def onConnectResponse(self, pdu: MCSConnectResponsePDU):
"""
Parse server connection information. Initialize security settings and map channel IDs to channel names.
:param pdu: the connect response PDU
"""
if pdu.result != 0:
self.client.sendPDU(pdu)
else:
# Parse response PDUs
gccParser = GCCParser()
rdpParser = ServerConnectionParser()
gccPDU: GCCConferenceCreateResponsePDU = gccParser.parse(pdu.payload)
serverData = rdpParser.parse(gccPDU.payload)
# Save security settings
self.state.securitySettings.setEncryptionMethod(serverData.securityData.encryptionMethod)
self.state.securitySettings.setServerRandom(serverData.securityData.serverRandom)
if serverData.securityData.serverCertificate:
self.state.securitySettings.setServerPublicKey(serverData.securityData.serverCertificate.publicKey)
# Map channel names to IDs
self.state.channelMap[serverData.networkData.mcsChannelID] = MCSChannelName.IO
for index in range(len(serverData.networkData.channels)):
channelID = serverData.networkData.channels[index]
name = self.state.channelDefinitions[index].name
self.log.info("%(channelName)s <---> Channel #%(channelId)d", {"channelName": name, "channelId": channelID})
self.state.channelMap[channelID] = name
# Replace the server's public key with our own key so we can decrypt the incoming client random
cert = serverData.securityData.serverCertificate
if cert:
cert = ProprietaryCertificate(
cert.signatureAlgorithmID,
cert.keyAlgorithmID,
cert.publicKeyType,
self.state.rc4RSAKey,
cert.signatureType,
cert.signature,
cert.padding
)
# FIPS is not implemented so avoid using that
security = ServerSecurityData(
serverData.securityData.encryptionMethod if serverData.securityData.encryptionMethod != EncryptionMethod.ENCRYPTION_FIPS else EncryptionMethod.ENCRYPTION_128BIT,
serverData.securityData.encryptionLevel if serverData.securityData.encryptionLevel != EncryptionLevel.ENCRYPTION_LEVEL_FIPS else EncryptionLevel.ENCRYPTION_LEVEL_HIGH,
serverData.securityData.serverRandom,
cert
)
# The clientRequestedProtocols field MUST be the same as the one received in the X224 Connection Request
serverData.coreData.clientRequestedProtocols = self.state.requestedProtocols
modifiedServerData = ServerDataPDU(serverData.coreData, security, serverData.networkData)
modifiedGCCPDU = GCCConferenceCreateResponsePDU(gccPDU.nodeID, gccPDU.tag, gccPDU.result, rdpParser.write(modifiedServerData))
modifiedMCSPDU = MCSConnectResponsePDU(pdu.result, pdu.calledConnectID, pdu.domainParams, gccParser.write(modifiedGCCPDU))
self.client.sendPDU(modifiedMCSPDU)
def onConnectResponse(self, pdu, serverData):
# MCS Connect Response
"""
:type pdu: MCSConnectResponsePDU
:type serverData: ServerDataPDU
"""
if pdu.result != 0:
self.mcs.send(pdu)
return
# Replace the server's public key with our own key so we can decrypt the incoming client random
cert = serverData.security.serverCertificate
if cert:
cert = ProprietaryCertificate(cert.signatureAlgorithmID,
cert.keyAlgorithmID,
cert.publicKeyType, self.rc4RSAKey,
cert.signatureType, cert.signature,
cert.padding)
security = ServerSecurityData(
# FIPS is not implemented so avoid using that
serverData.security.encryptionMethod
if serverData.security.encryptionMethod !=
EncryptionMethod.ENCRYPTION_FIPS else
EncryptionMethod.ENCRYPTION_128BIT,
serverData.security.encryptionLevel
if serverData.security.encryptionLevel !=
EncryptionLevel.ENCRYPTION_LEVEL_FIPS else
EncryptionLevel.ENCRYPTION_LEVEL_HIGH,
serverData.security.serverRandom,
cert)
serverData.core.clientRequestedProtocols = self.originalNegotiationPDU.requestedProtocols
self.securitySettings.serverSecurityReceived(security)
self.serverData = ServerDataPDU(serverData.core, security,
serverData.network)
rdpParser = ServerConnectionParser()
gccParser = GCCParser()
gcc = self.client.conferenceCreateResponse
gcc = GCCConferenceCreateResponsePDU(gcc.nodeID, gcc.tag, gcc.result,
rdpParser.write(self.serverData))
pdu = MCSConnectResponsePDU(pdu.result, pdu.calledConnectID,
pdu.domainParams, gccParser.write(gcc))
self.mcs.send(pdu)
def parseServerSecurityData(self, stream: BytesIO) -> ServerSecurityData:
stream = StrictStream(stream)
encryptionMethod = EncryptionMethod(Uint32LE.unpack(stream))
encryptionLevel = EncryptionLevel(Uint32LE.unpack(stream))
serverRandom = None
serverCertificate = None
try:
serverRandomLength = Uint32LE.unpack(stream)
serverCertificateLength = Uint32LE.unpack(stream)
serverRandom = stream.read(serverRandomLength)
serverCertificate = stream.read(serverCertificateLength)
serverCertificate = self.parseServerCertificate(serverCertificate)
except EOFError:
pass
return ServerSecurityData(encryptionMethod, encryptionLevel, serverRandom, serverCertificate)