Skip to content

Added isSecure field in the winrm settings. When isSecure is true, we allow HTTPs connection to end point powershell. If isSecure is false, we allow HTTP connection to end point powershell. #5

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
aspiremore wants to merge 10 commits into
base: master
Choose a base branch
from
Open

Added isSecure field in the winrm settings. When isSecure is true, we allow HTTPs connection to end point powershell. If isSecure is false, we allow HTTP connection to end point powershell. #5

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
ed045cd
Allow HTTP device claim
avinayac Jun 10, 2022
3ee2786
Allow HTTP device claim
avinayac Jun 10, 2022
b6d3fb8
Allow HTTP device claim
avinayac Jun 13, 2022
e926485
Allow HTTP device claim with issecure field
avinayac Jun 14, 2022
1f5a7ac
updated go mod
avinayac Jun 14, 2022
a2a6700
modifying go mod
avinayac Dec 9, 2022
7a35eeb
modifying go mod
avinayac Dec 9, 2022
91fe433
modifying go mod to merge to CiscoM31
avinayac Dec 9, 2022
cb7a0c3
Allowing HTTP connection to powershell end point
avinayac Dec 14, 2022
0df0942
Adding UT there the connection is happening via HTTP
avinayac Dec 14, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 21 additions & 1 deletion winrm.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,10 @@ const (
NTLM
Kerberos
)
const (
HTTP_PROTOCOL = "http"
Copy link
Copy Markdown

@rabadin rabadin Jan 4, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a detail but http/https is usually referred as the "scheme".

HTTPS_PROTOCOL = "https"
)

// WinRM client used for executing scripts
// TODO: Add support for NTLM and Kerberos, Only basic is supported for now
Expand Down Expand Up @@ -55,6 +59,8 @@ type winrmSettings struct {
operationTimeout string
// Timeout of each HTTP call made
timeout int
// Whether the call is HTTP or HTTPS
isSecure bool
}

type getEndpointDetails func() endpointDetails
Expand Down Expand Up @@ -108,6 +114,13 @@ func Port(num int) winrmSettingsOption {
}
}

func IsSecure(b bool) winrmSettingsOption {
return func(ws winrmSettings) winrmSettings {
ws.isSecure = b
return ws
}
}

func MaxEnvelopeSize(size string) winrmSettingsOption {
return func(ws winrmSettings) winrmSettings {
ws.maxEnvelopeSize = size
Expand Down Expand Up @@ -156,6 +169,7 @@ var defaultWinrmSettings winrmSettings = winrmSettings{
maxEnvelopeSize: "153200",
locale: "en-US",
operationTimeout: "PT60.000S",
isSecure: true,
}

// Creates a new WinRM client
Expand Down Expand Up @@ -185,7 +199,13 @@ func NewWinRMClient(details getEndpointDetails, options ...winrmSettingsOption)
for _, o := range options {
client.winrmSettings = o(client.winrmSettings)
}
client.url = fmt.Sprintf("https://%s:%d/wsman", client.ipAddress, client.port)
var protocol string
if client.isSecure {
Copy link
Copy Markdown

@rabadin rabadin Dec 12, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's a detail but to avoid repeating the whole Sprintf line, how about:

if client.isSecure {
    protocol = "https"
} else {
    protocol = "http"
}

then use protocol

Copy link
Copy Markdown
Author

@aspiremore aspiremore Dec 14, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

addressed

protocol = HTTPS_PROTOCOL
} else {
protocol = HTTP_PROTOCOL
}
client.url = fmt.Sprintf("%s://%s:%d/wsman", protocol, client.ipAddress, client.port)
if client.endpointDetails.auth&NTLM == NTLM {
client.client.Transport = ntlmssp.Negotiator{RoundTripper: client.client.Transport}
}
Expand Down
18 changes: 18 additions & 0 deletions xml_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,3 +65,21 @@ func TestCaptureAttribute(t *testing.T) {
t.Error("invalid attribute")
}
}

func BenchmarkHTTPRequest(b *testing.B) {
Copy link
Copy Markdown

@rabadin rabadin Jan 4, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure how this is relevant...?

for i := 0; i < b.N; i++ {
p := &gopsremote.PayloadBuilder{
OpType: gopsremote.Execute,
Url: "http://172.25.168.38:5986/wsman",
OperationTimeout: "PT.06",
Locale: "en-US",
MessageId: uuid.New().String(),
ShellId: uuid.New().String(),
CommandId: uuid.New().String(),
Command: "Get-Service",
Input: "del",
MaxEnvelopeSize: "1532600",
}
p.Execute()
}
}