void recv(InStream & stream, uint16_t len) override {
this->len = len;
/* terminalDescriptor(16) + pad4octetsA(4) + desktopSaveXGranularity(2) + desktopSaveYGranularity(2) +
* pad2octetsA(2) + maximumOrderLevel(2) + numberFonts(2) + orderFlags(2) + orderSupport(NB_ORDER_SUPPORT) +
* textFlags(2) + orderSupportExFlags(2) + pad4octetsB(4) + desktopSaveSize(4) + pad2octetsC(2) +
* pad2octetsD(2) + textANSICodePage(2) + pad2octetsE(2)
*/
const unsigned expected = 32 + NB_ORDER_SUPPORT + 20;
if (!stream.in_check_rem(expected)){
LOG(LOG_ERR, "Truncated OrderCaps, need=%u remains=%zu",
expected, stream.in_remain());
throw Error(ERR_MCS_PDU_TRUNCATED);
}
stream.in_copy_bytes(this->terminalDescriptor, 16);
this->pad4octetsA = stream.in_uint32_le();
this->desktopSaveXGranularity = stream.in_uint16_le();
this->desktopSaveYGranularity = stream.in_uint16_le();
this->pad2octetsA = stream.in_uint16_le();
this->maximumOrderLevel = stream.in_uint16_le();
this->numberFonts = stream.in_uint16_le();
this->orderFlags = stream.in_uint16_le();
stream.in_copy_bytes(this->orderSupport, NB_ORDER_SUPPORT);
this->textFlags = stream.in_uint16_le();
this->orderSupportExFlags = stream.in_uint16_le();
this->pad4octetsB = stream.in_uint32_le();
this->desktopSaveSize = stream.in_uint32_le();
this->pad2octetsC = stream.in_uint16_le();
this->pad2octetsD = stream.in_uint16_le();
this->textANSICodePage = stream.in_uint16_le();
this->pad2octetsE = stream.in_uint16_le();
}
void recv(InStream & stream) {
// size_t size;
this->RespType = stream.in_uint8();
this->HiRespType = stream.in_uint8();
stream.in_skip_bytes(2);
stream.in_skip_bytes(4);
stream.in_copy_bytes(this->Timestamp, 8);
stream.in_copy_bytes(this->ClientChallenge, 8);
stream.in_skip_bytes(4);
this->AvPairList.recv(stream);
stream.in_skip_bytes(4);
}
explicit PlainNotify_Recv(InStream & stream) {
memset(Pad, 0, sizeof(Pad));
const unsigned expected = 576; // Pad(576)
if (!stream.in_check_rem(expected)) {
LOG(LOG_ERR,
"Truncated Plain Notify (data): expected=%u remains=%zu",
expected, stream.in_remain());
throw Error(ERR_RDP_DATA_TRUNCATED);
}
stream.in_copy_bytes(this->Pad, sizeof(this->Pad));
}
explicit LogonInfoVersion2_Recv(InStream & stream) :
Version(0),
Size(0),
SessionId(0),
cbDomain(0),
cbUserName(0) {
memset(Pad, 0, sizeof(Pad));
memset(Domain, 0, sizeof(Domain));
memset(UserName, 0, sizeof(UserName));
unsigned expected = 2 + // Version(2)
4 + // Size(4)
4 + // SessionId(4)
4 + // cbDomain(4)
4 + // cbUserName(4)
558; // Pad(558)
if (!stream.in_check_rem(expected)) {
LOG(LOG_ERR,
"Truncated Logon Info Version 2 (data): expected=%u remains=%zu",
expected, stream.in_remain());
throw Error(ERR_RDP_DATA_TRUNCATED);
}
this->Version = stream.in_uint16_le();
this->Size = stream.in_uint32_le();
this->SessionId = stream.in_uint32_le();
this->cbDomain = stream.in_uint32_le();
this->cbUserName = stream.in_uint32_le();
stream.in_copy_bytes(this->Pad, sizeof(this->Pad));
expected = this->cbDomain +
this->cbUserName; // SessionId(4)
if (!stream.in_check_rem(expected)) {
LOG(LOG_ERR,
"Truncated Logon Info Version 2 (data): expected=%u remains=%zu",
expected, stream.in_remain());
throw Error(ERR_RDP_DATA_TRUNCATED);
}
