1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
|
---
-- TN3270 Emulator Library
--
-- Summary
-- * This library implements an RFC 1576 and 2355 (somewhat) compliant TN3270 emulator.
--
-- The library consists of one class <code>Telnet</code> consisting of multiple
-- functions required for initiating a TN3270 connection.
--
-- The following sample code illustrates how scripts can use this class
-- to interface with a mainframe:
--
-- <code>
-- mainframe = Telnet:new()
-- status, err = mainframe:initiate(host, port)
-- status, err = mainframe:send_cursor("LOGON APPLID(TSO)")
-- mainframe:get_data()
-- curr_screen = mainframe:get_screen()
-- status, err = mainframe:disconnect()
-- </code>
--
-- The implementation is based on packet dumps, x3270, the excellent decoding
-- provided by Wireshark and the Data Stream Programmers Reference (Dec 88)
local stdnse = require "stdnse"
local drda = require "drda" -- We only need this to decode EBCDIC
local comm = require "comm"
local math = require "math"
local nmap = require "nmap"
local string = require "string"
local table = require "table"
_ENV = stdnse.module("tn3270", stdnse.seeall)
Telnet = {
--__index = Telnet,
commands = {
SE = "\240", -- End of subnegotiation parameters
SB = "\250", -- Sub-option to follow
WILL = "\251", -- Will; request or confirm option begin
WONT = "\252", -- Wont; deny option request
DO = "\253", -- Do = Request or confirm remote option
DONT = "\254", -- Don't = Demand or confirm option halt
IAC = "\255", -- Interpret as Command
SEND = "\001", -- Sub-process negotiation SEND command
IS = "\000", -- Sub-process negotiation IS command
EOR = "\239"
},
tncommands = {
ASSOCIATE = "\000",
CONNECT = "\001",
DEVICETYPE = "\002",
FUNCTIONS = "\003",
IS = "\004",
REASON = "\005",
REJECT = "\006",
REQUEST = "\007",
RESPONSES = "\002",
SEND = "\008",
EOR = "\239"
},
-- Thesse are the options we accept for telnet
options = {
BINARY = "\000",
EOR = "\025",
TTYPE = "\024",
TN3270 = "\028",
TN3270E = "\040"
},
command = {
EAU = "\015",
EW = "\005",
EWA = "\013",
RB = "\002",
RM = "\006",
RMA = "",
W = "\001",
WSF = "\017",
NOP = "\003",
SNS = "\004",
SNSID = "\228"
},
sna_command ={
RMA = "\110",
EAU = "\111",
EWA = "\126",
W = "\241",
RB = "\242",
WSF = "\243",
EW = "\245",
NOP = "\003",
RM = "\246"
},
orders = {
SF = "\029",
SFE = "\041",
SBA = "\017",
SA = "\040",
MF = "\044",
IC = "\019",
PT = "\005",
RA = "\060",
EUA = "\018",
GE = "\008"
},
fcorders = {
NUL = "\000",
SUB = "\063",
DUP = "\028",
FM = "\030",
FF = "\012",
CR = "\013",
NL = "\021",
EM = "\025",
EO = "\255"
},
aids = {
NO = 0x60, -- no aid
QREPLY = 0x61, -- reply
ENTER = 0x7d, -- enter
PF1 = 0xf1,
PF2 = 0xf2,
PF3 = 0xf3,
PF4 = 0xf4,
PF5 = 0xf5,
PF6 = 0xf6,
PF7 = 0xf7,
PF8 = 0xf8,
PF9 = 0xf9,
PF10 = 0x7a,
PF11 = 0x7b,
PF12 = 0x7c,
PF13 = 0xc1,
PF14 = 0xc2,
PF15 = 0xc3,
PF16 = 0xc4,
PF17 = 0xc5,
PF18 = 0xc6,
PF19 = 0xc7,
PF20 = 0xc8,
PF21 = 0xc9,
PF22 = 0x4a,
PF23 = 0x4b,
PF24 = 0x4c,
OICR = 0xe6,
MSR_MHS = 0xe7,
SELECT = 0x7e,
PA1 = 0x6c,
PA2 = 0x6e,
PA3 = 0x6b,
CLEAR = 0x6d,
SYSREQ = 0xf0
},
-- used to translate buffer addresses
code_table = {
0x40, 0xC1, 0xC2, 0xC3, 0xC4, 0xC5, 0xC6, 0xC7,
0xC8, 0xC9, 0x4A, 0x4B, 0x4C, 0x4D, 0x4E, 0x4F,
0x50, 0xD1, 0xD2, 0xD3, 0xD4, 0xD5, 0xD6, 0xD7,
0xD8, 0xD9, 0x5A, 0x5B, 0x5C, 0x5D, 0x5E, 0x5F,
0x60, 0x61, 0xE2, 0xE3, 0xE4, 0xE5, 0xE6, 0xE7,
0xE8, 0xE9, 0x6A, 0x6B, 0x6C, 0x6D, 0x6E, 0x6F,
0xF0, 0xF1, 0xF2, 0xF3, 0xF4, 0xF5, 0xF6, 0xF7,
0xF8, 0xF9, 0x7A, 0x7B, 0x7C, 0x7D, 0x7E, 0x7F
},
-- Variables used for Telnet Negotiation and data buffers
word_state = { "Negotiating", "Connected", "TN3270 mode", "TN3270E mode"},
NEGOTIATING = 1,
CONNECTED = 2,
TN3270_DATA = 3,
TN3270E_DATA = 4,
device_type = "IBM-3278-2",
-- TN3270E Header variables
tn3270_header = {
data_type = '',
request_flag = '',
response_flag = '',
seq_number = ''
},
-- TN3270 Datatream Processing flags
NO_OUTPUT = 0,
OUTPUT = 1,
BAD_COMMAND = 2,
BAD_ADDRESS = 3,
NO_AID = 0x60,
aid = 0x60, -- initial Attention Identifier is No AID
-- Header response flags.
NO_RESPONSE = 0x00,
ERROR_RESPONSE = 0x01,
ALWAYS_RESPONSE = 0x02,
POSITIVE_RESPONSE = 0x00,
NEGATIVE_RESPONSE = 0x01,
-- Header data type names.
