Devolutions · irvingoujAtDevolution · Jul 4, 2025 · Jul 4, 2025 · Jul 5, 2025 · Jul 5, 2025
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/crates/ironrdp-async/Cargo.toml b/crates/ironrdp-async/Cargo.toml
@@ -17,6 +17,7 @@ test = false
 
 [dependencies]
 ironrdp-connector = { path = "../ironrdp-connector", version = "0.6" } # public
+ironrdp-vmconnect.path = "../ironrdp-vmconnect" # public
 ironrdp-core = { path = "../ironrdp-core", version = "0.1", features = ["alloc"] } # public
 ironrdp-pdu = { path = "../ironrdp-pdu", version = "0.5" } # public
 tracing = { version = "0.1", features = ["log"] }

diff --git a/crates/ironrdp-async/src/connector.rs b/crates/ironrdp-async/src/connector.rs
@@ -1,9 +1,9 @@
-use ironrdp_connector::credssp::{CredsspProcessGenerator, CredsspSequence, KerberosConfig};
+use ironrdp_connector::credssp::{CredsspProcessGenerator, KerberosConfig};
 use ironrdp_connector::sspi::credssp::ClientState;
 use ironrdp_connector::sspi::generator::GeneratorState;
 use ironrdp_connector::{
-    custom_err, general_err, ClientConnector, ClientConnectorState, ConnectionResult, ConnectorError, ConnectorResult,
-    ServerName, State as _,
+    custom_err, general_err, ClientConnector, ClientConnectorState, ConnectionResult, ConnectorCore, ConnectorError,
+    ConnectorResult, SecurityConnector, ServerName,
 };
 use ironrdp_core::WriteBuf;
 
@@ -14,7 +14,10 @@ use crate::{single_sequence_step, AsyncNetworkClient};
 pub struct ShouldUpgrade;
 
 #[instrument(skip_all)]
-pub async fn connect_begin<S>(framed: &mut Framed<S>, connector: &mut ClientConnector) -> ConnectorResult<ShouldUpgrade>
+pub async fn connect_begin<S>(
+    framed: &mut Framed<S>,
+    connector: &mut dyn ConnectorCore,
+) -> ConnectorResult<ShouldUpgrade>
 where
     S: Sync + FramedRead + FramedWrite,
 {
@@ -29,7 +32,7 @@ where
     Ok(ShouldUpgrade)
 }
 
-pub fn skip_connect_begin(connector: &mut ClientConnector) -> ShouldUpgrade {
+pub fn skip_connect_begin(connector: &dyn SecurityConnector) -> ShouldUpgrade {
     assert!(connector.should_perform_security_upgrade());
     ShouldUpgrade
 }
@@ -38,22 +41,26 @@ pub fn skip_connect_begin(connector: &mut ClientConnector) -> ShouldUpgrade {
 pub struct Upgraded;
 
 #[instrument(skip_all)]
-pub fn mark_as_upgraded(_: ShouldUpgrade, connector: &mut ClientConnector) -> Upgraded {
+pub fn mark_as_upgraded(_: ShouldUpgrade, connector: &mut dyn SecurityConnector) -> Upgraded {
     trace!("Marked as upgraded");
     connector.mark_security_upgrade_as_done();
     Upgraded
 }
 
-#[instrument(skip_all)]
-pub async fn connect_finalize<S>(
+#[non_exhaustive]
+pub struct CredSSPFinished {
+    pub(crate) write_buf: WriteBuf,
+}
+
+pub async fn perform_credssp<S>(
     _: Upgraded,
+    connector: &mut dyn ConnectorCore,
     framed: &mut Framed<S>,
-    mut connector: ClientConnector,
     server_name: ServerName,
     server_public_key: Vec<u8>,
     network_client: Option<&mut dyn AsyncNetworkClient>,
     kerberos_config: Option<KerberosConfig>,
-) -> ConnectorResult<ConnectionResult>
+) -> ConnectorResult<CredSSPFinished>
 where
     S: FramedRead + FramedWrite,
 {
@@ -62,7 +69,7 @@ where
     if connector.should_perform_credssp() {
         perform_credssp_step(
             framed,
-            &mut connector,
+            connector,
             &mut buf,
             server_name,
             server_public_key,
@@ -72,6 +79,19 @@ where
         .await?;
     }
 
