aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

rdp: rustfmt (update)

Browse Source
pull/5207/head
Zach Kelly 5 years ago committed by Victor Julien
parent f7c4600482
commit ef397daba3
4 changed files with 251 additions and 403 deletions
Show Stats Download Patch File Download Diff File

145
rust/src/rdp/log.rs
Unescape Escape View File

@ -40,12 +40,8 @@ fn to_json(tx: &RdpTransaction) -> Option<Json> {
js.set_integer("tx_id", tx.id);
match &tx.item {
RdpTransactionItem::X224ConnectionRequest(ref x224) => {
x224_req_to_json(&js, x224)
}
RdpTransactionItem::X224ConnectionConfirm(x224) => {
x224_conf_to_json(&js, x224)
}
RdpTransactionItem::X224ConnectionRequest(ref x224) => x224_req_to_json(&js, x224),
RdpTransactionItem::X224ConnectionConfirm(x224) => x224_conf_to_json(&js, x224),
RdpTransactionItem::McsConnectRequest(ref mcs) => {
mcs_req_to_json(&js, mcs);
@ -62,9 +58,7 @@ fn to_json(tx: &RdpTransaction) -> Option<Json> {
for blob in chain {
match parse_x509_der(&blob.data) {
Ok((_, cert)) => {
js_chain.array_append_string(
&cert.tbs_certificate.serial.to_str_radix(16),
);
js_chain.array_append_string(&cert.tbs_certificate.serial.to_str_radix(16));
}
_ => {}
}
@ -94,9 +88,7 @@ fn x224_req_to_json(js: &Json, x224: &X224ConnectionRequest) {
.flags
.contains(Flags::REDIRECTED_AUTHENTICATION_MODE_REQUIRED)
{
flags.array_append_string(
"redirected_authentication_mode_required",
);
flags.array_append_string("redirected_authentication_mode_required");
}
if req.flags.contains(Flags::CORRELATION_INFO_PRESENT) {
flags.array_append_string("correlation_info_present");
@ -116,28 +108,22 @@ fn x224_conf_to_json(js: &Json, x224: &X224ConnectionConfirm) {
NegotiationFromServer::Response(ref resp) => {
if !resp.flags.is_empty() {
let flags = Json::array();
if resp
.flags
.contains(Flags::EXTENDED_CLIENT_DATA_SUPPORTED)
{
if resp.flags.contains(Flags::EXTENDED_CLIENT_DATA_SUPPORTED) {
flags.array_append_string("extended_client_data");
}
if resp.flags.contains(Flags::DYNVC_GFX_PROTOCOL_SUPPORTED)
{
if resp.flags.contains(Flags::DYNVC_GFX_PROTOCOL_SUPPORTED) {
flags.array_append_string("dynvc_gfx");
}
// NEGRSP_FLAG_RESERVED not logged
if resp.flags.contains(Flags::RESTRICTED_ADMIN_MODE_SUPPORTED) {
flags.array_append_string("restricted_admin");
}
if resp
.flags
.contains(Flags::RESTRICTED_ADMIN_MODE_SUPPORTED)
.contains(Flags::REDIRECTED_AUTHENTICATION_MODE_SUPPORTED)
{
flags.array_append_string("restricted_admin");
}
if resp.flags.contains(
Flags::REDIRECTED_AUTHENTICATION_MODE_SUPPORTED,
) {
flags.array_append_string("redirected_authentication");
}
js.set("server_supports", flags);
@ -192,13 +178,9 @@ fn x224_conf_to_json(js: &Json, x224: &X224ConnectionConfirm) {
NegotiationFailureCode::SslWithUserAuthRequiredByServer => {
js.set_integer(
"error_code",
NegotiationFailureCode::SslWithUserAuthRequiredByServer
as u64,
NegotiationFailureCode::SslWithUserAuthRequiredByServer as u64,
);
js.set_string(
"reason",
"ssl with user auth required by server",
)
js.set_string("reason", "ssl with user auth required by server")
}
},
}
@ -218,17 +200,12 @@ fn mcs_req_to_json(js: &Json, mcs: &McsConnectRequest) {
let js_client = Json::object();
match client.version {
Some(ref ver) => js_client
.set_string("version", &version_to_string(ver, "v")),
Some(ref ver) => js_client.set_string("version", &version_to_string(ver, "v")),
None => js_client.set_string("version", &unknown),
}
js_client
.set_integer("desktop_width", client.desktop_width as u64);
js_client.set_integer(
"desktop_height",
client.desktop_height as u64,
);
js_client.set_integer("desktop_width", client.desktop_width as u64);
js_client.set_integer("desktop_height", client.desktop_height as u64);
if let Some(depth) = get_color_depth(client) {
js_client.set_integer("color_depth", depth);
@ -251,22 +228,15 @@ fn mcs_req_to_json(js: &Json, mcs: &McsConnectRequest) {
}
if let Some(ref kb) = client.keyboard_type {
js_client
.set_string("keyboard_type", &keyboard_to_string(kb));
js_client.set_string("keyboard_type", &keyboard_to_string(kb));
}
if client.keyboard_subtype != 0 {
js_client.set_integer(
"keyboard_subtype",
client.keyboard_subtype as u64,
);
js_client.set_integer("keyboard_subtype", client.keyboard_subtype as u64);
}
if client.keyboard_function_key != 0 {
js_client.set_integer(
"function_keys",
client.keyboard_function_key as u64,
);
js_client.set_integer("function_keys", client.keyboard_function_key as u64);
}
if client.ime_file_name.len() > 0 {
@ -289,72 +259,52 @@ fn mcs_req_to_json(js: &Json, mcs: &McsConnectRequest) {
// supported_color_depth not logged
if let Some(ref early_capability_flags) =
client.early_capability_flags
{
if let Some(ref early_capability_flags) = client.early_capability_flags {
use crate::rdp::parser::EarlyCapabilityFlags as Flags;
if !early_capability_flags.is_empty() {
let flags = Json::array();
if early_capability_flags
.contains(Flags::RNS_UD_CS_SUPPORT_ERRINFO_PDF)
{
if early_capability_flags.contains(Flags::RNS_UD_CS_SUPPORT_ERRINFO_PDF) {
flags.array_append_string("support_errinfo_pdf");
}
if early_capability_flags
.contains(Flags::RNS_UD_CS_WANT_32BPP_SESSION)
{
if early_capability_flags.contains(Flags::RNS_UD_CS_WANT_32BPP_SESSION) {
