1 /**
2 * FreeRDP: A Remote Desktop Protocol Implementation
3 * RDP Client Info
4 *
5 * Copyright 2011 Marc-Andre Moreau <marcandre.moreau@gmail.com>
6 * Copyright 2015 Thincast Technologies GmbH
7 * Copyright 2015 DI (FH) Martin Haimberger <martin.haimberger@thincast.com>
8 *
9 * Licensed under the Apache License, Version 2.0 (the "License");
10 * you may not use this file except in compliance with the License.
11 * You may obtain a copy of the License at
12 *
13 * http://www.apache.org/licenses/LICENSE-2.0
14 *
15 * Unless required by applicable law or agreed to in writing, software
16 * distributed under the License is distributed on an "AS IS" BASIS,
17 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18 * See the License for the specific language governing permissions and
19 * limitations under the License.
20 */
21
22 #ifdef HAVE_CONFIG_H
23 #include "config.h"
24 #endif
25
26 #include <winpr/crt.h>
27 #include <freerdp/crypto/crypto.h>
28 #include <freerdp/log.h>
29 #include <freerdp/session.h>
30 #include <stdio.h>
31
32 #include "timezone.h"
33
34 #include "info.h"
35
36 #define TAG FREERDP_TAG("core.info")
37
38 static const char* const INFO_TYPE_LOGON_STRINGS[4] = { "Logon Info V1", "Logon Info V2",
39 "Logon Plain Notify",
40 "Logon Extended Info" };
41
42 /* This define limits the length of the strings in the label field. */
43 #define MAX_LABEL_LENGTH 40
44 static struct
45 {
46 UINT32 flag;
47 const char* label;
48 } const info_flags[] = {
49 { INFO_MOUSE, "INFO_MOUSE" },
50 { INFO_DISABLECTRLALTDEL, "INFO_DISABLECTRLALTDEL" },
51 { INFO_AUTOLOGON, "INFO_AUTOLOGON" },
52 { INFO_UNICODE, "INFO_UNICODE" },
53 { INFO_MAXIMIZESHELL, "INFO_MAXIMIZESHELL" },
54 { INFO_LOGONNOTIFY, "INFO_LOGONNOTIFY" },
55 { INFO_COMPRESSION, "INFO_COMPRESSION" },
56 { INFO_ENABLEWINDOWSKEY, "INFO_ENABLEWINDOWSKEY" },
57 { INFO_REMOTECONSOLEAUDIO, "INFO_REMOTECONSOLEAUDIO" },
58 { INFO_FORCE_ENCRYPTED_CS_PDU, "INFO_FORCE_ENCRYPTED_CS_PDU" },
59 { INFO_RAIL, "INFO_RAIL" },
60 { INFO_LOGONERRORS, "INFO_LOGONERRORS" },
61 { INFO_MOUSE_HAS_WHEEL, "INFO_MOUSE_HAS_WHEEL" },
62 { INFO_PASSWORD_IS_SC_PIN, "INFO_PASSWORD_IS_SC_PIN" },
63 { INFO_NOAUDIOPLAYBACK, "INFO_NOAUDIOPLAYBACK" },
64 { INFO_USING_SAVED_CREDS, "INFO_USING_SAVED_CREDS" },
65 { INFO_AUDIOCAPTURE, "INFO_AUDIOCAPTURE" },
66 { INFO_VIDEO_DISABLE, "INFO_VIDEO_DISABLE" },
67 { INFO_HIDEF_RAIL_SUPPORTED, "INFO_HIDEF_RAIL_SUPPORTED" },
68 };
69
rdp_read_info_null_string(UINT32 flags,wStream * s,size_t cbLen,CHAR ** dst,size_t max)70 static BOOL rdp_read_info_null_string(UINT32 flags, wStream* s, size_t cbLen, CHAR** dst,
71 size_t max)
72 {
73 CHAR* ret = NULL;
74
75 const BOOL unicode = flags & INFO_UNICODE;
76 const size_t nullSize = unicode ? sizeof(WCHAR) : sizeof(CHAR);
77
78 if (Stream_GetRemainingLength(s) < (size_t)(cbLen))
79 return FALSE;
80
81 if (cbLen > 0)
82 {
83 WCHAR domain[512 / sizeof(WCHAR) + sizeof(WCHAR)] = { 0 };
84 /* cbDomain is the size in bytes of the character data in the Domain field.
85 * This size excludes (!) the length of the mandatory null terminator.
86 * Maximum value including the mandatory null terminator: 512
87 */
88 if ((cbLen % 2) || (cbLen > (max - nullSize)))
89 {
90 WLog_ERR(TAG, "protocol error: invalid value: %" PRIuz "", cbLen);
91 return FALSE;
92 }
93
94 Stream_Read(s, domain, cbLen);
95
96 if (unicode)
97 {
98 if (ConvertFromUnicode(CP_UTF8, 0, domain, cbLen, &ret, 0, NULL, NULL) < 1)
99 {
100 WLog_ERR(TAG, "failed to convert Domain string");
101 return FALSE;
102 }
103 }
104 else
105 {
106 ret = calloc(cbLen + 1, nullSize);
107 if (!ret)
108 return FALSE;
109 memcpy(ret, domain, cbLen);
110 }
111 }
112
113 free(*dst);
114 *dst = ret;
115 return TRUE;
116 }
117
rdp_info_package_flags_description(UINT32 flags)118 static char* rdp_info_package_flags_description(UINT32 flags)
119 {
120 char* result;
121 size_t maximum_size = 1; /* Reserve space for the terminating '\0' by strcat if all flags set */
122 size_t i;
123 size_t size;
124
125 for (i = 0; i < ARRAYSIZE(info_flags); i++)
126 maximum_size += strnlen(info_flags[i].label, MAX_LABEL_LENGTH) + 1;
127
128 result = calloc(maximum_size, sizeof(char));
129
130 if (!result)
131 return 0;
132
133 for (i = 0; i < ARRAYSIZE(info_flags); i++)
134 {
135 if (info_flags[i].flag & flags)
136 {
137 strcat(result, info_flags[i].label);
138 strcat(result, "|");
139 }
140 }
141
142 size = strnlen(result, maximum_size);
143
144 if (size > 0)
145 result[size - 1] = '\0'; /* remove last "|" */
146
147 return result;
148 }
149
rdp_compute_client_auto_reconnect_cookie(rdpRdp * rdp)150 static BOOL rdp_compute_client_auto_reconnect_cookie(rdpRdp* rdp)
151 {
152 BYTE ClientRandom[32];
153 BYTE AutoReconnectRandom[32];
154 ARC_SC_PRIVATE_PACKET* serverCookie;
155 ARC_CS_PRIVATE_PACKET* clientCookie;
156 rdpSettings* settings = rdp->settings;
157 serverCookie = settings->ServerAutoReconnectCookie;
158 clientCookie = settings->ClientAutoReconnectCookie;
159 clientCookie->cbLen = 28;
160 clientCookie->version = serverCookie->version;
161 clientCookie->logonId = serverCookie->logonId;
162 ZeroMemory(clientCookie->securityVerifier, 16);
163 ZeroMemory(AutoReconnectRandom, sizeof(AutoReconnectRandom));
164 CopyMemory(AutoReconnectRandom, serverCookie->arcRandomBits, 16);
165 ZeroMemory(ClientRandom, sizeof(ClientRandom));
166
167 if (settings->SelectedProtocol == PROTOCOL_RDP)
168 CopyMemory(ClientRandom, settings->ClientRandom, settings->ClientRandomLength);
169
170 /* SecurityVerifier = HMAC_MD5(AutoReconnectRandom, ClientRandom) */
171
172 if (!winpr_HMAC(WINPR_MD_MD5, AutoReconnectRandom, 16, ClientRandom, 32,
173 clientCookie->securityVerifier, 16))
174 return FALSE;
175
176 return TRUE;
177 }
178
179 /**
180 * Read Server Auto Reconnect Cookie (ARC_SC_PRIVATE_PACKET).\n
181 * @msdn{cc240540}
182 * @param s stream
183 * @param settings settings
184 */
