blt */
718 order_caps[2] = 1; /* screen blt */
719 order_caps[3] = (g_bitmap_cache ? 1 : 0); /* memblt */
720 order_caps[4] = 0; /* triblt */
721 order_caps[8] = 1; /* line */
722 order_caps[9] = 1; /* line */
723 order_caps[10] = 1; /* rect */
724 order_caps[11] = (g_desktop_save ? 1 : 0); /* desksave */
725 order_caps[13] = 1; /* memblt */
726 order_caps[14] = 1; /* triblt */
727 order_caps[20] = (g_polygon_ellipse_orders ? 1 : 0); /* polygon */
728 order_caps[21] = (g_polygon_ellipse_orders ? 1 : 0); /* polygon2 */
729 order_caps[22] = 1; /* polyline */
730 order_caps[25] = (g_polygon_ellipse_orders ? 1 : 0); /* ellipse */
731 order_caps[26] = (g_polygon_ellipse_orders ? 1 : 0); /* ellipse2 */
732 order_caps[27] = 1; /* text2 */
733 out_uint16_le(s, RDP_CAPSET_ORDER);
734 out_uint16_le(s, RDP_CAPLEN_ORDER);
735
736 out_uint8s(s, 20); /* Terminal desc, pad */
737 out_uint16_le(s, 1); /* Cache X granularity */
738 out_uint16_le(s, 20); /* Cache Y granularity */
739 out_uint16(s, 0); /* Pad */
740 out_uint16_le(s, 1); /* Max order level */
741 out_uint16_le(s, 0x147); /* Number of fonts */
742 out_uint16_le(s, 0x2a); /* Capability flags */
743 out_uint8p(s, order_caps, 32); /* Orders supported */
744 out_uint16_le(s, 0x6a1); /* Text capability flags */
745 out_uint8s(s, 6); /* Pad */
746 out_uint32_le(s, g_desktop_save == False ? 0 : 0x38400); /* Desktop cache size */
747 out_uint32(s, 0); /* Unknown */
748 out_uint32_le(s, 0x4e4); /* Unknown */
749 }
750
751 /* Output bitmap cache capability set */
752 static void
753 rdp_out_bmpcache_caps(STREAM s)
754 {
755 int Bpp;
756 out_uint16_le(s, RDP_CAPSET_BMPCACHE);
757 out_uint16_le(s, RDP_CAPLEN_BMPCACHE);
758
759 Bpp = (g_server_depth + 7) / 8; /* bytes per pixel */
760 out_uint8s(s, 24); /* unused */
761 out_uint16_le(s, 0x258); /* entries */
762 out_uint16_le(s, 0x100 * Bpp); /* max cell size */
763 out_uint16_le(s, 0x12c); /* entries */
764 out_uint16_le(s, 0x400 * Bpp); /* max cell size */
765 out_uint16_le(s, 0x106); /* entries */
766 out_uint16_le(s, 0x1000 * Bpp); /* max cell size */
767 }
768
769 /* Output bitmap cache v2 capability set */
770 static void
771 rdp_out_bmpcache2_caps(STREAM s)
772 {
773 out_uint16_le(s, RDP_CAPSET_BMPCACHE2);
774 out_uint16_le(s, RDP_CAPLEN_BMPCACHE2);
775
776 out_uint16_le(s, g_bitmap_cache_persist_enable ? 2 : 0); /* version */
777
778 out_uint16_be(s, 3); /* number of caches in this set */
779
780 /* max cell size for cache 0 is 16x16, 1 = 32x32, 2 = 64x64, etc */
781 out_uint32_le(s, BMPCACHE2_C0_CELLS);
782 out_uint32_le(s, BMPCACHE2_C1_CELLS);
783 if (pstcache_init(2))
784 {
785 out_uint32_le(s, BMPCACHE2_NUM_PSTCELLS | BMPCACHE2_FLAG_PERSIST);
786 }
787 else
788 {
789 out_uint32_le(s, BMPCACHE2_C2_CELLS);
790 }
791 out_uint8s(s, 20); /* other bitmap caches not used */
792 }
793
794 /* Output control capability set */
795 static void
796 rdp_out_control_caps(STREAM s)
797 {
798 out_uint16_le(s, RDP_CAPSET_CONTROL);
799 out_uint16_le(s, RDP_CAPLEN_CONTROL);
800
801 out_uint16(s, 0); /* Control capabilities */
802 out_uint16(s, 0); /* Remote detach */
803 out_uint16_le(s, 2); /* Control interest */
804 out_uint16_le(s, 2); /* Detach interest */
805 }
806
807 /* Output activation capability set */
808 static void
809 rdp_out_activate_caps(STREAM s)
810 {
811 out_uint16_le(s, RDP_CAPSET_ACTIVATE);
812 out_uint16_le(s, RDP_CAPLEN_ACTIVATE);
813
814 out_uint16(s, 0); /* Help key */
