diff --git a/Cargo.lock b/Cargo.lock index e0bdca8f6..3333fcced 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -93,7 +93,7 @@ dependencies = [ "bytes 1.10.1", "cfg-if", "http 1.3.1", - "indexmap 2.9.0", + "indexmap 2.10.0", "schemars", "serde", "serde_json", @@ -208,7 +208,7 @@ dependencies = [ "log", "pin-utils", "pkg-config", - "tokio 1.45.1", + "tokio 1.46.1", "winapi", ] @@ -372,7 +372,7 @@ dependencies = [ "serde_urlencoded", "sha1", "sync_wrapper 1.0.2", - "tokio 1.45.1", + "tokio 1.46.1", "tokio-tungstenite", "tower 0.5.2", "tower-layer", @@ -438,7 +438,7 @@ dependencies = [ "serde", "serde_html_form", "serde_path_to_error", - "tokio 1.45.1", + "tokio 1.46.1", "tokio-util", "tower 0.5.2", "tower-layer", @@ -525,7 +525,7 @@ checksum = "212d8b8e1a22743d9241575c6ba822cf9c8fef34771c86ab7e477a4fbfd254e5" dependencies = [ "futures-util", "parking_lot", - "tokio 1.45.1", + "tokio 1.46.1", ] [[package]] @@ -535,7 +535,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e570e6557cd0f88d28d32afa76644873271a70dc22656df565b2021c4036aa9c" dependencies = [ "bb8", - "tokio 1.45.1", + "tokio 1.46.1", "tokio-postgres", ] @@ -740,9 +740,9 @@ dependencies = [ [[package]] name = "cc" -version = "1.2.27" +version = "1.2.29" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d487aa071b5f64da6f19a3e848e3578944b726ee5a4854b82172f02aa876bfdc" +checksum = "5c1599538de2394445747c8cf7935946e3cc27e9625f889d979bfb2aaf569362" dependencies = [ "jobserver", "libc", @@ -762,7 +762,7 @@ dependencies = [ "ctrlc", "libc", "log", - "system-configuration-sys", + "system-configuration-sys 0.5.0", "timer", "widestring 0.4.3", "windows-sys 0.52.0", @@ -1158,7 +1158,7 @@ dependencies = [ "sha2", "tap", "thiserror 2.0.12", - "tokio 1.45.1", + "tokio 1.46.1", "tokio-rustls", "tracing", "uuid", @@ -1211,8 +1211,8 @@ dependencies = [ "hyper 1.6.0", "hyper-util", "ironrdp-acceptor 0.5.0", - "ironrdp-connector 0.5.0", - "ironrdp-core", + "ironrdp-connector 0.5.1", + "ironrdp-core 0.1.5", "ironrdp-pdu 0.5.0", "ironrdp-rdcleanpath", "ironrdp-tokio 0.5.0", @@ -1243,7 +1243,7 @@ dependencies = [ "terminal-streamer", "thiserror 2.0.12", "time", - "tokio 1.45.1", + "tokio 1.46.1", "tokio-rustls", "tokio-test", "tokio-tungstenite", @@ -1278,7 +1278,7 @@ name = "devolutions-gateway-task" version = "0.0.0" dependencies = [ "async-trait", - "tokio 1.45.1", + "tokio 1.46.1", ] [[package]] @@ -1289,7 +1289,7 @@ dependencies = [ "async-trait", "camino", "devolutions-gateway-task", - "tokio 1.45.1", + "tokio 1.46.1", "tracing", "tracing-appender", "tracing-subscriber", @@ -1325,7 +1325,7 @@ dependencies = [ "serde_json", "sha1", "sha2", - "tokio 1.45.1", + "tokio 1.46.1", "tokio-postgres", "tower 0.5.2", "tower-http 0.5.2", @@ -1376,7 +1376,7 @@ dependencies = [ "schemars", "serde", "serde_json", - "tokio 1.45.1", + "tokio 1.46.1", "tower 0.3.1", "uuid", "win-api-wrappers", @@ -1391,7 +1391,7 @@ dependencies = [ "embed-resource", "fs_extra", "parking_lot", - "tokio 1.45.1", + "tokio 1.46.1", "win-api-wrappers", "windows-core 0.61.2", ] @@ -1416,7 +1416,7 @@ dependencies = [ "tap", "tempfile", "thiserror 2.0.12", - "tokio 1.45.1", + "tokio 1.46.1", "tracing", "win-api-wrappers", "windows 0.61.3", @@ -1631,6 +1631,18 @@ dependencies = [ "winreg 0.55.0", ] +[[package]] +name = "enum-as-inner" +version = "0.6.