Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add support for different ports? #171

Open
Kreijstal opened this issue Feb 29, 2024 · 6 comments
Open

add support for different ports? #171

Kreijstal opened this issue Feb 29, 2024 · 6 comments

Comments

@Kreijstal
Copy link

Kreijstal commented Feb 29, 2024
edited
Loading

What I mean is target ports, how can you change them?
other question, how do you connect to vnc?
@Kreijstal
Copy link
Author

Just discovered that you have to fiddle with passthrough for this. I created this.

291         kv['login'] = self.shared.get('target_login')
292         if "iPro" in host:
293             kv['module']= 'VNC'
294             kv['proto_dest']="VNC"
295             kv['target_port']="5900"
296         else:
297             kv['module'] = 'RDP' if self.shared.get('login') != 'internal' else host
298             kv['proto_dest'] = "RDP"
299             kv['target_port'] = "3389"
300         kv['session_id'] = session_id
301         kv['target_password'] = self.shared.get('target_password')

But the logs say the following:

rdpproxy: INFO (3279569/3279569) -- ModuleManager::Creation of new mod 'VNC'
rdpproxy: [rdpproxy] psid="13559453279569" user="topkek" type="TARGET_CONNECTION" target="topkek" session_id="4830073e-589c-4793-8cd6-df874190f539" host="topkeks-iPro.fritz.box" port="5900"
rdpproxy: INFO (3279569/3279569) -- connecting to topkeks-iPro.fritz.box:5900
rdpproxy: INFO (3279569/3279569) -- connection to topkeks-iPro.fritz.box:5900 (192.168.188.39) succeeded : socket 7
rdpproxy: INFO (3279569/3279569) -- i18n context is set for "en" locale
rdpproxy: INFO (3279569/3279569) -- User session inactivity : set to 900 seconds
rdpproxy: ERR (3279569/3279569) -- VNC INVALID Auth
rdpproxy: ERR (3279569/3279569) -- SocketTransport::do_partial_read: Failed to read from socket VNC Target!
rdpproxy: INFO (3279569/3279569) -- ModTrans=<0x5654c2596c60> Sock=7 AutoReconnection=No AutoReconnectable=No ErrorEncountered=No
rdpproxy: INFO (3279569/3279569) -- Exited from target connection
rdpproxy: INFO (3279569/3279569) -- Client disconnect from VNC module
rdpproxy: [VNC Session] session_id="4830073e-589c-4793-8cd6-df874190f539" client_ip="192.168.188.20" target_ip="192.168.188.39" user="topkek" device="topkeks-iPro.fritz.box" service="" account="topkek" type="SESSION_DISCONNECTION" duration="0:00:00"
rdpproxy: [rdpproxy] psid="13559453279569" user="topkek" type="TARGET_DISCONNECTION" session_id="4830073e-589c-4793-8cd6-df874190f539" reason="Exception ERR_TRANSPORT_NO_MORE_DATA no: 1501"
rdpproxy: INFO (3279569/3279569) -- Socket VNC Target (7) : closing connection
rdpproxy: INFO (3279569/3279569) -- New Module: MODULE_INTERNAL_CLOSE
rdpproxy: INFO (3279569/3279569) -- ----------------------- create_close_mod() -----------------
rdpproxy: INFO (3279569/3279569) -- WabCloseMod: Ending session in 600 seconds
rdpproxy: INFO (3279569/3279569) -- User session inactivity : timer is stopped !
        rdpproxy: ERR (3279569/3279569) -- SocketTransport::do_partial_read: Failed to read from socket Authentifier!
rdpproxy: INFO (3279569/3279569) -- acl_serial.incoming() Session lost
rdpproxy: INFO (3279569/3279569) -- Socket Authentifier (5) : closing connection

It seems it reports VNC invalid auth despite it working with other programs, like guacamole? I am using mac os default vnc service.

@jonathanpoelen
Copy link
Contributor

It seems that the authentication algorithm is not supported. Could you enable debug logs in the rdpproxy.ini file ? Setting Redemption.