815 out_uint16(s, 0); /* Help index key */
816 out_uint16(s, 0); /* Extended help key */
817 out_uint16(s, 0); /* Window activate */
818 }
819
820 /* Output pointer capability set */
821 static void
822 rdp_out_pointer_caps(STREAM s)
823 {
824 out_uint16_le(s, RDP_CAPSET_POINTER);
825 out_uint16_le(s, RDP_CAPLEN_POINTER);
826
827 out_uint16(s, 0); /* Colour pointer */
828 out_uint16_le(s, 20); /* Cache size */
829 }
830
831 /* Output new pointer capability set */
832 static void
833 rdp_out_newpointer_caps(STREAM s)
834 {
835 out_uint16_le(s, RDP_CAPSET_POINTER);
836 out_uint16_le(s, RDP_CAPLEN_NEWPOINTER);
837
838 out_uint16_le(s, 1); /* Colour pointer */
839 out_uint16_le(s, 20); /* Cache size */
840 out_uint16_le(s, 20); /* Cache size for new pointers */
841 }
842
843 /* Output share capability set */
844 static void
845 rdp_out_share_caps(STREAM s)
846 {
847 out_uint16_le(s, RDP_CAPSET_SHARE);
848 out_uint16_le(s, RDP_CAPLEN_SHARE);
849
850 out_uint16(s, 0); /* userid */
851 out_uint16(s, 0); /* pad */
852 }
853
854 /* Output colour cache capability set */
855 static void
856 rdp_out_colcache_caps(STREAM s)
857 {
858 out_uint16_le(s, RDP_CAPSET_COLCACHE);
859 out_uint16_le(s, RDP_CAPLEN_COLCACHE);
860
861 out_uint16_le(s, 6); /* cache size */
862 out_uint16(s, 0); /* pad */
863 }
864
865 /* Output brush cache capability set */
866 static void
867 rdp_out_brushcache_caps(STREAM s)
868 {
869 out_uint16_le(s, RDP_CAPSET_BRUSHCACHE);
870 out_uint16_le(s, RDP_CAPLEN_BRUSHCACHE);
871 out_uint32_le(s, 1); /* cache type */
872 }
873
874 static uint8 caps_0x0d[] = {
875 0x01, 0x00, 0x00, 0x00, 0x09, 0x04, 0x00, 0x00,
876 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
877 0x0C, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
878 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
879 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
880 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
881 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
882 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
883 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
884 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
885 0x00, 0x00, 0x00, 0x00
886 };
887
888 static uint8 caps_0x0c[] = { 0x01, 0x00, 0x00, 0x00 };
889
890 static uint8 caps_0x0e[] = { 0x01, 0x00, 0x00, 0x00 };
891
892 static uint8 caps_0x10[] = {
893 0xFE, 0x00, 0x04, 0x00, 0xFE, 0x00, 0x04, 0x00,
894 0xFE, 0x00, 0x08, 0x00, 0xFE, 0x00, 0x08, 0x00,
895 0xFE, 0x00, 0x10, 0x00, 0xFE, 0x00, 0x20, 0x00,
896 0xFE, 0x00, 0x40, 0x00, 0xFE, 0x00, 0x80, 0x00,
897 0xFE, 0x00, 0x00, 0x01, 0x40, 0x00, 0x00, 0x08,
898 0x00, 0x01, 0x00, 0x01, 0x02, 0x00, 0x00, 0x00
899 };
900
901 /* Output unknown capability sets */
902 static void
903 rdp_out_unknown_caps(STREAM s, uint16 id, uint16 length, uint8 * caps)
904 {
905 out_uint16_le(s, id);
906 out_uint16_le(s, length);
907
908 out_uint8p(s, caps, length - 4);
909 }
910
911 #define RDP5_FLAG 0x0030
912 /* Send a confirm active PDU */
913 static void
914 rdp_send_confirm_active(void)
915 {
916 STREAM s;
917 uint32 sec_flags = g_encryption ? (RDP5_FLAG | SEC_ENCRYPT) : RDP5_FLAG;
918 uint16 caplen =
919 RDP_CAPLEN_GENERAL + RDP_CAPLEN_BITMAP + RDP_CAPLEN_ORDER +
920 RDP_CAPLEN_COLCACHE +
921 RDP_CAPLEN_ACTIVATE + RDP_CAPLEN_CONTROL +
922 RDP_CAPLEN_SHARE +
923 RDP_CAPLEN_BRUSHCACHE + 0x58 + 0x08 + 0x08 + 0x34 /* unknown caps */ +
924 4 /* w2k fix, sessionid */ ;
925
926 if (g_rdp_version >= RDP_V5)
927 {
