dash/rdpy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Begin og RDP basic security layer

Browse Source
This commit is contained in:
speyrefitte
2014-12-05 18:11:19 +01:00
parent fc3efa60ee
commit 873d1fac41
2 changed files with 18 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
rdpy/protocol/rdp/gcc.py
View File

@@ -126,7 +126,6 @@ class Sequence(object):
class Encryption(object): class Encryption(object):
""" """
Encryption methods supported Encryption methods supported
@deprecated: because rdpy use SSL but need to send to server...
@see: http://msdn.microsoft.com/en-us/library/cc240511.aspx @see: http://msdn.microsoft.com/en-us/library/cc240511.aspx
""" """
ENCRYPTION_FLAG_40BIT = 0x00000001 ENCRYPTION_FLAG_40BIT = 0x00000001
@@ -263,22 +262,18 @@ class ServerCoreData(CompositeType):
class ClientSecurityData(CompositeType): class ClientSecurityData(CompositeType):
""" """
Client security setting Client security setting
@deprecated: because we use ssl
@see: http://msdn.microsoft.com/en-us/library/cc240511.aspx @see: http://msdn.microsoft.com/en-us/library/cc240511.aspx
""" """
_TYPE_ = MessageType.CS_SECURITY _TYPE_ = MessageType.CS_SECURITY
def __init__(self, readLen = None): def __init__(self, readLen = None):
CompositeType.__init__(self, readLen = readLen) CompositeType.__init__(self, readLen = readLen)
self.encryptionMethods = UInt32Le() self.encryptionMethods = UInt32Le(Encryption.ENCRYPTION_FLAG_128BIT)
self.extEncryptionMethods = UInt32Le() self.extEncryptionMethods = UInt32Le()
class ServerSecurityData(CompositeType): class ServerSecurityData(CompositeType):
""" """
Server security settings Server security settings
May be ignored because rdpy don't use
RDP security level
@deprecated: because we use SSL
@see: http://msdn.microsoft.com/en-us/library/cc240518.aspx @see: http://msdn.microsoft.com/en-us/library/cc240518.aspx
""" """
_TYPE_ = MessageType.SC_SECURITY _TYPE_ = MessageType.SC_SECURITY
@@ -287,6 +282,10 @@ class ServerSecurityData(CompositeType):
CompositeType.__init__(self, readLen = readLen) CompositeType.__init__(self, readLen = readLen)
self.encryptionMethod = UInt32Le() self.encryptionMethod = UInt32Le()
self.encryptionLevel = UInt32Le() self.encryptionLevel = UInt32Le()
self.serverRandomLen = UInt32Le(0x00000020, constant = True, conditional = lambda:not(self.encryptionMethod.value == 0 and self.encryptionLevel == 0))
self.serverCertLen = UInt32Le(lambda:sizeof(self.serverCertificate), conditional = lambda:not(self.encryptionMethod.value == 0 and self.encryptionLevel == 0))
self.serverRandom = String(readLen = self.serverRandomLen, conditional = lambda:not(self.encryptionMethod.value == 0 and self.encryptionLevel == 0))
self.serverCertificate = String(readLen = self.serverCertLen, conditional = lambda:not(self.encryptionMethod.value == 0 and self.encryptionLevel == 0))
class ChannelDef(CompositeType): class ChannelDef(CompositeType):
""" """

28
rdpy/protocol/rdp/x224.py
View File

@@ -21,12 +21,13 @@
Implement transport PDU layer Implement transport PDU layer
This layer have main goal to negociate SSL transport This layer have main goal to negociate SSL transport
RDP basic security is not supported by RDPY (because is not a true security layer...) RDP basic security is supported only on client side
""" """
from rdpy.network.layer import LayerAutomata, IStreamSender from rdpy.network.layer import LayerAutomata, IStreamSender
from rdpy.network.type import UInt8, UInt16Le, UInt16Be, UInt32Le, CompositeType, sizeof, String from rdpy.network.type import UInt8, UInt16Le, UInt16Be, UInt32Le, CompositeType, sizeof, String
from rdpy.base.error import InvalidExpectedDataException from rdpy.base.error import InvalidExpectedDataException
import rdpy.base.log as log
class MessageType(object): class MessageType(object):
""" """
@@ -130,10 +131,9 @@ class X224Layer(LayerAutomata, IStreamSender):
@param presentation: upper layer, MCS layer in RDP case @param presentation: upper layer, MCS layer in RDP case
""" """
LayerAutomata.__init__(self, presentation) LayerAutomata.__init__(self, presentation)
#default selectedProtocol is SSl because is the only supported #default selectedProtocol is SSl
#in this version of RDPY
#client requested selectedProtocol #client requested selectedProtocol
self._requestedProtocol = Protocols.PROTOCOL_SSL self._requestedProtocol = Protocols.PROTOCOL_RDP
#server selected selectedProtocol #server selected selectedProtocol
self._selectedProtocol = Protocols.PROTOCOL_SSL self._selectedProtocol = Protocols.PROTOCOL_SSL
@@ -196,19 +196,17 @@ class Client(X224Layer):
data.readType(message) data.readType(message)
#check presence of negotiation response #check presence of negotiation response
if not message.protocolNeg._is_readed: if message.protocolNeg._is_readed:
raise InvalidExpectedDataException("server must support negotiation protocol to use SSL") self._selectedProtocol = message.protocolNeg.selectedProtocol.value
else:
self._selectedProtocol = Protocols.PROTOCOL_RDP
if message.protocolNeg.failureCode._is_readed: if message.protocolNeg.failureCode._is_readed:
raise InvalidExpectedDataException("negotiation failure code %x"%message.protocolNeg.failureCode.value) log.info("negotiation failure code %x"%message.protocolNeg.failureCode.value)
self._selectedProtocol = message.protocolNeg.selectedProtocol.value if self._selectedProtocol == Protocols.PROTOCOL_SSL:
#_transport is TPKT and transport is TCP layer of twisted
if self._selectedProtocol != Protocols.PROTOCOL_SSL: self._transport.transport.startTLS(ClientTLSContext())
raise InvalidExpectedDataException("only SSL protocol is supported in RDPY version")
#_transport is TPKT and transport is TCP layer of twisted
self._transport.transport.startTLS(ClientTLSContext())
#now i'm ready to receive data #now i'm ready to receive data
self.setNextState(self.recvData) self.setNextState(self.recvData)