+    Ok(CredSSPFinished { write_buf: buf })
+}
+
+#[instrument(skip_all)]
+pub async fn connect_finalize<S>(
+    CredSSPFinished { write_buf: mut buf }: CredSSPFinished,
+    framed: &mut Framed<S>,
+    mut connector: ClientConnector,
+) -> ConnectorResult<ConnectionResult>
+where
+    S: FramedRead + FramedWrite,
+{
+    buf.clear();
     let result = loop {
         single_sequence_step(framed, &mut connector, &mut buf).await?;
 
@@ -108,7 +128,7 @@ async fn resolve_generator(
 #[instrument(level = "trace", skip_all)]
 async fn perform_credssp_step<S>(
     framed: &mut Framed<S>,
-    connector: &mut ClientConnector,
+    connector: &mut dyn ConnectorCore,
     buf: &mut WriteBuf,
     server_name: ServerName,
     server_public_key: Vec<u8>,
@@ -120,70 +140,70 @@ where
 {
     assert!(connector.should_perform_credssp());
 
-    let selected_protocol = match connector.state {
-        ClientConnectorState::Credssp { selected_protocol, .. } => selected_protocol,
-        _ => return Err(general_err!("invalid connector state for CredSSP sequence")),
-    };
-
-    let (mut sequence, mut ts_request) = CredsspSequence::init(
-        connector.config.credentials.clone(),
-        connector.config.domain.as_deref(),
-        selected_protocol,
-        server_name,
-        server_public_key,
-        kerberos_config,
-    )?;
-
-    loop {
-        let client_state = {
-            let mut generator = sequence.process_ts_request(ts_request);
+    let selected_protocol = connector
+        .selected_protocol()
+        .ok_or_else(|| general_err!("CredSSP protocol not selected, cannot perform CredSSP step"))?;
 
-            if let Some(network_client_ref) = network_client.as_deref_mut() {
-                trace!("resolving network");
-                resolve_generator(&mut generator, network_client_ref).await?
-            } else {
-                generator
-                    .resolve_to_result()
-                    .map_err(|e| custom_err!("resolve without network client", e))?
+    {
+        let (mut sequence, mut ts_request) = connector.init_credssp(
+            connector.config().credentials.clone(),
+            connector.config().domain.as_deref(),
+            selected_protocol,
+            server_name,
+            server_public_key,
+            kerberos_config,
+        )?;
+
+        loop {
+            let client_state = {
+                let mut generator = sequence.process_ts_request(ts_request);
+
+                if let Some(network_client_ref) = network_client.as_deref_mut() {
+                    trace!("resolving network");
+                    resolve_generator(&mut generator, network_client_ref).await?
+                } else {
+                    generator
+                        .resolve_to_result()
+                        .map_err(|e| custom_err!("resolve without network client", e))?
+                }
+            }; // drop generator
+
+            buf.clear();
+            let written = sequence.handle_process_result(client_state, buf)?;
+
+            if let Some(response_len) = written.size() {
+                let response = &buf[..response_len];
+                trace!(response_len, "Send response");
+                framed
+                    .write_all(response)
+                    .await
+                    .map_err(|e| ironrdp_connector::custom_err!("write all", e))?;
             }
-        }; // drop generator
 
-        buf.clear();
-        let written = sequence.handle_process_result(client_state, buf)?;
+            let Some(next_pdu_hint) = sequence.next_pdu_hint() else {
+                break;
+            };
 
