diff --git a/bin/rdpy-rdpclient.py b/bin/rdpy-rdpclient.py index 8f5b8f1..557ad24 100755 --- a/bin/rdpy-rdpclient.py +++ b/bin/rdpy-rdpclient.py @@ -30,7 +30,7 @@ from rdpy.core.error import RDPSecurityNegoFail from rdpy.core import rss import rdpy.core.log as log -log._LOG_LEVEL = log.Level.INFO +log._LOG_LEVEL = log.Level.DEBUG class RDPClientQtRecorder(RDPClientQt): diff --git a/rdpy/protocol/rdp/credssp.py b/rdpy/protocol/rdp/credssp.py new file mode 100644 index 0000000..bfc3eb5 --- /dev/null +++ b/rdpy/protocol/rdp/credssp.py @@ -0,0 +1,92 @@ +# +# Copyright (c) 2014-2015 Sylvain Peyrefitte +# +# This file is part of rdpy. +# +# rdpy is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# + +""" +@summary: Credential Security Support Provider +@see: https://msdn.microsoft.com/en-us/library/cc226764.aspx +""" + +from pyasn1.type import namedtype, univ +from pyasn1.codec.ber import decoder + +class NegoData(univ.SequenceOf): + """ + @summary: contain spnego ntlm of kerberos data + @see: https://msdn.microsoft.com/en-us/library/cc226781.aspx + """ + componentType = univ.OctetString() + +class TSRequest(univ.Sequence): + """ + @summary: main structure + @see: https://msdn.microsoft.com/en-us/library/cc226780.aspx + """ + componentType = namedtype.NamedTypes( + namedtype.NamedType('version', univ.Integer()), + namedtype.OptionalNamedType('negoTokens', NegoData()), + namedtype.OptionalNamedType('authInfo', univ.OctetString()), + namedtype.OptionalNamedType('pubKeyAuth', univ.OctetString()), + namedtype.OptionalNamedType('errorCode', univ.Integer()) + ) + +class TSCredentials(univ.Sequence): + """ + @summary: contain user information + @see: https://msdn.microsoft.com/en-us/library/cc226782.aspx + """ + componentType = namedtype.NamedTypes( + namedtype.NamedType('credType', univ.Integer()), + namedtype.NamedType('credentials', univ.OctetString()) + ) + +class TSPasswordCreds(univ.Sequence): + """ + @summary: contain username and password + @see: https://msdn.microsoft.com/en-us/library/cc226783.aspx + """ + componentType = namedtype.NamedTypes( + namedtype.NamedType('domainName', univ.OctetString()), + namedtype.NamedType('userName', univ.OctetString()), + namedtype.NamedType('password', univ.OctetString()) + ) + +class TSCspDataDetail(univ.Sequence): + """ + @summary: smart card credentials + @see: https://msdn.microsoft.com/en-us/library/cc226785.aspx + """ + componentType = namedtype.NamedTypes( + namedtype.NamedType('keySpec', univ.Integer()), + namedtype.OptionalNamedType('cardName', univ.OctetString()), + namedtype.OptionalNamedType('readerName', univ.OctetString()), + namedtype.OptionalNamedType('containerName', univ.OctetString()), + namedtype.OptionalNamedType('cspName', univ.OctetString()) + ) + +class TSSmartCardCreds(univ.Sequence): + """ + @summary: smart card credentials + @see: https://msdn.microsoft.com/en-us/library/cc226784.aspx + """ + componentType = namedtype.NamedTypes( + namedtype.NamedType('pin', univ.OctetString()), + namedtype.NamedType('cspData', TSCspDataDetail()), + namedtype.OptionalNamedType('userHint', univ.OctetString()), + namedtype.OptionalNamedType('domainHint', univ.OctetString()) + ) diff --git a/rdpy/protocol/rdp/tpkt.py b/rdpy/protocol/rdp/tpkt.py index baef335..14d71cc 100644 --- a/rdpy/protocol/rdp/tpkt.py +++ b/rdpy/protocol/rdp/tpkt.py @@ -204,7 +204,21 @@ class TPKT(RawLayer, IFastPathSender): def sendFastPath(self, secFlag, fastPathS): """ - @param fastPathS: type transform to stream and send as fastpath + @param fastPathS: {Type | Tuple} type transform to stream and send as fastpath @param secFlag: {integer} Security flag for fastpath packet """ - RawLayer.send(self, (UInt8(Action.FASTPATH_ACTION_FASTPATH | ((secFlag & 0x3) << 6)), UInt16Be((sizeof(fastPathS) + 3) | 0x8000), fastPathS)) \ No newline at end of file + RawLayer.send(self, (UInt8(Action.FASTPATH_ACTION_FASTPATH | ((secFlag & 0x3) << 6)), UInt16Be((sizeof(fastPathS) + 3) | 0x8000), fastPathS)) + + def startTLS(self, sslContext): + """ + @summary: start TLS protocol + @param sslContext: {ssl.ClientContextFactory | ssl.DefaultOpenSSLContextFactory} context use for TLS protocol + """ + self.transport.startTLS(sslContext) + + def startNLA(self, sslContext): + """ + @summary: use to start NLA (NTLM over SSL) protocol + @param sslContext: {ssl.ClientContextFactory | ssl.DefaultOpenSSLContextFactory} context use for NLA protocol + """ + self.transport.startTLS(sslContext) \ No newline at end of file diff --git a/rdpy/protocol/rdp/x224.py b/rdpy/protocol/rdp/x224.py index a56ec22..8a581dd 100644 --- a/rdpy/protocol/rdp/x224.py +++ b/rdpy/protocol/rdp/x224.py @@ -210,7 +210,7 @@ class Client(X224Layer): if self._selectedProtocol == Protocols.PROTOCOL_SSL: log.debug("*" * 10 + " select SSL layer " + "*" * 10) #_transport is TPKT and transport is TCP layer of twisted - self._transport.transport.startTLS(ClientTLSContext()) + self._transport.startTLS(ClientTLSContext()) #now i'm ready to receive data self.setNextState(self.recvData) @@ -289,7 +289,7 @@ class Server(X224Layer): if self._selectedProtocol == Protocols.PROTOCOL_SSL: log.debug("*" * 10 + " select SSL layer " + "*" * 10) #_transport is TPKT and transport is TCP layer of twisted - self._transport.transport.startTLS(ServerTLSContext(self._serverPrivateKeyFileName, self._serverCertificateFileName)) + self._transport.startTLS(ServerTLSContext(self._serverPrivateKeyFileName, self._serverCertificateFileName)) #connection is done send to presentation self.setNextState(self.recvData)