185
rdp_read_server_auto_reconnect_cookie(rdpRdp * rdp,wStream * s,logon_info_ex * info)186 static BOOL rdp_read_server_auto_reconnect_cookie(rdpRdp* rdp, wStream* s, logon_info_ex* info)
187 {
188 BYTE* p;
189 ARC_SC_PRIVATE_PACKET* autoReconnectCookie;
190 rdpSettings* settings = rdp->settings;
191 autoReconnectCookie = settings->ServerAutoReconnectCookie;
192
193 if (Stream_GetRemainingLength(s) < 28)
194 return FALSE;
195
196 Stream_Read_UINT32(s, autoReconnectCookie->cbLen); /* cbLen (4 bytes) */
197
198 if (autoReconnectCookie->cbLen != 28)
199 {
200 WLog_ERR(TAG, "ServerAutoReconnectCookie.cbLen != 28");
201 return FALSE;
202 }
203
204 Stream_Read_UINT32(s, autoReconnectCookie->version); /* Version (4 bytes) */
205 Stream_Read_UINT32(s, autoReconnectCookie->logonId); /* LogonId (4 bytes) */
206 Stream_Read(s, autoReconnectCookie->arcRandomBits, 16); /* ArcRandomBits (16 bytes) */
207 p = autoReconnectCookie->arcRandomBits;
208 WLog_DBG(TAG,
209 "ServerAutoReconnectCookie: Version: %" PRIu32 " LogonId: %" PRIu32
210 " SecurityVerifier: "
211 "%02" PRIX8 "%02" PRIX8 "%02" PRIX8 "%02" PRIX8 "%02" PRIX8 "%02" PRIX8 "%02" PRIX8
212 "%02" PRIX8 ""
213 "%02" PRIX8 "%02" PRIX8 "%02" PRIX8 "%02" PRIX8 "%02" PRIX8 "%02" PRIX8 "%02" PRIX8
214 "%02" PRIX8 "",
215 autoReconnectCookie->version, autoReconnectCookie->logonId, p[0], p[1], p[2], p[3],
216 p[4], p[5], p[6], p[7], p[8], p[9], p[10], p[11], p[12], p[13], p[14], p[15]);
217 info->LogonId = autoReconnectCookie->logonId;
218 CopyMemory(info->ArcRandomBits, p, 16);
219
220 if ((settings->PrintReconnectCookie))
221 {
222 char* base64;
223 base64 = crypto_base64_encode((BYTE*)autoReconnectCookie, sizeof(ARC_SC_PRIVATE_PACKET));
224 WLog_INFO(TAG, "Reconnect-cookie: %s", base64);
225 free(base64);
226 }
227
228 return TRUE;
229 }
230
231 /**
232 * Read Client Auto Reconnect Cookie (ARC_CS_PRIVATE_PACKET).\n
233 * @msdn{cc240541}
234 * @param s stream
235 * @param settings settings
236 */
237
rdp_read_client_auto_reconnect_cookie(rdpRdp * rdp,wStream * s)238 static BOOL rdp_read_client_auto_reconnect_cookie(rdpRdp* rdp, wStream* s)
239 {
240 ARC_CS_PRIVATE_PACKET* autoReconnectCookie;
241 rdpSettings* settings = rdp->settings;
242 autoReconnectCookie = settings->ClientAutoReconnectCookie;
243
244 if (Stream_GetRemainingLength(s) < 28)
245 return FALSE;
246
247 Stream_Read_UINT32(s, autoReconnectCookie->cbLen); /* cbLen (4 bytes) */
248 Stream_Read_UINT32(s, autoReconnectCookie->version); /* version (4 bytes) */
249 Stream_Read_UINT32(s, autoReconnectCookie->logonId); /* LogonId (4 bytes) */
250 Stream_Read(s, autoReconnectCookie->securityVerifier, 16); /* SecurityVerifier */
251 return TRUE;
252 }
253
254 /**
255 * Write Client Auto Reconnect Cookie (ARC_CS_PRIVATE_PACKET).\n
256 * @msdn{cc240541}
257 * @param s stream
258 * @param settings settings
259 */
260
rdp_write_client_auto_reconnect_cookie(rdpRdp * rdp,wStream * s)261 static void rdp_write_client_auto_reconnect_cookie(rdpRdp* rdp, wStream* s)
262 {
263 BYTE* p;
264 ARC_CS_PRIVATE_PACKET* autoReconnectCookie;
265 rdpSettings* settings = rdp->settings;
266 autoReconnectCookie = settings->ClientAutoReconnectCookie;
267 p = autoReconnectCookie->securityVerifier;
268 WLog_DBG(TAG,
269 "ClientAutoReconnectCookie: Version: %" PRIu32 " LogonId: %" PRIu32 " ArcRandomBits: "
270 "%02" PRIX8 "%02" PRIX8 "%02" PRIX8 "%02" PRIX8 "%02" PRIX8 "%02" PRIX8 "%02" PRIX8
271 "%02" PRIX8 ""
272 "%02" PRIX8 "%02" PRIX8 "%02" PRIX8 "%02" PRIX8 "%02" PRIX8 "%02" PRIX8 "%02" PRIX8
273 "%02" PRIX8 "",
274 autoReconnectCookie->version, autoReconnectCookie->logonId, p[0], p[1], p[2], p[3],
275 p[4], p[5], p[6], p[7], p[8], p[9], p[10], p[11], p[12], p[13], p[14], p[15]);
276 Stream_Write_UINT32(s, autoReconnectCookie->cbLen); /* cbLen (4 bytes) */
277 Stream_Write_UINT32(s, autoReconnectCookie->version); /* version (4 bytes) */
278 Stream_Write_UINT32(s, autoReconnectCookie->logonId); /* LogonId (4 bytes) */
279 Stream_Write(s, autoReconnectCookie->securityVerifier, 16); /* SecurityVerifier (16 bytes) */
280 }
281
282 /**
283 * Read Extended Info Packet (TS_EXTENDED_INFO_PACKET).\n
284 * @msdn{cc240476}
285 * @param s stream
286 * @param settings settings
287 */
288
rdp_read_extended_info_packet(rdpRdp * rdp,wStream * s)289 static BOOL rdp_read_extended_info_packet(rdpRdp* rdp, wStream* s)
290 {
291 UINT16 clientAddressFamily;
292 UINT16 cbClientAddress;
293 UINT16 cbClientDir;
294 UINT16 cbAutoReconnectLen;
295 rdpSettings* settings = rdp->settings;
296
297 if (Stream_GetRemainingLength(s) < 4)
298 return FALSE;
299
300 Stream_Read_UINT16(s, clientAddressFamily); /* clientAddressFamily (2 bytes) */
301 Stream_Read_UINT16(s, cbClientAddress); /* cbClientAddress (2 bytes) */
302
303 /* cbClientAddress is the size in bytes of the character data in the clientAddress field.
304 * This size includes the length of the mandatory null terminator.
305 * The maximum allowed value is 80 bytes
306 * Note: Although according to [MS-RDPBCGR 2.2.1.11.1.1.1] the null terminator
307 * is mandatory, connections via Microsoft's TS Gateway set cbClientAddress to 0.
308 */
309
310 if ((cbClientAddress % 2) || cbClientAddress > 80)
311 {
312 WLog_ERR(TAG, "protocol error: invalid cbClientAddress value: %" PRIu16 "",
313 cbClientAddress);
314 return FALSE;
315 }
316
317 settings->IPv6Enabled = (clientAddressFamily == ADDRESS_FAMILY_INET6 ? TRUE : FALSE);
318
319 if (Stream_GetRemainingLength(s) < cbClientAddress)
320 return FALSE;
321
322 if (!rdp_read_info_null_string(INFO_UNICODE, s, cbClientAddress, &settings->ClientAddress,
323 (settings->RdpVersion < RDP_VERSION_10_0) ? 64 : 80))
324 return FALSE;
325
326 if (Stream_GetRemainingLength(s) < 2)
327 return FALSE;
328
329 Stream_Read_UINT16(s, cbClientDir); /* cbClientDir (2 bytes) */
330
331 /* cbClientDir is the size in bytes of the character data in the clientDir field.
