From: Zach Kelly Date: Sat, 18 Jul 2020 00:57:08 +0000 (-0400) Subject: rdp: rustfmt (update) X-Git-Tag: suricata-6.0.0-beta1~126 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ef397daba35a816c7e171cdd2284aa231979f3e8;p=thirdparty%2Fsuricata.git rdp: rustfmt (update) --- diff --git a/rust/src/rdp/log.rs b/rust/src/rdp/log.rs index 0d8b2d7d2f..b5383debd6 100644 --- a/rust/src/rdp/log.rs +++ b/rust/src/rdp/log.rs @@ -40,12 +40,8 @@ fn to_json(tx: &RdpTransaction) -> Option { js.set_integer("tx_id", tx.id); match &tx.item { - RdpTransactionItem::X224ConnectionRequest(ref x224) => { - x224_req_to_json(&js, x224) - } - RdpTransactionItem::X224ConnectionConfirm(x224) => { - x224_conf_to_json(&js, x224) - } + RdpTransactionItem::X224ConnectionRequest(ref x224) => x224_req_to_json(&js, x224), + RdpTransactionItem::X224ConnectionConfirm(x224) => x224_conf_to_json(&js, x224), RdpTransactionItem::McsConnectRequest(ref mcs) => { mcs_req_to_json(&js, mcs); @@ -62,9 +58,7 @@ fn to_json(tx: &RdpTransaction) -> Option { for blob in chain { match parse_x509_der(&blob.data) { Ok((_, cert)) => { - js_chain.array_append_string( - &cert.tbs_certificate.serial.to_str_radix(16), - ); + js_chain.array_append_string(&cert.tbs_certificate.serial.to_str_radix(16)); } _ => {} } @@ -94,9 +88,7 @@ fn x224_req_to_json(js: &Json, x224: &X224ConnectionRequest) { .flags .contains(Flags::REDIRECTED_AUTHENTICATION_MODE_REQUIRED) { - flags.array_append_string( - "redirected_authentication_mode_required", - ); + flags.array_append_string("redirected_authentication_mode_required"); } if req.flags.contains(Flags::CORRELATION_INFO_PRESENT) { flags.array_append_string("correlation_info_present"); @@ -116,28 +108,22 @@ fn x224_conf_to_json(js: &Json, x224: &X224ConnectionConfirm) { NegotiationFromServer::Response(ref resp) => { if !resp.flags.is_empty() { let flags = Json::array(); - if resp - .flags - .contains(Flags::EXTENDED_CLIENT_DATA_SUPPORTED) - { + if resp.flags.contains(Flags::EXTENDED_CLIENT_DATA_SUPPORTED) { flags.array_append_string("extended_client_data"); } - if resp.flags.contains(Flags::DYNVC_GFX_PROTOCOL_SUPPORTED) - { + if resp.flags.contains(Flags::DYNVC_GFX_PROTOCOL_SUPPORTED) { flags.array_append_string("dynvc_gfx"); } // NEGRSP_FLAG_RESERVED not logged + if resp.flags.contains(Flags::RESTRICTED_ADMIN_MODE_SUPPORTED) { + flags.array_append_string("restricted_admin"); + } if resp .flags - .contains(Flags::RESTRICTED_ADMIN_MODE_SUPPORTED) + .contains(Flags::REDIRECTED_AUTHENTICATION_MODE_SUPPORTED) { - flags.array_append_string("restricted_admin"); - } - if resp.flags.contains( - Flags::REDIRECTED_AUTHENTICATION_MODE_SUPPORTED, - ) { flags.array_append_string("redirected_authentication"); } js.set("server_supports", flags); @@ -192,13 +178,9 @@ fn x224_conf_to_json(js: &Json, x224: &X224ConnectionConfirm) { NegotiationFailureCode::SslWithUserAuthRequiredByServer => { js.set_integer( "error_code", - NegotiationFailureCode::SslWithUserAuthRequiredByServer - as u64, + NegotiationFailureCode::SslWithUserAuthRequiredByServer as u64, ); - js.set_string( - "reason", - "ssl with user auth required by server", - ) + js.set_string("reason", "ssl with user auth required by server") } }, } @@ -218,17 +200,12 @@ fn mcs_req_to_json(js: &Json, mcs: &McsConnectRequest) { let js_client = Json::object(); match client.version { - Some(ref ver) => js_client - .set_string("version", &version_to_string(ver, "v")), + Some(ref ver) => js_client.set_string("version", &version_to_string(ver, "v")), None => js_client.set_string("version", &unknown), } - js_client - .set_integer("desktop_width", client.desktop_width as u64); - js_client.set_integer( - "desktop_height", - client.desktop_height as u64, - ); + js_client.set_integer("desktop_width", client.desktop_width as u64); + js_client.set_integer("desktop_height", client.desktop_height as u64); if let Some(depth) = get_color_depth(client) { js_client.set_integer("color_depth", depth); @@ -251,22 +228,15 @@ fn mcs_req_to_json(js: &Json, mcs: &McsConnectRequest) { } if let Some(ref kb) = client.keyboard_type { - js_client - .set_string("keyboard_type", &keyboard_to_string(kb)); + js_client.set_string("keyboard_type", &keyboard_to_string(kb)); } if client.keyboard_subtype != 0 { - js_client.set_integer( - "keyboard_subtype", - client.keyboard_subtype as u64, - ); + js_client.set_integer("keyboard_subtype", client.keyboard_subtype as u64); } if client.keyboard_function_key != 0 { - js_client.set_integer( - "function_keys", - client.keyboard_function_key as u64, - ); + js_client.set_integer("function_keys", client.keyboard_function_key as u64); } if client.ime_file_name.len() > 0 { @@ -289,72 +259,52 @@ fn mcs_req_to_json(js: &Json, mcs: &McsConnectRequest) { // supported_color_depth not logged - if let Some(ref early_capability_flags) = - client.early_capability_flags - { + if let Some(ref early_capability_flags) = client.early_capability_flags { use crate::rdp::parser::EarlyCapabilityFlags as Flags; if !early_capability_flags.is_empty() { let flags = Json::array(); - if early_capability_flags - .contains(Flags::RNS_UD_CS_SUPPORT_ERRINFO_PDF) - { + if early_capability_flags.contains(Flags::RNS_UD_CS_SUPPORT_ERRINFO_PDF) { flags.array_append_string("support_errinfo_pdf"); } - if early_capability_flags - .contains(Flags::RNS_UD_CS_WANT_32BPP_SESSION) - { + if