flags.array_append_string("want_32bpp_session");
}
if early_capability_flags
.contains(Flags::RNS_UD_CS_SUPPORT_STATUSINFO_PDU)
if early_capability_flags.contains(Flags::RNS_UD_CS_SUPPORT_STATUSINFO_PDU)
{
flags.array_append_string("support_statusinfo_pdu");
}
if early_capability_flags
.contains(Flags::RNS_UD_CS_STRONG_ASYMMETRIC_KEYS)
if early_capability_flags.contains(Flags::RNS_UD_CS_STRONG_ASYMMETRIC_KEYS)
{
flags.array_append_string("strong_asymmetric_keys");
}
// RNS_UD_CS_UNUSED not logged
if early_capability_flags
.contains(Flags::RNS_UD_CS_VALID_CONNECTION_TYPE)
{
if early_capability_flags.contains(Flags::RNS_UD_CS_VALID_CONNECTION_TYPE) {
flags.array_append_string("valid_connection_type");
}
if early_capability_flags.contains(
Flags::RNS_UD_CS_SUPPORT_MONITOR_LAYOUT_PDU,
) {
flags.array_append_string(
"support_monitor_layout_pdu",
);
}
if early_capability_flags.contains(
Flags::RNS_UD_CS_SUPPORT_NETCHAR_AUTODETECT,
) {
flags.array_append_string(
"support_netchar_autodetect",
);
if early_capability_flags
.contains(Flags::RNS_UD_CS_SUPPORT_MONITOR_LAYOUT_PDU)
{
flags.array_append_string("support_monitor_layout_pdu");
}
if early_capability_flags.contains(
Flags::RNS_UD_CS_SUPPORT_DYNVC_GFX_PROTOCOL,
) {
flags.array_append_string(
"support_dynvc_gfx_protocol",
);
if early_capability_flags
.contains(Flags::RNS_UD_CS_SUPPORT_NETCHAR_AUTODETECT)
{
flags.array_append_string("support_netchar_autodetect");
}
if early_capability_flags.contains(
Flags::RNS_UD_CS_SUPPORT_DYNAMIC_TIME_ZONE,
) {
flags.array_append_string(
"support_dynamic_time_zone",
);
if early_capability_flags
.contains(Flags::RNS_UD_CS_SUPPORT_DYNVC_GFX_PROTOCOL)
{
flags.array_append_string("support_dynvc_gfx_protocol");
}
if early_capability_flags
.contains(Flags::RNS_UD_CS_SUPPORT_HEARTBEAT_PDU)
.contains(Flags::RNS_UD_CS_SUPPORT_DYNAMIC_TIME_ZONE)
{
flags.array_append_string("support_dynamic_time_zone");
}
if early_capability_flags.contains(Flags::RNS_UD_CS_SUPPORT_HEARTBEAT_PDU) {
flags.array_append_string("support_heartbeat_pdu");
}
js_client.set("capabilities", flags);
@ -370,18 +320,12 @@ fn mcs_req_to_json(js: &Json, mcs: &McsConnectRequest) {
if let Some(ref hint) = client.connection_hint {
let s = match hint {
ConnectionHint::ConnectionHintModem => "modem",
ConnectionHint::ConnectionHintBroadbandLow => {
"low_broadband"
}
ConnectionHint::ConnectionHintBroadbandLow => "low_broadband",
ConnectionHint::ConnectionHintSatellite => "satellite",
ConnectionHint::ConnectionHintBroadbandHigh => {
"high_broadband"
}
ConnectionHint::ConnectionHintBroadbandHigh => "high_broadband",
ConnectionHint::ConnectionHintWan => "wan",
ConnectionHint::ConnectionHintLan => "lan",
ConnectionHint::ConnectionHintAutoDetect => {
"autodetect"
}
ConnectionHint::ConnectionHintAutoDetect => "autodetect",
ConnectionHint::ConnectionHintNotProvided => "",
};
if *hint != ConnectionHint::ConnectionHintNotProvided {
@ -400,8 +344,7 @@ fn mcs_req_to_json(js: &Json, mcs: &McsConnectRequest) {
}
if let Some(orientation) = client.desktop_orientation {
js_client
.set_integer("desktop_orientation", orientation as u64);
js_client.set_integer("desktop_orientation", orientation as u64);
}
if let Some(scale) = client.desktop_scale_factor {

381
rust/src/rdp/parser.rs
Unescape Escape View File

@ -26,15 +26,13 @@
//! * x.224-spec: <https://www.itu.int/rec/T-REC-X.224-199511-I/en>
//! * x.691-spec: <https://www.itu.int/rec/T-REC-X.691/en>
use nom::IResult;
use nom::bytes::streaming::take;
use nom::combinator::{opt, map_opt, map_res};
use nom::number::streaming::{be_u16, be_u8, le_u16, le_u32, le_u8};
use crate::rdp::error::RdpError;
use crate::rdp::util::{
le_slice_to_string, parse_per_length_determinant, utf7_slice_to_string,
};
use crate::rdp::util::{le_slice_to_string, parse_per_length_determinant, utf7_slice_to_string};
use crate::rdp::windows;
use nom::bytes::streaming::take;
use nom::combinator::{map_opt, map_res, opt};
use nom::number::streaming::{be_u16, be_u8, le_u16, le_u32, le_u8};
use nom::IResult;
/// constrains dimension to a range, per spec
/// rdp-spec, section 2.2.1.3.2 Client Core Data
@ -435,8 +433,7 @@ pub struct McsConnectResponse {}
/// parser for t.123 and children
/// t.123-spec, section 8
pub fn parse_t123_tpkt(input: &[u8]) -> IResult<&[u8], T123Tpkt, RdpError> {
let (i1, _version) =
verify!(input, be_u8, |&x| x == TpktVersion::T123 as u8)?;
let (i1, _version) = verify!(input, be_u8, |&x| x == TpktVersion::T123 as u8)?;
let (i2, _reserved) = try_parse!(i1, be_u8);
// less u8, u8, u16
let (i3, sz) = map_opt!(i2, be_u16, |x: u16| x.checked_sub(4))?;
@ -481,18 +478,16 @@ pub fn parse_t123_tpkt(input: &[u8]) -> IResult<&[u8], T123Tpkt, RdpError> {
return Ok((i4, T123Tpkt { child }));
}
fn take_4_4_bits(input: &[u8]) -> IResult<&[u8], (u8,u8), RdpError> {
map!(input, be_u8, |b| (b >> 4, b & 0xf))
fn take_4_4_bits(input: &[u8]) -> IResult<&[u8], (u8, u8), RdpError> {
map!(input, be_u8, |b| (b >> 4, b & 0xf))
}
/// rdp-spec, section 2.2.1.1
fn parse_x224_connection_request(
input: &[u8],
) -> IResult<&[u8], X224ConnectionRequest, RdpError> {
fn parse_x224_connection_request(input: &[u8]) -> IResult<&[u8], X224ConnectionRequest, RdpError> {
let (i1, length) = verify!(input, be_u8, |&x| x != 0xff)?; // 0xff is reserved