928 caplen += RDP_CAPLEN_BMPCACHE2;
929 caplen += RDP_CAPLEN_NEWPOINTER;
930 }
931 else
932 {
933 caplen += RDP_CAPLEN_BMPCACHE;
934 caplen += RDP_CAPLEN_POINTER;
935 }
936
937 s = sec_init(sec_flags, 6 + 14 + caplen + sizeof(RDP_SOURCE));
938
939 out_uint16_le(s, 2 + 14 + caplen + sizeof(RDP_SOURCE));
940 out_uint16_le(s, (RDP_PDU_CONFIRM_ACTIVE | 0x10)); /* Version 1 */
941 out_uint16_le(s, (g_mcs_userid + 1001));
942
943 out_uint32_le(s, g_rdp_shareid);
944 out_uint16_le(s, 0x3ea); /* userid */
945 out_uint16_le(s, sizeof(RDP_SOURCE));
946 out_uint16_le(s, caplen);
947
948 out_uint8p(s, RDP_SOURCE, sizeof(RDP_SOURCE));
949 out_uint16_le(s, 0xe); /* num_caps */
950 out_uint8s(s, 2); /* pad */
951
952 rdp_out_general_caps(s);
953 rdp_out_bitmap_caps(s);
954 rdp_out_order_caps(s);
955 if (g_rdp_version >= RDP_V5)
956 {
957 rdp_out_bmpcache2_caps(s);
958 rdp_out_newpointer_caps(s);
959 }
960 else
961 {
962 rdp_out_bmpcache_caps(s);
963 rdp_out_pointer_caps(s);
964 }
965 rdp_out_colcache_caps(s);
966 rdp_out_activate_caps(s);
967 rdp_out_control_caps(s);
968 rdp_out_share_caps(s);
969 rdp_out_brushcache_caps(s);
970
971 rdp_out_unknown_caps(s, 0x0d, 0x58, caps_0x0d); /* CAPSTYPE_INPUT */
972 rdp_out_unknown_caps(s, 0x0c, 0x08, caps_0x0c); /* CAPSTYPE_SOUND */
973 rdp_out_unknown_caps(s, 0x0e, 0x08, caps_0x0e); /* CAPSTYPE_FONT */
974 rdp_out_unknown_caps(s, 0x10, 0x34, caps_0x10); /* CAPSTYPE_GLYPHCACHE */
975
976 s_mark_end(s);
977 sec_send(s, sec_flags);
978 }
979
980 /* Process a general capability set */
981 static void
982 rdp_process_general_caps(STREAM s)
983 {
984 uint16 pad2octetsB; /* rdp5 flags? */
985
986 in_uint8s(s, 10);
987 in_uint16_le(s, pad2octetsB);
988
989 if (!pad2octetsB)
990 g_rdp_version = RDP_V4;
991 }
992
993 /* Process a bitmap capability set */
994 static void
995 rdp_process_bitmap_caps(STREAM s)
996 {
997 uint16 width, height, depth;
998
999 in_uint16_le(s, depth);
1000 in_uint8s(s, 6);
1001
1002 in_uint16_le(s, width);
1003 in_uint16_le(s, height);
1004
1005 DEBUG(("setting desktop size and depth to: %dx%dx%d\n", width, height, depth));
1006
1007 /*
1008 * The server may limit depth and change the size of the desktop (for
1009 * example when shadowing another session).
1010 */
1011 if (g_server_depth != depth)
1012 {
1013 warning("Remote desktop does not support colour depth %d; falling back to %d\n",
1014 g_server_depth, depth);
1015 g_server_depth = depth;
1016 }
1017 if (g_width != width || g_height != height)
1018 {
1019 warning("Remote desktop changed from %dx%d to %dx%d.\n", g_width, g_height,
1020 width, height);
1021 g_width = width;
1022 g_height = height;
1023 ui_resize_window();
1024 }
1025 }
1026
1027 /* Process server capabilities */
1028 static void
1029 rdp_process_server_caps(STREAM s, uint16 length)
1030 {
1031 int n;
1032 uint8 *next, *start;
1033 uint16 ncapsets, capset_type, capset_length;
1034
1035 start = s->p;
1036
1037 in_uint16_le(s, ncapsets);
1038 in_uint8s(s, 2); /* pad */
1039
1040 for (n = 0; n < ncapsets; n++)
1041 {
1042 if (s->p > start + length)
1043 return;
1044
1045 in_uint16_le(s, capset_type);
1046 in_uint16_le(s, capset_length);
1047
1048 next = s->p + capset_length - 4;
1049
1050 switch (capset_type)
1051 {
1052 case RDP_CAPSET_GENERAL:
1053 rdp_process_general_caps(s);
1054 break;
1055
1056 case RDP_CAPSET_BITMAP:
1057 rdp_process_bitmap_caps(s);
1058 break;
1059 }
1060
1061 s->p = next;
1062 }
1063 }
1064
