self-hosted/teleport
self-hosted/teleport
1
0
Fork 0
mirror of https://github.com/gravitational/teleport synced 2024-10-21 17:53:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
7719 commits 3226 branches 4171 tags 1.3 GiB
Commit graph

4 commits

Author SHA1 Message Date
Joel 0bd0b234e3
Update cargo deps (#11400) 2022-03-24 12:15:13 +00:00
Zac Bergquist 8026e8c576
Fix large clipboard copy/paste (#10670) 
Re-assemble cliprdr messages that were split into multiple PDUs

Implement reassembly of chunked virtual channel data, as described in
https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/a542bf19-1c86-4c80-ab3e-61449653abf6

Note: this is technically applicable to all virtual channels, not just
cliprdr, so this logic should eventually be moved to a more reusable
place. We haven't had an issue with the rdpdr virtual channel because
the smart card messages we implement are all small enough to fit in a
single chunk.
 2022-03-02 23:09:57 +00:00
Zac Bergquist d5f01d867d
Generate/validate a PIN for our virtual smartcard (#9919) 
* Generate a random smart card PIN per-session

Instead of using a shared static PIN for all sessions, use a
cryptographically secure random number generator to generate
a random 8-digit PIN that is unique per session.

Additionally, implement the verify command by checking that the
PIN that Windows sends back matches the one we randomly generated.

Since the PIN is only-known to Teleport, this prevents users from
using the virtual smartcard for anything besides the initial
Windows login.

* Fix hang if PIN doesn't match

Now that we're verifying the smart card PIN, the RDP connection between
Windows Desktop Service will be closed if the PIN doesn't match.

Unfortunately, the goroutine that's reading user input from the browser
is still blocked waiting on user input, and doesn't know that we're no
longer connected to the desktop. This situation resolves itself as soon
as you try to move the mouse or press a key, but it would be better to
shut the TDP connection down immediately rather than leave it open with
a static screen.

* Don't error when PIN verify fails

By returning an error, we kill the connection.
Instead, just return the error that indicates verification failed.
Windows won't allow access to any resources, but the connection will
remain open.
 2022-02-14 11:07:58 -07:00
Zac Bergquist 0f61458864
Add a Cargo workspace (#9960) 
The workspace includes both parts of the project that use Rust.
(The roletester and RDP client).

This has several advantages:
- Rust Analyzer will work on the codebase as a whole, so we get
  nice development features without needing to open the Rust
  projects separately
- Dependencies are resolved at the project level, ensuring that
  role tester and RDP client use the same version of common
  dependencies.
 2022-01-26 14:07:42 -07:00
Renamed from lib/srv/desktop/rdp/rdpclient/Cargo.lock (Browse further)