[debug]
mod_vnc=0x11

@Kreijstal
Copy link
Author 

rdpproxy: INFO (3395298/3395298) -- RDP-5 Style logon
rdpproxy: INFO (3395298/3395298) -- Front::incoming: ACTIVATED (new license request)
rdpproxy: INFO (3395298/3395298) -- connecting to /tmp/redemption-sesman-sock
rdpproxy: INFO (3395298/3395298) -- connection to /tmp/redemption-sesman-sock succeeded : socket 5
rdpproxy: INFO (3395298/3395298) -- Session: Keyboard Layout = 0x20409
rdpproxy: INFO (3395298/3395298) -- New Module: MODULE_VNC
rdpproxy: INFO (3395298/3395298) -- ModuleManager::Creation of new mod 'VNC'
rdpproxy: [rdpproxy] psid="13944853395298" user="topkek" type="TARGET_CONNECTION" target="topkek" session_id="e9160fa7-1ef0-4015-aa15-edaad994fca5" host="topkeks-iPro.fritz.box" port="5900"
rdpproxy: INFO (3395298/3395298) -- connecting to topkeks-iPro.fritz.box:5900
rdpproxy: INFO (3395298/3395298) -- connection to topkeks-iPro.fritz.box:5900 (192.168.188.39) succeeded : socket 7
rdpproxy: INFO (3395298/3395298) -- i18n context is set for "en" locale
rdpproxy: INFO (3395298/3395298) -- mod_vnc::verbosity=0x11
rdpproxy: INFO (3395298/3395298) -- Creation of new mod 'VNC'
rdpproxy: INFO (3395298/3395298) -- User session inactivity : set to 900 seconds
rdpproxy: INFO (3395298/3395298) -- state=WAIT_SECURITY_TYPES
rdpproxy: INFO (3395298/3395298) -- Server Protocol Version=3.889
rdpproxy: INFO (3395298/3395298) -- got 4 security types:
rdpproxy: INFO (3395298/3395298) -- * <unknown 0x1e>
rdpproxy: INFO (3395298/3395298) -- * <unknown 0x21>
rdpproxy: INFO (3395298/3395298) -- * <unknown 0x24>
rdpproxy: INFO (3395298/3395298) -- * <unknown 0x23>
rdpproxy: INFO (3395298/3395298) -- invalid security choosen
rdpproxy: ERR (3395298/3395298) -- VNC INVALID Auth
rdpproxy: ERR (3395298/3395298) -- SocketTransport::do_partial_read: Failed to read from socket VNC Target!
rdpproxy: INFO (3395298/3395298) -- ModTrans=<0x56382a306c30> Sock=7 AutoReconnection=No AutoReconnectable=No ErrorEncountered=No
rdpproxy: INFO (3395298/3395298) -- Exited from target connection
rdpproxy: INFO (3395298/3395298) -- Client disconnect from VNC module
rdpproxy: [VNC Session] session_id="e9160fa7-1ef0-4015-aa15-edaad994fca5" client_ip="192.168.188.20" target_ip="192.168.188.39" user="topkek" device="topkeks-iPro.fritz.box" service="" account="topkek" type="SESSION_DISCONNECTION" duration="0:00:00"
rdpproxy: INFO (3395298/3395298) -- type=SESSION_DISCONNECTION duration=0:00:00
rdpproxy: [rdpproxy] psid="13944853395298" user="topkek" type="TARGET_DISCONNECTION" session_id="e9160fa7-1ef0-4015-aa15-edaad994fca5" reason="Exception ERR_TRANSPORT_NO_MORE_DATA no: 1501"
rdpproxy: INFO (3395298/3395298) -- Socket VNC Target (7) : closing connection
rdpproxy: INFO (3395298/3395298) -- New Module: MODULE_INTERNAL_CLOSE
rdpproxy: INFO (3395298/3395298) -- ----------------------- create_close_mod() -----------------
rdpproxy: INFO (3395298/3395298) -- WabCloseMod: Ending session in 600 seconds
rdpproxy: INFO (3395298/3395298) -- User session inactivity : timer is stopped !
rdpproxy: INFO (3395298/3395298) -- CloseMod::notify Click on Close Button
rdpproxy: INFO (3395298/3395298) -- Module asked Front Disconnection
rdpproxy: INFO (3395298/3395298) -- Socket Authentifier (5) : closing connection
rdpproxy: INFO (3395298/3395298) -- Client Session Disconnected
rdpproxy: [rdpproxy] psid="13944853395298" user="topkek" type="DISCONNECT" reason="Exception ERR_TRANSPORT_NO_MORE_DATA no: 1501"
rdpproxy: INFO (3395298/3395298) -- Socket RDP Client (6) : closing connection

4 security types.

@jonathanpoelen
Copy link
Contributor

We don't implement any of these authentication methods, but some are documented / reverse-engineered:

On the other hand, since VNC is not a priority, this won't be done for a while.