DT_3270_DATA = 0x00,
DT_SCS_DATA = 0x01,
DT_RESPONSE = 0x02,
DT_BIND_IMAGE = 0x03,
DT_UNBIND = 0x04,
DT_NVT_DATA = 0x05,
DT_REQUEST = 0x06,
DT_SSCP_LU_DATA = 0x07,
DT_PRINT_EOJ = 0x08,
-- Header response data.
POS_DEVICE_END = 0x00,
NEG_COMMAND_REJECT = 0x00,
NEG_INTERVENTION_REQUIRED = 0x01,
NEG_OPERATION_CHECK = 0x02,
NEG_COMPONENT_DISCONNECTED = 0x03,
-- TN3270E Negotiation Options
TN3270E_ASSOCIATE = 0x00,
TN3270E_CONNECT = 0x01,
TN3270E_DEVICE_TYPE = 0x02,
TN3270E_FUNCTIONS = 0x03,
TN3270E_IS = 0x04,
TN3270E_REASON = 0x05,
TN3270E_REJECT = 0x06,
TN3270E_REQUEST = 0x07,
TN3270E_SEND = 0x08,
-- SFE Attributes
SFE_3270 = "192",
order_max = "\063", -- tn3270 orders can't be greater than 0x3F
COLS = 80, -- hardcoded width.
ROWS = 24, -- hardcoded rows. We only support 3270 model 2 which was 24x80.
buffer_addr = 1,
cursor_addr = 1,
isSSL = true,
--- Creates a new TN3270 Client object
new = function(self, socket)
local o = {
socket = socket or nmap.new_socket(),
-- TN3270 Buffers
buffer = {},
fa_buffer = {},
output_buffer = {},
overwrite_buf = {},
telnet_state = 0, -- same as TNS_DATA to begin with
server_options = {},
client_options = {},
unsupported_opts = {},
sb_options = '',
connected_lu = '',
connected_dtype= '',
telnet_data = '',
tn_buffer = '',
negotiated = false,
first_screen = false,
state = 0,
buffer_address = 1,
formatted = false,
}
setmetatable(o, self)
self.__index = self
return o
end,
--- Connects to a tn3270 servers
connect = function ( self, host, port )
local TN_PROTOCOLS = { "ssl", "tcp" }
local status, err
if not self.isSSL then
status, err = self.socket:connect(host, port, 'tcp')
local proto = 'tcp'
if status then
TN_PROTOCOLS = {proto}
return true
end
else
for _, proto in pairs(TN_PROTOCOLS) do
status, err = self.socket:connect(host, port, proto)
if status then
TN_PROTOCOLS = {proto}
return true
end
stdnse.debug(3,"Can't connect using %s: %s", proto, err)
end
end
self.socket:close()
return false, err
end,
disconnect = function ( self )
stdnse.debug(2,"Disconnecting")
return self.socket:close()
end,
recv_data = function ( self )
return self.socket:receive()
end,
close = function ( self )
return self.socket:close()
end,
send_data = function ( self, data )
stdnse.debug(2, "Sending data: 0x%s", stdnse.tohex(data))
return self.socket:send( data )
end,
------------- End networking functions
-- TN3270 Helper functions
-----------
--- Decode Buffer Address
--
-- Buffer addresses can come in 14 or 12 (this terminal doesn't support 16 bit)
-- this function takes two bytes (buffer addresses are two bytes long) and returns
-- the decoded buffer address.
-- @param1 unsigned char, first byte of buffer address.
-- @param2 unsigned char, second byte of buffer address.
-- @return integer of buffer address
DECODE_BADDR = function ( byte1, byte2 )
if (byte1 & 0xC0) == 0 then
-- (byte1 & 0x3F) << 8 | byte2
return (((byte1 & 0x3F) << 8) | byte2)
else
-- (byte1 & 0x3F) << 6 | (byte2 & 0x3F)
return (((byte1 & 0x3F) << 6) | (byte2 & 0x3F))
end
end,
--- Encode Buffer Address
--
-- @param integer buffer address
-- @return TN3270 encoded buffer address (12 bit) as string
ENCODE_BADDR = function ( self, address )
stdnse.debug(3, "Encoding Address: %s", address)
return string.pack("BB",
-- (address >> 8) & 0x3F
-- we need the +1 because LUA tables start at 1 (yay!)
self.code_table[((address >> 6) & 0x3F)+1],
-- address & 0x3F
self.code_table[(address & 0x3F)+1]
)
end,
BA_TO_ROW = function ( self, addr )
return math.ceil((addr / self.COLS) + 0.5)
end,
BA_TO_COL = function ( self, addr )
return addr % self.COLS
end,
INC_BUF_ADDR = function ( self, addr )
return ((addr + 1) % (self.COLS * self.ROWS))
end,
DEC_BUF_ADDR = function ( self, addr )
return ((addr + 1) % (self.COLS * self.ROWS))
end,
--- Initiates tn3270 connection
initiate = function ( self, host, port )
local status = true
--local status, err = self:connect(host , port)
local opts = {recv_before = true}
self.socket, self.telnet_data = comm.tryssl(host, port, '', opts)
if ( not(self.socket) ) then
return false, self.telnet_data
end
-- clear out options buffers
self.client_options = {}
self.server_options = {}
self.state = self.NEGOTIATING
self.first_screen = false
self:process_packets() -- process the first batch of information
-- then loop through until we're done negotiating telnet/tn3270 options
while not self.first_screen and status do
status, self.telnet_data = self:recv_data()
self:process_packets()
end
return status
end,
--- rebuilds tn3270 screen based on information sent
-- Closes the socket if the mainframe has closed the socket on us
-- Is done reading when it encounters EOR
get_data = function ( self )
local status = true
self.first_screen = false
while not self.first_screen and status do
status, self.telnet_data = self:recv_data()
self:process_packets()
end
if not status then
self:disconnect()
end
return status
end,
get_all_data = function ( self, timeout )
if timeout == nil then
timeout = 200
end
local status = true
self.first_screen = false
self.socket:set_timeout(timeout)
while status do
status, self.telnet_data = self:recv_data()
if self.telnet_data ~= "TIMEOUT" then
self:process_packets()
end
end
self.socket:set_timeout(3000)
return status
end,
process_packets = function ( self )
for i = 1,#self.telnet_data,1 do
self:ts_processor(self.telnet_data:sub(i,i))
end
-- once all the data has been processed we clear out the buffer
self.telnet_data = ''
end,
--- Disable SSL
-- by default the tn3270 object uses SSL first. This disables SSL
disableSSL = function (self)
stdnse.debug(2,"Disabling SSL connections")
self.isSSL = false