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a1e6a265c649f3f5979b601d26f1d05ada116434c87741c9493cb56218f76cbc" +dependencies = [ + "heck", + "proc-macro2 1.0.95", + "quote 1.0.40", + "syn 2.0.104", +] + [[package]] name = "equivalent" version = "1.0.2" @@ -1696,18 +1708,6 @@ version = "0.2.9" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "28dea519a9695b9977216879a3ebfddf92f1c08c05d984f8996aecd6ecdc811d" -[[package]] -name = "filetime" -version = "0.2.25" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "35c0522e981e68cbfa8c3f978441a5f34b30b96e146b33cd3359176b50fe8586" -dependencies = [ - "cfg-if", - "libc", - "libredox", - "windows-sys 0.59.0", -] - [[package]] name = "flagset" version = "0.4.7" @@ -1987,18 +1987,18 @@ dependencies = [ "futures-sink", "futures-util", "http 0.2.12", - "indexmap 2.9.0", + "indexmap 2.10.0", "slab", - "tokio 1.45.1", + "tokio 1.46.1", "tokio-util", "tracing", ] [[package]] name = "h2" -version = "0.4.10" +version = "0.4.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a9421a676d1b147b16b82c9225157dc629087ef8ec4d5e2960f9437a90dac0a5" +checksum = "17da50a276f1e01e0ba6c029e47b7100754904ee8a278f886546e98575380785" dependencies = [ "atomic-waker", "bytes 1.10.1", @@ -2006,9 +2006,9 @@ dependencies = [ "futures-core", "futures-sink", "http 1.3.1", - "indexmap 2.9.0", + "indexmap 2.10.0", "slab", - "tokio 1.45.1", + "tokio 1.46.1", "tokio-util", "tracing", ] @@ -2068,6 +2068,12 @@ dependencies = [ "http 1.3.1", ] +[[package]] +name = "heck" +version = "0.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2304e00983f87ffb38b55b444b5e3b60a884b5d30c0fca7d82fe33449bbe55ea" + [[package]] name = "hermit-abi" version = "0.5.2" @@ -2086,6 +2092,51 @@ version = "1.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bcaaec4551594c969335c98c903c1397853d4198408ea609190f420500f6be71" +[[package]] +name = "hickory-proto" +version = "0.24.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "92652067c9ce6f66ce53cc38d1169daa36e6e7eb7dd3b63b5103bd9d97117248" +dependencies = [ + "async-trait", + "cfg-if", + "data-encoding", + "enum-as-inner", + "futures-channel", + "futures-io", + "futures-util", + "idna", + "ipnet", + "once_cell", + "rand 0.8.5", + "thiserror 1.0.69", + "tinyvec", + "tokio 1.46.1", + "tracing", + "url", +] + +[[package]] +name = "hickory-resolver" +version = "0.24.