let (i2, cr_cdt) = take_4_4_bits(i1)?;
let _ = verify!(i1, value!(cr_cdt.0), |&x| x
== X224Type::ConnectionRequest as u8)?;
== X224Type::ConnectionRequest as u8)?;
let _ = verify!(i1, value!(cr_cdt.1), |&x| x == 0 || x == 1)?;
let (i3, dst_ref) = verify!(i2, be_u16, |&x| x == 0)?;
let (i4, src_ref) = try_parse!(i3, be_u16);
@ -583,9 +578,7 @@ fn parse_rdp_cookie(input: &[u8]) -> IResult<&[u8], RdpCookie, RdpError> {
}
// rdp-spec, section 2.2.1.1.1
fn parse_negotiation_request(
input: &[u8],
) -> IResult<&[u8], NegotiationRequest, RdpError> {
fn parse_negotiation_request(input: &[u8]) -> IResult<&[u8], NegotiationRequest, RdpError> {
do_parse! {
input,
_typ: verify!(
@ -607,13 +600,11 @@ fn parse_negotiation_request(
/// rdp-spec, section 2.2.1.2
/// x.224-spec, section 13.3
fn parse_x224_connection_confirm(
input: &[u8],
) -> IResult<&[u8], X224ConnectionConfirm, RdpError> {
fn parse_x224_connection_confirm(input: &[u8]) -> IResult<&[u8], X224ConnectionConfirm, RdpError> {
let (i1, length) = verify!(input, be_u8, |&x| x != 0xff)?; // 0xff is reserved
let (i2, cr_cdt) = take_4_4_bits(input)?;
let _ = verify!(i1, value!(cr_cdt.0), |&x| x
== X224Type::ConnectionConfirm as u8)?;
== X224Type::ConnectionConfirm as u8)?;
let _ = verify!(i1, value!(cr_cdt.1), |&x| x == 0 || x == 1)?;
let (i3, dst_ref) = verify!(i2, be_u16, |&x| x == 0)?;
let (i4, src_ref) = try_parse!(i3, be_u16);
@ -636,14 +627,13 @@ fn parse_x224_connection_confirm(
let (i7, data) = take!(i6, sz)?;
// it will be one of a response message or a failure message
let opt1: Option<NegotiationFromServer> =
match opt!(data, parse_negotiation_response) {
Ok((_remainder, opt)) => match opt {
Some(x) => Some(NegotiationFromServer::Response(x)),
None => None,
},
Err(e) => return Err(e),
};
let opt1: Option<NegotiationFromServer> = match opt!(data, parse_negotiation_response) {
Ok((_remainder, opt)) => match opt {
Some(x) => Some(NegotiationFromServer::Response(x)),
None => None,
},
Err(e) => return Err(e),
};
let opt2: Option<NegotiationFromServer> = match opt1 {
Some(x) => Some(x),
None => match opt!(data, parse_negotiation_failure) {
@ -688,9 +678,7 @@ fn parse_x224_connection_confirm_class_0(
}
// rdp-spec, section 2.2.1.1.1
fn parse_negotiation_response(
input: &[u8],
) -> IResult<&[u8], NegotiationResponse, RdpError> {
fn parse_negotiation_response(input: &[u8]) -> IResult<&[u8], NegotiationResponse, RdpError> {
do_parse! {
input,
_typ: verify!(
@ -711,9 +699,7 @@ fn parse_negotiation_response(
}
// rdp-spec, section 2.2.1.1.1
fn parse_negotiation_failure(
input: &[u8],
) -> IResult<&[u8], NegotiationFailure, RdpError> {
fn parse_negotiation_failure(input: &[u8]) -> IResult<&[u8], NegotiationFailure, RdpError> {
do_parse! {
input,
_typ: verify!(
@ -733,7 +719,7 @@ fn parse_negotiation_failure(
/// x224-spec, section 13.7
fn parse_x223_data_class_0(input: &[u8]) -> IResult<&[u8], X223Data, RdpError> {
fn parser(input: &[u8]) -> IResult<&[u8], (u8,u8,u8), RdpError> {
fn parser(input: &[u8]) -> IResult<&[u8], (u8, u8, u8), RdpError> {
bits!(
input,
tuple!(
@ -803,8 +789,7 @@ fn parse_mcs_connect(input: &[u8]) -> IResult<&[u8], McsConnectRequest, RdpError
Ok((rem, opt)) => match opt {
// found CsClientCoreData
Some(core_data) => {
children
.push(McsConnectRequestChild::CsClientCore(core_data));
children.push(McsConnectRequestChild::CsClientCore(core_data));
rem
}
None => match opt!(remainder, parse_cs_net) {
@ -817,36 +802,27 @@ fn parse_mcs_connect(input: &[u8]) -> IResult<&[u8], McsConnectRequest, RdpError
None => {
match opt!(remainder, parse_cs_unknown) {
// was able to parse CsUnknown
Ok((rem, opt)) => {
match opt {
Some(unknown) => {
children.push(McsConnectRequestChild::CsUnknown(unknown));
rem
}
None => {
break;
}
Ok((rem, opt)) => match opt {
Some(unknown) => {
children.push(McsConnectRequestChild::CsUnknown(unknown));
rem
}
}
None => {
break;
}
},
Err(nom::Err::Incomplete(i)) => {
return Err(nom::Err::Incomplete(i))
}
Err(nom::Err::Failure(_))
| Err(nom::Err::Error(_)) => break,
Err(nom::Err::Failure(_)) | Err(nom::Err::Error(_)) => break,
}
}
},
Err(nom::Err::Incomplete(i)) => {
return Err(nom::Err::Incomplete(i))
}
Err(nom::Err::Failure(_)) | Err(nom::Err::Error(_)) => {
break
}
Err(nom::Err::Incomplete(i)) => return Err(nom::Err::Incomplete(i)),
Err(nom::Err::Failure(_)) | Err(nom::Err::Error(_)) => break,
},
},
Err(nom::Err::Incomplete(i)) => {
return Err(nom::Err::Incomplete(i))
}
Err(nom::Err::Incomplete(i)) => return Err(nom::Err::Incomplete(i)),
Err(nom::Err::Failure(_)) | Err(nom::Err::Error(_)) => break,
};
if remainder.len() == 0 {
@ -881,14 +857,14 @@ fn parse_cs_client_core_data(input: &[u8]) -> IResult<&[u8], CsClientCoreData> {
//
let (j13, post_beta2_color_depth) =
match opt!(j12, map_opt!(le_u16, num::FromPrimitive::from_u16)) as IResult<&[u8],_> {
match opt!(j12, map_opt!(le_u16, num::FromPrimitive::from_u16)) as IResult<&[u8], _> {
Ok((rem, obj)) => (rem, obj),
_ => (j12, None),
};
let (j14, client_product_id) = match post_beta2_color_depth {
None => (j13, None),
Some(_) => match opt!(j13, le_u16) as IResult<&[u8],_> {
Some(_) => match opt!(j13, le_u16) as IResult<&[u8], _> {
Ok((rem, obj)) => (rem, obj),
_ => (j13, None),
},