early_capability_flags.contains(Flags::RNS_UD_CS_WANT_32BPP_SESSION) { flags.array_append_string("want_32bpp_session"); } - if early_capability_flags - .contains(Flags::RNS_UD_CS_SUPPORT_STATUSINFO_PDU) + if early_capability_flags.contains(Flags::RNS_UD_CS_SUPPORT_STATUSINFO_PDU) { flags.array_append_string("support_statusinfo_pdu"); } - if early_capability_flags - .contains(Flags::RNS_UD_CS_STRONG_ASYMMETRIC_KEYS) + if early_capability_flags.contains(Flags::RNS_UD_CS_STRONG_ASYMMETRIC_KEYS) { flags.array_append_string("strong_asymmetric_keys"); } // RNS_UD_CS_UNUSED not logged - if early_capability_flags - .contains(Flags::RNS_UD_CS_VALID_CONNECTION_TYPE) - { + if early_capability_flags.contains(Flags::RNS_UD_CS_VALID_CONNECTION_TYPE) { flags.array_append_string("valid_connection_type"); } - if early_capability_flags.contains( - Flags::RNS_UD_CS_SUPPORT_MONITOR_LAYOUT_PDU, - ) { - flags.array_append_string( - "support_monitor_layout_pdu", - ); - } - if early_capability_flags.contains( - Flags::RNS_UD_CS_SUPPORT_NETCHAR_AUTODETECT, - ) { - flags.array_append_string( - "support_netchar_autodetect", - ); + if early_capability_flags + .contains(Flags::RNS_UD_CS_SUPPORT_MONITOR_LAYOUT_PDU) + { + flags.array_append_string("support_monitor_layout_pdu"); } - if early_capability_flags.contains( - Flags::RNS_UD_CS_SUPPORT_DYNVC_GFX_PROTOCOL, - ) { - flags.array_append_string( - "support_dynvc_gfx_protocol", - ); + if early_capability_flags + .contains(Flags::RNS_UD_CS_SUPPORT_NETCHAR_AUTODETECT) + { + flags.array_append_string("support_netchar_autodetect"); } - if early_capability_flags.contains( - Flags::RNS_UD_CS_SUPPORT_DYNAMIC_TIME_ZONE, - ) { - flags.array_append_string( - "support_dynamic_time_zone", - ); + if early_capability_flags + .contains(Flags::RNS_UD_CS_SUPPORT_DYNVC_GFX_PROTOCOL) + { + flags.array_append_string("support_dynvc_gfx_protocol"); } if early_capability_flags - .contains(Flags::RNS_UD_CS_SUPPORT_HEARTBEAT_PDU) + .contains(Flags::RNS_UD_CS_SUPPORT_DYNAMIC_TIME_ZONE) { + flags.array_append_string("support_dynamic_time_zone"); + } + if early_capability_flags.contains(Flags::RNS_UD_CS_SUPPORT_HEARTBEAT_PDU) { flags.array_append_string("support_heartbeat_pdu"); } js_client.set("capabilities", flags); @@ -370,18 +320,12 @@ fn mcs_req_to_json(js: &Json, mcs: &McsConnectRequest) { if let Some(ref hint) = client.connection_hint { let s = match hint { ConnectionHint::ConnectionHintModem => "modem", - ConnectionHint::ConnectionHintBroadbandLow => { - "low_broadband" - } + ConnectionHint::ConnectionHintBroadbandLow => "low_broadband", ConnectionHint::ConnectionHintSatellite => "satellite", - ConnectionHint::ConnectionHintBroadbandHigh => { - "high_broadband" - } + ConnectionHint::ConnectionHintBroadbandHigh => "high_broadband", ConnectionHint::ConnectionHintWan => "wan", ConnectionHint::ConnectionHintLan => "lan", - ConnectionHint::ConnectionHintAutoDetect => { - "autodetect" - } + ConnectionHint::ConnectionHintAutoDetect => "autodetect", ConnectionHint::ConnectionHintNotProvided => "", }; if *hint != ConnectionHint::ConnectionHintNotProvided { @@ -400,8 +344,7 @@ fn mcs_req_to_json(js: &Json, mcs: &McsConnectRequest) { } if let Some(orientation) = client.desktop_orientation { - js_client - .set_integer("desktop_orientation", orientation as u64); + js_client.set_integer("desktop_orientation", orientation as u64); } if let Some(scale) = client.desktop_scale_factor { diff --git a/rust/src/rdp/parser.rs b/rust/src/rdp/parser.rs index 3b733818d6..847e3bbbb5 100644 --- a/rust/src/rdp/parser.rs +++ b/rust/src/rdp/parser.rs @@ -26,15 +26,13 @@ //! * x.224-spec: //! * x.691-spec: -use nom::IResult; -use nom::bytes::streaming::take; -use nom::combinator::{opt, map_opt, map_res}; -use nom::number::streaming::{be_u16, be_u8, le_u16, le_u32, le_u8}; use crate::rdp::error::RdpError; -use crate::rdp::util::{ - le_slice_to_string, parse_per_length_determinant, utf7_slice_to_string, -}; +use crate::rdp::util::{le_slice_to_string, parse_per_length_determinant, utf7_slice_to_string}; use crate::rdp::windows; +use nom::bytes::streaming::take; +use nom::combinator::{map_opt, map_res, opt}; +use nom::number::streaming::{be_u16, be_u8, le_u16, le_u32, le_u8}; +use nom::IResult; /// constrains dimension to a range, per spec /// rdp-spec, section 2.2.1.3.2 Client Core Data @@ -435,8 +433,7 @@ pub struct McsConnectResponse {} /// parser for t.123 and children /// t.123-spec, section 8 pub fn parse_t123_tpkt(input: &[u8]) -> IResult<&[u8], T123Tpkt, RdpError> { - let (i1, _version) = - verify!(input, be_u8, |&x| x == TpktVersion::T123 as u8)?; + let (i1, _version) = verify!(input, be_u8, |&x| x == TpktVersion::T123 as u8)?; let (i2, _reserved) = try_parse!(i1, be_u8); // less u8, u8, u16 let (i3, sz) = map_opt!(i2, be_u16, |x: u16| x.checked_sub(4))?; @@ -481,18 +478,16 @@ pub fn parse_t123_tpkt(input: &[u8]) -> IResult<&[u8], T123Tpkt, RdpError> { return Ok((i4, T123Tpkt { child })); } -fn take_4_4_bits(input: &[u8]) -> IResult<&[u8], (u8,u8), RdpError> { - map!(input, be_u8, |b| (b >> 4, b & 0xf)) +fn take_4_4_bits(input: &[u8]) -> IResult<&[u8], (u8, u8), RdpError> { + map!(input, be_u8, |b| (b >> 4, b & 0xf)) } /// rdp-spec, section 2.2.1.1 -fn parse_x224_connection_request( - input: &[u8], -) -> IResult<&[u8], X224ConnectionRequest, RdpError> { +fn parse_x224_connection_request(input: &[u8]) -> IResult<&[u8], X224ConnectionRequest, RdpError> { let (i1, length) = verify!