Hi
The attached patch adds some comments to libxrdp/xrdp_sec.c that (IMHO)
makes it easier to relate the existing implementation with MS
terminology and documentation.
As far as I can see clientSessionId was left out from Client Info
parsing, so performanceFlags must consistently have been odd (but always
zero)?
It seems to me like client_info.is_mce is used but never set?
/Mads
diff --git a/libxrdp/xrdp_sec.c b/libxrdp/xrdp_sec.c
--- a/libxrdp/xrdp_sec.c
+++ b/libxrdp/xrdp_sec.c
@@ -34,22 +34,33 @@
92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92,
92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92 };
-/* some compilers need unsigned char to avoid warnings */
+/* Licensing PDU with Server License Request */
static tui8 g_lic1[322] =
-{ 0x80, 0x00, 0x3e, 0x01, 0x01, 0x02, 0x3e, 0x01,
+{ 0x80, 0x00, 0x3e, 0x01,
+ /* Licensing Preamble: LICENSE_REQUEST and PREAMBLE_VERSION_2_0 and size */
+ 0x01, 0x02, 0x3e, 0x01,
+ /* ServerRandom */
0x7b, 0x3c, 0x31, 0xa6, 0xae, 0xe8, 0x74, 0xf6,
0xb4, 0xa5, 0x03, 0x90, 0xe7, 0xc2, 0xc7, 0x39,
0xba, 0x53, 0x1c, 0x30, 0x54, 0x6e, 0x90, 0x05,
0xd0, 0x05, 0xce, 0x44, 0x18, 0x91, 0x83, 0x81,
- 0x00, 0x00, 0x04, 0x00, 0x2c, 0x00, 0x00, 0x00,
+ /* ProductInfo: */
+ /* Server OS version: */
+ 0x00, 0x00, 0x04, 0x00,
+ /* CompanyName "Microsoft Corporation\0" */
+ 0x2c, 0x00, 0x00, 0x00,
0x4d, 0x00, 0x69, 0x00, 0x63, 0x00, 0x72, 0x00,
0x6f, 0x00, 0x73, 0x00, 0x6f, 0x00, 0x66, 0x00,
0x74, 0x00, 0x20, 0x00, 0x43, 0x00, 0x6f, 0x00,
0x72, 0x00, 0x70, 0x00, 0x6f, 0x00, 0x72, 0x00,
0x61, 0x00, 0x74, 0x00, 0x69, 0x00, 0x6f, 0x00,
- 0x6e, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00,
+ 0x6e, 0x00, 0x00, 0x00,
+ /* ProductId "236\0" */
+ 0x08, 0x00, 0x00, 0x00,
0x32, 0x00, 0x33, 0x00, 0x36, 0x00, 0x00, 0x00,
+ /* KeyExchangeList, Licensing Binary BLOB with BB_KEY_EXCHG_ALG_BLOB KEY_EXCHANGE_ALG_RSA */
0x0d, 0x00, 0x04, 0x00, 0x01, 0x00, 0x00, 0x00,
+ /* ServerCertificate, Licensing Binary BLOB with BB_CERTIFICATE_BLOB */
0x03, 0x00, 0xb8, 0x00, 0x01, 0x00, 0x00, 0x00,
0x01, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
0x06, 0x00, 0x5c, 0x00, 0x52, 0x53, 0x41, 0x31,
@@ -73,22 +84,35 @@
0xcb, 0x11, 0xc3, 0xf2, 0xdb, 0x09, 0x42, 0x68,
0x29, 0x56, 0x58, 0x01, 0x56, 0xdb, 0x59, 0x03,
0x69, 0xdb, 0x7d, 0x37, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+ /* ScopeList with 1 element, Licensing Binary BLOB with BB_SCOPE_BLOB "microsoft.com\0" */
+ 0x01, 0x00, 0x00, 0x00,
0x0e, 0x00, 0x0e, 0x00, 0x6d, 0x69, 0x63, 0x72,
0x6f, 0x73, 0x6f, 0x66, 0x74, 0x2e, 0x63, 0x6f,
0x6d, 0x00 };
-/* some compilers need unsigned char to avoid warnings */
+/* Licensing PDU with STATUS_VALID_CLIENT License Error Message */
static tui8 g_lic2[20] =
-{ 0x80, 0x00, 0x10, 0x00, 0xff, 0x02, 0x10, 0x00,
- 0x07, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
+{ 0x80, 0x00, 0x10, 0x00,