332 * This size includes the length of the mandatory null terminator.
333 * The maximum allowed value is 512 bytes.
334 * Note: Although according to [MS-RDPBCGR 2.2.1.11.1.1.1] the null terminator
335 * is mandatory the Microsoft Android client (starting with version 8.1.31.44)
336 * sets cbClientDir to 0.
337 */
338
339 if (!rdp_read_info_null_string(INFO_UNICODE, s, cbClientDir, &settings->ClientDir, 512))
340 return FALSE;
341
342 /**
343 * down below all fields are optional but if one field is not present,
344 * then all of the subsequent fields also MUST NOT be present.
345 */
346
347 /* optional: clientTimeZone (172 bytes) */
348 if (Stream_GetRemainingLength(s) == 0)
349 return TRUE;
350
351 if (!rdp_read_client_time_zone(s, settings))
352 return FALSE;
353
354 /* optional: clientSessionId (4 bytes), should be set to 0 */
355 if (Stream_GetRemainingLength(s) == 0)
356 return TRUE;
357
358 if (Stream_GetRemainingLength(s) < 4)
359 return FALSE;
360
361 Stream_Seek_UINT32(s);
362
363 /* optional: performanceFlags (4 bytes) */
364 if (Stream_GetRemainingLength(s) == 0)
365 return TRUE;
366
367 if (Stream_GetRemainingLength(s) < 4)
368 return FALSE;
369
370 Stream_Read_UINT32(s, settings->PerformanceFlags);
371 freerdp_performance_flags_split(settings);
372
373 /* optional: cbAutoReconnectLen (2 bytes) */
374 if (Stream_GetRemainingLength(s) == 0)
375 return TRUE;
376
377 if (Stream_GetRemainingLength(s) < 2)
378 return FALSE;
379
380 Stream_Read_UINT16(s, cbAutoReconnectLen);
381
382 /* optional: autoReconnectCookie (28 bytes) */
383 /* must be present if cbAutoReconnectLen is > 0 */
384 if (cbAutoReconnectLen > 0)
385 return rdp_read_client_auto_reconnect_cookie(rdp, s);
386
387 /* TODO */
388 /* reserved1 (2 bytes) */
389 /* reserved2 (2 bytes) */
390 /* cbDynamicDSTTimeZoneKeyName (2 bytes) */
391 /* dynamicDSTTimeZoneKeyName (variable) */
392 /* dynamicDaylightTimeDisabled (2 bytes) */
393 return TRUE;
394 }
395
396 /**
397 * Write Extended Info Packet (TS_EXTENDED_INFO_PACKET).\n
398 * @msdn{cc240476}
399 * @param s stream
400 * @param settings settings
401 */
402
rdp_write_extended_info_packet(rdpRdp * rdp,wStream * s)403 static BOOL rdp_write_extended_info_packet(rdpRdp* rdp, wStream* s)
404 {
405 BOOL ret = FALSE;
406 int rc;
407 UINT16 clientAddressFamily;
408 WCHAR* clientAddress = NULL;
409 UINT16 cbClientAddress;
410 WCHAR* clientDir = NULL;
411 UINT16 cbClientDir;
412 UINT16 cbAutoReconnectCookie;
413 rdpSettings* settings;
414 if (!rdp || !rdp->settings || !s)
415 return FALSE;
416 settings = rdp->settings;
417 clientAddressFamily = settings->IPv6Enabled ? ADDRESS_FAMILY_INET6 : ADDRESS_FAMILY_INET;
418 rc = ConvertToUnicode(CP_UTF8, 0, settings->ClientAddress, -1, &clientAddress, 0);
419 if ((rc < 0) || (rc > (UINT16_MAX / 2)))
420 goto fail;
421 cbClientAddress = (UINT16)rc * 2;
422
423 rc = ConvertToUnicode(CP_UTF8, 0, settings->ClientDir, -1, &clientDir, 0);
424 if ((rc < 0) || (rc > (UINT16_MAX / 2)))
425 goto fail;
426 cbClientDir = (UINT16)rc * 2;
427
428 if (settings->ServerAutoReconnectCookie->cbLen > UINT16_MAX)
429 goto fail;
430 cbAutoReconnectCookie = (UINT16)settings->ServerAutoReconnectCookie->cbLen;
431
432 Stream_Write_UINT16(s, clientAddressFamily); /* clientAddressFamily (2 bytes) */
433 Stream_Write_UINT16(s, cbClientAddress + 2); /* cbClientAddress (2 bytes) */
434
435 Stream_Write(s, clientAddress, cbClientAddress); /* clientAddress */
436
437 Stream_Write_UINT16(s, 0);
438 Stream_Write_UINT16(s, cbClientDir + 2); /* cbClientDir (2 bytes) */
439
440 Stream_Write(s, clientDir, cbClientDir); /* clientDir */
441
442 Stream_Write_UINT16(s, 0);
443 if (!rdp_write_client_time_zone(s, settings)) /* clientTimeZone (172 bytes) */
444 goto fail;
445
446 Stream_Write_UINT32(s, 0); /* clientSessionId (4 bytes), should be set to 0 */
447 freerdp_performance_flags_make(settings);
448 Stream_Write_UINT32(s, settings->PerformanceFlags); /* performanceFlags (4 bytes) */
449 Stream_Write_UINT16(s, cbAutoReconnectCookie); /* cbAutoReconnectCookie (2 bytes) */
450
451 if (cbAutoReconnectCookie > 0)
452 {
453 if (!rdp_compute_client_auto_reconnect_cookie(rdp))
454 goto fail;
455 rdp_write_client_auto_reconnect_cookie(rdp, s); /* autoReconnectCookie */
456 Stream_Write_UINT16(s, 0); /* reserved1 (2 bytes) */
457 Stream_Write_UINT16(s, 0); /* reserved2 (2 bytes) */
458 }
459 ret = TRUE;
460 fail:
461 free(clientAddress);
462 free(clientDir);
463 return ret;
464 }
465
rdp_read_info_string(UINT32 flags,wStream * s,size_t cbLenNonNull,CHAR ** dst,size_t max)466 static BOOL rdp_read_info_string(UINT32 flags, wStream* s, size_t cbLenNonNull, CHAR** dst,
467 size_t max)
468 {
469 union {
470 char c;
471 WCHAR w;
472 BYTE b[2];
473 } terminator;
474 CHAR* ret = NULL;
475
476 const BOOL unicode = flags & INFO_UNICODE;
477 const size_t nullSize = unicode ? sizeof(WCHAR) : sizeof(CHAR);
478
479 if (Stream_GetRemainingLength(s) < (size_t)(cbLenNonNull + nullSize))
480 return FALSE;
481
482 if (cbLenNonNull > 0)
483 {
484 WCHAR domain[512 / sizeof(WCHAR) + sizeof(WCHAR)] = { 0 };
485 /* cbDomain is the size in bytes of the character data in the Domain field.
486 * This size excludes (!) the length of the mandatory null terminator.