@ -896,7 +872,7 @@ fn parse_cs_client_core_data(input: &[u8]) -> IResult<&[u8], CsClientCoreData> {
let (j15, serial_number) = match client_product_id {
None => (j14, None),
Some(_) => match opt!(j14, le_u32) as IResult<&[u8],_> {
Some(_) => match opt!(j14, le_u32) as IResult<&[u8], _> {
Ok((rem, obj)) => (rem, obj),
_ => (j14, None),
},
@ -905,7 +881,7 @@ fn parse_cs_client_core_data(input: &[u8]) -> IResult<&[u8], CsClientCoreData> {
let (j16, high_color_depth) = match serial_number {
None => (j15, None),
Some(_) => {
match opt!(j15, map_opt!(le_u16, num::FromPrimitive::from_u16)) as IResult<&[u8],_> {
match opt!(j15, map_opt!(le_u16, num::FromPrimitive::from_u16)) as IResult<&[u8], _> {
Ok((rem, obj)) => (rem, obj),
_ => (j15, None),
}
@ -915,7 +891,7 @@ fn parse_cs_client_core_data(input: &[u8]) -> IResult<&[u8], CsClientCoreData> {
let (j17, supported_color_depth) = match high_color_depth {
None => (j16, None),
Some(_) => {
match opt!(j16, map_opt!(le_u16, SupportedColorDepth::from_bits)) as IResult<&[u8],_> {
match opt!(j16, map_opt!(le_u16, SupportedColorDepth::from_bits)) as IResult<&[u8], _> {
Ok((rem, obj)) => (rem, obj),
_ => (j16, None),
}
@ -925,7 +901,8 @@ fn parse_cs_client_core_data(input: &[u8]) -> IResult<&[u8], CsClientCoreData> {
let (j18, early_capability_flags) = match supported_color_depth {
None => (j17, None),
Some(_) => {
match opt!(j17, map_opt!(le_u16, EarlyCapabilityFlags::from_bits)) as IResult<&[u8],_> {
match opt!(j17, map_opt!(le_u16, EarlyCapabilityFlags::from_bits)) as IResult<&[u8], _>
{
Ok((rem, obj)) => (rem, obj),
_ => (j17, None),
}
@ -934,16 +911,18 @@ fn parse_cs_client_core_data(input: &[u8]) -> IResult<&[u8], CsClientCoreData> {
let (j19, client_dig_product_id) = match early_capability_flags {
None => (j18, None),
Some(_) => match opt(map_res(take(64usize), le_slice_to_string))(j18) as IResult<&[u8],_> {
Ok((rem, obj)) => (rem, obj),
_ => (j18, None),
},
Some(_) => {
match opt(map_res(take(64usize), le_slice_to_string))(j18) as IResult<&[u8], _> {
Ok((rem, obj)) => (rem, obj),
_ => (j18, None),
}
}
};
let (j20, connection_hint) = match client_dig_product_id {
None => (j19, None),
Some(_) => {
match opt(map_opt(le_u8, num::FromPrimitive::from_u8))(j19) as IResult<&[u8],_> {
match opt(map_opt(le_u8, num::FromPrimitive::from_u8))(j19) as IResult<&[u8], _> {
Ok((rem, obj)) => (rem, obj),
_ => (j19, None),
}
@ -952,7 +931,7 @@ fn parse_cs_client_core_data(input: &[u8]) -> IResult<&[u8], CsClientCoreData> {
let (j21, pad) = match connection_hint {
None => (j20, None),
Some(_) => match opt(take(1usize))(j20) as IResult<&[u8],_> {
Some(_) => match opt(take(1usize))(j20) as IResult<&[u8], _> {
Ok((rem, obj)) => (rem, obj),
_ => (j20, None),
},
@ -961,7 +940,7 @@ fn parse_cs_client_core_data(input: &[u8]) -> IResult<&[u8], CsClientCoreData> {
let (j22, server_selected_protocol) = match pad {
None => (j21, None),
Some(_) => {
match opt!(j21, map_opt!(le_u32, ProtocolFlags::from_bits)) as IResult<&[u8],_> {
match opt!(j21, map_opt!(le_u32, ProtocolFlags::from_bits)) as IResult<&[u8], _> {
Ok((rem, obj)) => (rem, obj),
_ => (j21, None),
}
@ -970,7 +949,7 @@ fn parse_cs_client_core_data(input: &[u8]) -> IResult<&[u8], CsClientCoreData> {
let (j23, desktop_physical_width) = match server_selected_protocol {
None => (j22, None),
Some(_) => match opt!(j22, map_opt!(le_u32, millimeters_to_opt)) as IResult<&[u8],_> {
Some(_) => match opt!(j22, map_opt!(le_u32, millimeters_to_opt)) as IResult<&[u8], _> {
Ok((rem, obj)) => (rem, obj),
_ => (j22, None),
},
@ -978,7 +957,7 @@ fn parse_cs_client_core_data(input: &[u8]) -> IResult<&[u8], CsClientCoreData> {
let (j24, desktop_physical_height) = match desktop_physical_width {
None => (j23, None),
Some(_) => match opt!(j23, map_opt!(le_u32, millimeters_to_opt)) as IResult<&[u8],_> {
Some(_) => match opt!(j23, map_opt!(le_u32, millimeters_to_opt)) as IResult<&[u8], _> {
Ok((rem, obj)) => (rem, obj),
_ => (j23, None),
},
@ -987,7 +966,7 @@ fn parse_cs_client_core_data(input: &[u8]) -> IResult<&[u8], CsClientCoreData> {
let (j25, desktop_orientation) = match desktop_physical_height {
None => (j24, None),
Some(_) => {
match opt!(j24, map_opt!(le_u16, num::FromPrimitive::from_u16)) as IResult<&[u8],_> {
match opt!(j24, map_opt!(le_u16, num::FromPrimitive::from_u16)) as IResult<&[u8], _> {
Ok((rem, obj)) => (rem, obj),
_ => (j24, None),
}
@ -996,7 +975,7 @@ fn parse_cs_client_core_data(input: &[u8]) -> IResult<&[u8], CsClientCoreData> {
let (j26, desktop_scale_factor) = match desktop_orientation {
None => (j25, None),
Some(_) => match opt!(j25, map_opt!(le_u32, desktop_scale_to_opt)) as IResult<&[u8],_> {
Some(_) => match opt!(j25, map_opt!(le_u32, desktop_scale_to_opt)) as IResult<&[u8], _> {
Ok((rem, obj)) => (rem, obj),
_ => (j25, None),
},
@ -1004,7 +983,7 @@ fn parse_cs_client_core_data(input: &[u8]) -> IResult<&[u8], CsClientCoreData> {
let (_j27, device_scale_factor) = match desktop_scale_factor {
None => (j26, None),
Some(_) => match opt!(j26, map_opt!(le_u32, device_scale_to_opt)) as IResult<&[u8],_> {
Some(_) => match opt!(j26, map_opt!(le_u32, device_scale_to_opt)) as IResult<&[u8], _> {
Ok((rem, obj)) => (rem, obj),
_ => (j26, None),
},