You can configure your server with one of the methods known by the proxy:

        VNC_AUTH_NONE         = 1,
        VNC_AUTH_VNC         = 2,
        VNC_AUTH_VENCRYPT    = 19,
        VNC_AUTH_ULTRA_MsLogonIIAuth = 113,
        VNC_AUTH_ULTRA_SecureVNCPluginAuth = 114,
        VNC_AUTH_ULTRA_SecureVNCPluginAuth_new = 115,
        VeNCRYPT_TLSNone     = 257,
        VeNCRYPT_TLSVnc     = 258,
        VeNCRYPT_TLSPlain     = 259,
        VeNCRYPT_X509None    = 260,
        VeNCRYPT_X509Vnc    = 261,
        VeNCRYPT_X509Plain    = 262,
        VNC_AUTH_ULTRA_MS_LOGON = -6,

Or configure with VNC over SSH by opening an ssh tunnel in passthrought.py (see tools/sesman/sesmanworker/tunneling_process.py and TunnelingProcessPXSSH) and send the unix socket path to the proxy with the tunneling_target_host parameter. But this requires some work.

@Kreijstal
Copy link
Author

Kreijstal commented Dec 26, 2024
edited
Loading

We don't implement any of these authentication methods, but some are documented / reverse-engineered:

* 0x1E (Diffie-Hellman Authentication) is documented (https://github.com/rfbproto/rfbproto/blob/master/rfbproto.rst)

* 0x21 (Apple Inc) is reverse-engineered ([Documentation for macOS auth type 33 rfbproto/rfbproto#52](https://github.com/rfbproto/rfbproto/issues/52))

On the other hand, since VNC is not a priority, this won't be done for a while.

You can configure your server with one of the methods known by the proxy:

        VNC_AUTH_NONE         = 1,
        VNC_AUTH_VNC         = 2,
        VNC_AUTH_VENCRYPT    = 19,
        VNC_AUTH_ULTRA_MsLogonIIAuth = 113,
        VNC_AUTH_ULTRA_SecureVNCPluginAuth = 114,
        VNC_AUTH_ULTRA_SecureVNCPluginAuth_new = 115,
        VeNCRYPT_TLSNone     = 257,
        VeNCRYPT_TLSVnc     = 258,
        VeNCRYPT_TLSPlain     = 259,
        VeNCRYPT_X509None    = 260,
        VeNCRYPT_X509Vnc    = 261,
        VeNCRYPT_X509Plain    = 262,
        VNC_AUTH_ULTRA_MS_LOGON = -6,

Or configure with VNC over SSH by opening an ssh tunnel in passthrought.py (see tools/sesman/sesmanworker/tunneling_process.py and TunnelingProcessPXSSH) and send the unix socket path to the proxy with the tunneling_target_host parameter. But this requires some work.

is it okay to add it to the enum and give a more meaningful error message? something like

diff --git a/src/mod/vnc/vnc.cpp b/src/mod/vnc/vnc.cpp
index 74b374518..337a49ca2 100644
--- a/src/mod/vnc/vnc.cpp
+++ b/src/mod/vnc/vnc.cpp
@@ -682,6 +682,8 @@ const char *mod_vnc::securityTypeString(int32_t t) {
     case VeNCRYPT_X509None: return "X509 none";
     case VeNCRYPT_X509Vnc: return "X509 VNC";
     case VeNCRYPT_X509Plain: return "X509 plain";
+    case VNC_AUTH_DIFFIE_HELLMAN: return "Diffie-Hellman";
+    case VNC_AUTH_APPLE: return "Apple";
     default:
         snprintf(format, sizeof(format), "<unknown 0x%x>", uint32_t(t));
         return format;
diff --git a/src/mod/vnc/vnc.hpp b/src/mod/vnc/vnc.hpp
index 8cd6537e4..6e1e00c50 100644
--- a/src/mod/vnc/vnc.hpp
+++ b/src/mod/vnc/vnc.hpp
@@ -281,6 +281,8 @@ private:
         VNC_AUTH_ULTRA        = 17,
         VNC_AUTH_TLS         = 18,
         VNC_AUTH_VENCRYPT    = 19,
+        VNC_AUTH_DIFFIE_HELLMAN = 30,
+        VNC_AUTH_APPLE = 33,
         VNC_AUTH_ULTRA_MsLogonIAuth = 112,
         VNC_AUTH_ULTRA_MsLogonIIAuth = 113,
         VNC_AUTH_ULTRA_SecureVNCPluginAuth = 114,

@jonathanpoelen
Copy link
Contributor

Done.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jonathanpoelen @Kreijstal