+ /* Licensing Preamble: ERROR_ALERT and PREAMBLE_VERSION_2_0 and size */
+ 0xff, 0x02, 0x10, 0x00,
+ /* dwErrorCode STATUS_VALID_CLIENT */
+ 0x07, 0x00, 0x00, 0x00,
+ /* dwStateTransition ST_NO_TRANSITION */
+ 0x02, 0x00, 0x00, 0x00,
+ /* bbErrorInfo, Licensing Binary BLOB should be BB_ERROR_BLOB but ignored because empty */
0x28, 0x14, 0x00, 0x00 };
-/* mce */
-/* some compilers need unsigned char to avoid warnings */
+/* Licensing PDU with STATUS_VALID_CLIENT License Error Message */
static tui8 g_lic3[20] =
-{ 0x80, 0x02, 0x10, 0x00, 0xff, 0x03, 0x10, 0x00,
- 0x07, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
+{ 0x80, 0x02, 0x10, 0x00,
+ /* Licensing Preamble: ERROR_ALERT and PREAMBLE_VERSION_2_0 and size */
+ 0xff, 0x03, 0x10, 0x00,
+ /* dwErrorCode STATUS_VALID_CLIENT */
+ 0x07, 0x00, 0x00, 0x00,
+ /* dwStateTransition ST_NO_TRANSITION */
+ 0x02, 0x00, 0x00, 0x00,
+ /* bbErrorInfo, Licensing Binary BLOB should be BB_ERROR_BLOB but ignored because empty */
0xf3, 0x99, 0x00, 0x00 };
/*****************************************************************************/
@@ -299,6 +323,7 @@
}
/*****************************************************************************/
+/* Process Client Info PDU */
/* returns error */
static int APP_CC
xrdp_sec_process_logon_info(struct xrdp_sec* self, struct stream* s)
@@ -365,23 +390,22 @@
DEBUG(("directory %s", self->rdp_layer->client_info.directory));
if (flags & RDP_LOGON_BLOB)
{
- in_uint8s(s, 2); /* unknown */
+ /* Extended Info Packet: */
+ in_uint8s(s, 2); /* clientAddressFamily, AF_INET=2 AF_INET6=0x17 */
in_uint16_le(s, len_ip);
- unicode_in(s, len_ip - 2, tmpdata, 255);
+ unicode_in(s, len_ip - 2, tmpdata, 255); /* clientAddress */
in_uint16_le(s, len_dll);
- unicode_in(s, len_dll - 2, tmpdata, 255);
- in_uint32_le(s, tzone); /* len of timetone */
- in_uint8s(s, 62); /* skip */
- in_uint8s(s, 22); /* skip misc. */
- in_uint8s(s, 62); /* skip */
- in_uint8s(s, 26); /* skip stuff */
- in_uint32_le(s, self->rdp_layer->client_info.rdp5_performanceflags);
+ unicode_in(s, len_dll - 2, tmpdata, 255); /* clientDir */
+ in_uint8s(s, 172); /* clientTimeZone */
+ in_uint8s(s, 4); /* clientSessionId */
+ in_uint32_le(s, self->rdp_layer->client_info.rdp5_performanceflags); /* performanceFlags */
}
DEBUG(("out xrdp_sec_process_logon_info"));
return 0;
}
/*****************************************************************************/
+/* Send Licensing PDU with Server License Request */
/* returns error */
static int APP_CC
xrdp_sec_send_lic_initial(struct xrdp_sec* self)
@@ -395,7 +419,7 @@
free_stream(s);
return 1;
}
- out_uint8a(s, g_lic1, 322);
+ out_uint8a(s, g_lic1, sizeof(g_lic1));
s_mark_end(s);
if (xrdp_mcs_send(self->mcs_layer, s, MCS_GLOBAL_CHANNEL) != 0)
{
@@ -407,6 +431,7 @@
}
/*****************************************************************************/
+/* Send Licensing PDU with STATUS_VALID_CLIENT License Error Message */
/* returns error */
