/// <summary> /// Decode Server Shutdown Request PDU /// </summary> /// <param name="data">data to be parsed</param> /// <param name="decryptedUserData">decrypted user data to be parsed</param> /// <param name="type">security header type</param> /// <returns>decoded Shutdown Request PDU</returns> public StackPacket DecodeShutdownRequestPDU( byte[] data, byte[] decryptedUserData, SecurityHeaderType type) { Client_Shutdown_Request_Pdu pdu = new Client_Shutdown_Request_Pdu(); // current index int currentIndex = 0; // ShutdownRequestDeniedPDU: commonHeader pdu.commonHeader = ParseMcsCommonHeader(data, ref currentIndex, type); // user data index int userDataIndex = 0; // ShutdownRequestDeniedPDU: pdu.shutdownRequestPduData = ParseTsShutdownReuqestPdu(decryptedUserData, ref userDataIndex); // ETW Provider Dump Message if (pdu.commonHeader.securityHeader != null) { // RDP Standard Security string messageName = "RDPBCGR:" + pdu.GetType().Name; ExtendedLogger.DumpMessage(messageName, RdpbcgrUtility.DumpLevel_Layer3, pdu.GetType().Name, decryptedUserData); } // Check if data length exceeded expectation VerifyDataLength(decryptedUserData.Length, userDataIndex, ConstValue.ERROR_MESSAGE_DATA_LENGTH_EXCEEDED); return pdu; }
/// <summary> /// 2.2.2.1 /// </summary> /// <param name="shutdownPdu"></param> public void VerifyPdu(Client_Shutdown_Request_Pdu shutdownPdu) { if (serverConfig.encryptionMethod == EncryptionMethods.ENCRYPTION_METHOD_40BIT || serverConfig.encryptionMethod == EncryptionMethods.ENCRYPTION_METHOD_56BIT || serverConfig.encryptionMethod == EncryptionMethods.ENCRYPTION_METHOD_128BIT) { site.CaptureRequirementIfIsInstanceOfType(shutdownPdu.commonHeader.securityHeader, typeof(TS_SECURITY_HEADER1), 919, @"[In Client Shutdown Request PDU,securityHeader (variable) is a Non-FIPS Security Header (section 2.2.8.1.1.2.2)" + @" if the Encryption Method selected by the server is ENCRYPTION_METHOD_40BIT (0x00000001), ENCRYPTION_METHOD_56BIT" + @" (0x00000008), or ENCRYPTION_METHOD_128BIT (0x00000002)."); } else if (serverConfig.encryptionMethod == EncryptionMethods.ENCRYPTION_METHOD_FIPS) { site.CaptureRequirementIfIsInstanceOfType(shutdownPdu.commonHeader.securityHeader, typeof(TS_SECURITY_HEADER2), 920, @"[In Client Shutdown Request PDU,securityHeader (variable) is a FIPS Security Header (section 2.2.8.1.1.2.3) if the " + @"Encryption Method selected by the server is ENCRYPTION_METHOD_FIPS (0x00000010)."); } else if (serverConfig.encryptionMethod == EncryptionMethods.ENCRYPTION_METHOD_NONE) { site.CaptureRequirementIfIsNull(shutdownPdu.commonHeader.securityHeader, 921, @"[In Client Shutdown Request PDU,securityHeader (variable):If the Encryption Level (sections 5.3.2 and 2.2.1.4.3)" + @" selected by the server is ENCRYPTION_LEVEL_NONE (0) and the Encryption Method (sections 5.3.2 and 2.2.1.4.3) " + @"selected by the server is ENCRYPTION_METHOD_NONE (0), then this header is not included in the PDU."); } site.CaptureRequirementIfAreEqual<byte>(7, (byte)(shutdownPdu.shutdownRequestPduData.shareDataHeader.shareControlHeader.pduType.typeAndVersionLow & 0xF), 925, @"In Shutdown Request PDU Data (TS_SHUTDOWN_REQ_PDU), shareDataHeader (18 bytes): The type subfield of the pduType field" + @" of the Share Control Header (section 2.2.8.1.1.1.1) MUST be set to PDUTYPE_DATAPDU (7)."); site.CaptureRequirementIfAreEqual<pduType2_Values>(pduType2_Values.PDUTYPE2_SHUTDOWN_REQUEST, shutdownPdu.shutdownRequestPduData.shareDataHeader.pduType2, 926, @"In Shutdown Request PDU Data (TS_SHUTDOWN_REQ_PDU), shareDataHeader (18 bytes): The pduType2 field of the Share Data " + @"Header MUST be set to PDUTYPE2_SHUTDOWN_REQUEST (36)."); }
/// <summary> /// Create an instance of the class that is identical to the current PDU. /// </summary> /// <returns>The new instance.</returns> public override StackPacket Clone() { Client_Shutdown_Request_Pdu cloneShutdownPdu = new Client_Shutdown_Request_Pdu(context); cloneShutdownPdu.commonHeader = commonHeader.Clone(); cloneShutdownPdu.shutdownRequestPduData = shutdownRequestPduData; return cloneShutdownPdu; }