@ -1089,9 +1068,7 @@ fn parse_cs_unknown(input: &[u8]) -> IResult<&[u8], CsUnknown> {
}
// rdp-spec, section 2.2.1.4
fn parse_mcs_connect_response(
input: &[u8],
) -> IResult<&[u8], McsConnectResponse, RdpError> {
fn parse_mcs_connect_response(input: &[u8]) -> IResult<&[u8], McsConnectResponse, RdpError> {
do_parse! {
input,
_ber_type: verify!(
@ -1110,30 +1087,27 @@ mod tests_cookie_21182 {
use crate::rdp::parser::*;
static BYTES: [u8; 37] = [
0x03, 0x00, 0x00, 0x25, 0x20, 0xe0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x43,
0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x3a, 0x20, 0x6d, 0x73, 0x74, 0x73, 0x68,
0x61, 0x73, 0x68, 0x3d, 0x75, 0x73, 0x65, 0x72, 0x31, 0x32, 0x33, 0x0d,
0x0a,
0x03, 0x00, 0x00, 0x25, 0x20, 0xe0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x43, 0x6f, 0x6f, 0x6b,
0x69, 0x65, 0x3a, 0x20, 0x6d, 0x73, 0x74, 0x73, 0x68, 0x61, 0x73, 0x68, 0x3d, 0x75, 0x73,
0x65, 0x72, 0x31, 0x32, 0x33, 0x0d, 0x0a,
];
#[test]
fn test_t123_x224_cookie() {
let t123_bytes = &BYTES[..];
let t123_tpkt: T123Tpkt = T123Tpkt {
child: T123TpktChild::X224ConnectionRequest(
X224ConnectionRequest {
cdt: 0,
dst_ref: 0,
src_ref: 0,
class: 0,
options: 0,
cookie: Some(RdpCookie {
mstshash: String::from("user123"),
}),
negotiation_request: None,
data: Vec::new(),
},
),
child: T123TpktChild::X224ConnectionRequest(X224ConnectionRequest {
cdt: 0,
dst_ref: 0,
src_ref: 0,
class: 0,
options: 0,
cookie: Some(RdpCookie {
mstshash: String::from("user123"),
}),
negotiation_request: None,
data: Vec::new(),
}),
};
assert_eq!(Ok((&[][..], t123_tpkt)), parse_t123_tpkt(t123_bytes));
}
@ -1144,8 +1118,8 @@ mod tests_negotiate_49350 {
use crate::rdp::parser::*;
static BYTES: [u8; 20] = [
0x03, 0x00, 0x00, 0x13, 0x0e, 0xe0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
0x00, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff,
0x03, 0x00, 0x00, 0x13, 0x0e, 0xe0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x08, 0x00,
0x00, 0x00, 0x00, 0x00, 0xff,
];
static TPKT_BEGIN: usize = 0;
static X224_BEGIN: usize = TPKT_BEGIN + 4;
@ -1159,21 +1133,19 @@ mod tests_negotiate_49350 {
fn test_t123_x224_negotiate() {
let t123_bytes = &BYTES[TPKT_BEGIN..];
let t123_tpkt: T123Tpkt = T123Tpkt {
child: T123TpktChild::X224ConnectionRequest(
X224ConnectionRequest {
cdt: 0,
dst_ref: 0,
src_ref: 0,
class: 0,
options: 0,
cookie: None,
negotiation_request: Some(NegotiationRequest {
flags: NegotiationRequestFlags::empty(),
protocols: ProtocolFlags::PROTOCOL_RDP,
}),
data: Vec::new(),
},
),
child: T123TpktChild::X224ConnectionRequest(X224ConnectionRequest {
cdt: 0,
dst_ref: 0,
src_ref: 0,
class: 0,
options: 0,
cookie: None,
negotiation_request: Some(NegotiationRequest {
flags: NegotiationRequestFlags::empty(),
protocols: ProtocolFlags::PROTOCOL_RDP,
}),
data: Vec::new(),
}),
};
assert_eq!(
Ok((&BYTES[PADDING_BEGIN..][..], t123_tpkt)),
@ -1187,41 +1159,34 @@ mod tests_core_49350 {
use crate::rdp::parser::*;
static BYTES: [u8; 429] = [
0x03, 0x00, 0x01, 0xac, 0x02, 0xf0, 0x80, 0x7f, 0x65, 0x82, 0x01, 0xa0,
0x04, 0x01, 0x01, 0x04, 0x01, 0x01, 0x01, 0x01, 0xff, 0x30, 0x19, 0x02,
0x01, 0x22, 0x02, 0x01, 0x02, 0x02, 0x01, 0x00, 0x02, 0x01, 0x01, 0x02,
0x01, 0x00, 0x02, 0x01, 0x01, 0x02, 0x02, 0xff, 0xff, 0x02, 0x01, 0x02,
0x30, 0x19, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01, 0x02,
0x01, 0x01, 0x02, 0x01, 0x00, 0x02, 0x01, 0x01, 0x02, 0x02, 0x04, 0x20,
0x02, 0x01, 0x02, 0x30, 0x1c, 0x02, 0x02, 0xff, 0xff, 0x02, 0x02, 0xfc,
0x17, 0x02, 0x02, 0xff, 0xff, 0x02, 0x01, 0x01, 0x02, 0x01, 0x00, 0x02,
0x01, 0x01, 0x02, 0x02, 0xff, 0xff, 0x02, 0x01, 0x02, 0x04, 0x82, 0x01,
0x3f, 0x00, 0x05, 0x00, 0x14, 0x7c, 0x00, 0x01, 0x81, 0x36, 0x00, 0x08,
0x00, 0x10, 0x00, 0x01, 0xc0, 0x00, 0x44, 0x75, 0x63, 0x61, 0x81, 0x28,
0x01, 0xc0, 0xd8, 0x00, 0x04, 0x00, 0x08, 0x00, 0x00, 0x05, 0x00, 0x03,
0x01, 0xca, 0x03, 0xaa, 0x09, 0x04, 0x00, 0x00, 0x71, 0x17, 0x00, 0x00,
0x53, 0x00, 0x45, 0x00, 0x52, 0x00, 0x56, 0x00, 0x45, 0x00, 0x52, 0x00,
0x2d, 0x00, 0x58, 0x00, 0x59, 0x00, 0x5a, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x01, 0xca, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x0f, 0x00,
0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x04, 0xc0, 0x0c, 0x00, 0x0d, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x02, 0xc0, 0x0c, 0x00, 0x1b, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x03, 0xc0, 0x38, 0x00, 0x04, 0x00, 0x00, 0x00, 0x72, 0x64, 0x70, 0x64,
0x72, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80, 0x80, 0x72, 0x64, 0x70, 0x73,
0x6e, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc0, 0x64, 0x72, 0x64, 0x79,
0x6e, 0x76, 0x63, 0x00, 0x00, 0x00, 0x80, 0xc0, 0x63, 0x6c, 0x69, 0x70,
0x03, 0x00, 0x01, 0xac, 0x02, 0xf0, 0x80, 0x7f, 0x65, 0x82, 0x01, 0xa0, 0x04, 0x01, 0x01,
0x04, 0x01, 0x01, 0x01, 0x01, 0xff, 0x30, 0x19, 0x02, 0x01, 0x22, 0x02, 0x01, 0x02, 0x02,
0x01, 0x00, 0x02, 0x01, 0x01, 0x02, 0x01, 0x00, 0x02, 0x01, 0x01, 0x02, 0x02, 0xff, 0xff,
0x02, 0x01, 0x02, 0x30, 0x19, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01, 0x02,
0x01, 0x01, 0x02, 0x01, 0x00, 0x02, 0x01, 0x01, 0x02, 0x02, 0x04, 0x20, 0x02, 0x01, 0x02,
0x30, 0x1c, 0x02, 0x02, 0xff, 0xff, 0x02, 0x02, 0xfc, 0x17, 0x02, 0x02, 0xff, 0xff, 0x02,
