Skip to content

Credential hand-over to per-user server sessions#1413

Open
Piclaw (piclaw-bot) wants to merge 5 commits into
Devolutions:masterfrom
rcarmo:wrdp
Open

Credential hand-over to per-user server sessions#1413
Piclaw (piclaw-bot) wants to merge 5 commits into
Devolutions:masterfrom
rcarmo:wrdp

Conversation

@piclaw-bot

Copy link
Copy Markdown

Summary

This replaces and consolidates #1409, #1410, #1411, and #1412 into a single branch from rcarmo:wrdp.

The split PR heads use wrdp/* branch names, but the fork now uses the canonical wrdp branch. Because Git cannot keep both refs/heads/wrdp and refs/heads/wrdp/* at the same time, this PR carries the updated commits and review fixes together.

Why

wrdp follows the xrdp-sesman multi-user architecture model, so it needs a way to hand authenticated credentials from the protocol handshake into the per-user session binder.

Changes

  • Adds an async post-auth connection binder hook in ironrdp-server.
  • Scopes reactivation credential reuse to the current TCP connection.
  • Exposes CredSSP delegated credentials to server consumers via the same Credentials shape used by ClientInfo.
  • Restores the client-facing denial PDU on credential reject/backend-error paths before returning the error.
  • Clarifies binder docs so they refer to authenticated credentials being available, not only to configured validator acceptance.
  • Skips binder re-execution during deactivation/reactivation so resize/reactivation does not restart per-user binding or replace handlers mid-session.

Copilot review follow-up

This includes fixes for the Copilot comments from the superseded PRs:

Validation

  • cargo check -p ironrdp-server -p ironrdp-acceptor
  • git diff --check

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Development

Successfully merging this pull request may close these issues.

2 participants