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cbb117a1ca520e111743ab2f6688eddee69db4e0ea242545a604dce8a66fd22e" +dependencies = [ + "cfg-if", + "futures-util", + "hickory-proto", + "ipconfig", + "lru-cache", + "once_cell", + "parking_lot", + "rand 0.8.5", + "resolv-conf", + "smallvec", + "thiserror 1.0.69", + "tokio 1.46.1", + "tracing", +] + [[package]] name = "hkdf" version = "0.12.4" @@ -2239,7 +2290,7 @@ dependencies = [ "itoa", "pin-project-lite 0.2.16", "socket2", - "tokio 1.45.1", + "tokio 1.46.1", "tower-service", "tracing", "want", @@ -2254,7 +2305,7 @@ dependencies = [ "bytes 1.10.1", "futures-channel", "futures-util", - "h2 0.4.10", + "h2 0.4.11", "http 1.3.1", "http-body 1.0.1", "httparse", @@ -2262,7 +2313,7 @@ dependencies = [ "itoa", "pin-project-lite 0.2.16", "smallvec", - "tokio 1.45.1", + "tokio 1.46.1", "want", ] @@ -2278,7 +2329,7 @@ dependencies = [ "rustls 0.23.28", "rustls-native-certs", "rustls-pki-types", - "tokio 1.45.1", + "tokio 1.46.1", "tokio-rustls", "tower-service", ] @@ -2291,7 +2342,7 @@ checksum = "bbb958482e8c7be4bc3cf272a766a2b0bf1a6755e7a6ae777f017a31d11b13b1" dependencies = [ "hyper 0.14.32", "pin-project-lite 0.2.16", - "tokio 1.45.1", + "tokio 1.46.1", "tokio-io-timeout", ] @@ -2304,15 +2355,15 @@ dependencies = [ "bytes 1.10.1", "hyper 0.14.32", "native-tls", - "tokio 1.45.1", + "tokio 1.46.1", "tokio-native-tls", ] [[package]] name = "hyper-util" -version = "0.1.14" +version = "0.1.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dc2fdfdbff08affe55bb779f33b053aa1fe5dd5b54c257343c17edfa55711bdb" +checksum = "7f66d5bd4c6f02bf0542fad85d626775bab9258cf795a4256dcaf3161114d1df" dependencies = [ "base64 0.22.1", "bytes 1.10.1", @@ -2327,9 +2378,11 @@ dependencies = [ "percent-encoding", "pin-project-lite 0.2.16", "socket2", - "tokio 1.45.1", + "system-configuration", + "tokio 1.46.1", "tower-service", "tracing", + "windows-registry", ] [[package]] @@ -2485,9 +2538,9 @@ dependencies = [ [[package]] name = "indexmap" -version = "2.9.0" +version = "2.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cea70ddb795996207ad57735b50c5982d8844f38ba9ee5f1aedcfb708a2aa11e" +checksum = "fe4cd85333e22411419a0bcae1297d25e58c9443848b11dc6a86fefe8c78a661" dependencies = [ "equivalent", "hashbrown 0.15.4", @@ -2533,6 +2586,17 @@ dependencies = [ "cfg-if", ] +[[package]] +name = "io-uring" +version = "0.7.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b86e202f00093dcba4275d4636b93ef9dd75d025ae560d2521b45ea28ab49013" +dependencies = [ + "bitflags 2.9.1", + "cfg-if", + "libc", +] + [[package]] name = "ipconfig" version = "0.3.2" @@ -2585,14 +2649,12 @@ dependencies = [ [[package]] name = "ironrdp-acceptor" version = "0.5.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ad348cb50d990c23b7c6f4f8f4c42b6678d5d0c6d7acd57f14685b41d77d9ff7" dependencies = [ "ironrdp-async 0.5.0", - "ironrdp-connector 0.5.0", - "ironrdp-core", + "ironrdp-connector 0.5.1", + "ironrdp-core 0.1.5", "ironrdp-pdu 0.5.0", - "ironrdp-svc 0.4.0", + "ironrdp-svc 0.4.1", "tracing", ] @@ -2622,12 +2684,10 @@ dependencies = [ [[package]] name = "ironrdp-async" version = "0.5.