487 * Maximum value including the mandatory null terminator: 512
488 */
489 if ((cbLenNonNull % 2) || (cbLenNonNull > (max - nullSize)))
490 {
491 WLog_ERR(TAG, "protocol error: invalid value: %" PRIuz "", cbLenNonNull);
492 return FALSE;
493 }
494
495 Stream_Read(s, domain, cbLenNonNull);
496
497 if (unicode)
498 {
499 if (ConvertFromUnicode(CP_UTF8, 0, domain, -1, &ret, 0, NULL, NULL) < 1)
500 {
501 WLog_ERR(TAG, "failed to convert Domain string");
502 return FALSE;
503 }
504 }
505 else
506 {
507 ret = calloc(cbLenNonNull + 1, nullSize);
508 if (!ret)
509 return FALSE;
510 memcpy(ret, domain, cbLenNonNull);
511 }
512 }
513
514 terminator.w = L'\0';
515 Stream_Read(s, terminator.b, nullSize);
516
517 if (terminator.w != L'\0')
518 {
519 WLog_ERR(TAG, "protocol error: Domain must be null terminated");
520 free(ret);
521 return FALSE;
522 }
523
524 *dst = ret;
525 return TRUE;
526 }
527
528 /**
529 * Read Info Packet (TS_INFO_PACKET).\n
530 * @msdn{cc240475}
531 * @param s stream
532 * @param settings settings
533 */
534
rdp_read_info_packet(rdpRdp * rdp,wStream * s,UINT16 tpktlength)535 static BOOL rdp_read_info_packet(rdpRdp* rdp, wStream* s, UINT16 tpktlength)
536 {
537 BOOL smallsize = FALSE;
538 UINT32 flags;
539 UINT16 cbDomain;
540 UINT16 cbUserName;
541 UINT16 cbPassword;
542 UINT16 cbAlternateShell;
543 UINT16 cbWorkingDir;
544 UINT32 CompressionLevel;
545 rdpSettings* settings = rdp->settings;
546
547 if (Stream_GetRemainingLength(s) < 18)
548 return FALSE;
549
550 Stream_Read_UINT32(s, settings->KeyboardCodePage); /* CodePage (4 bytes ) */
551 Stream_Read_UINT32(s, flags); /* flags (4 bytes) */
552 settings->AudioCapture = ((flags & INFO_AUDIOCAPTURE) ? TRUE : FALSE);
553 settings->AudioPlayback = ((flags & INFO_NOAUDIOPLAYBACK) ? FALSE : TRUE);
554 settings->AutoLogonEnabled = ((flags & INFO_AUTOLOGON) ? TRUE : FALSE);
555 settings->RemoteApplicationMode = ((flags & INFO_RAIL) ? TRUE : FALSE);
556 settings->HiDefRemoteApp = ((flags & INFO_HIDEF_RAIL_SUPPORTED) ? TRUE : FALSE);
557 settings->RemoteConsoleAudio = ((flags & INFO_REMOTECONSOLEAUDIO) ? TRUE : FALSE);
558 settings->CompressionEnabled = ((flags & INFO_COMPRESSION) ? TRUE : FALSE);
559 settings->LogonNotify = ((flags & INFO_LOGONNOTIFY) ? TRUE : FALSE);
560 settings->MouseHasWheel = ((flags & INFO_MOUSE_HAS_WHEEL) ? TRUE : FALSE);
561 settings->DisableCtrlAltDel = ((flags & INFO_DISABLECTRLALTDEL) ? TRUE : FALSE);
562 settings->ForceEncryptedCsPdu = ((flags & INFO_FORCE_ENCRYPTED_CS_PDU) ? TRUE : FALSE);
563 settings->PasswordIsSmartcardPin = ((flags & INFO_PASSWORD_IS_SC_PIN) ? TRUE : FALSE);
564
565 if (flags & INFO_COMPRESSION)
566 {
567 CompressionLevel = ((flags & 0x00001E00) >> 9);
568 settings->CompressionLevel = CompressionLevel;
569 }
570
571 /* RDP 4 and 5 have smaller credential limits */
572 if (settings->RdpVersion < RDP_VERSION_5_PLUS)
573 smallsize = TRUE;
574
575 Stream_Read_UINT16(s, cbDomain); /* cbDomain (2 bytes) */
576 Stream_Read_UINT16(s, cbUserName); /* cbUserName (2 bytes) */
577 Stream_Read_UINT16(s, cbPassword); /* cbPassword (2 bytes) */
578 Stream_Read_UINT16(s, cbAlternateShell); /* cbAlternateShell (2 bytes) */
579 Stream_Read_UINT16(s, cbWorkingDir); /* cbWorkingDir (2 bytes) */
580
581 if (!rdp_read_info_string(flags, s, cbDomain, &settings->Domain, smallsize ? 52 : 512))
582 return FALSE;
583
584 if (!rdp_read_info_string(flags, s, cbUserName, &settings->Username, smallsize ? 44 : 512))
585 return FALSE;
586
587 if (!rdp_read_info_string(flags, s, cbPassword, &settings->Password, smallsize ? 32 : 512))
588 return FALSE;
589
590 if (!rdp_read_info_string(flags, s, cbAlternateShell, &settings->AlternateShell, 512))
591 return FALSE;
592
593 if (!rdp_read_info_string(flags, s, cbWorkingDir, &settings->ShellWorkingDirectory, 512))
594 return FALSE;
595
596 if (settings->RdpVersion >= RDP_VERSION_5_PLUS)
597 return rdp_read_extended_info_packet(rdp, s); /* extraInfo */
598
599 return tpkt_ensure_stream_consumed(s, tpktlength);
600 }
601
602 /**
603 * Write Info Packet (TS_INFO_PACKET).\n
604 * @msdn{cc240475}
605 * @param s stream
606 * @param settings settings
607 */
608
rdp_write_info_packet(rdpRdp * rdp,wStream * s)609 static BOOL rdp_write_info_packet(rdpRdp* rdp, wStream* s)
610 {
611 BOOL ret = FALSE;
612 UINT32 flags;
613 WCHAR* domainW = NULL;
614 UINT16 cbDomain = 0;
615 WCHAR* userNameW = NULL;
616 UINT16 cbUserName = 0;
617 WCHAR* passwordW = NULL;
618 UINT16 cbPassword = 0;
619 WCHAR* alternateShellW = NULL;
620 UINT16 cbAlternateShell = 0;
621 WCHAR* workingDirW = NULL;
622 UINT16 cbWorkingDir = 0;
623 BOOL usedPasswordCookie = FALSE;
624 rdpSettings* settings;
625
626 if (!rdp || !s || !rdp->settings)
627 return FALSE;
628
629 settings = rdp->settings;
630
631 flags = INFO_MOUSE | INFO_UNICODE | INFO_LOGONERRORS | INFO_MAXIMIZESHELL |
632 INFO_ENABLEWINDOWSKEY | INFO_DISABLECTRLALTDEL | INFO_MOUSE_HAS_WHEEL |
633 INFO_FORCE_ENCRYPTED_CS_PDU;
634
635 if (settings->SmartcardLogon)
636 {
637 flags |= INFO_AUTOLOGON;
638 flags |= INFO_PASSWORD_IS_SC_PIN;
639 }
640
641 if (settings->AudioCapture)
642 flags |= INFO_AUDIOCAPTURE;
643
644 if (!settings->AudioPlayback)
645 flags |= INFO_NOAUDIOPLAYBACK;
646
647 if (settings->VideoDisable)
648 flags |= INFO_VIDEO_DISABLE;
649
650 if (settings->AutoLogonEnabled)
651 flags |= INFO_AUTOLOGON;
652
653 if (settings->RemoteApplicationMode)
654 {
655 if (settings->HiDefRemoteApp)
656 flags |= INFO_HIDEF_RAIL_SUPPORTED;
657
658 flags |= INFO_RAIL;
659 }
660
661 if (settings->RemoteConsoleAudio)
662 flags |= INFO_REMOTECONSOLEAUDIO;
663
664 if (settings->CompressionEnabled)
665 {
666 flags |= INFO_COMPRESSION;
667 flags |= ((settings->CompressionLevel << 9) & 0x00001E00);
668 }
669
670 if (settings->LogonNotify)
671 flags |= INFO_LOGONNOTIFY;
672