(input, be_u8, |&x| x != 0xff)?; // 0xff is reserved let (i2, cr_cdt) = take_4_4_bits(i1)?; let _ = verify!(i1, value!(cr_cdt.0), |&x| x - == X224Type::ConnectionRequest as u8)?; + == X224Type::ConnectionRequest as u8)?; let _ = verify!(i1, value!(cr_cdt.1), |&x| x == 0 || x == 1)?; let (i3, dst_ref) = verify!(i2, be_u16, |&x| x == 0)?; let (i4, src_ref) = try_parse!(i3, be_u16); @@ -583,9 +578,7 @@ fn parse_rdp_cookie(input: &[u8]) -> IResult<&[u8], RdpCookie, RdpError> { } // rdp-spec, section 2.2.1.1.1 -fn parse_negotiation_request( - input: &[u8], -) -> IResult<&[u8], NegotiationRequest, RdpError> { +fn parse_negotiation_request(input: &[u8]) -> IResult<&[u8], NegotiationRequest, RdpError> { do_parse! { input, _typ: verify!( @@ -607,13 +600,11 @@ fn parse_negotiation_request( /// rdp-spec, section 2.2.1.2 /// x.224-spec, section 13.3 -fn parse_x224_connection_confirm( - input: &[u8], -) -> IResult<&[u8], X224ConnectionConfirm, RdpError> { +fn parse_x224_connection_confirm(input: &[u8]) -> IResult<&[u8], X224ConnectionConfirm, RdpError> { let (i1, length) = verify!(input, be_u8, |&x| x != 0xff)?; // 0xff is reserved let (i2, cr_cdt) = take_4_4_bits(input)?; let _ = verify!(i1, value!(cr_cdt.0), |&x| x - == X224Type::ConnectionConfirm as u8)?; + == X224Type::ConnectionConfirm as u8)?; let _ = verify!(i1, value!(cr_cdt.1), |&x| x == 0 || x == 1)?; let (i3, dst_ref) = verify!(i2, be_u16, |&x| x == 0)?; let (i4, src_ref) = try_parse!(i3, be_u16); @@ -636,14 +627,13 @@ fn parse_x224_connection_confirm( let (i7, data) = take!(i6, sz)?; // it will be one of a response message or a failure message - let opt1: Option = - match opt!(data, parse_negotiation_response) { - Ok((_remainder, opt)) => match opt { - Some(x) => Some(NegotiationFromServer::Response(x)), - None => None, - }, - Err(e) => return Err(e), - }; + let opt1: Option = match opt!(data, parse_negotiation_response) { + Ok((_remainder, opt)) => match opt { + Some(x) => Some(NegotiationFromServer::Response(x)), + None => None, + }, + Err(e) => return Err(e), + }; let opt2: Option = match opt1 { Some(x) => Some(x), None => match opt!(data, parse_negotiation_failure) { @@ -688,9 +678,7 @@ fn parse_x224_connection_confirm_class_0( } // rdp-spec, section 2.2.1.1.1 -fn parse_negotiation_response( - input: &[u8], -) -> IResult<&[u8], NegotiationResponse, RdpError> { +fn parse_negotiation_response(input: &[u8]) -> IResult<&[u8], NegotiationResponse, RdpError> { do_parse! { input, _typ: verify!( @@ -711,9 +699,7 @@ fn parse_negotiation_response( } // rdp-spec, section 2.2.1.1.1 -fn parse_negotiation_failure( - input: &[u8], -) -> IResult<&[u8], NegotiationFailure, RdpError> { +fn parse_negotiation_failure(input: &[u8]) -> IResult<&[u8], NegotiationFailure, RdpError> { do_parse! { input, _typ: verify!( @@ -733,7 +719,7 @@ fn parse_negotiation_failure( /// x224-spec, section 13.7 fn parse_x223_data_class_0(input: &[u8]) -> IResult<&[u8], X223Data, RdpError> { - fn parser(input: &[u8]) -> IResult<&[u8], (u8,u8,u8), RdpError> { + fn parser(input: &[u8]) -> IResult<&[u8], (u8, u8, u8), RdpError> { bits!( input, tuple!( @@ -803,8 +789,7 @@ fn parse_mcs_connect(input: &[u8]) -> IResult<&[u8], McsConnectRequest, RdpError Ok((rem, opt)) => match opt { // found CsClientCoreData Some(core_data) => { - children - .push(McsConnectRequestChild::CsClientCore(core_data)); + children.push(McsConnectRequestChild::CsClientCore(core_data)); rem } None => match opt!(remainder, parse_cs_net) { @@ -817,36 +802,27 @@ fn parse_mcs_connect(input: &[u8]) -> IResult<&[u8], McsConnectRequest, RdpError None => { match opt!(remainder, parse_cs_unknown) { // was able to parse CsUnknown - Ok((rem, opt)) => { - match opt { - Some(unknown) => { - children.push(McsConnectRequestChild::CsUnknown(unknown)); - rem - } - None => { - break; - } + Ok((rem, opt)) => match opt { + Some(unknown) => { + children.push(McsConnectRequestChild::CsUnknown(unknown)); + rem } - } + None => { + break; + } + }, Err(nom::Err::Incomplete(i)) => { return Err(nom::Err::Incomplete(i)) } - Err(nom::Err::Failure(_)) - | Err(nom::Err::Error(_)) => break, + Err(nom::Err::Failure(_)) | Err(nom::Err::Error(_)) => break, } } }, - Err(nom::Err::Incomplete(i)) => { - return Err(nom::Err::Incomplete(i)) - } - Err(nom::Err::Failure(_)) | Err(nom::Err::Error(_)) => { - break - } + Err(nom::Err::Incomplete(i)) => return Err(nom::Err::Incomplete(i)), + Err(nom::Err::Failure(_)) | Err(nom::Err::Error(_)) => break, }, }, - Err(nom::Err::Incomplete(i)) => { - return Err(nom::Err::Incomplete(i)) - } + Err(nom::Err::Incomplete(i)) => return Err(nom::Err::Incomplete(i)), Err(nom::Err::Failure(_)) | Err(nom::Err::Error(_)) => break, }; if remainder.len() == 0 { @@ -881,14 +857,14 @@ fn parse_cs_client_core_data(input: &[u8]) -> IResult<&[u8], CsClientCoreData> { // let (j13, post_beta2_color_depth) = - match opt!(j12, map_opt!(le_u16, num::FromPrimitive::from_u16)) as IResult<&[u8],_> { + match opt!(j12, map_opt!(le_u16, num::FromPrimitive::from_u16)) as IResult<&[u8], _> { Ok((rem, obj)) => (rem, obj), _ => (j12, None), }; let (j14, client_product_id) = match post_beta2_color_depth { None => (j13, None), - Some(_) => match opt!(j13, le_u16) as IResult<&[u8],_> { + Some(_) => match opt!