end,
--- Telnet State processor
--
-- @return true if success false if encoutered any issues
ts_processor = function ( self, data )
local TNS_DATA = 0
local TNS_IAC = 1
local TNS_WILL = 2
local TNS_WONT = 3
local TNS_DO = 4
local TNS_DONT = 5
local TNS_SB = 6
local TNS_SB_IAC = 7
local supported = false
local DO_reply = self.commands.IAC .. self.commands.DO
local DONT_reply = self.commands.IAC .. self.commands.DONT
local WILL_reply = self.commands.IAC .. self.commands.WILL
local WONT_reply = self.commands.IAC .. self.commands.WONT
--nsedebug.print_hex(data)
--stdnse.debug(3,"current state:%s", self.telnet_state)
if self.telnet_state == TNS_DATA then
if data == self.commands.IAC then
-- got an IAC
self.telnet_state = TNS_IAC
return true
end
-- stdnse.debug("Adding 0x%s to Data Buffer", stdnse.tohex(data))
self:store3270(data)
elseif self.telnet_state == TNS_IAC then
if data == self.commands.IAC then
-- insert this 0xFF in to the buffer
self:store3270(data)
self.telnet_state = TNS_DATA
elseif data == self.commands.EOR then
-- we're at the end of the TN3270 data
-- let's process it and see what we've got
-- but only if we're in 3270 mode
if self.state == self.TN3270_DATA or self.state == self.TN3270E_DATA then
self:process_data()
end
self.telnet_state = TNS_DATA
elseif data == self.commands.WILL then self.telnet_state = TNS_WILL
elseif data == self.commands.WONT then self.telnet_state = TNS_WONT
elseif data == self.commands.DO then self.telnet_state = TNS_DO
elseif data == self.commands.DONT then self.telnet_state = TNS_DONT
elseif data == self.commands.SB then self.telnet_state = TNS_SB
end
elseif self.telnet_state == TNS_WILL then
stdnse.debug(3, "[TELNET] IAC WILL 0x%s?", stdnse.tohex(data))
for _,v in pairs(self.options) do -- check to see if we support this sub option (SB)
if v == data then
stdnse.debug(3, "[TELNET] IAC DO 0x%s", stdnse.tohex(data))
supported = true
break
end
end -- end of checking options
for _,v in pairs(self.unsupported_opts) do
if v == data then
stdnse.debug(3, "[TELNET] IAC DONT 0x%s (disabled)", stdnse.tohex(data))
supported = false
end
end
if supported then
if not self.server_options[data] then -- if we haven't already replied to this, let's reply
self.server_options[data] = true
self:send_data(DO_reply..data)
stdnse.debug(3, "[TELNET] Sent Will Reply: 0x%s", stdnse.tohex(data))
self:in3270()
end
else
self:send_data(DONT_reply..data)
stdnse.debug(3, "[TELNET] Sent Don't Reply: 0x%s", stdnse.tohex(data))
end
self.telnet_state = TNS_DATA
elseif self.telnet_state == TNS_WONT then
if self.server_options[data] then
self.server_options[data] = false
self:send_data(DONT_reply..data)
stdnse.debug(3, "[TELNET] Sent Don't Reply: 0x%s", stdnse.tohex(data))
self:in3270()
end
self.telnet_state = TNS_DATA
elseif self.telnet_state == TNS_DO then
stdnse.debug(3, "[TELNET] IAC DO 0x%s?", stdnse.tohex(data))
for _,v in pairs(self.options) do -- check to see if we support this sub option (SB)
if v == data then
stdnse.debug(3, "[TELNET] IAC WILL 0x%s", stdnse.tohex(data))
supported = true
break
end
end -- end of checking options
for _,v in pairs(self.unsupported_opts) do
if v == data then
stdnse.debug(3, "[TELNET] IAC WONT 0x%s (disabled)", stdnse.tohex(data))
supported = false
end
end
if supported then
if not self.client_options[data] then
self.client_options[data] = true
self:send_data(WILL_reply..data)
stdnse.debug(3, "[TELNET] Sent Do Reply: 0x%s" , stdnse.tohex(data))
self:in3270()
end
else
self:send_data(WONT_reply..data)
stdnse.debug(3, "[TELNET] Got unsupported Do. Sent Won't Reply: %s %s", data, self.telnet_data)
end
self.telnet_state = TNS_DATA
elseif self.telnet_state == TNS_DONT then
if self.client_options[data] then
self.client_options[data] = false
self:send_data(WONT_reply .. data)
stdnse.debug(3, "[TELNET] Sent Wont Reply: 0x%s", stdnse.tohex(data))
self:in3270()
end
self.telnet_state = TNS_DATA
elseif self.telnet_state == TNS_SB then
if data == self.commands.IAC then
self.telnet_state = TNS_SB_IAC
else
self.sb_options = self.sb_options .. data
end
elseif self.telnet_state == TNS_SB_IAC then
stdnse.debug(3, "[TELNET] Processing SB options")
-- self.sb_options = self.sb_options .. data -- looks like this is a bug? Why append F0 to the end?
if data == self.commands.SE then
self.telnet_state = TNS_DATA
if self.sb_options:sub(1,1) == self.options.TTYPE and
self.sb_options:sub(2,2) == self.commands.SEND then
self:send_data(self.commands.IAC ..
self.commands.SB ..
self.options.TTYPE ..
self.commands.IS ..
self.device_type ..
self.commands.IAC ..
self.commands.SE )
elseif (self.client_options[self.options.TN3270] or self.client_options[self.options.TN3270E]) and
(self.sb_options:sub(1,1) == self.options.TN3270 or
self.sb_options:sub(1,1) == self.options.TN3270E) then
if not self:negotiate_tn3270() then
return false
end
stdnse.debug(3, "[TELNET] Done Negotiating Options")
else
self.telnet_state = TNS_DATA
end
self.sb_options = ''
end
--self.sb_options = ''
end -- end of makeshift switch/case
return true
end,
--- Stores a character on a buffer to be processed
--
store3270 = function ( self, char )
self.tn_buffer = self.tn_buffer .. char
end,
--- Function to negotiate TN3270 sub options
negotiate_tn3270 = function ( self )
stdnse.debug(3, "[TN3270] Processing tn data subnegotiation options ")
local option = self.sb_options:sub(2,2)
-- stdnse.debug("[TN3270E] We got this: 0x%s", stdnse.tohex(option))
if option == self.tncommands.SEND then
if self.sb_options:sub(3,3) == self.tncommands.DEVICETYPE then
if self.connected_lu == '' then
self:send_data(self.commands.IAC ..