673 if (settings->PasswordIsSmartcardPin)
674 flags |= INFO_PASSWORD_IS_SC_PIN;
675
676 {
677 char* flags_description = rdp_info_package_flags_description(flags);
678
679 if (flags_description)
680 {
681 WLog_DBG(TAG, "Client Info Packet Flags = %s", flags_description);
682 free(flags_description);
683 }
684 }
685
686 if (settings->Domain)
687 {
688 const int rc = ConvertToUnicode(CP_UTF8, 0, settings->Domain, -1, &domainW, 0);
689 if ((rc < 0) || (rc > (UINT16_MAX / 2)))
690 goto fail;
691 cbDomain = (UINT16)rc * 2;
692 }
693 else
694 {
695 domainW = NULL;
696 cbDomain = 0;
697 }
698
699 /* excludes (!) the length of the mandatory null terminator */
700 cbDomain = cbDomain >= 2 ? cbDomain - 2 : cbDomain;
701
702 /* user name provided by the expert for connecting to the novice computer */
703 {
704 const int rc = ConvertToUnicode(CP_UTF8, 0, settings->Username, -1, &userNameW, 0);
705 if ((rc < 0) || (rc > (UINT16_MAX / 2)))
706 goto fail;
707 cbUserName = (UINT16)rc * 2;
708 }
709 /* excludes (!) the length of the mandatory null terminator */
710 cbUserName = cbUserName >= 2 ? cbUserName - 2 : cbUserName;
711
712 if (!settings->RemoteAssistanceMode)
713 {
714 /* Ignore redirection password if we´re using smartcard and have the pin as password */
715 if (((flags & INFO_PASSWORD_IS_SC_PIN) == 0) && settings->RedirectionPassword &&
716 (settings->RedirectionPasswordLength > 0))
717 {
718 union {
719 BYTE* bp;
720 WCHAR* wp;
721 } ptrconv;
722
723 if (settings->RedirectionPasswordLength > UINT16_MAX)
724 return FALSE;
725 usedPasswordCookie = TRUE;
726
727 ptrconv.bp = settings->RedirectionPassword;
728 passwordW = ptrconv.wp;
729 cbPassword = (UINT16)settings->RedirectionPasswordLength;
730 }
731 else
732 {
733 const int rc = ConvertToUnicode(CP_UTF8, 0, settings->Password, -1, &passwordW, 0);
734 if ((rc < 0) || (rc > (UINT16_MAX / 2)))
735 goto fail;
736 cbPassword = (UINT16)rc * 2;
737 }
738 }
739 else
740 {
741 /* This field MUST be filled with "*" */
742 const int rc = ConvertToUnicode(CP_UTF8, 0, "*", -1, &passwordW, 0);
743 if ((rc < 0) || (rc > (UINT16_MAX / 2)))
744 goto fail;
745 cbPassword = (UINT16)rc * 2;
746 }
747
748 /* excludes (!) the length of the mandatory null terminator */
749 cbPassword = cbPassword >= 2 ? cbPassword - 2 : cbPassword;
750
751 if (!settings->RemoteAssistanceMode)
752 {
753 const int rc =
754 ConvertToUnicode(CP_UTF8, 0, settings->AlternateShell, -1, &alternateShellW, 0);
755 if ((rc < 0) || (rc > (UINT16_MAX / 2)))
756 goto fail;
757 cbAlternateShell = (UINT16)rc * 2;
758 }
759 else
760 {
761 int rc;
762 if (settings->RemoteAssistancePassStub)
763 {
764 /* This field MUST be filled with "*" */
765 rc = ConvertToUnicode(CP_UTF8, 0, "*", -1, &alternateShellW, 0);
766 }
767 else
768 {
769 /* This field must contain the remote assistance password */
770 rc = ConvertToUnicode(CP_UTF8, 0, settings->RemoteAssistancePassword, -1,
771 &alternateShellW, 0);
772 }
773 if ((rc < 0) || (rc > (UINT16_MAX / 2)))
774 goto fail;
775 cbAlternateShell = (UINT16)rc * 2;
776 }
777
778 /* excludes (!) the length of the mandatory null terminator */
779 cbAlternateShell = cbAlternateShell >= 2 ? cbAlternateShell - 2 : cbAlternateShell;
780
781 if (!settings->RemoteAssistanceMode)
782 {
783 const int rc =
784 ConvertToUnicode(CP_UTF8, 0, settings->ShellWorkingDirectory, -1, &workingDirW, 0);
785 if ((rc < 0) || (rc > (UINT16_MAX / 2)))
786 goto fail;
787 cbWorkingDir = (UINT16)rc * 2;
788 }
789 else
790 {
791 /* Remote Assistance Session Id */
792 const int rc =
793 ConvertToUnicode(CP_UTF8, 0, settings->RemoteAssistanceSessionId, -1, &workingDirW, 0);
794 if ((rc < 0) || (rc > (UINT16_MAX / 2)))
795 goto fail;
796 cbWorkingDir = (UINT16)rc * 2;
797 }
798
799 /* excludes (!) the length of the mandatory null terminator */
800 cbWorkingDir = cbWorkingDir >= 2 ? cbWorkingDir - 2 : cbWorkingDir;
801 Stream_Write_UINT32(s, settings->KeyboardCodePage); /* CodePage (4 bytes) */
802 Stream_Write_UINT32(s, flags); /* flags (4 bytes) */
803 Stream_Write_UINT16(s, cbDomain); /* cbDomain (2 bytes) */
804 Stream_Write_UINT16(s, cbUserName); /* cbUserName (2 bytes) */
805 Stream_Write_UINT16(s, cbPassword); /* cbPassword (2 bytes) */
806 Stream_Write_UINT16(s, cbAlternateShell); /* cbAlternateShell (2 bytes) */
807 Stream_Write_UINT16(s, cbWorkingDir); /* cbWorkingDir (2 bytes) */
808
809 Stream_Write(s, domainW, cbDomain);
810
811 /* the mandatory null terminator */
812 Stream_Write_UINT16(s, 0);
813
814 Stream_Write(s, userNameW, cbUserName);
815
816 /* the mandatory null terminator */
817 Stream_Write_UINT16(s, 0);
818
819 Stream_Write(s, passwordW, cbPassword);
820
821 /* the mandatory null terminator */
822 Stream_Write_UINT16(s, 0);
823
824 Stream_Write(s, alternateShellW, cbAlternateShell);
825
826 /* the mandatory null terminator */
827 Stream_Write_UINT16(s, 0);
828
829 Stream_Write(s, workingDirW, cbWorkingDir);
830
831 /* the mandatory null terminator */
832 Stream_Write_UINT16(s, 0);
833 ret = TRUE;
834 fail:
835 free(domainW);
836 free(userNameW);
837 free(alternateShellW);
838 free(workingDirW);
839
840 if (!usedPasswordCookie)
841 free(passwordW);
842
843 if (!ret)
844 return FALSE;
845
846 if (settings->RdpVersion >= RDP_VERSION_5_PLUS)
847 ret = rdp_write_extended_info_packet(rdp, s); /* extraInfo */
848
849 return TRUE;
850 }
851
852 /**
853 * Read Client Info PDU (CLIENT_INFO_PDU).\n
854 * @msdn{cc240474}
855 * @param rdp RDP module
856 * @param s stream
857 */
858
rdp_recv_client_info(rdpRdp * rdp,wStream * s)859 BOOL rdp_recv_client_info(rdpRdp* rdp, wStream* s)
860 {
861 UINT16 length;
862 UINT16 channelId;
863 UINT16 securityFlags = 0;
864
865 if (!rdp_read_header(rdp, s, &length, &channelId))
866 return FALSE;
867
868 if (!rdp_read_security_header(s, &securityFlags, &length))
869 return FALSE;
870