(j13, le_u16) as IResult<&[u8], _> { Ok((rem, obj)) => (rem, obj), _ => (j13, None), }, @@ -896,7 +872,7 @@ fn parse_cs_client_core_data(input: &[u8]) -> IResult<&[u8], CsClientCoreData> { let (j15, serial_number) = match client_product_id { None => (j14, None), - Some(_) => match opt!(j14, le_u32) as IResult<&[u8],_> { + Some(_) => match opt!(j14, le_u32) as IResult<&[u8], _> { Ok((rem, obj)) => (rem, obj), _ => (j14, None), }, @@ -905,7 +881,7 @@ fn parse_cs_client_core_data(input: &[u8]) -> IResult<&[u8], CsClientCoreData> { let (j16, high_color_depth) = match serial_number { None => (j15, None), Some(_) => { - match opt!(j15, map_opt!(le_u16, num::FromPrimitive::from_u16)) as IResult<&[u8],_> { + match opt!(j15, map_opt!(le_u16, num::FromPrimitive::from_u16)) as IResult<&[u8], _> { Ok((rem, obj)) => (rem, obj), _ => (j15, None), } @@ -915,7 +891,7 @@ fn parse_cs_client_core_data(input: &[u8]) -> IResult<&[u8], CsClientCoreData> { let (j17, supported_color_depth) = match high_color_depth { None => (j16, None), Some(_) => { - match opt!(j16, map_opt!(le_u16, SupportedColorDepth::from_bits)) as IResult<&[u8],_> { + match opt!(j16, map_opt!(le_u16, SupportedColorDepth::from_bits)) as IResult<&[u8], _> { Ok((rem, obj)) => (rem, obj), _ => (j16, None), } @@ -925,7 +901,8 @@ fn parse_cs_client_core_data(input: &[u8]) -> IResult<&[u8], CsClientCoreData> { let (j18, early_capability_flags) = match supported_color_depth { None => (j17, None), Some(_) => { - match opt!(j17, map_opt!(le_u16, EarlyCapabilityFlags::from_bits)) as IResult<&[u8],_> { + match opt!(j17, map_opt!(le_u16, EarlyCapabilityFlags::from_bits)) as IResult<&[u8], _> + { Ok((rem, obj)) => (rem, obj), _ => (j17, None), } @@ -934,16 +911,18 @@ fn parse_cs_client_core_data(input: &[u8]) -> IResult<&[u8], CsClientCoreData> { let (j19, client_dig_product_id) = match early_capability_flags { None => (j18, None), - Some(_) => match opt(map_res(take(64usize), le_slice_to_string))(j18) as IResult<&[u8],_> { - Ok((rem, obj)) => (rem, obj), - _ => (j18, None), - }, + Some(_) => { + match opt(map_res(take(64usize), le_slice_to_string))(j18) as IResult<&[u8], _> { + Ok((rem, obj)) => (rem, obj), + _ => (j18, None), + } + } }; let (j20, connection_hint) = match client_dig_product_id { None => (j19, None), Some(_) => { - match opt(map_opt(le_u8, num::FromPrimitive::from_u8))(j19) as IResult<&[u8],_> { + match opt(map_opt(le_u8, num::FromPrimitive::from_u8))(j19) as IResult<&[u8], _> { Ok((rem, obj)) => (rem, obj), _ => (j19, None), } @@ -952,7 +931,7 @@ fn parse_cs_client_core_data(input: &[u8]) -> IResult<&[u8], CsClientCoreData> { let (j21, pad) = match connection_hint { None => (j20, None), - Some(_) => match opt(take(1usize))(j20) as IResult<&[u8],_> { + Some(_) => match opt(take(1usize))(j20) as IResult<&[u8], _> { Ok((rem, obj)) => (rem, obj), _ => (j20, None), }, @@ -961,7 +940,7 @@ fn parse_cs_client_core_data(input: &[u8]) -> IResult<&[u8], CsClientCoreData> { let (j22, server_selected_protocol) = match pad { None => (j21, None), Some(_) => { - match opt!(j21, map_opt!(le_u32, ProtocolFlags::from_bits)) as IResult<&[u8],_> { + match opt!(j21, map_opt!(le_u32, ProtocolFlags::from_bits)) as IResult<&[u8], _> { Ok((rem, obj)) => (rem, obj), _ => (j21, None), } @@ -970,7 +949,7 @@ fn parse_cs_client_core_data(input: &[u8]) -> IResult<&[u8], CsClientCoreData> { let (j23, desktop_physical_width) = match server_selected_protocol { None => (j22, None), - Some(_) => match opt!(j22, map_opt!(le_u32, millimeters_to_opt)) as IResult<&[u8],_> { + Some(_) => match opt!(j22, map_opt!(le_u32, millimeters_to_opt)) as IResult<&[u8], _> { Ok((rem, obj)) => (rem, obj), _ => (j22, None), }, @@ -978,7 +957,7 @@ fn parse_cs_client_core_data(input: &[u8]) -> IResult<&[u8], CsClientCoreData> { let (j24, desktop_physical_height) = match desktop_physical_width { None => (j23, None), - Some(_) => match opt!(j23, map_opt!(le_u32, millimeters_to_opt)) as IResult<&[u8],_> { + Some(_) => match opt!(j23, map_opt!(le_u32, millimeters_to_opt)) as IResult<&[u8], _> { Ok((rem, obj)) => (rem, obj), _ => (j23, None), }, @@ -987,7 +966,7 @@ fn parse_cs_client_core_data(input: &[u8]) -> IResult<&[u8], CsClientCoreData> { let (j25, desktop_orientation) = match desktop_physical_height { None => (j24, None), Some(_) => { - match opt!(j24, map_opt!(le_u16, num::FromPrimitive::from_u16)) as IResult<&[u8],_> { + match opt!(j24, map_opt!(le_u16, num::FromPrimitive::from_u16)) as IResult<&[u8], _> { Ok((rem, obj)) => (rem, obj), _ => (j24, None), } @@ -996,7 +975,7 @@ fn parse_cs_client_core_data(input: &[u8]) -> IResult<&[u8], CsClientCoreData> { let (j26, desktop_scale_factor) = match desktop_orientation { None => (j25, None), - Some(_) => match opt!(j25, map_opt!(le_u32, desktop_scale_to_opt)) as IResult<&[u8],_> { + Some(_) => match opt!(j25, map_opt!(le_u32, desktop_scale_to_opt)) as IResult<&[u8], _> { Ok((rem, obj)) => (rem, obj), _ => (j25, None), }, @@ -1004,7 +983,7 @@ fn parse_cs_client_core_data(input: &[u8]) -> IResult<&[u8], CsClientCoreData> { let (_j27, device_scale_factor) = match desktop_scale_factor { None => (j26, None), - Some(_) => match opt!(j26, map_opt!(le_u32, device_scale_to_opt)) as IResult<&[u8],_> { + Some(_) => match opt!(j26, map_opt!(le_u32, device_scale_to_opt)) as IResult<&[u8], _> { Ok((rem, obj)) => (rem, obj), _ => (j26, None), }, @@ -1089,9 +1068,7 @@ fn parse_cs_unknown(input: &[u8]) -> IResult<&[u8], CsUnknown> { } // rdp-spec, section 2.2.1.4 -fn parse_mcs_connect_response( - input: &[u8], -) -> IResult<&[u8], McsConnectResponse, RdpError> { +fn parse_mcs_connect_response(input: &[u8]) -> IResult<&[u8], McsConnectResponse, RdpError> { do_parse! { input, _ber_type: verify!