Credential hand-over to sub-servers (Wrdp/canonical stack)#1409
Open
Rui Carmo (rcarmo) wants to merge 3 commits into
Open
Credential hand-over to sub-servers (Wrdp/canonical stack)#1409Rui Carmo (rcarmo) wants to merge 3 commits into
Rui Carmo (rcarmo) wants to merge 3 commits into
Conversation
This was referenced Jul 5, 2026
There was a problem hiding this comment.
Pull request overview
This PR enables IronRDP-based servers to own the RDP handshake and credential collection while handing off the authenticated session to a separate per-user process (the "wrdp"/xrdp-sesman multi-user model). It threads CredSSP-delegated credentials into AcceptorResult::credentials, adds a same-TCP-connection credential cache so reactivation can reuse a validated identity, and introduces a ConnectionBinder hook that swaps in per-user display/input handlers after credentials are available.
Changes:
- Capture CredSSP/Hybrid delegated
TSPasswordCredsfrom the CredSSP server state machine and expose them viaAcceptorResult::credentials(previously TLSClientInfoPduonly). - Add
ConnectionBinder/BoundConnectionserver API (builder + setter + re-exports) that replaces display/input handlers post-auth. - Centralize credential resolution in
resolve_authenticated_credentials, backed by anaccept_finalize()-scoped cache for reactivation, plus unit tests anddocs/wrdp/notes.
Reviewed changes
Copilot reviewed 9 out of 9 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
crates/ironrdp-acceptor/src/credssp.rs |
handle_process_result now returns the delegated AuthIdentity alongside Written. |
crates/ironrdp-acceptor/src/lib.rs |
Stores CredSSP-delegated credentials into the acceptor during the CredSSP loop. |
crates/ironrdp-acceptor/src/connection.rs |
Adds set_received_credssp_credentials and updates AcceptorResult::credentials docs to cover CredSSP. |
crates/ironrdp-server/src/server.rs |
Adds ConnectionBinder/BoundConnection, binder invocation in client_accepted, reactivation cache + resolve_authenticated_credentials, and tests. |
crates/ironrdp-server/src/builder.rs |
Wires connection_binder through the builder and build(). |
crates/ironrdp-server/src/lib.rs |
Re-exports BoundConnection/ConnectionBinder. |
docs/wrdp/*.md |
New design notes for auth delegation, CredSSP handoff, and reactivation cache scope. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+1376
to
+1382
| let authenticated_credentials = resolve_authenticated_credentials( | ||
| self.credential_validator.clone(), | ||
| result.credentials.as_ref(), | ||
| result.reactivation, | ||
| authenticated_credentials_cache, | ||
| ) | ||
| .await?; |
|
|
||
| /// Set or clear a post-auth connection binder. | ||
| /// | ||
| /// When set, the binder is called after credentials have been validated. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Hello!
I am creating a “wrdp” server that follows the xrdp-sesman model, and broke off this set of commits (along with a little note you can discard) that allows IronRDP to effectively own credential handling while still enabling session hand-off to a process that will then handle the actual user session setup - without that process needing to reinvent the wheel.