0x01, 0x01, 0x02, 0x01, 0x00, 0x02, 0x01, 0x01, 0x02, 0x02, 0xff, 0xff, 0x02, 0x01, 0x02,
0x04, 0x82, 0x01, 0x3f, 0x00, 0x05, 0x00, 0x14, 0x7c, 0x00, 0x01, 0x81, 0x36, 0x00, 0x08,
0x00, 0x10, 0x00, 0x01, 0xc0, 0x00, 0x44, 0x75, 0x63, 0x61, 0x81, 0x28, 0x01, 0xc0, 0xd8,
0x00, 0x04, 0x00, 0x08, 0x00, 0x00, 0x05, 0x00, 0x03, 0x01, 0xca, 0x03, 0xaa, 0x09, 0x04,
0x00, 0x00, 0x71, 0x17, 0x00, 0x00, 0x53, 0x00, 0x45, 0x00, 0x52, 0x00, 0x56, 0x00, 0x45,
0x00, 0x52, 0x00, 0x2d, 0x00, 0x58, 0x00, 0x59, 0x00, 0x5a, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xca, 0x01, 0x00, 0x00, 0x00,
0x00, 0x00, 0x08, 0x00, 0x0f, 0x00, 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x04, 0xc0, 0x0c, 0x00, 0x0d, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x02, 0xc0, 0x0c, 0x00, 0x1b, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0xc0, 0x38,
0x00, 0x04, 0x00, 0x00, 0x00, 0x72, 0x64, 0x70, 0x64, 0x72, 0x00, 0x00, 0x00, 0x00, 0x00,
0x80, 0x80, 0x72, 0x64, 0x70, 0x73, 0x6e, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc0, 0x64,
0x72, 0x64, 0x79, 0x6e, 0x76, 0x63, 0x00, 0x00, 0x00, 0x80, 0xc0, 0x63, 0x6c, 0x69, 0x70,
0x72, 0x64, 0x72, 0x00, 0x00, 0x00, 0xa0, 0xc0, 0xff,
];
static TPKT_BEGIN: usize = 0;
@ -1292,9 +1257,7 @@ mod tests_core_49350 {
children.push(McsConnectRequestChild::CsNet(CsNet { channels }));
let t123_tpkt: T123Tpkt = T123Tpkt {
child: T123TpktChild::Data(X223Data {
child: X223DataChild::McsConnectRequest(McsConnectRequest {
children,
}),
child: X223DataChild::McsConnectRequest(McsConnectRequest { children }),
}),
};
assert_eq!(
@ -1309,8 +1272,7 @@ mod tests_x223_response_49350 {
use crate::rdp::parser::*;
// changed offset 9 from 0x65 to 0x66 so it is no longer an mcs connect
static BYTES: [u8; 9] =
[0x03, 0x00, 0x00, 0x09, 0x02, 0xf0, 0x80, 0x7f, 0x66];
static BYTES: [u8; 9] = [0x03, 0x00, 0x00, 0x09, 0x02, 0xf0, 0x80, 0x7f, 0x66];
#[test]
fn test_x223_response() {
@ -1320,9 +1282,7 @@ mod tests_x223_response_49350 {
&[][..],
T123Tpkt {
child: T123TpktChild::Data(X223Data {
child: X223DataChild::McsConnectResponse(
McsConnectResponse {}
),
child: X223DataChild::McsConnectResponse(McsConnectResponse {}),
})
}
)),
@ -1336,8 +1296,7 @@ mod tests_t123_raw_49350 {
use crate::rdp::parser::*;
// changed offset 4 from 0x02 to 0x03 so it is no longer an X223 data object
static BYTES: [u8; 9] =
[0x03, 0x00, 0x00, 0x09, 0x03, 0xf0, 0x80, 0x7f, 0x65];
static BYTES: [u8; 9] = [0x03, 0x00, 0x00, 0x09, 0x03, 0xf0, 0x80, 0x7f, 0x65];
#[test]
fn test_t123_raw() {
@ -1360,8 +1319,8 @@ mod tests_x224_raw_49350 {
// changed offset 11 from 0x01 to 0x02 so it is not a known X224 payload type
static BYTES: [u8; 19] = [
0x03, 0x00, 0x00, 0x13, 0x0e, 0xe0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02,
0x00, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00,
0x03, 0x00, 0x00, 0x13, 0x0e, 0xe0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x08, 0x00,
0x00, 0x00, 0x00, 0x00,
];
#[test]
@ -1371,18 +1330,16 @@ mod tests_x224_raw_49350 {
Ok((
&[][..],
T123Tpkt {
child: T123TpktChild::X224ConnectionRequest(
X224ConnectionRequest {
cdt: 0,
dst_ref: 0,
src_ref: 0,
class: 0,
options: 0,
cookie: None,
negotiation_request: None,
data: BYTES[11..].to_vec(),
}
)
child: T123TpktChild::X224ConnectionRequest(X224ConnectionRequest {
cdt: 0,
dst_ref: 0,
src_ref: 0,
class: 0,
options: 0,
cookie: None,
negotiation_request: None,
data: BYTES[11..].to_vec(),
})
}
)),
parse_t123_tpkt(t123_bytes)
@ -1395,8 +1352,7 @@ mod tests_x223_raw_49350 {
use crate::rdp::parser::*;
// changed offset 9 from 0x65 to 0xff so it is no longer an mcs connect
static BYTES: [u8; 9] =
[0x03, 0x00, 0x00, 0x09, 0x02, 0xf0, 0x80, 0x7f, 0xff];
static BYTES: [u8; 9] = [0x03, 0x00, 0x00, 0x09, 0x02, 0xf0, 0x80, 0x7f, 0xff];
#[test]
fn test_x223_raw() {
@ -1417,12 +1373,12 @@ mod tests_x223_raw_49350 {
#[cfg(test)]
mod tests_negotiate_incomplete_49350 {
use nom;
use crate::rdp::parser::*;
use nom;
static BYTES: [u8; 19] = [
0x03, 0x00, 0x00, 0x13, 0x0e, 0xe0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
0x00, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00,
0x03, 0x00, 0x00, 0x13, 0x0e, 0xe0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x08, 0x00,
0x00, 0x00, 0x00, 0x00,
];
static TPKT_BEGIN: usize = 0;
static X224_BEGIN: usize = TPKT_BEGIN + 4;
@ -1471,45 +1427,38 @@ mod tests_negotiate_incomplete_49350 {
#[cfg(test)]
mod tests_core_incomplete_49350 {
use nom;
use crate::rdp::parser::*;
use nom;
static BYTES: [u8; 428] = [
0x03, 0x00, 0x01, 0xac, 0x02, 0xf0, 0x80, 0x7f, 0x65, 0x82, 0x01, 0xa0,
0x04, 0x01, 0x01, 0x04, 0x01, 0x01, 0x01, 0x01, 0xff, 0x30, 0x19, 0x02,
0x01, 0x22, 0x02, 0x01, 0x02, 0x02, 0x01, 0x00, 0x02, 0x01, 0x01, 0x02,
0x01, 0x00, 0x02, 0x01, 0x01, 0x02, 0x02, 0xff, 0xff, 0x02, 0x01, 0x02,
0x30, 0x19, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01, 0x02,
0x01, 0x01, 0x02, 0x01, 0x00, 0x02, 0x01, 0x01, 0x02, 0x02, 0x04, 0x20,
0x02, 0x01, 0x02, 0x30, 0x1c, 0x02, 0x02, 0xff, 0xff, 0x02, 0x02, 0xfc,
0x17, 0x02, 0x02, 0xff, 0xff, 0x02, 0x01, 0x01, 0x02, 0x01, 0x00, 0x02,
0x01, 0x01, 0x02, 0x02, 0xff, 0xff, 0x02, 0x01, 0x02, 0x04, 0x82, 0x01,
0x3f, 0x00, 0x05, 0x00, 0x14, 0x7c, 0x00, 0x01, 0x81, 0x36, 0x00, 0x08,
0x00, 0x10, 0x00, 0x01, 0xc0, 0x00, 0x44, 0x75, 0x63, 0x61, 0x81, 0x28,