( @@ -1110,30 +1087,27 @@ mod tests_cookie_21182 { use crate::rdp::parser::*; static BYTES: [u8; 37] = [ - 0x03, 0x00, 0x00, 0x25, 0x20, 0xe0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x43, - 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x3a, 0x20, 0x6d, 0x73, 0x74, 0x73, 0x68, - 0x61, 0x73, 0x68, 0x3d, 0x75, 0x73, 0x65, 0x72, 0x31, 0x32, 0x33, 0x0d, - 0x0a, + 0x03, 0x00, 0x00, 0x25, 0x20, 0xe0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x43, 0x6f, 0x6f, 0x6b, + 0x69, 0x65, 0x3a, 0x20, 0x6d, 0x73, 0x74, 0x73, 0x68, 0x61, 0x73, 0x68, 0x3d, 0x75, 0x73, + 0x65, 0x72, 0x31, 0x32, 0x33, 0x0d, 0x0a, ]; #[test] fn test_t123_x224_cookie() { let t123_bytes = &BYTES[..]; let t123_tpkt: T123Tpkt = T123Tpkt { - child: T123TpktChild::X224ConnectionRequest( - X224ConnectionRequest { - cdt: 0, - dst_ref: 0, - src_ref: 0, - class: 0, - options: 0, - cookie: Some(RdpCookie { - mstshash: String::from("user123"), - }), - negotiation_request: None, - data: Vec::new(), - }, - ), + child: T123TpktChild::X224ConnectionRequest(X224ConnectionRequest { + cdt: 0, + dst_ref: 0, + src_ref: 0, + class: 0, + options: 0, + cookie: Some(RdpCookie { + mstshash: String::from("user123"), + }), + negotiation_request: None, + data: Vec::new(), + }), }; assert_eq!(Ok((&[][..], t123_tpkt)), parse_t123_tpkt(t123_bytes)); } @@ -1144,8 +1118,8 @@ mod tests_negotiate_49350 { use crate::rdp::parser::*; static BYTES: [u8; 20] = [ - 0x03, 0x00, 0x00, 0x13, 0x0e, 0xe0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, - 0x00, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, + 0x03, 0x00, 0x00, 0x13, 0x0e, 0xe0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x08, 0x00, + 0x00, 0x00, 0x00, 0x00, 0xff, ]; static TPKT_BEGIN: usize = 0; static X224_BEGIN: usize = TPKT_BEGIN + 4; @@ -1159,21 +1133,19 @@ mod tests_negotiate_49350 { fn test_t123_x224_negotiate() { let t123_bytes = &BYTES[TPKT_BEGIN..]; let t123_tpkt: T123Tpkt = T123Tpkt { - child: T123TpktChild::X224ConnectionRequest( - X224ConnectionRequest { - cdt: 0, - dst_ref: 0, - src_ref: 0, - class: 0, - options: 0, - cookie: None, - negotiation_request: Some(NegotiationRequest { - flags: NegotiationRequestFlags::empty(), - protocols: ProtocolFlags::PROTOCOL_RDP, - }), - data: Vec::new(), - }, - ), + child: T123TpktChild::X224ConnectionRequest(X224ConnectionRequest { + cdt: 0, + dst_ref: 0, + src_ref: 0, + class: 0, + options: 0, + cookie: None, + negotiation_request: Some(NegotiationRequest { + flags: NegotiationRequestFlags::empty(), + protocols: ProtocolFlags::PROTOCOL_RDP, + }), + data: Vec::new(), + }), }; assert_eq!( Ok((&BYTES[PADDING_BEGIN..][..], t123_tpkt)), @@ -1187,41 +1159,34 @@ mod tests_core_49350 { use crate::rdp::parser::*; static BYTES: [u8; 429] = [ - 0x03, 0x00, 0x01, 0xac, 0x02, 0xf0, 0x80, 0x7f, 0x65, 0x82, 0x01, 0xa0, - 0x04, 0x01, 0x01, 0x04, 0x01, 0x01, 0x01, 0x01, 0xff, 0x30, 0x19, 0x02, - 0x01, 0x22, 0x02, 0x01, 0x02, 0x02, 0x01, 0x00, 0x02, 0x01, 0x01, 0x02, - 0x01, 0x00, 0x02, 0x01, 0x01, 0x02, 0x02, 0xff, 0xff, 0x02, 0x01, 0x02, - 0x30, 0x19, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01, 0x02, - 0x01, 0x01, 0x02, 0x01, 0x00, 0x02, 0x01, 0x01, 0x02, 0x02, 0x04, 0x20, - 0x02, 0x01, 0x02, 0x30, 0x1c, 0x02, 0x02, 0xff, 0xff, 0x02, 0x02, 0xfc, - 0x17, 0x02, 0x02, 0xff, 0xff, 0x02, 0x01, 0x01, 0x02, 0x01, 0x00, 0x02, - 0x01, 0x01, 0x02, 0x02, 0xff, 0xff, 0x02, 0x01, 0x02, 0x04, 0x82, 0x01, - 0x3f, 0x00, 0x05, 0x00, 0x14, 0x7c, 0x00, 0x01, 0x81, 0x36, 0x00, 0x08, - 0x00, 0x10, 0x00, 0x01, 0xc0, 0x00, 0x44, 0x75, 0x63, 0x61, 0x81, 0x28, - 0x01, 0xc0, 0xd8, 0x00, 0x04, 0x00, 0x08, 0x00, 0x00, 0x05, 0x00, 0x03, - 0x01, 0xca, 0x03, 0xaa, 0x09, 0x04, 0x00, 0x00, 0x71, 0x17, 0x00, 0x00, - 0x53, 0x00, 0x45, 0x00, 0x52, 0x00, 0x56, 0x00, 0x45, 0x00, 0x52, 0x00, - 0x2d, 0x00, 0x58, 0x00, 0x59, 0x00, 0x5a, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x01, 0xca, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x0f, 0x00, - 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x04, 0xc0, 0x0c, 0x00, 0x0d, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x02, 0xc0, 0x0c, 0x00, 0x1b, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x03, 0xc0, 0x38, 0x00, 0x04, 0x00, 0x00, 0x00, 0x72, 0x64, 0x70, 0x64, - 0x72, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80, 0x80, 0x72, 0x64, 0x70, 0x73, - 0x6e, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc0, 0x64, 0x72, 0x64, 0x79, - 0x6e, 0x76, 0x63, 0x00, 0x00, 0x00, 0x80, 0xc0, 0x63, 0x6c, 0x69, 0x70, + 0x03, 0x00, 0x01, 0xac, 0x02, 0xf0, 0x80, 0x7f, 0x65, 0x82, 0x01, 0xa0, 0x04, 0x01, 0x01, + 0x04, 0x01, 0x01, 0x01, 0x01, 0xff, 0x30, 0x19, 0x02, 0x01, 0x22, 0x02, 0x01, 0x02, 0x02, + 0x01, 0x00, 0x02, 0x01, 0x01, 0x02, 0x01, 0x00, 0x02, 0x01, 0x01, 0x02, 0x02, 0xff, 0xff, + 0x02, 0x01, 0x02, 0x30, 0x19, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01, 0x02, + 0x01, 0x01, 0x02, 0x01, 0x00, 0x02, 0x01, 0x01, 0x02, 0x02, 0x04, 0x20, 0x02, 0x01, 0x02, + 0x30, 0x1c, 0x02, 0x02, 0xff, 0xff, 0x02, 0x02, 0xfc, 0x17, 0x02, 0x02, 0xff, 0xff, 0x02, + 0x01, 0x01, 0x02, 0x01, 0x00, 0x02, 0x01, 0x01, 0x02, 0x02, 0xff, 0xff, 0x02, 0x01, 0x02, + 0x04, 0x82, 0x01, 0x3f, 0x00, 0x05, 0x00, 0x14, 0x7c, 0x00, 