Skip to content

Credential hand-over to sub-servers (Wrdp/canonical stack)#1409

Open
Rui Carmo (rcarmo) wants to merge 3 commits into
Devolutions:masterfrom
rcarmo:wrdp/canonical-stack
Open

Credential hand-over to sub-servers (Wrdp/canonical stack)#1409
Rui Carmo (rcarmo) wants to merge 3 commits into
Devolutions:masterfrom
rcarmo:wrdp/canonical-stack

Conversation

@rcarmo

Copy link
Copy Markdown

Hello!

I am creating a “wrdp” server that follows the xrdp-sesman model, and broke off this set of commits (along with a little note you can discard) that allows IronRDP to effectively own credential handling while still enabling session hand-off to a process that will then handle the actual user session setup - without that process needing to reinvent the wheel.

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR enables IronRDP-based servers to own the RDP handshake and credential collection while handing off the authenticated session to a separate per-user process (the "wrdp"/xrdp-sesman multi-user model). It threads CredSSP-delegated credentials into AcceptorResult::credentials, adds a same-TCP-connection credential cache so reactivation can reuse a validated identity, and introduces a ConnectionBinder hook that swaps in per-user display/input handlers after credentials are available.

Changes:

  • Capture CredSSP/Hybrid delegated TSPasswordCreds from the CredSSP server state machine and expose them via AcceptorResult::credentials (previously TLS ClientInfoPdu only).
  • Add ConnectionBinder/BoundConnection server API (builder + setter + re-exports) that replaces display/input handlers post-auth.
  • Centralize credential resolution in resolve_authenticated_credentials, backed by an accept_finalize()-scoped cache for reactivation, plus unit tests and docs/wrdp/ notes.

Reviewed changes

Copilot reviewed 9 out of 9 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
crates/ironrdp-acceptor/src/credssp.rs handle_process_result now returns the delegated AuthIdentity alongside Written.
crates/ironrdp-acceptor/src/lib.rs Stores CredSSP-delegated credentials into the acceptor during the CredSSP loop.
crates/ironrdp-acceptor/src/connection.rs Adds set_received_credssp_credentials and updates AcceptorResult::credentials docs to cover CredSSP.
crates/ironrdp-server/src/server.rs Adds ConnectionBinder/BoundConnection, binder invocation in client_accepted, reactivation cache + resolve_authenticated_credentials, and tests.
crates/ironrdp-server/src/builder.rs Wires connection_binder through the builder and build().
crates/ironrdp-server/src/lib.rs Re-exports BoundConnection/ConnectionBinder.
docs/wrdp/*.md New design notes for auth delegation, CredSSP handoff, and reactivation cache scope.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment on lines +1376 to +1382
let authenticated_credentials = resolve_authenticated_credentials(
self.credential_validator.clone(),
result.credentials.as_ref(),
result.reactivation,
authenticated_credentials_cache,
)
.await?;

/// Set or clear a post-auth connection binder.
///
/// When set, the binder is called after credentials have been validated.
@piclaw-bot Piclaw (piclaw-bot) deleted the wrdp/canonical-stack branch July 5, 2026 08:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Development

Successfully merging this pull request may close these issues.

2 participants