1065 /* Respond to a demand active PDU */
1066 static void
1067 process_demand_active(STREAM s)
1068 {
1069 uint8 type;
1070 uint16 len_src_descriptor, len_combined_caps;
1071
1072 in_uint32_le(s, g_rdp_shareid);
1073 in_uint16_le(s, len_src_descriptor);
1074 in_uint16_le(s, len_combined_caps);
1075 in_uint8s(s, len_src_descriptor);
1076
1077 DEBUG(("DEMAND_ACTIVE(id=0x%x)\n", g_rdp_shareid));
1078 rdp_process_server_caps(s, len_combined_caps);
1079
1080 rdp_send_confirm_active();
1081 rdp_send_synchronise();
1082 rdp_send_control(RDP_CTL_COOPERATE);
1083 rdp_send_control(RDP_CTL_REQUEST_CONTROL);
1084 rdp_recv(&type); /* RDP_PDU_SYNCHRONIZE */
1085 rdp_recv(&type); /* RDP_CTL_COOPERATE */
1086 rdp_recv(&type); /* RDP_CTL_GRANT_CONTROL */
1087 rdp_send_input(0, RDP_INPUT_SYNCHRONIZE, 0,
1088 g_numlock_sync ? ui_get_numlock_state(read_keyboard_state()) : 0, 0);
1089
1090 if (g_rdp_version >= RDP_V5)
1091 {
1092 rdp_enum_bmpcache2();
1093 rdp_send_fonts(3);
1094 }
1095 else
1096 {
1097 rdp_send_fonts(1);
1098 rdp_send_fonts(2);
1099 }
1100
1101 rdp_recv(&type); /* RDP_PDU_UNKNOWN 0x28 (Fonts?) */
1102 reset_order_state();
1103 }
1104
1105 /* Process a colour pointer PDU */
1106 static void
1107 process_colour_pointer_common(STREAM s, int bpp)
1108 {
1109 uint16 width, height, cache_idx, masklen, datalen;
1110 uint16 x, y;
1111 uint8 *mask;
1112 uint8 *data;
1113 RD_HCURSOR cursor;
1114
1115 in_uint16_le(s, cache_idx);
1116 in_uint16_le(s, x);
1117 in_uint16_le(s, y);
1118 in_uint16_le(s, width);
1119 in_uint16_le(s, height);
1120 in_uint16_le(s, masklen);
1121 in_uint16_le(s, datalen);
1122 in_uint8p(s, data, datalen);
1123 in_uint8p(s, mask, masklen);
1124 if ((width != 32) || (height != 32))
1125 {
1126 warning("process_colour_pointer_common: " "width %d height %d\n", width, height);
1127 }
1128
1129 /* keep hotspot within cursor bounding box */
1130 x = MIN(x, width - 1);
1131 y = MIN(y, height - 1);
1132 cursor = ui_create_cursor(x, y, width, height, mask, data, bpp);
1133 ui_set_cursor(cursor);
1134 cache_put_cursor(cache_idx, cursor);
1135 }
1136
1137 /* Process a colour pointer PDU */
1138 void
1139 process_colour_pointer_pdu(STREAM s)
1140 {
1141 process_colour_pointer_common(s, 24);
1142 }
1143
1144 /* Process a New Pointer PDU - these pointers have variable bit depth */
1145 void
1146 process_new_pointer_pdu(STREAM s)
1147 {
1148 int xor_bpp;
1149
1150 in_uint16_le(s, xor_bpp);
1151 process_colour_pointer_common(s, xor_bpp);
1152 }
1153
1154 /* Process a cached pointer PDU */
1155 void
1156 process_cached_pointer_pdu(STREAM s)
1157 {
1158 uint16 cache_idx;
1159
1160 in_uint16_le(s, cache_idx);
1161 ui_set_cursor(cache_get_cursor(cache_idx));
1162 }
1163
1164 /* Process a system pointer PDU */
1165 void
1166 process_system_pointer_pdu(STREAM s)
1167 {
1168 uint16 system_pointer_type;
1169
1170 in_uint16_le(s, system_pointer_type);
1171 switch (system_pointer_type)
1172 {
1173 case RDP_NULL_POINTER:
1174 ui_set_null_cursor();
1175 break;
1176
1177 default:
1178 unimpl("System pointer message 0x%x\n", system_pointer_type);
1179 }
1180 }
1181
1182 /* Process a pointer PDU */
1183 static void
1184 process_pointer_pdu(STREAM s)
1185 {
1186 uint16 message_type;
1187 uint16 x, y;
1188
1189 in_uint16_le(s, message_type);
1190 in_uint8s(s, 2); /* pad */
1191
1192 switch (message_type)
1193 {
1194 case RDP_POINTER_MOVE:
1195 in_uint16_le(s, x);
1196 in_uint16_le(s, y);
1197 if (s_check(s))
1198 ui_move_pointer(x, y);