0x01, 0x81, 0x36, 0x00, 0x08, + 0x00, 0x10, 0x00, 0x01, 0xc0, 0x00, 0x44, 0x75, 0x63, 0x61, 0x81, 0x28, 0x01, 0xc0, 0xd8, + 0x00, 0x04, 0x00, 0x08, 0x00, 0x00, 0x05, 0x00, 0x03, 0x01, 0xca, 0x03, 0xaa, 0x09, 0x04, + 0x00, 0x00, 0x71, 0x17, 0x00, 0x00, 0x53, 0x00, 0x45, 0x00, 0x52, 0x00, 0x56, 0x00, 0x45, + 0x00, 0x52, 0x00, 0x2d, 0x00, 0x58, 0x00, 0x59, 0x00, 0x5a, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xca, 0x01, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x08, 0x00, 0x0f, 0x00, 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x04, 0xc0, 0x0c, 0x00, 0x0d, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x02, 0xc0, 0x0c, 0x00, 0x1b, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0xc0, 0x38, + 0x00, 0x04, 0x00, 0x00, 0x00, 0x72, 0x64, 0x70, 0x64, 0x72, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x80, 0x80, 0x72, 0x64, 0x70, 0x73, 0x6e, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc0, 0x64, + 0x72, 0x64, 0x79, 0x6e, 0x76, 0x63, 0x00, 0x00, 0x00, 0x80, 0xc0, 0x63, 0x6c, 0x69, 0x70, 0x72, 0x64, 0x72, 0x00, 0x00, 0x00, 0xa0, 0xc0, 0xff, ]; static TPKT_BEGIN: usize = 0; @@ -1292,9 +1257,7 @@ mod tests_core_49350 { children.push(McsConnectRequestChild::CsNet(CsNet { channels })); let t123_tpkt: T123Tpkt = T123Tpkt { child: T123TpktChild::Data(X223Data { - child: X223DataChild::McsConnectRequest(McsConnectRequest { - children, - }), + child: X223DataChild::McsConnectRequest(McsConnectRequest { children }), }), }; assert_eq!( @@ -1309,8 +1272,7 @@ mod tests_x223_response_49350 { use crate::rdp::parser::*; // changed offset 9 from 0x65 to 0x66 so it is no longer an mcs connect - static BYTES: [u8; 9] = - [0x03, 0x00, 0x00, 0x09, 0x02, 0xf0, 0x80, 0x7f, 0x66]; + static BYTES: [u8; 9] = [0x03, 0x00, 0x00, 0x09, 0x02, 0xf0, 0x80, 0x7f, 0x66]; #[test] fn test_x223_response() { @@ -1320,9 +1282,7 @@ mod tests_x223_response_49350 { &[][..], T123Tpkt { child: T123TpktChild::Data(X223Data { - child: X223DataChild::McsConnectResponse( - McsConnectResponse {} - ), + child: X223DataChild::McsConnectResponse(McsConnectResponse {}), }) } )), @@ -1336,8 +1296,7 @@ mod tests_t123_raw_49350 { use crate::rdp::parser::*; // changed offset 4 from 0x02 to 0x03 so it is no longer an X223 data object - static BYTES: [u8; 9] = - [0x03, 0x00, 0x00, 0x09, 0x03, 0xf0, 0x80, 0x7f, 0x65]; + static BYTES: [u8; 9] = [0x03, 0x00, 0x00, 0x09, 0x03, 0xf0, 0x80, 0x7f, 0x65]; #[test] fn test_t123_raw() { @@ -1360,8 +1319,8 @@ mod tests_x224_raw_49350 { // changed offset 11 from 0x01 to 0x02 so it is not a known X224 payload type static BYTES: [u8; 19] = [ - 0x03, 0x00, 0x00, 0x13, 0x0e, 0xe0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, - 0x00, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x03, 0x00, 0x00, 0x13, 0x0e, 0xe0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x08, 0x00, + 0x00, 0x00, 0x00, 0x00, ]; #[test] @@ -1371,18 +1330,16 @@ mod tests_x224_raw_49350 { Ok(( &[][..], T123Tpkt { - child: T123TpktChild::X224ConnectionRequest( - X224ConnectionRequest { - cdt: 0, - dst_ref: 0, - src_ref: 0, - class: 0, - options: 0, - cookie: None, - negotiation_request: None, - data: BYTES[11..].to_vec(), - } - ) + child: T123TpktChild::X224ConnectionRequest(X224ConnectionRequest { + cdt: 0, + dst_ref: 0, + src_ref: 0, + class: 0, + options: 0, + cookie: None, + negotiation_request: None, + data: BYTES[11..].to_vec(), + }) } )), parse_t123_tpkt(t123_bytes) @@ -1395,8 +1352,7 @@ mod tests_x223_raw_49350 { use crate::rdp::parser::*; // changed offset 9 from 0x65 to 0xff so it is no longer an mcs connect - static BYTES: [u8; 9] = - [0x03, 0x00, 0x00, 0x09, 0x02, 0xf0, 0x80, 0x7f, 0xff]; + static BYTES: [u8; 9] = [0x03, 0x00, 0x00, 0x09, 0x02, 0xf0, 0x80, 0x7f, 0xff]; #[test] fn test_x223_raw() { @@ -1417,12 +1373,12 @@ mod tests_x223_raw_49350 { #[cfg(test)] mod tests_negotiate_incomplete_49350 { - use nom; use crate::rdp::parser::*; + use nom; static BYTES: [u8; 19] = [ - 0x03, 0x00, 0x00, 0x13, 0x0e, 0xe0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, - 0x00, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x03, 0x00, 0x00, 0x13, 0x0e, 0xe0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x08, 0x00, + 0x00, 0x00, 0x00, 0x00, ]; static TPKT_BEGIN: usize = 0; static X224_BEGIN: usize = TPKT_BEGIN + 4; @@ -1471,45 +1427,38 @@ mod tests_negotiate_incomplete_49350 { #[cfg(test)] mod tests_core_incomplete_49350 { - use nom; use crate::rdp::parser::*; + use nom; static BYTES: [u8; 428] = [ - 0x03, 0x00, 0x01, 0xac, 0x02, 0xf0, 0x80, 0x7f, 0x65, 0x82, 0x01, 0xa0, - 0x04, 0x01, 0x01, 0x04, 0x01, 0x01, 0x01, 0x01, 0xff, 0x30, 0x19, 0x02, - 0x01, 0x22, 0x02, 0x01, 0x02, 0x02, 0x01, 0x00, 0x02, 0x01, 0x01, 0x02, - 0x01, 0x00, 0x02, 0x01, 0x01, 0x02, 0x02, 0xff, 0xff, 0x02, 0x01, 0x02, - 0x30, 0x19, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01, 0x02, - 0x01, 0x01, 0x02, 0x01, 0x00, 0x02, 0x01, 0x01, 0x02, 0x02, 0x04, 0x20, - 0x02, 0x01, 0x02, 0x30, 0x1c, 0x02, 0x02, 0xff, 0xff, 0x02, 0x02, 0xfc, - 0x17, 0x02, 0x02, 0xff, 0xff, 0x02, 0x01, 0x01, 0x02, 0x01, 0x00, 0x02, - 0x01, 0x01, 0x02, 0x02, 0xff, 0xff, 0x02, 0x01, 0x02, 0x04, 0x82, 0x01, - 0x3f, 0x00, 0x05, 0x00, 0x14, 0x7c, 0x00, 0x01, 0x81, 0x36, 0x00, 0x08, - 0x00, 0x10, 0x00, 0x01, 0xc0, 0x00, 0x44, 0x75, 0x63, 0x61, 0x81, 0x28, - 0x01, 0xc0, 0xd8, 0x00, 0x04, 0x00, 0x08, 0x00, 0x00, 0x05, 0x00, 0x03, - 0x01, 0xca, 