0x01, 0xc0, 0xd8, 0x00, 0x04, 0x00, 0x08, 0x00, 0x00, 0x05, 0x00, 0x03,
0x01, 0xca, 0x03, 0xaa, 0x09, 0x04, 0x00, 0x00, 0x71, 0x17, 0x00, 0x00,
0x53, 0x00, 0x45, 0x00, 0x52, 0x00, 0x56, 0x00, 0x45, 0x00, 0x52, 0x00,
0x2d, 0x00, 0x58, 0x00, 0x59, 0x00, 0x5a, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x01, 0xca, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x0f, 0x00,
0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x04, 0xc0, 0x0c, 0x00, 0x0d, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x02, 0xc0, 0x0c, 0x00, 0x1b, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x03, 0xc0, 0x38, 0x00, 0x04, 0x00, 0x00, 0x00, 0x72, 0x64, 0x70, 0x64,
0x72, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80, 0x80, 0x72, 0x64, 0x70, 0x73,
0x6e, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc0, 0x64, 0x72, 0x64, 0x79,
0x6e, 0x76, 0x63, 0x00, 0x00, 0x00, 0x80, 0xc0, 0x63, 0x6c, 0x69, 0x70,
0x03, 0x00, 0x01, 0xac, 0x02, 0xf0, 0x80, 0x7f, 0x65, 0x82, 0x01, 0xa0, 0x04, 0x01, 0x01,
0x04, 0x01, 0x01, 0x01, 0x01, 0xff, 0x30, 0x19, 0x02, 0x01, 0x22, 0x02, 0x01, 0x02, 0x02,
0x01, 0x00, 0x02, 0x01, 0x01, 0x02, 0x01, 0x00, 0x02, 0x01, 0x01, 0x02, 0x02, 0xff, 0xff,
0x02, 0x01, 0x02, 0x30, 0x19, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01, 0x02,
0x01, 0x01, 0x02, 0x01, 0x00, 0x02, 0x01, 0x01, 0x02, 0x02, 0x04, 0x20, 0x02, 0x01, 0x02,
0x30, 0x1c, 0x02, 0x02, 0xff, 0xff, 0x02, 0x02, 0xfc, 0x17, 0x02, 0x02, 0xff, 0xff, 0x02,
0x01, 0x01, 0x02, 0x01, 0x00, 0x02, 0x01, 0x01, 0x02, 0x02, 0xff, 0xff, 0x02, 0x01, 0x02,
0x04, 0x82, 0x01, 0x3f, 0x00, 0x05, 0x00, 0x14, 0x7c, 0x00, 0x01, 0x81, 0x36, 0x00, 0x08,
0x00, 0x10, 0x00, 0x01, 0xc0, 0x00, 0x44, 0x75, 0x63, 0x61, 0x81, 0x28, 0x01, 0xc0, 0xd8,
0x00, 0x04, 0x00, 0x08, 0x00, 0x00, 0x05, 0x00, 0x03, 0x01, 0xca, 0x03, 0xaa, 0x09, 0x04,
0x00, 0x00, 0x71, 0x17, 0x00, 0x00, 0x53, 0x00, 0x45, 0x00, 0x52, 0x00, 0x56, 0x00, 0x45,
0x00, 0x52, 0x00, 0x2d, 0x00, 0x58, 0x00, 0x59, 0x00, 0x5a, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xca, 0x01, 0x00, 0x00, 0x00,
0x00, 0x00, 0x08, 0x00, 0x0f, 0x00, 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x04, 0xc0, 0x0c, 0x00, 0x0d, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x02, 0xc0, 0x0c, 0x00, 0x1b, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0xc0, 0x38,
0x00, 0x04, 0x00, 0x00, 0x00, 0x72, 0x64, 0x70, 0x64, 0x72, 0x00, 0x00, 0x00, 0x00, 0x00,
0x80, 0x80, 0x72, 0x64, 0x70, 0x73, 0x6e, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc0, 0x64,
0x72, 0x64, 0x79, 0x6e, 0x76, 0x63, 0x00, 0x00, 0x00, 0x80, 0xc0, 0x63, 0x6c, 0x69, 0x70,
0x72, 0x64, 0x72, 0x00, 0x00, 0x00, 0xa0, 0xc0,
];
static X223_BEGIN: usize = 4;

124
rust/src/rdp/rdp.rs
Unescape Escape View File

@ -19,17 +19,13 @@
//! RDP application layer
use crate::core::{
self, AppProto, DetectEngineState, Flow, ALPROTO_UNKNOWN, IPPROTO_TCP,
};
use nom;
use crate::applayer::*;
use crate::core::{self, AppProto, DetectEngineState, Flow, ALPROTO_UNKNOWN, IPPROTO_TCP};
use crate::rdp::parser::*;
use nom;
use std;
use std::mem::transmute;
use tls_parser::{
parse_tls_plaintext, TlsMessage, TlsMessageHandshake, TlsRecordType,
};
use tls_parser::{parse_tls_plaintext, TlsMessage, TlsMessageHandshake, TlsRecordType};
static mut ALPROTO_RDP: AppProto = ALPROTO_UNKNOWN;
@ -85,8 +81,7 @@ impl Drop for RdpTransaction {
#[no_mangle]
pub extern "C" fn rs_rdp_state_get_tx(
state: *mut std::os::raw::c_void,
tx_id: u64,
state: *mut std::os::raw::c_void, tx_id: u64,
) -> *mut std::os::raw::c_void {
let state = cast_pointer!(state, RdpState);
match state.get_tx(tx_id) {
@ -100,25 +95,20 @@ pub extern "C" fn rs_rdp_state_get_tx(
}
#[no_mangle]
pub extern "C" fn rs_rdp_state_get_tx_count(
state: *mut std::os::raw::c_void,
) -> u64 {
pub extern "C" fn rs_rdp_state_get_tx_count(state: *mut std::os::raw::c_void) -> u64 {
let state = cast_pointer!(state, RdpState);
return state.next_id;
}
#[no_mangle]
pub extern "C" fn rs_rdp_tx_get_progress_complete(
_direction: u8,
) -> std::os::raw::c_int {
pub extern "C" fn rs_rdp_tx_get_progress_complete(_direction: u8) -> std::os::raw::c_int {
// a parser can implement a multi-step tx completion by using an arbitrary `n`
return 1;
}
#[no_mangle]
pub extern "C" fn rs_rdp_tx_get_progress(
_tx: *mut std::os::raw::c_void,
_direction: u8,
_tx: *mut std::os::raw::c_void, _direction: u8,
) -> std::os::raw::c_int {
// tx complete when `rs_rdp_tx_get_progress(...) == rs_rdp_tx_get_progress_complete(...)`
// here, all transactions are immediately complete on insert
@ -226,11 +216,8 @@ impl RdpState {
match t123.child {
// X.224 connection request
T123TpktChild::X224ConnectionRequest(x224) => {
let tx = self.new_tx(
RdpTransactionItem::X224ConnectionRequest(
x224,
),
);
let tx =
self.new_tx(RdpTransactionItem::X224ConnectionRequest(x224));
self.transactions.push(tx);
}
@ -293,20 +280,17 @@ impl RdpState {
available = remainder;
for message in &tls.msg {
match message {
TlsMessage::Handshake(
TlsMessageHandshake::Certificate(contents),
) => {
TlsMessage::Handshake(TlsMessageHandshake::Certificate(
contents,
)) => {
let mut chain = Vec::new();
for cert in &contents.cert_chain {
chain.push(CertificateBlob {
data: cert.data.to_vec(),