static int APP_CC
xrdp_sec_send_lic_response(struct xrdp_sec* self)
@@ -420,7 +445,7 @@
free_stream(s);
return 1;
}
- out_uint8a(s, g_lic2, 20);
+ out_uint8a(s, g_lic2, sizeof(g_lic2));
s_mark_end(s);
if (xrdp_mcs_send(self->mcs_layer, s, MCS_GLOBAL_CHANNEL) != 0)
{
@@ -432,6 +457,7 @@
}
/*****************************************************************************/
+/* Send Licensing PDU with STATUS_VALID_CLIENT License Error Message */
/* returns error */
static int APP_CC
xrdp_sec_send_media_lic_response(struct xrdp_sec* self)
@@ -560,17 +586,20 @@
DEBUG((" out xrdp_sec_recv error"));
return 1;
}
- in_uint32_le(s, flags);
+ in_uint32_le(s, flags); /* TS_SECURITY_HEADER */
DEBUG((" in xrdp_sec_recv flags $%x", flags));
- if (flags & SEC_ENCRYPT) /* 0x08 */
+ if (flags & SEC_ENCRYPT)
{
- in_uint8s(s, 8); /* signature */
+ in_uint8s(s, 8); /* Non-FIPS dataSignature, 64 bit MAC */
xrdp_sec_decrypt(self, s->p, (int)(s->end - s->p));
}
- if (flags & SEC_CLIENT_RANDOM) /* 0x01 */
+ if (flags & SEC_CLIENT_RANDOM) /* SEC_EXCHANGE_PKT */
{
- in_uint32_le(s, len);
- in_uint8a(s, self->client_crypt_random, 64);
+ /* Security Exchange PDU Data */
+ in_uint32_le(s, len); /* length */
+ /* FIXME: Use length instead of assuming 64!
+ * It seems to include 8 bytes of zero padding and is thus (often) 72 */
+ in_uint8a(s, self->client_crypt_random, 64); /* encryptedClientRandom */
xrdp_sec_rsa_op(self->client_random, self->client_crypt_random,
self->pub_mod, self->pri_exp);
xrdp_sec_establish_keys(self);
@@ -578,8 +607,9 @@
DEBUG((" out xrdp_sec_recv"));
return 0;
}
- if (flags & SEC_LOGON_INFO) /* 0x40 */
+ if (flags & SEC_LOGON_INFO) /* SEC_INFO_PKT */
{
+ /* Client Info PDU */
if (xrdp_sec_process_logon_info(self, s) != 0)
{
DEBUG((" out xrdp_sec_recv error"));
@@ -587,6 +617,7 @@
}
if (self->rdp_layer->client_info.is_mce)
{
+ /* Ignore packet and reply that license is fine */
if (xrdp_sec_send_media_lic_response(self) != 0)
{
DEBUG((" out xrdp_sec_recv error"));
@@ -595,6 +626,7 @@
DEBUG((" out xrdp_sec_recv"));
return -1; /* special error that means send demand active */
}
+ /* Send Licensing PDU with Server License Request */
if (xrdp_sec_send_lic_initial(self) != 0)
{
DEBUG((" out xrdp_sec_recv error"));
@@ -604,8 +636,9 @@
DEBUG((" out xrdp_sec_recv"));
return 0;
}
- if (flags & SEC_LICENCE_NEG) /* 0x80 */
+ if (flags & SEC_LICENCE_NEG) /* SEC_LICENSE_PKT */
{
+ /* Ignore packet and reply that license is fine */
if (xrdp_sec_send_lic_response(self) != 0)
{
DEBUG((" out xrdp_sec_recv error"));
------------------------------------------------------------------------------
SOLARIS 10 is the OS for Data Centers - provides features such as DTrace,
Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW
http://p.sf.net/sfu/solaris-dev2dev
_______________________________________________
xrdp-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/xrdp-devel