-        if let Some(response_len) = written.size() {
-            let response = &buf[..response_len];
-            trace!(response_len, "Send response");
-            framed
-                .write_all(response)
-                .await
-                .map_err(|e| ironrdp_connector::custom_err!("write all", e))?;
-        }
-
-        let Some(next_pdu_hint) = sequence.next_pdu_hint() else {
-            break;
-        };
-
-        debug!(
-            connector.state = connector.state.name(),
-            hint = ?next_pdu_hint,
-            "Wait for PDU"
-        );
+            debug!(
+                connector.state = connector.state().name(),
+                hint = ?next_pdu_hint,
+                "Wait for PDU"
+            );
 
-        let pdu = framed
-            .read_by_hint(next_pdu_hint)
-            .await
-            .map_err(|e| ironrdp_connector::custom_err!("read frame by hint", e))?;
+            let pdu = framed
+                .read_by_hint(next_pdu_hint)
+                .await
+                .map_err(|e| ironrdp_connector::custom_err!("read frame by hint", e))?;
 
-        trace!(length = pdu.len(), "PDU received");
+            trace!(length = pdu.len(), "PDU received");
 
-        if let Some(next_request) = sequence.decode_server_message(&pdu)? {
-            ts_request = next_request;
-        } else {
-            break;
+            if let Some(next_request) = sequence.decode_server_message(&pdu)? {
+                ts_request = next_request;
+            } else {
+                break;
+            }
         }
     }
-
     connector.mark_credssp_as_done();
 
     Ok(())

diff --git a/crates/ironrdp-async/src/lib.rs b/crates/ironrdp-async/src/lib.rs
@@ -9,6 +9,7 @@ pub use bytes;
 mod connector;
 mod framed;
 mod session;
+mod vmconnector;
 
 use core::future::Future;
 use core::pin::Pin;
@@ -18,7 +19,7 @@ use ironrdp_connector::ConnectorResult;
 
 pub use self::connector::*;
 pub use self::framed::*;
-// pub use self::session::*;
+pub use self::vmconnector::*;
 
 pub trait AsyncNetworkClient {
     fn send<'a>(

diff --git a/crates/ironrdp-async/src/vmconnector.rs b/crates/ironrdp-async/src/vmconnector.rs
@@ -0,0 +1,56 @@
+use crate::{single_sequence_step, CredSSPFinished, Framed, FramedRead, FramedWrite};
+use ironrdp_connector::{ClientConnector, ConnectorResult};
+use ironrdp_pdu::pcb::PcbVersion;
+
+use ironrdp_vmconnect::VmClientConnector;
+
+#[non_exhaustive]
+pub struct PcbSent;
+
+pub async fn send_pcb<S>(framed: &mut Framed<S>, payload: String) -> ConnectorResult<PcbSent>
+where
+    S: Sync + FramedRead + FramedWrite,
+{
+    let pcb_pdu = ironrdp_pdu::pcb::PreconnectionBlob {
+        id: 0,
+        version: PcbVersion::V2,
+        v2_payload: Some(payload),
+    };
+
+    let buf = ironrdp_core::encode_vec(&pcb_pdu)
+        .map_err(|e| ironrdp_connector::custom_err!("encode PreconnectionBlob PDU", e))?;
+
+    framed
+        .write_all(&buf)
+        .await
+        .map_err(|e| ironrdp_connector::custom_err!("write PCB PDU", e))?;
+
+    Ok(PcbSent)
+}
+
+pub fn mark_pcb_sent_by_rdclean_path() -> PcbSent {
+    PcbSent
+}
+
+pub fn vm_connector_take_over(_: PcbSent, connector: ClientConnector) -> ConnectorResult<VmClientConnector> {
+    VmClientConnector::take_over(connector)
+}
+
+pub async fn run_until_handover(
+    credssp_finished: &mut CredSSPFinished,
+    framed: &mut Framed<impl FramedRead + FramedWrite>,
+    mut connector: VmClientConnector,
+) -> ConnectorResult<ClientConnector> {
+    let result = loop {
+        single_sequence_step(framed, &mut connector, &mut credssp_finished.write_buf).await?;
+
+        if connector.should_hand_over() {
+            break connector.hand_over();
+        }
+    };
+
+    info!("Handover to client connector");
+    credssp_finished.write_buf.clear();
+
+    Ok(result)
+}