Re-assemble cliprdr messages that were split into multiple PDUs
Implement reassembly of chunked virtual channel data, as described in
https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/a542bf19-1c86-4c80-ab3e-61449653abf6
Note: this is technically applicable to all virtual channels, not just
cliprdr, so this logic should eventually be moved to a more reusable
place. We haven't had an issue with the rdpdr virtual channel because
the smart card messages we implement are all small enough to fit in a
single chunk.
* Generate a random smart card PIN per-session
Instead of using a shared static PIN for all sessions, use a
cryptographically secure random number generator to generate
a random 8-digit PIN that is unique per session.
Additionally, implement the verify command by checking that the
PIN that Windows sends back matches the one we randomly generated.
Since the PIN is only-known to Teleport, this prevents users from
using the virtual smartcard for anything besides the initial
Windows login.
* Fix hang if PIN doesn't match
Now that we're verifying the smart card PIN, the RDP connection between
Windows Desktop Service will be closed if the PIN doesn't match.
Unfortunately, the goroutine that's reading user input from the browser
is still blocked waiting on user input, and doesn't know that we're no
longer connected to the desktop. This situation resolves itself as soon
as you try to move the mouse or press a key, but it would be better to
shut the TDP connection down immediately rather than leave it open with
a static screen.
* Don't error when PIN verify fails
By returning an error, we kill the connection.
Instead, just return the error that indicates verification failed.
Windows won't allow access to any resources, but the connection will
remain open.
The workspace includes both parts of the project that use Rust.
(The roletester and RDP client).
This has several advantages:
- Rust Analyzer will work on the codebase as a whole, so we get
nice development features without needing to open the Rust
projects separately
- Dependencies are resolved at the project level, ensuring that
role tester and RDP client use the same version of common
dependencies.
2022-01-26 14:07:42 -07:00
Renamed from lib/srv/desktop/rdp/rdpclient/Cargo.lock (Browse further)