871 if ((securityFlags & SEC_INFO_PKT) == 0)
872 return FALSE;
873
874 if (rdp->settings->UseRdpSecurityLayer)
875 {
876 if (securityFlags & SEC_REDIRECTION_PKT)
877 {
878 WLog_ERR(TAG, "Error: SEC_REDIRECTION_PKT unsupported");
879 return FALSE;
880 }
881
882 if (securityFlags & SEC_ENCRYPT)
883 {
884 if (!rdp_decrypt(rdp, s, &length, securityFlags))
885 {
886 WLog_ERR(TAG, "rdp_decrypt failed");
887 return FALSE;
888 }
889 }
890 }
891
892 return rdp_read_info_packet(rdp, s, length);
893 }
894
895 /**
896 * Send Client Info PDU (CLIENT_INFO_PDU).\n
897 * @msdn{cc240474}
898 * @param rdp RDP module
899 */
900
rdp_send_client_info(rdpRdp * rdp)901 BOOL rdp_send_client_info(rdpRdp* rdp)
902 {
903 wStream* s;
904 rdp->sec_flags |= SEC_INFO_PKT;
905 s = rdp_send_stream_init(rdp);
906
907 if (!s)
908 {
909 WLog_ERR(TAG, "Stream_New failed!");
910 return FALSE;
911 }
912
913 rdp_write_info_packet(rdp, s);
914 return rdp_send(rdp, s, MCS_GLOBAL_CHANNEL_ID);
915 }
916
rdp_recv_logon_info_v1(rdpRdp * rdp,wStream * s,logon_info * info)917 static BOOL rdp_recv_logon_info_v1(rdpRdp* rdp, wStream* s, logon_info* info)
918 {
919 UINT32 cbDomain;
920 UINT32 cbUserName;
921 union {
922 BYTE* bp;
923 WCHAR* wp;
924 } ptrconv;
925
926 WINPR_UNUSED(rdp);
927 ZeroMemory(info, sizeof(*info));
928
929 if (Stream_GetRemainingLength(s) < 576)
930 return FALSE;
931
932 Stream_Read_UINT32(s, cbDomain); /* cbDomain (4 bytes) */
933
934 /* cbDomain is the size of the Unicode character data (including the mandatory
935 * null terminator) in bytes present in the fixed-length (52 bytes) Domain field
936 */
937 if (cbDomain)
938 {
939 if ((cbDomain % 2) || cbDomain > 52)
940 {
941 WLog_ERR(TAG, "protocol error: invalid cbDomain value: %" PRIu32 "", cbDomain);
942 goto fail;
943 }
944
945 ptrconv.bp = Stream_Pointer(s);
946
947 if (ptrconv.wp[cbDomain / 2 - 1])
948 {
949 WLog_ERR(TAG, "protocol error: Domain must be null terminated");
950 goto fail;
951 }
952
953 if (ConvertFromUnicode(CP_UTF8, 0, ptrconv.wp, -1, &info->domain, 0, NULL, FALSE) < 1)
954 {
955 WLog_ERR(TAG, "failed to convert the Domain string");
956 goto fail;
957 }
958 }
959
960 Stream_Seek(s, 52); /* domain (52 bytes) */
961 Stream_Read_UINT32(s, cbUserName); /* cbUserName (4 bytes) */
962
963 /* cbUserName is the size of the Unicode character data (including the mandatory
964 * null terminator) in bytes present in the fixed-length (512 bytes) UserName field.
965 */
966 if (cbUserName)
967 {
968 if ((cbUserName % 2) || cbUserName > 512)
969 {
970 WLog_ERR(TAG, "protocol error: invalid cbUserName value: %" PRIu32 "", cbUserName);
971 goto fail;
972 }
973
974 ptrconv.bp = Stream_Pointer(s);
975
976 if (ptrconv.wp[cbUserName / 2 - 1])
977 {
978 WLog_ERR(TAG, "protocol error: UserName must be null terminated");
979 goto fail;
980 }
981
982 if (ConvertFromUnicode(CP_UTF8, 0, ptrconv.wp, -1, &info->username, 0, NULL, FALSE) < 1)
983 {
984 WLog_ERR(TAG, "failed to convert the UserName string");
985 goto fail;
986 }
987 }
988
989 Stream_Seek(s, 512); /* userName (512 bytes) */
990 Stream_Read_UINT32(s, info->sessionId); /* SessionId (4 bytes) */
991 WLog_DBG(TAG, "LogonInfoV1: SessionId: 0x%08" PRIX32 " UserName: [%s] Domain: [%s]",
992 info->sessionId, info->username, info->domain);
993 return TRUE;
994 fail:
995 free(info->username);
996 info->username = NULL;
997 free(info->domain);
998 info->domain = NULL;
999 return FALSE;
1000 }
1001
rdp_recv_logon_info_v2(rdpRdp * rdp,wStream * s,logon_info * info)1002 static BOOL rdp_recv_logon_info_v2(rdpRdp* rdp, wStream* s, logon_info* info)
1003 {
1004 UINT16 Version;
1005 UINT32 Size;
1006 UINT32 cbDomain;
1007 UINT32 cbUserName;
1008
1009 WINPR_UNUSED(rdp);
1010 ZeroMemory(info, sizeof(*info));
1011
1012 if (Stream_GetRemainingLength(s) < 576)
1013 return FALSE;
1014
1015 Stream_Read_UINT16(s, Version); /* Version (2 bytes) */
1016 Stream_Read_UINT32(s, Size); /* Size (4 bytes) */
1017 Stream_Read_UINT32(s, info->sessionId); /* SessionId (4 bytes) */
1018 Stream_Read_UINT32(s, cbDomain); /* cbDomain (4 bytes) */
1019 Stream_Read_UINT32(s, cbUserName); /* cbUserName (4 bytes) */
1020 Stream_Seek(s, 558); /* pad (558 bytes) */
1021
1022 /* cbDomain is the size in bytes of the Unicode character data in the Domain field.
1023 * The size of the mandatory null terminator is include in this value.
1024 * Note: Since MS-RDPBCGR 2.2.10.1.1.2 does not mention any size limits we assume
1025 * that the maximum value is 52 bytes, according to the fixed size of the
1026 * Domain field in the Logon Info Version 1 (TS_LOGON_INFO) structure.
1027 */
1028 if (cbDomain)
1029 {
1030 WCHAR domain[26] = { 0 };
1031 if ((cbDomain % 2) || (cbDomain > 52))
1032 {
1033 WLog_ERR(TAG, "protocol error: invalid cbDomain value: %" PRIu32 "", cbDomain);
1034 goto fail;
1035 }
1036
1037 if (Stream_GetRemainingLength(s) < (size_t)cbDomain)
1038 {
1039 WLog_ERR(TAG, "insufficient remaining stream length");
1040 goto fail;
1041 }
1042
1043 memcpy(domain, Stream_Pointer(s), cbDomain);
1044 Stream_Seek(s, cbDomain); /* domain */
1045
1046 if (domain[cbDomain / sizeof(WCHAR) - 1])
1047 {
1048 WLog_ERR(TAG, "protocol error: Domain field must be null terminated");
1049 goto fail;
1050 }
1051
1052 if (ConvertFromUnicode(CP_UTF8, 0, domain, -1, &info->domain, 0, NULL, FALSE) < 1)
1053 {
1054 WLog_ERR(TAG, "failed to convert the Domain string");
1055 goto fail;
1056 }
1057 }
1058
1059 /* cbUserName is the size in bytes of the Unicode character data in the UserName field.
1060 * The size of the mandatory null terminator is include in this value.
1061 * Note: Since MS-RDPBCGR 2.2.10.1.1.2 does not mention any size limits we assume
1062 * that the maximum value is 512 bytes, according to the fixed size of the
1063 * Username field in the Logon Info Version 1 (TS_LOGON_INFO) structure.