self.commands.SB ..
self.options.TN3270E ..
self.tncommands.DEVICETYPE ..
self.tncommands.REQUEST ..
self.device_type ..
self.commands.IAC ..
self.commands.SE )
else
stdnse.debug(3,"[TN3270] Sending LU: %s", self.connected_lu)
self:send_data(self.commands.IAC ..
self.commands.SB ..
self.options.TN3270E ..
self.tncommands.DEVICETYPE ..
self.tncommands.REQUEST ..
self.device_type ..
self.tncommands.CONNECT ..
self.connected_lu ..
self.commands.IAC ..
self.commands.SE )
end
else
stdnse.debug(3,"[TN3270] Received TN3270 Send but not device type. Weird.")
return false
end
elseif option == self.tncommands.DEVICETYPE then -- Mainframe is confirming device type. Good!
if self.sb_options:sub(3,3) == self.tncommands.REJECT then
-- Welp our LU request failed, shut it down
stdnse.debug(3,"[TN3270] Received TN3270 REJECT.")
return false
elseif self.sb_options:sub(3,3) == self.tncommands.IS then
local tn_loc = 1
while self.sb_options:sub(4+tn_loc,4+tn_loc) ~= self.commands.SE and
self.sb_options:sub(4+tn_loc,4+tn_loc) ~= self.tncommands.CONNECT do
tn_loc = tn_loc + 1
end
--XXX Unused variable??? Should this be tn_loc?
-- local sn_loc = 1
if self.sb_options:sub(4+tn_loc,4+tn_loc) == self.tncommands.CONNECT then
self.connected_lu = self.sb_options:sub(5+tn_loc, #self.sb_options)
self.connected_dtype = self.sb_options:sub(4,3+tn_loc)
stdnse.debug(3,"[TN3270] Current LU: %s", self.connected_lu)
end
-- since We've connected lets send our options
self:send_data(self.commands.IAC ..
self.commands.SB ..
self.options.TN3270E ..
self.tncommands.FUNCTIONS ..
self.tncommands.REQUEST ..
--self.tncommands.RESPONSES .. -- we'll only support basic 3270E mode
self.commands.IAC ..
self.commands.SE )
end
elseif option == self.tncommands.FUNCTIONS then
if self.sb_options:sub(3,3) == self.tncommands.IS then
-- they accepted the function request, lets move on
self.negotiated = true
stdnse.debug(3,"[TN3270] Option Negotiation Done!")
self:in3270()
elseif self.sb_options:sub(3,3) == self.tncommands.REQUEST then
-- dummy functions for now. Our client doesn't have any
-- functions really but we'll agree to whatever they want
self:send_data(self.commands.IAC ..
self.commands.SB ..
self.options.TN3270E ..
self.tncommands.FUNCTIONS ..
self.tncommands.IS ..
self.sb_options:sub(4,4) ..
self.commands.IAC ..
self.commands.SE )
self.negotiated = true
self:in3270()
end
end
return true
end,
--- Check to see if we're in TN3270
in3270 = function ( self )
if self.client_options[self.options.TN3270E] then
stdnse.debug(3,"[in3270] In TN3270E mode")
if self.negotiated then
stdnse.debug(3,"[in3270] TN3270E negotiated")
self.state = self.TN3270E_DATA
end
elseif self.client_options[self.options.EOR] and
self.client_options[self.options.BINARY] and
self.client_options[self.options.EOR] and
self.client_options[self.options.BINARY] and
self.client_options[self.options.TTYPE] then
stdnse.debug(3,"[in3270] In TN3270 mode")
self.state = self.TN3270_DATA
end
if self.state == self.TN3270_DATA or self.state == self.TN3270E_DATA then
-- since we're in TN3270 mode, let's create an empty buffer
stdnse.debug(3, "[in3270] Creating Empty IBM-3278-2 Buffer")
for i=0, 1920 do
self.buffer[i] = "\0"
self.fa_buffer[i] = "\0"
self.overwrite_buf[i] = "\0"
end
stdnse.debug(3, "[in3270] Empty Buffer Created. Length: %d", #self.buffer)
end
stdnse.debug(3,"[in3270] Current State: %s", self.word_state[self.state])
end,
--- Also known as process_eor
process_data = function ( self )
local reply = 0
stdnse.debug(3,"Processing TN3270 Data")
if self.state == self.TN3270E_DATA then
stdnse.debug(3,"[TN3270E] Processing TN3270 Data header: %s", stdnse.tohex(self.tn_buffer:sub(1,5)))
self.tn3270_header.data_type = self.tn_buffer:sub(1,1)
self.tn3270_header.request_flag = self.tn_buffer:sub(2,2)
self.tn3270_header.response_flag = self.tn_buffer:sub(3,3)
self.tn3270_header.seq_number = self.tn_buffer:sub(4,5)
if self.tn3270_header.data_type == "\000" then
reply = self:process_3270(self.tn_buffer:sub(6))
stdnse.debug(3,"[TN3270E] Reply: %s", reply)
end
if reply < 0 and self.tn3270_header.request_flag ~= self.TN3270E_RSF_NO_RESPONSE then
self:tn3270e_nak(reply)
elseif reply == self.NO_OUTPUT and
self.tn3270_header.request_flag == self.ALWAYS_RESPONSE then
self:tn3270e_ack()
end
else
self:process_3270(self.tn_buffer)
end
-- nsedebug.print_hex(self.tn_buffer)
self.tn_buffer = ''
return true
end,
tn3270e_nak = function ( self, reply )
local neg = ""
if reply == self.BAD_COMMAND then
neg = self.NEG_COMMAND_REJECT
elseif reply == self.BAD_ADDRESS then
neg = self.NEG_OPERATION_CHECK
end
-- build the TN3270E nak reply header
local reply_buf = string.pack("BBB c2",
self.DT_RESPONSE, -- type
0, -- request
self.NEGATIVE_RESPONSE, -- response
-- because this is telnet we gotta double up 0xFF chars
self.tn3270_header.seq_number:sub(1,2):gsub(self.commands.IAC, self.commands.IAC:rep(2))
) .. neg .. self.commands.IAC .. self.commands.EOR
-- now send the whole thing
self:send_data(reply_buf)
end,
tn3270e_ack = function ( self )
-- build the TN3270E ack reply header