stream.in_uni_to_ascii_str(this->Domain, this->cbDomain,
sizeof(this->Domain));
stream.in_uni_to_ascii_str(this->UserName, this->cbUserName,
sizeof(this->UserName));
LOG(LOG_INFO,
"Logon Info Version 2 (data): Domain=\"%s\" UserName=\"%s\" SessionId=%d",
this->Domain, this->UserName, this->SessionId);
} // LogonInfoVersion2_Recv(InStream & stream)
void do_recv(char ** pbuffer, size_t len) override {
size_t total_len = 0;
while (total_len < len){
size_t remaining = in_stream.in_remain();
if (remaining >= (len - total_len)){
in_stream.in_copy_bytes(*pbuffer + total_len, len - total_len);
*pbuffer += len;
return;
}
in_stream.in_copy_bytes(*pbuffer + total_len, remaining);
total_len += remaining;
switch (this->chunk_type){
case PARTIAL_IMAGE_CHUNK:
{
const size_t header_sz = 8;
char header_buf[header_sz];
InStream header(header_buf);
auto * p = header_buf;
this->trans->recv(&p, header_sz);
this->chunk_type = header.in_uint16_le();
this->chunk_size = header.in_uint32_le();
this->chunk_count = header.in_uint16_le();
this->in_stream = InStream(this->buf, this->chunk_size - 8);
p = this->buf;
this->trans->recv(&p, this->chunk_size - 8);
}
break;
case LAST_IMAGE_CHUNK:
LOG(LOG_ERR, "Failed to read embedded image from WRM (transport closed)");
throw Error(ERR_TRANSPORT_NO_MORE_DATA);
default:
LOG(LOG_ERR, "Failed to read embedded image from WRM");
throw Error(ERR_TRANSPORT_READ_FAILED);
}
}
}
void recv(InStream & stream) {
uint8_t const * pBegin = stream.get_current();
bool res;
res = this->message.recv(stream);
if (!res) {
LOG(LOG_ERR, "INVALID MSG RECEIVED type: %u", this->message.msgType);
}
this->LmChallengeResponse.recv(stream);
this->NtChallengeResponse.recv(stream);
this->DomainName.recv(stream);
this->UserName.recv(stream);
this->Workstation.recv(stream);
this->EncryptedRandomSessionKey.recv(stream);
this->negoFlags.recv(stream);
if (this->negoFlags.flags & NTLMSSP_NEGOTIATE_VERSION) {
this->version.recv(stream);
}
uint32_t min_offset = this->LmChallengeResponse.bufferOffset;
if (this->NtChallengeResponse.bufferOffset < min_offset)
min_offset = this->NtChallengeResponse.bufferOffset;
if (this->DomainName.bufferOffset < min_offset)
min_offset = this->DomainName.bufferOffset;
if (this->UserName.bufferOffset < min_offset)
min_offset = this->UserName.bufferOffset;
if (this->Workstation.bufferOffset < min_offset)
min_offset = this->Workstation.bufferOffset;
if (this->EncryptedRandomSessionKey.bufferOffset < min_offset)
min_offset = this->EncryptedRandomSessionKey.bufferOffset;
if (min_offset + pBegin > stream.get_current()) {
this->has_mic = true;
stream.in_copy_bytes(this->MIC, 16);
}
else {
this->has_mic = false;
}
// PAYLOAD
this->LmChallengeResponse.read_payload(stream, pBegin);
this->NtChallengeResponse.read_payload(stream, pBegin);
this->DomainName.read_payload(stream, pBegin);
this->UserName.read_payload(stream, pBegin);
this->Workstation.read_payload(stream, pBegin);
this->EncryptedRandomSessionKey.read_payload(stream, pBegin);
}
void recv(InStream & stream) {
stream.in_copy_bytes(this->Response, 16);
this->Challenge.recv(stream);
}
void recv(InStream & stream) {
stream.in_copy_bytes(this->Response, 16);
stream.in_copy_bytes(this->ClientChallenge, 8);
}