1064 */
1065 if (cbUserName)
1066 {
1067 WCHAR user[256] = { 0 };
1068
1069 if ((cbUserName % 2) || cbUserName < 2 || cbUserName > 512)
1070 {
1071 WLog_ERR(TAG, "protocol error: invalid cbUserName value: %" PRIu32 "", cbUserName);
1072 goto fail;
1073 }
1074
1075 if (Stream_GetRemainingLength(s) < (size_t)cbUserName)
1076 {
1077 WLog_ERR(TAG, "insufficient remaining stream length");
1078 goto fail;
1079 }
1080
1081 memcpy(user, Stream_Pointer(s), cbUserName);
1082 Stream_Seek(s, cbUserName); /* userName */
1083
1084 if (user[cbUserName / sizeof(WCHAR) - 1])
1085 {
1086 WLog_ERR(TAG, "protocol error: UserName field must be null terminated");
1087 goto fail;
1088 }
1089
1090 if (ConvertFromUnicode(CP_UTF8, 0, user, -1, &info->username, 0, NULL, FALSE) < 1)
1091 {
1092 WLog_ERR(TAG, "failed to convert the Domain string");
1093 goto fail;
1094 }
1095 }
1096
1097 WLog_DBG(TAG, "LogonInfoV2: SessionId: 0x%08" PRIX32 " UserName: [%s] Domain: [%s]",
1098 info->sessionId, info->username, info->domain);
1099 return TRUE;
1100 fail:
1101 free(info->username);
1102 info->username = NULL;
1103 free(info->domain);
1104 info->domain = NULL;
1105 return FALSE;
1106 }
1107
rdp_recv_logon_plain_notify(rdpRdp * rdp,wStream * s)1108 static BOOL rdp_recv_logon_plain_notify(rdpRdp* rdp, wStream* s)
1109 {
1110 WINPR_UNUSED(rdp);
1111 if (Stream_GetRemainingLength(s) < 576)
1112 return FALSE;
1113
1114 Stream_Seek(s, 576); /* pad (576 bytes) */
1115 WLog_DBG(TAG, "LogonPlainNotify");
1116 return TRUE;
1117 }
1118
rdp_recv_logon_error_info(rdpRdp * rdp,wStream * s,logon_info_ex * info)1119 static BOOL rdp_recv_logon_error_info(rdpRdp* rdp, wStream* s, logon_info_ex* info)
1120 {
1121 UINT32 errorNotificationType;
1122 UINT32 errorNotificationData;
1123
1124 if (Stream_GetRemainingLength(s) < 8)
1125 return FALSE;
1126
1127 Stream_Read_UINT32(s, errorNotificationType); /* errorNotificationType (4 bytes) */
1128 Stream_Read_UINT32(s, errorNotificationData); /* errorNotificationData (4 bytes) */
1129 WLog_DBG(TAG, "LogonErrorInfo: Data: 0x%08" PRIX32 " Type: 0x%08" PRIX32 "",
1130 errorNotificationData, errorNotificationType);
1131 IFCALL(rdp->instance->LogonErrorInfo, rdp->instance, errorNotificationData,
1132 errorNotificationType);
1133 info->ErrorNotificationType = errorNotificationType;
1134 info->ErrorNotificationData = errorNotificationData;
1135 return TRUE;
1136 }
1137
rdp_recv_logon_info_extended(rdpRdp * rdp,wStream * s,logon_info_ex * info)1138 static BOOL rdp_recv_logon_info_extended(rdpRdp* rdp, wStream* s, logon_info_ex* info)
1139 {
1140 UINT32 cbFieldData;
1141 UINT32 fieldsPresent;
1142 UINT16 Length;
1143
1144 if (Stream_GetRemainingLength(s) < 6)
1145 return FALSE;
1146
1147 Stream_Read_UINT16(s, Length); /* Length (2 bytes) */
1148 Stream_Read_UINT32(s, fieldsPresent); /* fieldsPresent (4 bytes) */
1149
1150 if ((Length < 6) || (Stream_GetRemainingLength(s) < (Length - 6U)))
1151 return FALSE;
1152
1153 WLog_DBG(TAG, "LogonInfoExtended: fieldsPresent: 0x%08" PRIX32 "", fieldsPresent);
1154
1155 /* logonFields */
1156
1157 if (fieldsPresent & LOGON_EX_AUTORECONNECTCOOKIE)
1158 {
1159 if (Stream_GetRemainingLength(s) < 4)
1160 return FALSE;
1161
1162 info->haveCookie = TRUE;
1163 Stream_Read_UINT32(s, cbFieldData); /* cbFieldData (4 bytes) */
1164
1165 if (Stream_GetRemainingLength(s) < cbFieldData)
1166 return FALSE;
1167
1168 if (!rdp_read_server_auto_reconnect_cookie(rdp, s, info))
1169 return FALSE;
1170 }
1171
1172 if (fieldsPresent & LOGON_EX_LOGONERRORS)
1173 {
1174 info->haveErrorInfo = TRUE;
1175
1176 if (Stream_GetRemainingLength(s) < 4)
1177 return FALSE;
1178
1179 Stream_Read_UINT32(s, cbFieldData); /* cbFieldData (4 bytes) */
1180
1181 if (Stream_GetRemainingLength(s) < cbFieldData)
1182 return FALSE;
1183
1184 if (!rdp_recv_logon_error_info(rdp, s, info))
1185 return FALSE;
1186 }
1187
1188 if (Stream_GetRemainingLength(s) < 570)
1189 return FALSE;
1190
1191 Stream_Seek(s, 570); /* pad (570 bytes) */
1192 return TRUE;
1193 }
1194
rdp_recv_save_session_info(rdpRdp * rdp,wStream * s)1195 BOOL rdp_recv_save_session_info(rdpRdp* rdp, wStream* s)
1196 {
1197 UINT32 infoType;
1198 BOOL status;
1199 logon_info logonInfo;
1200 logon_info_ex logonInfoEx;
1201 rdpContext* context = rdp->context;
1202 rdpUpdate* update = rdp->context->update;
1203
1204 if (Stream_GetRemainingLength(s) < 4)
1205 return FALSE;
1206
1207 Stream_Read_UINT32(s, infoType); /* infoType (4 bytes) */
1208
1209 switch (infoType)
1210 {
1211 case INFO_TYPE_LOGON:
1212 ZeroMemory(&logonInfo, sizeof(logonInfo));
1213 status = rdp_recv_logon_info_v1(rdp, s, &logonInfo);
1214
1215 if (status && update->SaveSessionInfo)
1216 status = update->SaveSessionInfo(context, infoType, &logonInfo);
1217
1218 free(logonInfo.domain);
1219 free(logonInfo.username);
1220 break;
1221
1222 case INFO_TYPE_LOGON_LONG:
1223 ZeroMemory(&logonInfo, sizeof(logonInfo));
1224 status = rdp_recv_logon_info_v2(rdp, s, &logonInfo);
1225
1226 if (status && update->SaveSessionInfo)
1227 status = update->SaveSessionInfo(context, infoType, &logonInfo);
1228
1229 free(logonInfo.domain);
1230 free(logonInfo.username);
1231 break;
1232
1233 case INFO_TYPE_LOGON_PLAIN_NOTIFY:
1234 status = rdp_recv_logon_plain_notify(rdp, s);
1235
1236 if (status && update->SaveSessionInfo)
1237 status = update->SaveSessionInfo(context, infoType, NULL);
1238
1239 break;
1240
1241 case INFO_TYPE_LOGON_EXTENDED_INF:
1242 ZeroMemory(&logonInfoEx, sizeof(logonInfoEx));
1243 status = rdp_recv_logon_info_extended(rdp, s, &logonInfoEx);
1244
1245 if (status && update->SaveSessionInfo)
1246 status = update->SaveSessionInfo(context, infoType, &logonInfoEx);
1247
1248 break;
1249
1250 default:
1251 WLog_ERR(TAG, "Unhandled saveSessionInfo type 0x%" PRIx32 "", infoType);