local reply_buf = string.pack("BBB c2",
self.DT_RESPONSE, -- type
0, -- request
self.POSITIVE_RESPONSE, -- response
-- because this is telnet we gotta double up 0xFF chars
self.tn3270_header.seq_number:sub(1,2):gsub(self.commands.IAC, self.commands.IAC:rep(2))
) .. self.POS_DEVICE_END .. self.commands.IAC .. self.commands.EOR
-- now send the whole package
self:send_data(reply_buf)
end,
clear_screen = function ( self )
self.buffer_address = 1
for i=1,1920,1 do
self.buffer[i] = "\0"
self.fa_buffer[i] = "\0"
end
end,
clear_unprotected = function ( self )
-- we don't support protect vs unprotected (yet)
-- this function is a stub for now
end,
process_3270 = function ( self, data )
-- the first byte will be the command we have to follow
local com = data:sub(1,1)
stdnse.debug(3, "[PROCESS 3270] Value Received: 0x%s", stdnse.tohex(com))
if com == self.command.EAU then
stdnse.debug(3,"TN3270 Command: Erase All Unprotected")
self:clear_unprotected()
return self.NO_OUTPUT
elseif com == self.command.EWA or com == self.sna_command.EWA or
com == self.command.EW or com == self.sna_command.EW then
stdnse.debug(3,"TN3270 Command: Erase Write (Alternate)")
self:clear_screen()
self:process_write(data) -- so far should only return No Output
return self.NO_OUTPUT
elseif com == self.command.W or com == self.sna_command.W then
stdnse.debug(3,"TN3270 Command: Write")
self:process_write(data)
elseif com == self.command.RB or com == self.sna_command.RB then
stdnse.debug(3,"TN3270 Command: Read Buffer")
self:process_read()
return self.OUTPUT
elseif com == self.command.RM or com == self.sna_command.RM or
com == self.command.RMA or com == self.sna_command.RMA then
stdnse.debug(3,"TN3270 Command: Read Modified (All)")
--XXX What is read_modified? What is aid?
--self:read_modified(aid)
--return self.OUTPUT
stdnse.debug1("UNIMPLEMENTED TN3270 Command: Read Modified (All)")
return self.BAD_COMMAND
elseif com == self.command.WSF or com == self.sna_command.WSF then
stdnse.debug(3,"TN3270 Command: Write Structured Field")
return self:w_structured_field(data)
elseif com == self.command.NOP or com == self.sna_command.NOP then
stdnse.debug(3,"TN3270 Command: No OP (NOP)")
return self.NO_OUTPUT
else
stdnse.debug(3,"Unknown 3270 Data Stream command: 0x%s", stdnse.tohex(com))
return self.BAD_COMMAND
end
return 1 -- we may sometimes enter a state where we have nothing which is fine
end,
--- WCC / tn3270 data stream processor
--
-- @param tn3270 data stream
-- @return status true on success, false on failure
-- @return changes self.buffer to match requested changes
process_write = function ( self, data )
stdnse.debug(3, "Processing TN3270 Write Command")
local prev = ''
local cp = ''
local num_attr = 0
local last_cmd = false
local i = 2 -- skip SF to get WCC
if (data:byte(i) & 0x40) == 0x40 then
stdnse.debug(3,"[WCC] Reset")
end
if (data:byte(i) & 0x02) == 0x02 then
stdnse.debug(3,"[WCC] Restore")
end
i = 3 -- skip the SF and the WCC.
while i <= #data do
cp = data:sub(i,i)
stdnse.debug(4,"Current Position: %d of %d", i, #data)
stdnse.debug(4,"Current Item: %s", stdnse.tohex(cp))
-- yay! lua has no switch statement
if cp == self.orders.SF then
stdnse.debug(4,"Start Field")
prev = 'ORDER'
last_cmd = true
i = i + 1 -- skip SF
stdnse.debug(4,"Writing Zero to buffer at address: %s", self.buffer_address)
stdnse.debug(4,"Attribute Type: 0x%s", stdnse.tohex(data:sub(i,i)))
self:write_field_attribute(data:sub(i,i))
self:write_char("\00")
self.buffer_address = self:INC_BUF_ADDR(self.buffer_address)
-- set the current position one ahead (after SF)
i = i + 1
elseif cp == self.orders.SFE then
stdnse.debug(4,"Start Field Extended")
i = i + 1 -- skip SFE
num_attr = data:byte(i)
stdnse.debug(4,"Number of Attributes: %d", num_attr)
for j = 1,num_attr do
i = i + 1
if data:byte(i) == 0xc0 then
stdnse.debug(4,"Writing Zero to buffer at address: %s", self.buffer_address)
stdnse.debug(4,"Attribute Type: 0x%s", stdnse.tohex(data:sub(i,i)))
self:write_char("\00")
self:write_field_attribute(data:sub(i,i))
end
i = i + 1
end
i = i + 1
self.buffer_address = self:INC_BUF_ADDR(self.buffer_address)
elseif cp == self.orders.SBA then
stdnse.debug(4,"Set Buffer Address (SBA) 0x11")
self.buffer_address = self.DECODE_BADDR(data:byte(i+1), data:byte(i+2))
stdnse.debug(4,"Buffer Address: %s", self.buffer_address)
stdnse.debug(4,"Row: %s", self:BA_TO_ROW(self.buffer_address))
stdnse.debug(4,"Col: %s", self:BA_TO_COL(self.buffer_address))
last_cmd = true
prev = 'SBA'
-- the current position is SBA, the next two bytes are the lengths
i = i + 3
stdnse.debug(4,"Next Command: %s", stdnse.tohex(data:sub(i,i)))
elseif cp == self.orders.IC then -- Insert Cursor
stdnse.debug(4,"Insert Cursor (IC) 0x13")
stdnse.debug(4,"Current Cursor Address: %s", self.cursor_addr)
stdnse.debug(4,"Buffer Address: %s", self.buffer_address)
stdnse.debug(4,"Row: %s", self:BA_TO_ROW(self.buffer_address))
stdnse.debug(4,"Col: %s", self:BA_TO_COL(self.buffer_address))
prev = 'ORDER'
self.cursor_addr = self.buffer_address
last_cmd = true
i = i + 1
elseif cp == self.orders.RA then
