private void S8_ServerRedirection_PositiveTest_WithRoutingToken_VerifyClientInfoPdu(Client_Info_Pdu clientInfoPdu)
{
this.TestSite.Assert.AreEqual<string>(RdpbcgrTestData.Test_UserName.ToUpper(), clientInfoPdu.infoPacket.UserName.ToUpper(), "Verify if UserName in Client Info PDU equals that sent in Server Redirection PDU.");
this.TestSite.Assert.AreEqual<string>(RdpbcgrTestData.Test_Domain.ToUpper(), clientInfoPdu.infoPacket.Domain.ToUpper(), "Verify if Domain in Client Info PDU equals that sent in Server Redirection PDU.");
this.TestSite.Assert.AreEqual<string>(RdpbcgrTestData.Test_Password, clientInfoPdu.infoPacket.Password, "Verify if Password in Client Info PDU equals that sent in Server Redirection PDU.");
}
/// <summary>
/// Decode Client Info PDU
/// </summary>
/// <param name="data">data to be parsed</param>
/// <param name="decryptedUserData">decrypted user data</param>
/// <param name="type">the security header type</param>
/// <returns>Decoded Client Info PDU</returns>
public StackPacket DecodeClientInfoPdu(
byte[] data,
byte[] decryptedUserData,
SecurityHeaderType type)
{
int currentIndex = 0;
Client_Info_Pdu pdu = new Client_Info_Pdu();
pdu.commonHeader = ParseMcsCommonHeader(data, ref currentIndex, type);
int userDataIndex = 0;
pdu.infoPacket = ParseClientInfo(decryptedUserData, ref userDataIndex);
// ETW Provider Dump Message
if (type != SecurityHeaderType.Basic)
{
// RDP Standard Security
string messageName = "RDPBCGR:" + pdu.GetType().Name;
ExtendedLogger.DumpMessage(messageName, RdpbcgrUtility.DumpLevel_Layer3, pdu.GetType().Name, decryptedUserData);
}
// Check if data length exceeded expectation
VerifyDataLength(decryptedUserData.Length, userDataIndex, ConstValue.ERROR_MESSAGE_DATA_LENGTH_EXCEEDED);
return pdu;
}
/// <summary>
/// 2.2.1.11
/// </summary>
/// <param name="clientInfo"></param>
public void VerifyPdu(Client_Info_Pdu clientInfo)
{
site.CaptureRequirementIfIsTrue(clientInfo.commonHeader.securityHeader is TS_SECURITY_HEADER ||
clientInfo.commonHeader.securityHeader is TS_SECURITY_HEADER1 ||
clientInfo.commonHeader.securityHeader is TS_SECURITY_HEADER2, 422,
@"[In Client Info PDU Data (CLIENT_INFO_PDU)]securityHeader (variable): This field MUST contain one"
+ @" of the following headers:[Basic Security Header,Non-FIPS Security Header, FIPS Security Header ].");
if (serverConfig.encryptionLevel == EncryptionLevel.ENCRYPTION_LEVEL_NONE)
{
bool isR423Satisfied = (clientInfo.commonHeader.securityHeader is TS_SECURITY_HEADER) &&
(!(clientInfo.commonHeader.securityHeader is TS_SECURITY_HEADER1)) &&
(!(clientInfo.commonHeader.securityHeader is TS_SECURITY_HEADER2));
site.CaptureRequirementIfIsTrue(isR423Satisfied, 423,
@"[In Client Info PDU Data (CLIENT_INFO_PDU)]securityHeader (variable):The securityHeader in "
+ @"CLIENT_INFO_PDU structure is a Basic Security Header if the Encryption Level selected by"
+ @" the server is ENCRYPTION_LEVEL_NONE (0).");
}
else if (serverConfig.encryptionMethod == EncryptionMethods.ENCRYPTION_METHOD_40BIT ||
serverConfig.encryptionMethod == EncryptionMethods.ENCRYPTION_METHOD_56BIT ||
serverConfig.encryptionMethod == EncryptionMethods.ENCRYPTION_METHOD_128BIT)
{
//site.CaptureRequirementIfIsInstanceOfType(clientInfo.commonHeader.securityHeader, typeof(TS_SECURITY_HEADER1), 424,
// @"[In Client Info PDU Data (CLIENT_INFO_PDU)]securityHeader (variable):The securityHeader in CLIENT_INFO_PDU structure is a Non-FIPS Security Header (section 2.2.8.1.1.2.2) if the Encryption LevelMethod selected by the server (see sections 5.3.2 and 2.2.1.4.3) is ENCRYPTION_LEVEL_LOW (1METHOD_40BIT (0x00000001), ENCRYPTION_LEVEL_CLIENT_COMPATIBLE (2METHOD_56BIT (0x00000008), or ENCRYPTION_LEVEL_HIGH (3METHOD_128BIT (0x00000002).");
}
else if (serverConfig.encryptionMethod == EncryptionMethods.ENCRYPTION_METHOD_FIPS)
{
site.CaptureRequirementIfIsInstanceOfType(clientInfo.commonHeader.securityHeader, typeof(TS_SECURITY_HEADER2), 425,
@"[In Client Info PDU Data (CLIENT_INFO_PDU)]securityHeader (variable):The securityHeader in "
+ @"CLIENT_INFO_PDU structure is a FIPS Security Header (section 2.2.8.1.1.2.3) if the Encryption"
+ @" Level Method selected by the server is ENCRYPTION_LEVELMethod _FIPS ( 4 0x00000010).");
}
if (serverConfig.encryptedProtocol == EncryptedProtocol.Rdp)
{
//SDK Bug, SecurityHeader.Flag is parsed incorrectly for Client Info PDU
//site.CaptureRequirementIfAreEqual<TS_SECURITY_HEADER_flags_Values>( TS_SECURITY_HEADER_flags_Values.SEC_INFO_PKT, (clientInfo.commonHeader.securityHeader.flags & TS_SECURITY_HEADER_flags_Values.SEC_INFO_PKT), 426,
// @"[In Client Info PDU Data (CLIENT_INFO_PDU)]In CLIENT_INFO_PDU structure, the flags field of "
// + @"the security header MUST contain the SEC_INFO_PKT flag (section 2.2.8.1.1.2.1).");
site.CaptureRequirementIfIsNotNull(clientInfo.infoPacket, 430,
@"[In Info Packet (TS_INFO_PACKET)]The Info Packet SHOULD be encrypted (see sections 5.3 and"
+ @" 5.4 for an overview of RDP security mechanisms).");
}
VerifyStructure(clientInfo.infoPacket);
}
/// <summary>
/// Create an instance of the class that is identical to the current PDU.
