rdpear: handle basic NTLM commands and fix server-side

This patch adds the handling of basic NTLM commands. Because there's some mysterious
4 zero bytes after pickle header in Kerberos packets, not present in NTLM commands, the
patch also had to rework a bit the packet parsing / forging.

The patch also addresses a server-side bug when parsing supplemental creds, if the client
was sending an empty list, we were considering this as an error.

And finally we also implement the parsing of MSV1_0_REMOTE_SUPPLEMENTAL_CREDENTIAL.
This breaks the public API, anyway this was basically unused (as not parsed before) and
the previous API was wrong as what we receive is MSV1_0_REMOTE_SUPPLEMENTAL_CREDENTIAL
not MSV1_0_SUPPLEMENTAL_CREDENTIAL, so I guess the API breakage is ok.

winpr/include/winpr/secapi.h

@@ -70,6 +70,37 @@ typedef struct
 
 #define MSV1_0_CRED_VERSION_REMOTE 0xffff0002
 
+typedef enum _MSV1_0_CREDENTIAL_KEY_TYPE
+{
+	InvalidCredKey,
+	DeprecatedIUMCredKey,
+	DomainUserCredKey,
+	LocalUserCredKey,
+	ExternallySuppliedCredKey
+} MSV1_0_CREDENTIAL_KEY_TYPE;
+
+#define MSV1_0_CREDENTIAL_KEY_LENGTH 20
+#define MSV1_0_CRED_LM_PRESENT 0x1
+#define MSV1_0_CRED_NT_PRESENT 0x2
+#define MSV1_0_CRED_REMOVED 0x4
+#define MSV1_0_CRED_CREDKEY_PRESENT 0x8
+#define MSV1_0_CRED_SHA_PRESENT 0x10
+
+typedef struct
+{
+	UCHAR Data[MSV1_0_CREDENTIAL_KEY_LENGTH];
+} MSV1_0_CREDENTIAL_KEY, *PMSV1_0_CREDENTIAL_KEY;
+
+typedef struct
+{
+	ULONG Version;
+	ULONG Flags;
+	MSV1_0_CREDENTIAL_KEY CredentialKey;
+	MSV1_0_CREDENTIAL_KEY_TYPE CredentialKeyType;
+	ULONG EncryptedCredsSize;
+	UCHAR EncryptedCreds[1];
+} MSV1_0_REMOTE_SUPPLEMENTAL_CREDENTIAL, *PMSV1_0_REMOTE_SUPPLEMENTAL_CREDENTIAL;
+
 #endif /* _WIN32 */
 
 #ifndef KERB_LOGON_FLAG_REDIRECTED