-- Repeat address repeats whatever the next char is after the two byte buffer address
-- There's all kinds of weird GE stuff we could do, but not now. Maybe in future vers
stdnse.debug(4,"Repeat to Address (RA) 0x3C")
local ra_baddr = self.DECODE_BADDR(data:byte(i+1), data:byte(i+2))
stdnse.debug(4,"Repeat Character: %s", stdnse.tohex(data:sub(i+1,i+2)))
stdnse.debug(4,"Repeat to this Address: %s", ra_baddr)
stdnse.debug(4,"Current Address: %s", self.buffer_address)
prev = 'ORDER'
--char_code = data:sub(i+3,i+3)
i = i + 3
local char_to_repeat = data:sub(i,i)
stdnse.debug(4,"Repeat Character: %s", stdnse.tohex(char_to_repeat))
while (self.buffer_address ~= ra_baddr) do
self:write_char(char_to_repeat)
self.buffer_address = self:INC_BUF_ADDR(self.buffer_address)
end
elseif cp == self.orders.EUA then
stdnse.debug(4,"Erase Unprotected All (EAU) 0x12")
local eua_baddr = self.DECODE_BADDR(data:byte(i+1), data:byte(i+2))
i = i + 3
stdnse.debug(4,"EAU to this Address: %s", eua_baddr)
stdnse.debug(4,"Current Address: %s", self.buffer_address)
while (self.buffer_address ~= eua_baddr) do
-- do nothing for now. this feature isn't supported/required at the moment
self.buffer_address = self:INC_BUF_ADDR(self.buffer_address)
--stdnse.debug(3,"Current Address: %s", self.buffer_address)
--stdnse.debug(3,"EAU to this Address: %s", eua_baddr)
end
elseif cp == self.orders.GE then
stdnse.debug(4,"Graphical Escape (GE) 0x08")
prev = 'ORDER'
i = i + 1 -- move to next byte
local ge_char = data:sub(i,i)
self:write_char(self, ge_char)
self.buffer_address = self:INC_BUF_ADDR(self.buffer_address)
elseif cp == self.orders.MF then
-- MotherFucker, lol!
-- or mainframe maybe
-- we don't actually have 'fields' at this point
-- so there's nothing to be modified
stdnse.debug(4,"Modify Field (MF) 0x2C")
prev = 'ORDER'
i = i + 1
local num_attr = tonumber(data:sub(i,i))
for j = 1, num_attr, 1 do
-- placeholder in case we need to do something here
stdnse.debug(4,"Set Attribute (MF) 0x2C")
i = i + 1
end
self.buffer_address = self:INC_BUF_ADDR(self.buffer_address)
elseif cp == self.orders.SA then
-- We'll add alerting here to identify hidden field
-- but for now we're doing NOTHING
i = i + 1
elseif cp == self.fcorders.NUL or
cp == self.fcorders.SUB or
cp == self.fcorders.DUP or
cp == self.fcorders.FM or
cp == self.fcorders.FF or
cp == self.fcorders.CR or
cp == self.fcorders.NL or
cp == self.fcorders.EM or
cp == self.fcorders.EO then
stdnse.debug(4,"Format Control Order received")
prev = 'ORDER'
self:write_char("\064")
self.buffer_address = self:INC_BUF_ADDR(self.buffer_address)
i = i + 1
else -- whoa we made it.
local ascii_char = drda.StringUtil.toASCII(cp)
stdnse.debug(4,"Inserting 0x"..stdnse.tohex(cp).." (".. ascii_char ..") at the following location:")
stdnse.debug(4,"Row: %s", self:BA_TO_ROW(self.buffer_address))
stdnse.debug(4,"Col: %s", self:BA_TO_COL(self.buffer_address))
stdnse.debug(4,"Buffer Address: %s", self.buffer_address)
self:write_char(data:sub(i,i))
self.buffer_address = self:INC_BUF_ADDR(self.buffer_address)
self.first_screen = true
i = i + 1
end -- end of massive if/else
end -- end of while loop
self.formatted = true
end,
write_char = function ( self, char )
if self.buffer[self.buffer_address] == "\0" then
self.buffer[self.buffer_address] = char
else
self.overwrite_buf[self.buffer_address] = self.buffer[self.buffer_address]
self.buffer[self.buffer_address] = char
end
end,
write_field_attribute = function ( self, attr )
self.fa_buffer[self.buffer_address] = attr
end,
process_read = function ( self )
local output_addr = 0
self.output_buffer = {}
stdnse.debug(3,"Generating Read Buffer")
self.output_buffer[output_addr] = string.pack("B",self.aid)
output_addr = output_addr + 1
stdnse.debug(3,"Output Address: %s", output_addr)
self.output_buffer[output_addr] = self:ENCODE_BADDR(self.cursor_addr)
return self:send_tn3270(self.output_buffer)
-- need to add while loop
end,
w_structured_field = function ( self, wsf_data )
-- this is the ugliest hack ever
-- but it works and it doesn't matter what we support anyway
stdnse.debug(3, "Processing TN3270 Write Structured Field Command")
-- all our options, one liner style
local query_options =
"\x88\x00\x16\x81\x86\x00\x08\x00\xf4\xf1\x00\xf2\x00\xf3\x00\xf4\z
\x00\xf5\x00\xf6\x00\xf7\x00\x00\x0d\x81\x87\x04\x00\xf0\xf1\xf1\z
\xf2\xf2\xf4\xf4\x00\x22\x81\x85\x82\x00\x07\x10\x00\x00\x00\x00\z
\x07\x00\x00\x00\x00\x65\x00\x25\x00\x00\x00\x02\xb9\x00\x25\x01\z
\x00\xf1\x03\xc3\x01\x36\x00\x2e\x81\x81\x03\x00\x00\x50\x00\x18\z
\x00\x00\x01\x00\x48\x00\x01\x00\x48\x07\x10\x00\x00\x00\x00\x00\z
\x00\x13\x02\x00\x01\x00\x50\x00\x18\x00\x00\x01\x00\x48\x00\x01\z
\x00\x48\x07\x10\x00\x1c\x81\xa6\x00\x00\x0b\x01\x00\x00\x50\x00\z
\x18\x00\x50\x00\x18\x0b\x02\x00\x00\x07\x00\x10\x00\x07\x00\x10\z
\x00\x07\x81\x88\x00\x01\x02\x00\x16\x81\x80\x80\x81\x84\x85\x86\z
\x87\x88\xa1\xa6\xa8\x96\x99\xb0\xb1\xb2\xb3\xb4\xb6\x00\x08\x81\z
\x84\x00\x0a\x00\x04\x00\x06\x81\x99\x00\x00\xff\xef"
stdnse.debug(3, "Current WSF : %s", stdnse.tohex(wsf_data:sub(4,4)) )