1252 status = TRUE;
1253 break;
1254 }
1255
1256 if (!status)
1257 {
1258 WLog_DBG(TAG, "SaveSessionInfo error: infoType: %s (%" PRIu32 ")",
1259 infoType < 4 ? INFO_TYPE_LOGON_STRINGS[infoType % 4] : "Unknown", infoType);
1260 }
1261
1262 return status;
1263 }
1264
rdp_write_logon_info_v1(wStream * s,logon_info * info)1265 static BOOL rdp_write_logon_info_v1(wStream* s, logon_info* info)
1266 {
1267 size_t sz = 4 + 52 + 4 + 512 + 4;
1268 int ilen;
1269 UINT32 len;
1270 WCHAR* wString = NULL;
1271
1272 if (!Stream_EnsureRemainingCapacity(s, sz))
1273 return FALSE;
1274
1275 /* domain */
1276 ilen = ConvertToUnicode(CP_UTF8, 0, info->domain, -1, &wString, 0);
1277
1278 if (ilen < 0)
1279 return FALSE;
1280
1281 len = (UINT32)ilen * 2;
1282
1283 if (len > 52)
1284 {
1285 free(wString);
1286 return FALSE;
1287 }
1288
1289 Stream_Write_UINT32(s, len);
1290 Stream_Write(s, wString, len);
1291 Stream_Seek(s, 52 - len);
1292 free(wString);
1293 /* username */
1294 wString = NULL;
1295 ilen = ConvertToUnicode(CP_UTF8, 0, info->username, -1, &wString, 0);
1296
1297 if (ilen < 0)
1298 return FALSE;
1299
1300 len = (UINT32)ilen * 2;
1301
1302 if (len > 512)
1303 {
1304 free(wString);
1305 return FALSE;
1306 }
1307
1308 Stream_Write_UINT32(s, len);
1309 Stream_Write(s, wString, len);
1310 Stream_Seek(s, 512 - len);
1311 free(wString);
1312 /* sessionId */
1313 Stream_Write_UINT32(s, info->sessionId);
1314 return TRUE;
1315 }
1316
rdp_write_logon_info_v2(wStream * s,logon_info * info)1317 static BOOL rdp_write_logon_info_v2(wStream* s, logon_info* info)
1318 {
1319 UINT32 Size = 2 + 4 + 4 + 4 + 4 + 558;
1320 size_t domainLen, usernameLen;
1321 int len;
1322 WCHAR* wString = NULL;
1323
1324 if (!Stream_EnsureRemainingCapacity(s, Size))
1325 return FALSE;
1326
1327 Stream_Write_UINT16(s, SAVE_SESSION_PDU_VERSION_ONE);
1328 Stream_Write_UINT32(s, Size);
1329 Stream_Write_UINT32(s, info->sessionId);
1330 domainLen = strlen(info->domain);
1331 if (domainLen > UINT32_MAX)
1332 return FALSE;
1333 Stream_Write_UINT32(s, (UINT32)(domainLen + 1) * 2);
1334 usernameLen = strlen(info->username);
1335 if (usernameLen > UINT32_MAX)
1336 return FALSE;
1337 Stream_Write_UINT32(s, (UINT32)(usernameLen + 1) * 2);
1338 Stream_Seek(s, 558);
1339 len = ConvertToUnicode(CP_UTF8, 0, info->domain, -1, &wString, 0);
1340
1341 if (len < 0)
1342 return FALSE;
1343
1344 Stream_Write(s, wString, (size_t)len * 2);
1345 free(wString);
1346 wString = NULL;
1347 len = ConvertToUnicode(CP_UTF8, 0, info->username, -1, &wString, 0);
1348
1349 if (len < 0)
1350 return FALSE;
1351
1352 Stream_Write(s, wString, (size_t)len * 2);
1353 free(wString);
1354 return TRUE;
1355 }
1356
rdp_write_logon_info_plain(wStream * s)1357 static BOOL rdp_write_logon_info_plain(wStream* s)
1358 {
1359 if (!Stream_EnsureRemainingCapacity(s, 576))
1360 return FALSE;
1361
1362 Stream_Seek(s, 576);
1363 return TRUE;
1364 }
1365
rdp_write_logon_info_ex(wStream * s,logon_info_ex * info)1366 static BOOL rdp_write_logon_info_ex(wStream* s, logon_info_ex* info)
1367 {
1368 UINT32 FieldsPresent = 0;
1369 UINT16 Size = 2 + 4 + 570;
1370
1371 if (info->haveCookie)
1372 {
1373 FieldsPresent |= LOGON_EX_AUTORECONNECTCOOKIE;
1374 Size += 28;
1375 }
1376
1377 if (info->haveErrorInfo)
1378 {
1379 FieldsPresent |= LOGON_EX_LOGONERRORS;
1380 Size += 8;
1381 }
1382
1383 if (!Stream_EnsureRemainingCapacity(s, Size))
1384 return FALSE;
1385
1386 Stream_Write_UINT16(s, Size);
1387 Stream_Write_UINT32(s, FieldsPresent);
1388
1389 if (info->haveCookie)
1390 {
1391 Stream_Write_UINT32(s, 28); /* cbFieldData (4 bytes) */
1392 Stream_Write_UINT32(s, 28); /* cbLen (4 bytes) */
1393 Stream_Write_UINT32(s, AUTO_RECONNECT_VERSION_1); /* Version (4 bytes) */
1394 Stream_Write_UINT32(s, info->LogonId); /* LogonId (4 bytes) */
1395 Stream_Write(s, info->ArcRandomBits, 16); /* ArcRandomBits (16 bytes) */
1396 }
1397
1398 if (info->haveErrorInfo)
1399 {
1400 Stream_Write_UINT32(s, 8); /* cbFieldData (4 bytes) */
1401 Stream_Write_UINT32(s, info->ErrorNotificationType); /* ErrorNotificationType (4 bytes) */
1402 Stream_Write_UINT32(s, info->ErrorNotificationData); /* ErrorNotificationData (4 bytes) */
1403 }
1404
1405 Stream_Seek(s, 570);
1406 return TRUE;
1407 }
1408
rdp_send_save_session_info(rdpContext * context,UINT32 type,void * data)1409 BOOL rdp_send_save_session_info(rdpContext* context, UINT32 type, void* data)
1410 {
1411 wStream* s;
1412 BOOL status;
1413 rdpRdp* rdp = context->rdp;
1414 s = rdp_data_pdu_init(rdp);
1415
1416 if (!s)
1417 return FALSE;
1418
1419 Stream_Write_UINT32(s, type);
1420
1421 switch (type)
1422 {
1423 case INFO_TYPE_LOGON:
1424 status = rdp_write_logon_info_v1(s, (logon_info*)data);
1425 break;
1426
1427 case INFO_TYPE_LOGON_LONG:
1428 status = rdp_write_logon_info_v2(s, (logon_info*)data);
1429 break;
1430
1431 case INFO_TYPE_LOGON_PLAIN_NOTIFY:
1432 status = rdp_write_logon_info_plain(s);
1433 break;
1434
1435 case INFO_TYPE_LOGON_EXTENDED_INF:
1436 status = rdp_write_logon_info_ex(s, (logon_info_ex*)data);
1437 break;
1438
1439 default:
1440 WLog_ERR(TAG, "saveSessionInfo type 0x%" PRIx32 " not handled", type);
1441 status = FALSE;
1442 break;
1443 }
1444
1445 if (status)
1446 status = rdp_send_data_pdu(rdp, s, DATA_PDU_TYPE_SAVE_SESSION_INFO, rdp->mcs->userId);
1447 else
1448 Stream_Release(s);
1449
1450 return status;
1451 }
1452
rdp_send_server_status_info(rdpContext * context,UINT32 status)1453 BOOL rdp_send_server_status_info(rdpContext* context, UINT32 status)
1454 {
1455 wStream* s;
1456 rdpRdp* rdp = context->rdp;
1457 s = rdp_data_pdu_init(rdp);
1458
1459 if (!s)
1460 return FALSE;
1461
1462 Stream_Write_UINT32(s, status);
1463 return rdp_send_data_pdu(rdp, s, DATA_PDU_TYPE_STATUS_INFO, rdp->mcs->userId);
1464 }
1465