});
}
let tx = self.new_tx(
RdpTransactionItem::TlsCertificateChain(
chain,
),
);
let tx =
self.new_tx(RdpTransactionItem::TlsCertificateChain(chain));
self.transactions.push(tx);
self.bypass_parsing = true;
}
@ -336,11 +320,8 @@ impl RdpState {
match t123.child {
// X.224 connection confirm
T123TpktChild::X224ConnectionConfirm(x224) => {
let tx = self.new_tx(
RdpTransactionItem::X224ConnectionConfirm(
x224,
),
);
let tx =
self.new_tx(RdpTransactionItem::X224ConnectionConfirm(x224));
self.transactions.push(tx);
}
@ -397,10 +378,7 @@ pub extern "C" fn rs_rdp_state_free(state: *mut std::os::raw::c_void) {
}
#[no_mangle]
pub extern "C" fn rs_rdp_state_tx_free(
state: *mut std::os::raw::c_void,
tx_id: u64,
) {
pub extern "C" fn rs_rdp_state_tx_free(state: *mut std::os::raw::c_void, tx_id: u64) {
let state = cast_pointer!(state, RdpState);
state.free_tx(tx_id);
}
@ -424,11 +402,7 @@ fn probe_rdp(input: &[u8]) -> bool {
/// probe for T.123 message, whether to client or to server
#[no_mangle]
pub extern "C" fn rs_rdp_probe_ts_tc(
_flow: *const Flow,
_direction: u8,
input: *const u8,
input_len: u32,
_rdir: *mut u8,
_flow: *const Flow, _direction: u8, input: *const u8, input_len: u32, _rdir: *mut u8,
) -> AppProto {
if input != std::ptr::null_mut() {
// probe bytes for `rdp` protocol pattern
@ -455,13 +429,8 @@ fn probe_tls_handshake(input: &[u8]) -> bool {
#[no_mangle]
pub extern "C" fn rs_rdp_parse_ts(
_flow: *const Flow,
state: *mut std::os::raw::c_void,
_pstate: *mut std::os::raw::c_void,
input: *const u8,
input_len: u32,
_data: *const std::os::raw::c_void,
_flags: u8,
_flow: *const Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
input: *const u8, input_len: u32, _data: *const std::os::raw::c_void, _flags: u8,
) -> AppLayerResult {
let state = cast_pointer!(state, RdpState);
let buf = build_slice!(input, input_len as usize);
@ -476,13 +445,8 @@ pub extern "C" fn rs_rdp_parse_ts(
#[no_mangle]
pub extern "C" fn rs_rdp_parse_tc(
_flow: *const Flow,
state: *mut std::os::raw::c_void,
_pstate: *mut std::os::raw::c_void,
input: *const u8,
input_len: u32,
_data: *const std::os::raw::c_void,
_flags: u8,
_flow: *const Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
input: *const u8, input_len: u32, _data: *const std::os::raw::c_void, _flags: u8,
) -> AppLayerResult {
let state = cast_pointer!(state, RdpState);
let buf = build_slice!(input, input_len as usize);
@ -539,16 +503,10 @@ pub unsafe extern "C" fn rs_rdp_register_parser() {
let ip_proto_str = std::ffi::CString::new("tcp").unwrap();
if AppLayerProtoDetectConfProtoDetectionEnabled(
ip_proto_str.as_ptr(),
parser.name,
) != 0
{
if AppLayerProtoDetectConfProtoDetectionEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
let alproto = AppLayerRegisterProtocolDetection(&parser, 1);
ALPROTO_RDP = alproto;
if AppLayerParserConfParserEnabled(ip_proto_str.as_ptr(), parser.name)
!= 0
{
if AppLayerParserConfParserEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
let _ = AppLayerRegisterParser(&parser, alproto);
}
}
@ -587,28 +545,27 @@ mod tests {
fn test_parse_ts_rdp() {
let buf_1: &[u8] = &[0x03, 0x00, 0x00, 0x25, 0x20, 0xe0, 0x00, 0x00];
let buf_2: &[u8] = &[
0x00, 0x00, 0x00, 0x43, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x3a, 0x20,
0x6d, 0x73, 0x74, 0x73, 0x68, 0x61, 0x73, 0x68, 0x3d, 0x75, 0x73,
0x65, 0x72, 0x31, 0x32, 0x33, 0x0d, 0x0a,
0x00, 0x00, 0x00, 0x43, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x3a, 0x20, 0x6d, 0x73, 0x74,
0x73, 0x68, 0x61, 0x73, 0x68, 0x3d, 0x75, 0x73, 0x65, 0x72, 0x31, 0x32, 0x33, 0x0d,
0x0a,
];
let mut state = RdpState::new();
assert_eq!(true, state.parse_ts(&buf_1));
assert_eq!(0, state.transactions.len());
assert_eq!(true, state.parse_ts(&buf_2));
assert_eq!(1, state.transactions.len());
let item =
RdpTransactionItem::X224ConnectionRequest(X224ConnectionRequest {
cdt: 0,
dst_ref: 0,
src_ref: 0,
class: 0,
options: 0,
cookie: Some(RdpCookie {
mstshash: String::from("user123"),
}),
negotiation_request: None,
data: Vec::new(),
});
let item = RdpTransactionItem::X224ConnectionRequest(X224ConnectionRequest {
cdt: 0,
dst_ref: 0,
src_ref: 0,
class: 0,
options: 0,
cookie: Some(RdpCookie {
mstshash: String::from("user123"),
}),
negotiation_request: None,
data: Vec::new(),
});
assert_eq!(item, state.transactions[0].item);
}
@ -628,8 +585,7 @@ mod tests {
assert_eq!(0, state.transactions.len());
assert_eq!(true, state.parse_tc(&buf_2));
assert_eq!(1, state.transactions.len());
let item =
RdpTransactionItem::McsConnectResponse(McsConnectResponse {});
let item = RdpTransactionItem::McsConnectResponse(McsConnectResponse {});
assert_eq!(item, state.transactions[0].item);
}

4
rust/src/rdp/util.rs
Unescape Escape View File

@ -17,11 +17,11 @@
// Author: Zach Kelly <zach.kelly@lmco.com>
use crate::rdp::error::RdpError;
use byteorder::ReadBytesExt;
use memchr::memchr;
use nom;
use nom::{IResult, Needed};
use crate::rdp::error::RdpError;
use std::io::Cursor;
use widestring::U16CString;
@ -101,8 +101,8 @@ pub fn parse_per_length_determinant(input: &[u8]) -> IResult<&[u8], u32, RdpErro
#[cfg(test)]
mod tests {
use super::*;
use nom;
use crate::rdp::error::RdpError;
use nom;
#[test]
fn test_le_string_abc() {

Write Preview
Loading…
Cancel
Save