if self.state == self.TN3270E_DATA then
-- We need to add the header here since we're in TN3270E mode
query_options = "\x00\x00\x00\x00\x00" .. query_options
end
self:send_data(query_options)
return 1
end,
--- Sends TN3270 Packet
--
-- Expands IAC to IAC IAC and finally appends IAC EOR
-- @param data: table containing buffer array
send_tn3270 = function ( self, data )
local packet = ''
if self.state == self.TN3270E_DATA then
packet = "\x00\x00\x00\x00\x00"
-- we need to create the tn3270E (the E is important) header
-- which, in basic 3270E is 5 bytes of 0x00
--packet = string.pack("BBB >I2",
-- self.DT_3270_DATA, -- type
-- 0, -- request
-- 0, -- response
-- 0
-- )
--self.tn3270_header.seq_number
end
-- create send buffer and double up IACs
for i=0,#data do
stdnse.debug(3,"Adding 0x" .. stdnse.tohex(data[i]) .. " to the read buffer")
packet = packet .. data[i]
if data[i] == self.commands.IAC then
packet = packet .. self.commands.IAC
end
end
packet = packet .. self.commands.IAC .. self.commands.EOR
return self:send_data(packet) -- send the output buffer
end,
get_screen = function ( self )
stdnse.debug(3,"Returning the current TN3270 buffer")
local buff = '\n'
for i = 0,#self.buffer do
if self.buffer[i] == "\00" then
buff = buff .. " "
else
buff = buff .. drda.StringUtil.toASCII(self.buffer[i])
end
if (i+1) % 80 == 0 then
buff = buff .. "\n"
end
end
return buff
end,
get_screen_debug = function ( self, lvl )
lvl = lvl or 1
stdnse.debug(lvl,"---------------------- Printing the current TN3270 buffer ----------------------")
local buff = ''
for i = 0,#self.buffer do
if self.buffer[i] == "\00" then
buff = buff .. " "
else
buff = buff .. drda.StringUtil.toASCII(self.buffer[i])
end
if (i+1) % 80 == 0 then
stdnse.debug(lvl, buff)
buff = ''
end
end
stdnse.debug(lvl,"----------------------- End of the current TN3270 buffer ---------------------")
return buff
end,
get_screen_raw = function ( self )
local buff = ''
for i = 0,#self.buffer do
buff = buff .. drda.StringUtil.toASCII(self.buffer[i])
end
return buff
end,
--- Sends data at the current cursor location. Ignores field attributes.
--
-- It only uses enter key (AID = 0x7d) to send this data
-- for more complicated items use send_location
-- @param string you wish to send.
send_cursor = function ( self, data )
local ebcdic_letter = ''
self.output_buffer = {} -- empty the output buffer
self.output_buffer[0] = string.pack("B",self.aids.ENTER) -- what follows is an ENTER
stdnse.debug(3,"Cursor Location ("..self.cursor_addr.."): Row: %s, Column: %s ",
self:BA_TO_ROW(self.cursor_addr),
self:BA_TO_COL(self.cursor_addr) )
table.insert(self.output_buffer, self:ENCODE_BADDR(self.cursor_addr + #data)) -- location of cursor
table.insert(self.output_buffer, self.orders.SBA) -- set the buffer address to the following location
table.insert(self.output_buffer, self:ENCODE_BADDR(self.cursor_addr)) -- location of buffer address
for i = 1, #data do
stdnse.debug(3,"Inserting %s to the send buffer", data:sub(i,i))
ebcdic_letter = drda.StringUtil.toEBCDIC( data:sub(i,i) )
table.insert(self.output_buffer, ebcdic_letter ) -- insert the ebcdic character on the array
end
return self:send_tn3270(self.output_buffer)
end,
--- Sends the data to the location specified
--
-- Using a location on the screen sends the data
-- @param location: a location on the screen (between 0 and 1920)
-- @param data: ascii data to send to that location
send_location = function( self, location, data )
local cursor_location = location + #data
local ebcdic_letter = ''
self.output_buffer = {}
self.output_buffer[0] = string.pack("B",self.aids.ENTER)
table.insert(self.output_buffer, self:ENCODE_BADDR(cursor_location))
stdnse.debug(3,"Cursor Location ("..cursor_location.."): Row: %s, Column: %s ",
self:BA_TO_ROW(cursor_location),
self:BA_TO_COL(cursor_location) )
stdnse.debug(3,"Inserting %s at location %d", data, location )
table.insert(self.output_buffer, self.orders.SBA)
cursor_location = location
table.insert(self.output_buffer, self:ENCODE_BADDR(cursor_location))
for j = 1, #data do
ebcdic_letter = drda.StringUtil.toEBCDIC( data:sub(j,j) )
table.insert(self.output_buffer, ebcdic_letter )
end
return self:send_tn3270(self.output_buffer)
end,
--- Sends the data to multiple locations on the screen
--
-- Using a supplied tuple of location and data generates tn3270 data to
-- fill out the screen
-- @param location_tuple: and array of tuples with location and data. For
-- example: send_locations([{579:"dade"},{630:"secret"}])
send_locations = function( self, location_tuple )
local cursor_location = location_tuple[#location_tuple][1] + #location_tuple[#location_tuple][2]
local ebcdic_letter = ''
self.output_buffer = {}
self.output_buffer[0] = string.pack("B",self.aids.ENTER)
table.insert(self.output_buffer, self:ENCODE_BADDR(cursor_location))
stdnse.debug(3,"Cursor Location ("..cursor_location.."): Row: %s, Column: %s ",
self:BA_TO_ROW(cursor_location),
self:BA_TO_COL(cursor_location) )
for i = 1, #location_tuple do
stdnse.debug(3,"Inserting %s at location %d", location_tuple[i][2], location_tuple[i][1] )
