search

wallix / redemption

A GPL RDP proxy
GNU General Public License v2.0
212 stars 85 forks source link

add support for different ports? #171

Open Kreijstal opened 9 months ago

Kreijstal commented 9 months ago

What I mean is target ports, how can you change them? other question, how do you connect to vnc?

Kreijstal commented 9 months ago

Just discovered that you have to fiddle with passthrough for this. I created this.

291         kv['login'] = self.shared.get('target_login')
292         if "iPro" in host:
293             kv['module']= 'VNC'
294             kv['proto_dest']="VNC"
295             kv['target_port']="5900"
296         else:
297             kv['module'] = 'RDP' if self.shared.get('login') != 'internal' else host
298             kv['proto_dest'] = "RDP"
299             kv['target_port'] = "3389"
300         kv['session_id'] = session_id
301         kv['target_password'] = self.shared.get('target_password')

But the logs say the following:

rdpproxy: INFO (3279569/3279569) -- ModuleManager::Creation of new mod 'VNC'
rdpproxy: [rdpproxy] psid="13559453279569" user="topkek" type="TARGET_CONNECTION" target="topkek" session_id="4830073e-589c-4793-8cd6-df874190f539" host="topkeks-iPro.fritz.box" port="5900"
rdpproxy: INFO (3279569/3279569) -- connecting to topkeks-iPro.fritz.box:5900
rdpproxy: INFO (3279569/3279569) -- connection to topkeks-iPro.fritz.box:5900 (192.168.188.39) succeeded : socket 7
rdpproxy: INFO (3279569/3279569) -- i18n context is set for "en" locale
rdpproxy: INFO (3279569/3279569) -- User session inactivity : set to 900 seconds
rdpproxy: ERR (3279569/3279569) -- VNC INVALID Auth
rdpproxy: ERR (3279569/3279569) -- SocketTransport::do_partial_read: Failed to read from socket VNC Target!
rdpproxy: INFO (3279569/3279569) -- ModTrans=<0x5654c2596c60> Sock=7 AutoReconnection=No AutoReconnectable=No ErrorEncountered=No
rdpproxy: INFO (3279569/3279569) -- Exited from target connection
rdpproxy: INFO (3279569/3279569) -- Client disconnect from VNC module
rdpproxy: [VNC Session] session_id="4830073e-589c-4793-8cd6-df874190f539" client_ip="192.168.188.20" target_ip="192.168.188.39" user="topkek" device="topkeks-iPro.fritz.box" service="" account="topkek" type="SESSION_DISCONNECTION" duration="0:00:00"
rdpproxy: [rdpproxy] psid="13559453279569" user="topkek" type="TARGET_DISCONNECTION" session_id="4830073e-589c-4793-8cd6-df874190f539" reason="Exception ERR_TRANSPORT_NO_MORE_DATA no: 1501"
rdpproxy: INFO (3279569/3279569) -- Socket VNC Target (7) : closing connection
rdpproxy: INFO (3279569/3279569) -- New Module: MODULE_INTERNAL_CLOSE
rdpproxy: INFO (3279569/3279569) -- ----------------------- create_close_mod() -----------------
rdpproxy: INFO (3279569/3279569) -- WabCloseMod: Ending session in 600 seconds
rdpproxy: INFO (3279569/3279569) -- User session inactivity : timer is stopped !
        rdpproxy: ERR (3279569/3279569) -- SocketTransport::do_partial_read: Failed to read from socket Authentifier!
rdpproxy: INFO (3279569/3279569) -- acl_serial.incoming() Session lost
rdpproxy: INFO (3279569/3279569) -- Socket Authentifier (5) : closing connection

It seems it reports VNC invalid auth despite it working with other programs, like guacamole? I am using mac os default vnc service.

jonathanpoelen commented 9 months ago

It seems that the authentication algorithm is not supported. Could you enable debug logs in the rdpproxy.ini file ? Setting Redemption.