0x03, 0xaa, 0x09, 0x04, 0x00, 0x00, 0x71, 0x17, 0x00, 0x00, - 0x53, 0x00, 0x45, 0x00, 0x52, 0x00, 0x56, 0x00, 0x45, 0x00, 0x52, 0x00, - 0x2d, 0x00, 0x58, 0x00, 0x59, 0x00, 0x5a, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x01, 0xca, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x0f, 0x00, - 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x04, 0xc0, 0x0c, 0x00, 0x0d, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x02, 0xc0, 0x0c, 0x00, 0x1b, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x03, 0xc0, 0x38, 0x00, 0x04, 0x00, 0x00, 0x00, 0x72, 0x64, 0x70, 0x64, - 0x72, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80, 0x80, 0x72, 0x64, 0x70, 0x73, - 0x6e, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc0, 0x64, 0x72, 0x64, 0x79, - 0x6e, 0x76, 0x63, 0x00, 0x00, 0x00, 0x80, 0xc0, 0x63, 0x6c, 0x69, 0x70, + 0x03, 0x00, 0x01, 0xac, 0x02, 0xf0, 0x80, 0x7f, 0x65, 0x82, 0x01, 0xa0, 0x04, 0x01, 0x01, + 0x04, 0x01, 0x01, 0x01, 0x01, 0xff, 0x30, 0x19, 0x02, 0x01, 0x22, 0x02, 0x01, 0x02, 0x02, + 0x01, 0x00, 0x02, 0x01, 0x01, 0x02, 0x01, 0x00, 0x02, 0x01, 0x01, 0x02, 0x02, 0xff, 0xff, + 0x02, 0x01, 0x02, 0x30, 0x19, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01, 0x02, + 0x01, 0x01, 0x02, 0x01, 0x00, 0x02, 0x01, 0x01, 0x02, 0x02, 0x04, 0x20, 0x02, 0x01, 0x02, + 0x30, 0x1c, 0x02, 0x02, 0xff, 0xff, 0x02, 0x02, 0xfc, 0x17, 0x02, 0x02, 0xff, 0xff, 0x02, + 0x01, 0x01, 0x02, 0x01, 0x00, 0x02, 0x01, 0x01, 0x02, 0x02, 0xff, 0xff, 0x02, 0x01, 0x02, + 0x04, 0x82, 0x01, 0x3f, 0x00, 0x05, 0x00, 0x14, 0x7c, 0x00, 0x01, 0x81, 0x36, 0x00, 0x08, + 0x00, 0x10, 0x00, 0x01, 0xc0, 0x00, 0x44, 0x75, 0x63, 0x61, 0x81, 0x28, 0x01, 0xc0, 0xd8, + 0x00, 0x04, 0x00, 0x08, 0x00, 0x00, 0x05, 0x00, 0x03, 0x01, 0xca, 0x03, 0xaa, 0x09, 0x04, + 0x00, 0x00, 0x71, 0x17, 0x00, 0x00, 0x53, 0x00, 0x45, 0x00, 0x52, 0x00, 0x56, 0x00, 0x45, + 0x00, 0x52, 0x00, 0x2d, 0x00, 0x58, 0x00, 0x59, 0x00, 0x5a, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xca, 0x01, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x08, 0x00, 0x0f, 0x00, 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x04, 0xc0, 0x0c, 0x00, 0x0d, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x02, 0xc0, 0x0c, 0x00, 0x1b, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0xc0, 0x38, + 0x00, 0x04, 0x00, 0x00, 0x00, 0x72, 0x64, 0x70, 0x64, 0x72, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x80, 0x80, 0x72, 0x64, 0x70, 0x73, 0x6e, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc0, 0x64, + 0x72, 0x64, 0x79, 0x6e, 0x76, 0x63, 0x00, 0x00, 0x00, 0x80, 0xc0, 0x63, 0x6c, 0x69, 0x70, 0x72, 0x64, 0x72, 0x00, 0x00, 0x00, 0xa0, 0xc0, ]; static X223_BEGIN: usize = 4; diff --git a/rust/src/rdp/rdp.rs b/rust/src/rdp/rdp.rs index b96da51226..db6b14e084 100644 --- a/rust/src/rdp/rdp.rs +++ b/rust/src/rdp/rdp.rs @@ -19,17 +19,13 @@ //! RDP application layer -use crate::core::{ - self, AppProto, DetectEngineState, Flow, ALPROTO_UNKNOWN, IPPROTO_TCP, -}; -use nom; use crate::applayer::*; +use crate::core::{self, AppProto, DetectEngineState, Flow, ALPROTO_UNKNOWN, IPPROTO_TCP}; use crate::rdp::parser::*; +use nom; use std; use std::mem::transmute; -use tls_parser::{ - parse_tls_plaintext, TlsMessage, TlsMessageHandshake, TlsRecordType, -}; +use tls_parser::{parse_tls_plaintext, TlsMessage, TlsMessageHandshake, TlsRecordType}; static mut ALPROTO_RDP: AppProto = ALPROTO_UNKNOWN; @@ -85,8 +81,7 @@ impl Drop for RdpTransaction { #[no_mangle] pub extern "C" fn rs_rdp_state_get_tx( - state: *mut std::os::raw::c_void, - tx_id: u64, + state: *mut std::os::raw::c_void, tx_id: u64, ) -> *mut std::os::raw::c_void { let state = cast_pointer!(state, RdpState); match state.get_tx(tx_id) { @@ -100,25 +95,20 @@ pub extern "C" fn rs_rdp_state_get_tx( } #[no_mangle] -pub extern "C" fn rs_rdp_state_get_tx_count( - state: *mut std::os::raw::c_void, -) -> u64 { +pub extern "C" fn rs_rdp_state_get_tx_count(state: *mut std::os::raw::c_void) -> u64 { let state = cast_pointer!(state, RdpState); return state.next_id; } #[no_mangle] -pub extern "C" fn rs_rdp_tx_get_progress_complete( - _direction: u8, -) -> std::os::raw::c_int { +pub extern "C" fn rs_rdp_tx_get_progress_complete(_direction: u8) -> std::os::raw::c_int { // a parser can implement a multi-step tx completion by using an arbitrary `n` return 1; } #[no_mangle] pub extern "C" fn rs_rdp_tx_get_progress( - _tx: *mut std::os::raw::c_void, - _direction: u8, + _tx: *mut std::os::raw::c_void, _direction: u8, ) -> std::os::raw::c_int { // tx complete when `rs_rdp_tx_get_progress(...) == rs_rdp_tx_get_progress_complete(...)` // here, all transactions are immediately complete on insert @@ -226,11 +216,8 @@ impl RdpState { match t123.child { // X.224 connection request T123TpktChild::X224ConnectionRequest(x224) => { - let tx = self.new_tx( - RdpTransactionItem::X224ConnectionRequest( - x224, - ), - ); + let tx = + self.new_tx(RdpTransactionItem::X224ConnectionRequest(x224)); self.transactions.push(tx); } @@ -293,20 +280,17 @@ impl RdpState { available = remainder; for message in &tls.msg { match message { - TlsMessage::Handshake( - TlsMessageHandshake::Certificate(contents), - ) => { + TlsMessage::Handshake(TlsMessageHandshake::Certificate( + contents, + )) => { let mut chain = Vec::new(); for cert in &contents.cert_chain { chain.push(CertificateBlob { data: cert.data.to_vec(), }); } - let tx = self.new_tx( - RdpTransactionItem::TlsCertificateChain( - chain, - ), - ); + let tx = + self.new_tx(RdpTransactionItem::TlsCertificateChain(chain)); self.transactions.push(tx); self.bypass_parsing = true; } @@ -336,11 +320,8 @@ impl RdpState { match t123.child { // X.224 connection confirm T123TpktChild::X224ConnectionConfirm(x224) => { - let tx = self.new_tx( - RdpTransactionItem::X224ConnectionConfirm( - x224, - ), - ); + let tx = + self.new_tx(RdpTransactionItem::X224ConnectionConfirm(x224)); self.transactions.push(tx); } @@ -397,10 +378,7 @@ pub extern "C" fn rs_rdp_state_free(state: *mut std::os::raw::c_void) { } #[no_mangle] -pub extern "C" fn rs_rdp_state_tx_free( - state: *mut std::os::raw::c_void, - tx_id: u64, -) { +pub extern "C" fn rs_rdp_state_tx_free(state: *mut std::os::raw::c_void, tx_id: u64) { let state = cast_pointer!(state, RdpState); state.free_tx(tx_id); } @@ -424,11 +402,7 @@ fn probe_rdp(input: &[u8]) -> bool { /// probe for T.123 message, whether to client or to server #[no_mangle] pub extern "C" fn rs_rdp_probe_ts_tc( - _flow: *const Flow, - _direction: u8, - input: *const u8, - input_len: u32, - _rdir: *mut u8, + _flow: *const Flow, _direction: u8, input: *const u8, input_len: u32, _rdir: *mut u8, ) -> AppProto { if input != std::ptr::null_mut() { // probe bytes for `rdp` protocol pattern @@ -455,13 +429,8 @@ fn probe_tls_handshake(input: &[u8]) -> bool { #[no_mangle] pub extern "C" fn rs_rdp_parse_ts( - _flow: *const Flow, - state: *mut std::os::raw::c_void, - _pstate: *mut std::os::raw::c_void, - input: *const u8, - input_len: u32, - _data: *const std::os::raw::c_void, - _flags: u8, + _flow: *const Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void, + input: *const u8, input_len: u32, _data: *const std::os::raw::c_void, _flags: u8, ) -> AppLayerResult { let state = cast_pointer!(state, RdpState); let buf = build_slice!(input, input_len as usize); @@ -476,13 +445,8 @@ pub extern "C" fn rs_rdp_parse_ts( #[no_mangle] pub extern "C" fn rs_rdp_parse_tc( - _flow: *const Flow, - state: *mut std::os::raw::c_void, - _pstate: *mut std::os::raw::c_void, - input: *const u8, - input_len: u32, - _data: *const std::os::raw::c_void, - _flags: u8, + _flow: *const Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void, + input: *const u8, input_len: u32, _data: *const std::os::raw::c_void, _flags: u8, ) -> AppLayerResult { let state = cast_pointer!(state, RdpState); let buf = build_slice!(input, input_len as usize); @@ -539,16 +503,10 @@ pub unsafe extern "C" fn rs_rdp_register_parser() { let ip_proto_str = std::ffi::CString::new("tcp").unwrap(); - if AppLayerProtoDetectConfProtoDetectionEnabled( - ip_proto_str.as_ptr(), - parser.name, - ) != 0 - { + if AppLayerProtoDetectConfProtoDetectionEnabled(ip_proto_str.as_ptr(), parser.name) != 0 { let alproto = AppLayerRegisterProtocolDetection(&parser, 1); ALPROTO_RDP = alproto; - if AppLayerParserConfParserEnabled(ip_proto_str.as_ptr(), parser.name) - != 0 - { + if AppLayerParserConfParserEnabled(ip_proto_str.as_ptr(), parser.name) != 0 { let _ = AppLayerRegisterParser(&parser, alproto); } } @@ -587,28 +545,27 @@ mod tests { fn test_parse_ts_rdp() { let buf_1: &[u8] = &[0x03, 0x00, 0x00, 0x25, 0x20, 0xe0, 0x00, 0x00]; let buf_2: &[u8] = &[ - 0x00, 0x00, 0x00, 0x43, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x3a, 0x20, - 0x6d, 0x73, 0x74, 0x73, 0x68, 0x61, 0x73, 0x68, 0x3d, 0x75, 0x73, - 0x65, 0x72, 0x31, 0x32, 0x33, 0x0d, 0x0a, + 0x00, 0x00, 0x00, 0x43, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x3a, 0x20, 0x6d, 0x73, 0x74, + 0x73, 0x68, 0x61, 0x73, 0x68, 0x3d, 0x75, 0x73, 0x65, 0x72, 0x31, 0x32, 0x33, 0x0d, + 0x0a, ]; let mut state = RdpState::new(); assert_eq!(true, state.parse_ts(&buf_1)); assert_eq!(0, state.transactions.len()); assert_eq!(true, state.parse_ts(&buf_2)); assert_eq!(1, state.transactions.len()); - let item = - RdpTransactionItem::X224ConnectionRequest(X224ConnectionRequest { - cdt: 0, - dst_ref: 0, - src_ref: 0, - class: 0, - options: 0, - cookie: Some(RdpCookie { - mstshash: String::from("user123"), - }), - negotiation_request: None, - data: Vec::new(), - }); + let item = RdpTransactionItem::X224ConnectionRequest(X224ConnectionRequest { + cdt: 0, + dst_ref: 0, + src_ref: 0, + class: 0, + options: 0, + cookie: Some(RdpCookie { + mstshash: String::from("user123"), + }), + negotiation_request: None, + data: Vec::new(), + }); assert_eq!(item, state.transactions[0].item); } @@ -628,8 +585,7 @@ mod tests { assert_eq!(0, state.transactions.len()); assert_eq!(true, state.parse_tc(&buf_2)); assert_eq!(1, state.transactions.len()); - let item = - RdpTransactionItem::McsConnectResponse(McsConnectResponse {}); + let item = RdpTransactionItem::McsConnectResponse(McsConnectResponse {}); assert_eq!(item, state.transactions[0].item); } diff --git a/rust/src/rdp/util.rs b/rust/src/rdp/util.rs index 76247facc3..520c3c199d 100644 --- a/rust/src/rdp/util.rs +++ b/rust/src/rdp/util.rs @@ -17,11 +17,11 @@ // Author: Zach Kelly +use crate::rdp::error::RdpError; use byteorder::ReadBytesExt; use memchr::memchr; use nom; use nom::{IResult, Needed}; -use crate::rdp::error::RdpError; use std::io::Cursor; use widestring::U16CString; @@ -101,8 +101,8 @@ pub fn parse_per_length_determinant(input: &[u8]) -> IResult<&[u8], u32, RdpErro #[cfg(test)] mod tests { use super::*; - use nom; use crate::rdp::error::RdpError; + use nom; #[test] fn test_le_string_abc() {