table.insert(self.output_buffer, self.orders.SBA)
cursor_location = location_tuple[i][1]
table.insert(self.output_buffer, self:ENCODE_BADDR(cursor_location))
for j = 1, #location_tuple[i][2] do
ebcdic_letter = drda.StringUtil.toEBCDIC( location_tuple[i][2]:sub(j,j) )
table.insert(self.output_buffer, ebcdic_letter )
end
end
return self:send_tn3270(self.output_buffer)
end,
send_enter = function ( self )
local ebcdic_letter = ''
self.output_buffer = {}
self.output_buffer[0] = string.pack("B",self.aids.ENTER)
table.insert(self.output_buffer, self:ENCODE_BADDR(self.cursor_addr))
table.insert(self.output_buffer, self.orders.SBA)
table.insert(self.output_buffer, self:ENCODE_BADDR(self.cursor_addr))
return self:send_tn3270(self.output_buffer)
end,
send_clear = function ( self )
return self:send_data( string.pack("B",self.aids.CLEAR) .. self.commands.IAC .. self.commands.EOR )
end,
send_pf = function ( self, pf )
if pf > 24 or pf < 0 then
return false, "PF Value must be between 1 and 24"
end
self.output_buffer = {}
self.output_buffer[0] = string.pack("B", self.aids["PF"..pf] )
stdnse.debug(3,"Cursor Location ("..self.cursor_addr.."): Row: %s, Column: %s ",
self:BA_TO_ROW(self.cursor_addr),
self:BA_TO_COL(self.cursor_addr) )
self.output_buffer[1] = self:ENCODE_BADDR(self.cursor_addr)
return self:send_tn3270(self.output_buffer)
end,
writeable = function (self)
-- Returns a list with all writeable fields as {location, length} tuples
local writeable_list = {}
for i = 0,#self.fa_buffer do
if ( self.fa_buffer[i] ~= "\00" ) and (self.fa_buffer[i]:byte(1) & 0x20) ~= 0x20 then
-- found writeable flag
for j = i,#self.fa_buffer do
-- find end of field
if (self.fa_buffer[j]:byte(1) & 0x20) == 0x20 then
stdnse.debug(3,"[WRITEABLE] Area: %d Row: %d Col: %d Length: %d", i + 1, self:BA_TO_ROW(i + 1), self:BA_TO_COL(i + 2), j-i-1)
table.insert(writeable_list, {i + 1, j-i-1})
break
end
end
end
end
return writeable_list
end,
find = function ( self, str )
local buff = ''
for i = 0,#self.buffer do
if self.buffer[i] == "\00" then
buff = buff .. " "
else
buff = buff .. drda.StringUtil.toASCII(self.buffer[i])
end
end
--local buff = self:get_screen()
stdnse.debug(3, "[FIND] Looking for: %s", tostring(str))
local i, j = string.find(buff, str)
if i == nil then
stdnse.debug(3, "[FIND] Couldn't find: %s", tostring(str))
return false
else
stdnse.debug(3, "[FIND] Found String: %s", tostring(str))
return i , j
end
end,
isClear = function ( self )
local buff = ''
for i = 0,#self.buffer do
if self.buffer[i] == "\00" then
buff = buff .. " "
else
buff = buff .. drda.StringUtil.toASCII(self.buffer[i])
end
end
local i, j = string.find(buff, '%w')
if i ~= nil then
stdnse.debug(3, "[CLEAR] Screen has text")
return false
else
stdnse.debug(3, "[CLEAR] Screen is Empty")
return true
end
end,
--- Any Hidden Fields
--
-- @returns true if there are any hidden fields in the buffer
any_hidden = function ( self )
local hidden_attrib = 0x0c -- 00001100 is hidden
for i = 0,#self.fa_buffer do
if (self.fa_buffer[i]:byte(1) & hidden_attrib) == hidden_attrib then
return true
end
end
end,
--- Hidden Fields
--
-- @returns the locations of hidden fields in a table with each pair being the start and stop of the hidden field
hidden_fields_location = function ( self )
local hidden_attrib = 0x0c -- 00001100 is hidden
local hidden_location = {}
local i = 1
if not self:any_hidden() then
return hidden_location
end
while i <= #self.fa_buffer do
if (self.fa_buffer[i]:byte(1) & hidden_attrib) == hidden_attrib then
stdnse.debug(3, "Found hidden field at buffer location: " .. i)
table.insert(hidden_location, i)
i = i + 1
while self.fa_buffer[i] == "\0" do
i = i + 1
end
table.insert(hidden_location, i)
end
i = i + 1
end
return hidden_location
end,
hidden_fields = function ( self )
local locations = self:hidden_fields_location()
local fields = {}
local i, j = 1,1
local start, stop = 0
while i <= #locations do
start = locations[i] + 1
stop = locations[i+1] - 1
stdnse.debug(3, "Start Location: %i Stop Location %i", start, stop)
fields[j] = ''
for k = start,stop do
-- stdnse.debug(3, "k = %i Inserting 0x%s", k, stdnse.tohex(self.buffer[k]))
fields[j] = fields[j] .. drda.StringUtil.toASCII(self.buffer[k])
end
j = j + 1
i = i + 2
end
return fields
end,
any_overwritten = function ( self )
for i = 1, #self.overwrite_buf do
if self.overwrite_buf[i] ~= "\0" then
return true
end
end
return false
end,
set_lu = function (self, LU)
-- Sets an LU
self.connected_lu = LU
end,
get_lu = function ( self )
return self.connected_lu
end,
disable_tn3270e = function ( self )
stdnse.debug(3,"Disabling TN3270E")
table.insert(self.unsupported_opts,self.options.TN3270E)
end,
overwrite_data = function ( self )
if not self:any_overwritten() then
return false
end
stdnse.debug(3,"Printing the overwritten TN3270 buffer")
local buff = '\n'
for i = 0,#self.overwrite_buf do
if self.overwrite_buf[i] == "\0" then
buff = buff .. " "
else
buff = buff .. drda.StringUtil.toASCII(self.buffer[i])
end
if i % 80 == 0 then
buff = buff .. "\n"
end
end
return buff
end
}
return _ENV
|