1199 break;
1200
1201 case RDP_POINTER_COLOR:
1202 process_colour_pointer_pdu(s);
1203 break;
1204
1205 case RDP_POINTER_CACHED:
1206 process_cached_pointer_pdu(s);
1207 break;
1208
1209 case RDP_POINTER_SYSTEM:
1210 process_system_pointer_pdu(s);
1211 break;
1212
1213 case RDP_POINTER_NEW:
1214 process_new_pointer_pdu(s);
1215 break;
1216
1217 default:
1218 unimpl("Pointer message 0x%x\n", message_type);
1219 }
1220 }
1221
1222 /* Process bitmap updates */
1223 void
1224 process_bitmap_updates(STREAM s)
1225 {
1226 uint16 num_updates;
1227 uint16 left, top, right, bottom, width, height;
1228 uint16 cx, cy, bpp, Bpp, compress, bufsize, size;
1229 uint8 *data, *bmpdata;
1230 int i;
1231
1232 in_uint16_le(s, num_updates);
1233
1234 for (i = 0; i < num_updates; i++)
1235 {
1236 in_uint16_le(s, left);
1237 in_uint16_le(s, top);
1238 in_uint16_le(s, right);
1239 in_uint16_le(s, bottom);
1240 in_uint16_le(s, width);
1241 in_uint16_le(s, height);
1242 in_uint16_le(s, bpp);
1243 Bpp = (bpp + 7) / 8;
1244 in_uint16_le(s, compress);
1245 in_uint16_le(s, bufsize);
1246
1247 cx = right - left + 1;
1248 cy = bottom - top + 1;
1249
1250 DEBUG(("BITMAP_UPDATE(l=%d,t=%d,r=%d,b=%d,w=%d,h=%d,Bpp=%d,cmp=%d)\n",
1251 left, top, right, bottom, width, height, Bpp, compress));
1252
1253 if (!compress)
1254 {
1255 int y;
1256 bmpdata = (uint8 *) xmalloc(width * height * Bpp);
1257 for (y = 0; y < height; y++)
1258 {
1259 in_uint8a(s, &bmpdata[(height - y - 1) * (width * Bpp)],
1260 width * Bpp);
1261 }
1262 ui_paint_bitmap(left, top, cx, cy, width, height, bmpdata);
1263 xfree(bmpdata);
1264 continue;
1265 }
1266
1267
1268 if (compress & 0x400)
1269 {
1270 size = bufsize;
1271 }
1272 else
1273 {
1274 in_uint8s(s, 2); /* pad */
1275 in_uint16_le(s, size);
1276 in_uint8s(s, 4); /* line_size, final_size */
1277 }
1278 in_uint8p(s, data, size);
1279 bmpdata = (uint8 *) xmalloc(width * height * Bpp);
1280 if (bitmap_decompress(bmpdata, width, height, data, size, Bpp))
1281 {
1282 ui_paint_bitmap(left, top, cx, cy, width, height, bmpdata);
1283 }
1284 else
1285 {
1286 DEBUG_RDP5(("Failed to decompress data\n"));
1287 }
1288
1289 xfree(bmpdata);
1290 }
1291 }
1292
1293 /* Process a palette update */
1294 void
1295 process_palette(STREAM s)
1296 {
1297 COLOURENTRY *entry;
1298 COLOURMAP map;
1299 RD_HCOLOURMAP hmap;
1300 int i;
1301
1302 in_uint8s(s, 2); /* pad */
1303 in_uint16_le(s, map.ncolours);
1304 in_uint8s(s, 2); /* pad */
1305
1306 map.colours = (COLOURENTRY *) xmalloc(sizeof(COLOURENTRY) * map.ncolours);
1307
1308 DEBUG(("PALETTE(c=%d)\n", map.ncolours));
1309
1310 for (i = 0; i < map.ncolours; i++)
1311 {
1312 entry = &map.colours[i];
1313 in_uint8(s, entry->red);
1314 in_uint8(s, entry->green);
1315 in_uint8(s, entry->blue);
1316 }
1317
1318 hmap = ui_create_colourmap(&map);
1319 ui_set_colourmap(hmap);
1320
1321 xfree(map.colours);
1322 }
1323
1324 /* Process an update PDU */
1325 static void
1326 process_update_pdu(STREAM s)
1327 {
1328 uint16 update_type, count;
1329
1330 in_uint16_le(s, update_type);
1331
1332 ui_begin_update();
1333 switch (update_type)
1334 {
1335 case RDP_UPDATE_ORDERS:
1336 in_uint8s(s, 2); /* pad */
1337 in_uint16_le(s, count);
1338 in_uint8s(s, 2); /* pad */
1339 process_orders(s, count);
1340 break;
1341
1342 case RDP_UPDATE_BITMAP:
1343 process_bitmap_updates(s);
1344 break;
1345
1346 case RDP_UPDATE_PALETTE:
1347 process_palette(s);
1348 break;
1349
1350 case RDP_UPDATE_SYNCHRONIZE:
1351 break;
1352
1353 default:
1354 unimpl("update %d\n", update_type);
1355 }
1356 ui_end_update();
1357 }
1358
1359
1360 /* Process a Save Session Info PDU */
1361 void
1362 process_pdu_logon(STREAM s)
1363 {
1364 uint32 infotype;
1365 in_uint32_le(s, infotype);
1366 if (infotype == INFOTYPE_LOGON_EXTENDED_INF)
1367 {
1368 uint32 fieldspresent;
1369
1370 in_uint8s(s, 2); /* Length */
1371 in_uint32_le(s, fieldspresent);
1372 if (fieldspresent & LOGON_EX_AUTORECONNECTCOOKIE)
1373 {
1374 uint32 len;
1375 uint32 version;
1376
1377 /* TS_LOGON_INFO_FIELD */
1378 in_uint8s(s, 4); /* cbFieldData */
1379
1380 /* ARC_SC_PRIVATE_PACKET */
1381 in_uint32_le(s, len);
1382 if (len != 28)
1383 {
1384 warning("Invalid length in Auto-Reconnect packet\n");
1385 return;
1386 }
1387
1388 in_uint32_le(s, version);
1389 if (version != 1)
1390 {
1391 warning("Unsupported version of Auto-Reconnect packet\n");
1392 return;
1393 }
1394
1395 in_uint32_le(s, g_reconnect_logonid);
1396 in_uint8a(s, g_reconnect_random, 16);
1397 g_has_reconnect_random = True;
1398 g_reconnect_random_ts = time(NULL);
1399 DEBUG(("Saving auto-reconnect cookie, id=%u\n", g_reconnect_logonid));
1400 }
1401 }
1402 }
1403
1404
1405 /* Process a disconnect PDU */
1406 void
1407 process_disconnect_pdu(STREAM s, uint32 * ext_disc_reason)
1408 {
1409 in_uint32_le(s, *ext_disc_reason);
1410
1411 DEBUG(("Received disconnect PDU\n"));
1412 }
1413
1414 /* Process data PDU */
1415 static RD_BOOL
1416 process_data_pdu(STREAM s, uint32 * ext_disc_reason)
1417 {
1418 uint8 data_pdu_type;
1419 uint8 ctype;
1420 uint16 clen;
1421 uint32 len;
1422
1423 uint32 roff, rlen;
1424
1425 struct stream *ns = &(g_mppc_dict.ns);
1426
1427 in_uint8s(s, 6); /* shareid, pad, streamid */
1428 in_uint16_le(s, len);
1429 in_uint8(s, data_pdu_type);
1430 in_uint8(s, ctype);
1431 in_uint16_le(s, clen);
1432 clen -= 18;
1433
1434 if (ctype & RDP_MPPC_COMPRESSED)
1435 {
1436 if (len > RDP_MPPC_DICT_SIZE)
1437 error("error decompressed packet size exceeds max\n");
1438 if (mppc_expand(s->p, clen, ctype, &roff, &rlen) == -1)
1439 error("error while decompressing packet\n");
1440
1441 /* len -= 18; */
1442
1443 /* allocate memory and copy the uncompressed data into the temporary stream */
1444 ns->data = (uint8 *) xrealloc(ns->data, rlen);
1445
1446 memcpy((ns->data), (unsigned char *) (g_mppc_dict.hist + roff), rlen);
1447
1448 ns->size = rlen;
1449 ns->end = (ns->data + ns->size);
1450 ns->p = ns->data;
1451 ns->rdp_hdr = ns->p;
1452
1453 s = ns;
1454 }
1455
1456 switch (data_pdu_type)
1457 {
1458 case RDP_DATA_PDU_UPDATE:
1459 process_update_pdu(s);
1460 break;
1461
1462 case RDP_DATA_PDU_CONTROL:
1463 DEBUG(("Received Control PDU\n"));
1464 break;
1465
1466 case RDP_DATA_PDU_SYNCHRONISE:
1467 DEBUG(("Received Sync PDU\n"));
1468 break;
1469
1470 case RDP_DATA_PDU_POINTER:
1471 process_pointer_pdu(s);
1472 break;
1473
1474 case RDP_DATA_PDU_BELL:
1475 ui_bell();
1476 break;
1477
1478 case RDP_DATA_PDU_LOGON:
1479 DEBUG(("Received Logon PDU\n"));
1480 /* User logged on */
1481 process_pdu_logon(s);
1482 break;
1483
1484 case RDP_DATA_PDU_DISCONNECT:
1485 process_disconnect_pdu(s, ext_disc_reason);
1486
1487 /* We used to return true and disconnect immediately here, but
1488 * Windows Vista sends a disconnect PDU with reason 0 when
1489 * reconnecting to a disconnected session, and MSTSC doesn't
1490 * drop the connection. I think we should just save the status.
