Begin og RDP basic security layer

2014-12-05 18:11:19 +01:00
parent fc3efa60ee
commit 873d1fac41
2 changed files with 18 additions and 21 deletions
--- a/rdpy/protocol/rdp/gcc.py
+++ b/rdpy/protocol/rdp/gcc.py
@@ -126,7 +126,6 @@ class Sequence(object):
 class Encryption(object):
    """
    Encryption methods supported
-    @deprecated: because rdpy use SSL but need to send to server...
    @see: http://msdn.microsoft.com/en-us/library/cc240511.aspx
    """
    ENCRYPTION_FLAG_40BIT = 0x00000001
@@ -263,22 +262,18 @@ class ServerCoreData(CompositeType):
 class ClientSecurityData(CompositeType):
    """
    Client security setting
-    @deprecated: because we use ssl
    @see: http://msdn.microsoft.com/en-us/library/cc240511.aspx
    """
    _TYPE_ = MessageType.CS_SECURITY
    
    def __init__(self, readLen = None):
        CompositeType.__init__(self, readLen = readLen)
-        self.encryptionMethods = UInt32Le()
+        self.encryptionMethods = UInt32Le(Encryption.ENCRYPTION_FLAG_128BIT)
        self.extEncryptionMethods = UInt32Le()
        
 class ServerSecurityData(CompositeType):
    """
    Server security settings
-    May be ignored because rdpy don't use 
-    RDP security level
-    @deprecated: because we use SSL
    @see: http://msdn.microsoft.com/en-us/library/cc240518.aspx
    """
    _TYPE_ = MessageType.SC_SECURITY
@@ -287,6 +282,10 @@ class ServerSecurityData(CompositeType):
        CompositeType.__init__(self, readLen = readLen)
        self.encryptionMethod = UInt32Le()
        self.encryptionLevel = UInt32Le() 
+        self.serverRandomLen = UInt32Le(0x00000020, constant = True, conditional = lambda:not(self.encryptionMethod.value == 0 and self.encryptionLevel == 0))
+        self.serverCertLen = UInt32Le(lambda:sizeof(self.serverCertificate), conditional = lambda:not(self.encryptionMethod.value == 0 and self.encryptionLevel == 0))
+        self.serverRandom = String(readLen = self.serverRandomLen, conditional = lambda:not(self.encryptionMethod.value == 0 and self.encryptionLevel == 0))
+        self.serverCertificate = String(readLen = self.serverCertLen, conditional = lambda:not(self.encryptionMethod.value == 0 and self.encryptionLevel == 0))

 class ChannelDef(CompositeType):
    """
--- a/rdpy/protocol/rdp/x224.py
+++ b/rdpy/protocol/rdp/x224.py
@@ -21,12 +21,13 @@
 Implement transport PDU layer

 This layer have main goal to negociate SSL transport
-RDP basic security is not supported by RDPY (because is not a true security layer...)
+RDP basic security is supported only on client side
 """

 from rdpy.network.layer import LayerAutomata, IStreamSender
 from rdpy.network.type import UInt8, UInt16Le, UInt16Be, UInt32Le, CompositeType, sizeof, String
 from rdpy.base.error import InvalidExpectedDataException
+import rdpy.base.log as log 

 class MessageType(object):
    """
@@ -130,10 +131,9 @@ class X224Layer(LayerAutomata, IStreamSender):
        @param presentation: upper layer, MCS layer in RDP case
        """
        LayerAutomata.__init__(self, presentation)
-        #default selectedProtocol is SSl because is the only supported
-        #in this version of RDPY
+        #default selectedProtocol is SSl
        #client requested selectedProtocol
-        self._requestedProtocol = Protocols.PROTOCOL_SSL
+        self._requestedProtocol = Protocols.PROTOCOL_RDP
        #server selected selectedProtocol
        self._selectedProtocol = Protocols.PROTOCOL_SSL
    
@@ -196,17 +196,15 @@ class Client(X224Layer):
        data.readType(message)
        
        #check presence of negotiation response
-        if not message.protocolNeg._is_readed:
-            raise InvalidExpectedDataException("server must support negotiation protocol to use SSL")
+        if message.protocolNeg._is_readed:
+            self._selectedProtocol = message.protocolNeg.selectedProtocol.value
+        else:
+            self._selectedProtocol = Protocols.PROTOCOL_RDP
        
        if message.protocolNeg.failureCode._is_readed:
-            raise InvalidExpectedDataException("negotiation failure code %x"%message.protocolNeg.failureCode.value)
-        
-        self._selectedProtocol = message.protocolNeg.selectedProtocol.value
-        
-        if self._selectedProtocol != Protocols.PROTOCOL_SSL:
-            raise InvalidExpectedDataException("only SSL protocol is supported in RDPY version")
+            log.info("negotiation failure code %x"%message.protocolNeg.failureCode.value)

+        if self._selectedProtocol == Protocols.PROTOCOL_SSL:
            #_transport is TPKT and transport is TCP layer of twisted
            self._transport.transport.startTLS(ClientTLSContext())