[debug]
mod_vnc=0x11
Kreijstal commented 9 months ago 
rdpproxy: INFO (3395298/3395298) -- RDP-5 Style logon
rdpproxy: INFO (3395298/3395298) -- Front::incoming: ACTIVATED (new license request)
rdpproxy: INFO (3395298/3395298) -- connecting to /tmp/redemption-sesman-sock
rdpproxy: INFO (3395298/3395298) -- connection to /tmp/redemption-sesman-sock succeeded : socket 5
rdpproxy: INFO (3395298/3395298) -- Session: Keyboard Layout = 0x20409
rdpproxy: INFO (3395298/3395298) -- New Module: MODULE_VNC
rdpproxy: INFO (3395298/3395298) -- ModuleManager::Creation of new mod 'VNC'
rdpproxy: [rdpproxy] psid="13944853395298" user="topkek" type="TARGET_CONNECTION" target="topkek" session_id="e9160fa7-1ef0-4015-aa15-edaad994fca5" host="topkeks-iPro.fritz.box" port="5900"
rdpproxy: INFO (3395298/3395298) -- connecting to topkeks-iPro.fritz.box:5900
rdpproxy: INFO (3395298/3395298) -- connection to topkeks-iPro.fritz.box:5900 (192.168.188.39) succeeded : socket 7
rdpproxy: INFO (3395298/3395298) -- i18n context is set for "en" locale
rdpproxy: INFO (3395298/3395298) -- mod_vnc::verbosity=0x11
rdpproxy: INFO (3395298/3395298) -- Creation of new mod 'VNC'
rdpproxy: INFO (3395298/3395298) -- User session inactivity : set to 900 seconds
rdpproxy: INFO (3395298/3395298) -- state=WAIT_SECURITY_TYPES
rdpproxy: INFO (3395298/3395298) -- Server Protocol Version=3.889
rdpproxy: INFO (3395298/3395298) -- got 4 security types:
rdpproxy: INFO (3395298/3395298) -- * <unknown 0x1e>
rdpproxy: INFO (3395298/3395298) -- * <unknown 0x21>
rdpproxy: INFO (3395298/3395298) -- * <unknown 0x24>
rdpproxy: INFO (3395298/3395298) -- * <unknown 0x23>
rdpproxy: INFO (3395298/3395298) -- invalid security choosen
rdpproxy: ERR (3395298/3395298) -- VNC INVALID Auth
rdpproxy: ERR (3395298/3395298) -- SocketTransport::do_partial_read: Failed to read from socket VNC Target!
rdpproxy: INFO (3395298/3395298) -- ModTrans=<0x56382a306c30> Sock=7 AutoReconnection=No AutoReconnectable=No ErrorEncountered=No
rdpproxy: INFO (3395298/3395298) -- Exited from target connection
rdpproxy: INFO (3395298/3395298) -- Client disconnect from VNC module
rdpproxy: [VNC Session] session_id="e9160fa7-1ef0-4015-aa15-edaad994fca5" client_ip="192.168.188.20" target_ip="192.168.188.39" user="topkek" device="topkeks-iPro.fritz.box" service="" account="topkek" type="SESSION_DISCONNECTION" duration="0:00:00"
rdpproxy: INFO (3395298/3395298) -- type=SESSION_DISCONNECTION duration=0:00:00
rdpproxy: [rdpproxy] psid="13944853395298" user="topkek" type="TARGET_DISCONNECTION" session_id="e9160fa7-1ef0-4015-aa15-edaad994fca5" reason="Exception ERR_TRANSPORT_NO_MORE_DATA no: 1501"
rdpproxy: INFO (3395298/3395298) -- Socket VNC Target (7) : closing connection
rdpproxy: INFO (3395298/3395298) -- New Module: MODULE_INTERNAL_CLOSE
rdpproxy: INFO (3395298/3395298) -- ----------------------- create_close_mod() -----------------
rdpproxy: INFO (3395298/3395298) -- WabCloseMod: Ending session in 600 seconds
rdpproxy: INFO (3395298/3395298) -- User session inactivity : timer is stopped !
rdpproxy: INFO (3395298/3395298) -- CloseMod::notify Click on Close Button
rdpproxy: INFO (3395298/3395298) -- Module asked Front Disconnection
rdpproxy: INFO (3395298/3395298) -- Socket Authentifier (5) : closing connection
rdpproxy: INFO (3395298/3395298) -- Client Session Disconnected
rdpproxy: [rdpproxy] psid="13944853395298" user="topkek" type="DISCONNECT" reason="Exception ERR_TRANSPORT_NO_MORE_DATA no: 1501"
rdpproxy: INFO (3395298/3395298) -- Socket RDP Client (6) : closing connection

4 security types.

jonathanpoelen commented 9 months ago

We don't implement any of these authentication methods, but some are documented / reverse-engineered:

On the other hand, since VNC is not a priority, this won't be done for a while.

You can configure your server with one of the methods known by the proxy:

        VNC_AUTH_NONE         = 1,
        VNC_AUTH_VNC         = 2,
        VNC_AUTH_VENCRYPT    = 19,
        VNC_AUTH_ULTRA_MsLogonIIAuth = 113,
        VNC_AUTH_ULTRA_SecureVNCPluginAuth = 114,
        VNC_AUTH_ULTRA_SecureVNCPluginAuth_new = 115,
        VeNCRYPT_TLSNone     = 257,
        VeNCRYPT_TLSVnc     = 258,
        VeNCRYPT_TLSPlain     = 259,
        VeNCRYPT_X509None    = 260,
        VeNCRYPT_X509Vnc    = 261,
        VeNCRYPT_X509Plain    = 262,
        VNC_AUTH_ULTRA_MS_LOGON = -6,

Or configure with VNC over SSH by opening an ssh tunnel in passthrought.py (see tools/sesman/sesmanworker/tunneling_process.py and TunnelingProcessPXSSH) and send the unix socket path to the proxy with the tunneling_target_host parameter. But this requires some work.