/// </summary>
/// <returns>The new instance.</returns>
public override StackPacket Clone()
{
Client_Info_Pdu cloneClientInfoPdu = new Client_Info_Pdu(context);
cloneClientInfoPdu.commonHeader = commonHeader.Clone();
if (infoPacket != null)
{
cloneClientInfoPdu.infoPacket = new TS_INFO_PACKET();
cloneClientInfoPdu.infoPacket.AlternateShell = infoPacket.AlternateShell;
cloneClientInfoPdu.infoPacket.cbAlternateShell = infoPacket.cbAlternateShell;
cloneClientInfoPdu.infoPacket.cbDomain = infoPacket.cbDomain;
cloneClientInfoPdu.infoPacket.cbPassword = infoPacket.cbPassword;
cloneClientInfoPdu.infoPacket.cbUserName = infoPacket.cbUserName;
cloneClientInfoPdu.infoPacket.cbWorkingDir = infoPacket.cbWorkingDir;
cloneClientInfoPdu.infoPacket.CodePage = infoPacket.CodePage;
cloneClientInfoPdu.infoPacket.Domain = infoPacket.Domain;
cloneClientInfoPdu.infoPacket.Password = infoPacket.Password;
cloneClientInfoPdu.infoPacket.UserName = infoPacket.UserName;
cloneClientInfoPdu.infoPacket.WorkingDir = infoPacket.WorkingDir;
cloneClientInfoPdu.infoPacket.flags = infoPacket.flags;
if (infoPacket.extraInfo != null)
{
cloneClientInfoPdu.infoPacket.extraInfo = new TS_EXTENDED_INFO_PACKET();
if (infoPacket.extraInfo.autoReconnectCookie != null)
{
cloneClientInfoPdu.infoPacket.extraInfo.autoReconnectCookie = new ARC_CS_PRIVATE_PACKET();
cloneClientInfoPdu.infoPacket.extraInfo.autoReconnectCookie.cbLen =
infoPacket.extraInfo.autoReconnectCookie.cbLen;
cloneClientInfoPdu.infoPacket.extraInfo.autoReconnectCookie.LogonId =
infoPacket.extraInfo.autoReconnectCookie.LogonId;
cloneClientInfoPdu.infoPacket.extraInfo.autoReconnectCookie.SecurityVerifier =
RdpbcgrUtility.CloneByteArray(infoPacket.extraInfo.autoReconnectCookie.SecurityVerifier);
cloneClientInfoPdu.infoPacket.extraInfo.autoReconnectCookie.Version =
infoPacket.extraInfo.autoReconnectCookie.Version;
}
cloneClientInfoPdu.infoPacket.extraInfo.cbAutoReconnectLen =
infoPacket.extraInfo.cbAutoReconnectLen;
cloneClientInfoPdu.infoPacket.extraInfo.cbClientAddress = infoPacket.extraInfo.cbClientAddress;
cloneClientInfoPdu.infoPacket.extraInfo.cbClientDir = infoPacket.extraInfo.cbClientDir;
cloneClientInfoPdu.infoPacket.extraInfo.clientAddress = infoPacket.extraInfo.clientAddress;
cloneClientInfoPdu.infoPacket.extraInfo.clientAddressFamily =
infoPacket.extraInfo.clientAddressFamily;
cloneClientInfoPdu.infoPacket.extraInfo.clientDir = infoPacket.extraInfo.clientDir;
cloneClientInfoPdu.infoPacket.extraInfo.clientSessionId = infoPacket.extraInfo.clientSessionId;
cloneClientInfoPdu.infoPacket.extraInfo.clientTimeZone = infoPacket.extraInfo.clientTimeZone;
cloneClientInfoPdu.infoPacket.extraInfo.performanceFlags = infoPacket.extraInfo.performanceFlags;
cloneClientInfoPdu.infoPacket.extraInfo.reserved1 = infoPacket.extraInfo.reserved1;
cloneClientInfoPdu.infoPacket.extraInfo.reserved2 = infoPacket.extraInfo.reserved2;
cloneClientInfoPdu.infoPacket.extraInfo.cbDynamicDSTTimeZoneKeyName = infoPacket.extraInfo.cbDynamicDSTTimeZoneKeyName;
if (infoPacket.extraInfo.cbDynamicDSTTimeZoneKeyName != null && infoPacket.extraInfo.cbDynamicDSTTimeZoneKeyName.actualData > 0)
{
cloneClientInfoPdu.infoPacket.extraInfo.dynamicDSTTimeZoneKeyName = (string)infoPacket.extraInfo.dynamicDSTTimeZoneKeyName.Clone();
}
cloneClientInfoPdu.infoPacket.extraInfo.dynamicDaylightTimeDisabled = infoPacket.extraInfo.dynamicDaylightTimeDisabled;
}
}
return cloneClientInfoPdu;
}