1491 */
1492 break;
1493
1494 case RDP_DATA_PDU_AUTORECONNECT_STATUS:
1495 warning("Automatic reconnect using cookie, failed.\n");
1496 break;
1497
1498 default:
1499 unimpl("data PDU %d\n", data_pdu_type);
1500 }
1501 return False;
1502 }
1503
1504 /* Process redirect PDU from Session Directory */
1505 static RD_BOOL
1506 process_redirect_pdu(STREAM s, RD_BOOL enhanced_redirect /*, uint32 * ext_disc_reason */ )
1507 {
1508 uint32 len;
1509 uint16 redirect_identifier;
1510
1511 /* reset any previous redirection information */
1512 g_redirect = True;
1513 free(g_redirect_server);
1514 free(g_redirect_username);
1515 free(g_redirect_domain);
1516 free(g_redirect_lb_info);
1517 free(g_redirect_cookie);
1518
1519 g_redirect_server = NULL;
1520 g_redirect_username = NULL;
1521 g_redirect_domain = NULL;
1522 g_redirect_lb_info = NULL;
1523 g_redirect_cookie = NULL;
1524
1525 /* these 2 bytes are unknown, seem to be zeros */
1526 in_uint8s(s, 2);
1527
1528 /* FIXME: Previous implementation only reads 4 bytes which has been working
1529 but todays spec says something different. Investigate and retest
1530 server redirection using WTS 2003 cluster.
1531 */
1532
1533 if (enhanced_redirect)
1534 {
1535 /* read identifier */
1536 in_uint16_le(s, redirect_identifier);
1537 if (redirect_identifier != 0x0400)
1538 error("Protocol error in server redirection, unexpected data.");
1539
1540 /* FIXME: skip total length */
1541 in_uint8s(s, 2);
1542
1543 /* read session_id */
1544 in_uint32_le(s, g_redirect_session_id);
1545 }
1546
1547 /* read connection flags */
1548 in_uint32_le(s, g_redirect_flags);
1549
1550 if (g_redirect_flags & LB_TARGET_NET_ADDRESS)
1551 {
1552 /* read length of ip string */
1553 in_uint32_le(s, len);
1554
1555 /* read ip string */
1556 rdp_in_unistr(s, len, &g_redirect_server, &g_redirect_server_len);
1557 }
1558
1559 if (g_redirect_flags & LB_LOAD_BALANCE_INFO)
1560 {
1561 /* read length of load balance info blob */
1562 in_uint32_le(s, g_redirect_lb_info_len);
1563
1564 /* reallocate a loadbalance info blob */
1565 if (g_redirect_lb_info != NULL)
1566 free(g_redirect_lb_info);
1567
1568 g_redirect_lb_info = xmalloc(g_redirect_lb_info_len);
1569
1570 /* read load balance info blob */
1571 in_uint8p(s, g_redirect_lb_info, g_redirect_lb_info_len);
1572 }
1573
1574 if (g_redirect_flags & LB_USERNAME)
1575 {
1576 /* read length of username string */
1577 in_uint32_le(s, len);
1578
1579 /* read username string */
1580 rdp_in_unistr(s, len, &g_redirect_username, &g_redirect_username_len);
1581 }
1582
1583 if (g_redirect_flags & LB_DOMAIN)
1584 {
1585 /* read length of domain string */
1586 in_uint32_le(s, len);
1587
1588 /* read domain string */
1589 rdp_in_unistr(s, len, &g_redirect_domain, &g_redirect_domain_len);
1590 }
1591
1592 if (g_redirect_flags & LB_PASSWORD)
1593 {
1594 /* the information in this blob is either a password or a cookie that
1595 should be passed though as blob and not parsed as a unicode string */
1596
1597 /* read blob length */
1598 in_uint32_le(s, g_redirect_cookie_len);
1599
1600 /* reallocate cookie blob */
1601 if (g_redirect_cookie != NULL)
1602 free(g_redirect_cookie);
1603
1604 g_redirect_cookie = xmalloc(g_redirect_cookie_len);
1605
1606 /* read cookie as is */
1607 in_uint8p(s, g_redirect_cookie, g_redirect_cookie_len);
1608 }
1609
1610 if (g_redirect_flags & LB_DONTSTOREUSERNAME)
1611 {
1612 warning("LB_DONTSTOREUSERNAME set\n");
1613 }
1614
1615 if (g_redirect_flags & LB_SMARTCARD_LOGON)
1616 {
1617 warning("LB_SMARTCARD_LOGON set\n");
1618 }
1619
1620 if (g_redirect_flags & LB_NOREDIRECT)
1621 {
1622 /* By spec this is only for information and doesn't mean that an actual
1623 redirect should be performed. How it should be used is not mentioned. */
1624 g_redirect = False;
1625 }
1626
1627 if (g_redirect_flags & LB_TARGET_FQDN)
1628 {
1629 in_uint32_le(s, len);
1630
1631 /* Let target fqdn replace target ip address */
1632 if (g_redirect_server)
1633 {
1634 free(g_redirect_server);
1635 g_redirect_server = NULL;
1636 }
1637
1638 /* read fqdn string */
1639 rdp_in_unistr(s, len, &g_redirect_server, &g_redirect_server_len);
1640 }
1641
1642 if (g_redirect_flags & LB_TARGET_NETBIOS)
1643 {
1644 warning("LB_TARGET_NETBIOS set\n");
1645 }
1646
1647 if (g_redirect_flags & LB_TARGET_NET_ADDRESSES)
1648 {
1649 warning("LB_TARGET_NET_ADDRESSES set\n");
1650 }
1651
1652 if (g_redirect_flags & LB_CLIENT_TSV_URL)
1653 {
1654 warning("LB_CLIENT_TSV_URL set\n");
1655 }
1656
1657 if (g_redirect_flags & LB_SERVER_TSV_CAPABLE)
1658 {
1659 warning("LB_SERVER_TSV_CAPABLE set\n");
1660 }
1661
1662 if (g_redirect_flags & LB_PASSWORD_IS_PK_ENCRYPTED)
1663 {
1664 warning("LB_PASSWORD_IS_PK_ENCRYPTED set\n");
1665 }
1666
1667 if (g_redirect_flags & LB_REDIRECTION_GUID)
1668 {
1669 warning("LB_REDIRECTION_GUID set\n");
1670 }
1671
1672 if (g_redirect_flags & LB_TARGET_CERTIFICATE)
1673 {
1674 warning("LB_TARGET_CERTIFICATE set\n");
1675 }
1676
1677 return True;
1678 }
1679
1680 /* Process incoming packets */
1681 void
1682 rdp_main_loop(RD_BOOL * deactivated, uint32 * ext_disc_reason)
1683 {
1684 while (rdp_loop(deactivated, ext_disc_reason))
1685 {
1686 if (g_pending_resize || g_redirect)
1687 {
1688 return;
1689 }
1690 }
1691 }
1692
1693 /* used in uiports and rdp_main_loop, processes the rdp packets waiting */
1694 RD_BOOL
1695 rdp_loop(RD_BOOL * deactivated, uint32 * ext_disc_reason)
1696 {
1697 uint8 type;
1698 RD_BOOL cont = True;
1699 STREAM s;
1700
1701 while (cont)
1702 {
1703 s = rdp_recv(&type);
1704 if (s == NULL)
1705 return False;
1706 switch (type)
1707 {
1708 case RDP_PDU_DEMAND_ACTIVE:
1709 process_demand_active(s);
1710 *deactivated = False;
1711 break;
1712 case RDP_PDU_DEACTIVATE:
1713 DEBUG(("RDP_PDU_DEACTIVATE\n"));
1714 *deactivated = True;
1715 break;
1716 case RDP_PDU_REDIRECT:
1717 return process_redirect_pdu(s, False);
1718 break;
1719 case RDP_PDU_ENHANCED_REDIRECT:
1720 return process_redirect_pdu(s, True);
1721 break;
1722 case RDP_PDU_DATA:
1723 /* If we got a data PDU, we don't need to keep the password in memory
1724 anymore and therefor we should clear it for security reasons. */
1725 if (g_password[0] != '\0')
1726 memset(g_password, 0, sizeof(g_password));
1727
1728 process_data_pdu(s, ext_disc_reason);
1729 break;
1730 case 0:
1731 break;
1732 default:
1733 unimpl("PDU %d\n", type);
1734 }
1735 cont = g_next_packet < s->end;
1736 }
1737 return True;
1738 }
1739
1740 /* Establish a connection up to the RDP layer */
1741 RD_BOOL
1742 rdp_connect(char *server, uint32 flags, char *domain, char *password,
1743 char *command, char *directory, RD_BOOL reconnect)
1744 {
1745 RD_BOOL deactivated = False;
1746 uint32 ext_disc_reason = 0;
1747
1748 if (!sec_connect(server, g_username, domain, password, reconnect))
1749 return False;
1750
1751 rdp_send_logon_info(flags, domain, g_username, password, command, directory);
1752
1753 /* run RDP loop until first licence demand active PDU */
1754 while (!g_rdp_shareid)
1755 {
1756 if (g_network_error)
1757 return False;
1758
1759 if (!rdp_loop(&deactivated, &ext_disc_reason))
1760 return False;
1761
1762 if (g_redirect)
1763 return True;
1764 }
1765 return True;
1766 }
1767
1768 /* Called during redirection to reset the state to support redirection */
1769 void
1770 rdp_reset_state(void)
1771 {
1772 g_next_packet = NULL; /* reset the packet information */
1773 g_rdp_shareid = 0;
1774 sec_reset_state();
1775 }
1776
1777 /* Disconnect from the RDP layer */
1778 void
1779 rdp_disconnect(void)
1780 {
1781 sec_disconnect();
1782 }
A free Windows-compatible Operating System