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0bb8b3d345988b6791fd780befc08df35c81a030603e4588c6fb9bf4b14dd3ab" dependencies = [ "bytes 1.10.1", - "ironrdp-connector 0.5.0", - "ironrdp-core", + "ironrdp-connector 0.5.1", + "ironrdp-core 0.1.5", "ironrdp-pdu 0.5.0", "tracing", ] @@ -2661,30 +2721,35 @@ dependencies = [ [[package]] name = "ironrdp-connector" -version = "0.5.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "17af84fc181aa27c142459606ba4ada6f99cf1f4efed7ba622d7e7d20840b30f" +version = "0.5.1" dependencies = [ - "ironrdp-core", + "ironrdp-core 0.1.5", "ironrdp-error 0.1.2", "ironrdp-pdu 0.5.0", - "ironrdp-svc 0.4.0", + "ironrdp-svc 0.4.1", "picky", "picky-asn1-der 0.5.2", "picky-asn1-x509 0.14.4", "rand_core 0.6.4", - "sspi 0.15.13", + "sspi 0.16.0", "tracing", "url", ] +[[package]] +name = "ironrdp-core" +version = "0.1.5" +dependencies = [ + "ironrdp-error 0.1.2", +] + [[package]] name = "ironrdp-core" version = "0.1.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b2db60a59716a84d09040d29c9e75e81545842510fccb0934c09b28e78b46680" dependencies = [ - "ironrdp-error 0.1.2", + "ironrdp-error 0.1.2 (registry+https://github.com/rust-lang/crates.io-index)", ] [[package]] @@ -2714,6 +2779,10 @@ name = "ironrdp-error" version = "0.1.0" source = "git+https://github.com/Devolutions/IronRDP?rev=2e1a9ac88e38e7d92d893007bc25d0a05c365861#2e1a9ac88e38e7d92d893007bc25d0a05c365861" +[[package]] +name = "ironrdp-error" +version = "0.1.2" + [[package]] name = "ironrdp-error" version = "0.1.2" @@ -2762,14 +2831,12 @@ dependencies = [ [[package]] name = "ironrdp-pdu" version = "0.5.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cc69c5d6ad3399965e0d3762886857f5861d4d854efe8d2bfc3462eb2b2b555a" dependencies = [ "bit_field", "bitflags 2.9.1", "byteorder", "der-parser", - "ironrdp-core", + "ironrdp-core 0.1.5", "ironrdp-error 0.1.2", "md-5", "num-bigint", @@ -2786,8 +2853,6 @@ dependencies = [ [[package]] name = "ironrdp-rdcleanpath" version = "0.1.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ac3f5401de43e86384ac0f7f356af8c0bdc321671853f76095da5d480d6998e0" dependencies = [ "der", ] @@ -2820,7 +2885,7 @@ dependencies = [ "ironrdp-rdpsnd", "ironrdp-svc 0.1.0", "ironrdp-tokio 0.1.0", - "tokio 1.45.1", + "tokio 1.46.1", "tokio-rustls", "tracing", ] @@ -2836,12 +2901,10 @@ dependencies = [ [[package]] name = "ironrdp-svc" -version = "0.4.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bcca9d5182ebd60d888fac289480db1e1f1d53598108a8a5797e2013b8b2afe2" +version = "0.4.1" dependencies = [ "bitflags 2.9.1", - "ironrdp-core", + "ironrdp-core 0.1.5", "ironrdp-pdu 0.5.0", ] @@ -2852,18 +2915,20 @@ source = "git+https://github.com/Devolutions/IronRDP?rev=2e1a9ac88e38e7d92d89300 dependencies = [ "bytes 1.10.1", "ironrdp-async 0.1.0", - "tokio 1.45.1", + "tokio 1.46.1", ] [[package]] name = "ironrdp-tokio" version = "0.5.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2a44ec3da4e2a5ca5fef2866f5995e684ab87fecd55f4247a0a8090392a2c21a" dependencies = [ "bytes 1.10.1", "ironrdp-async 0.5.0", - "tokio 1.45.1", + "ironrdp-connector 0.5.1", + "reqwest", + "sspi 0.16.0", + "tokio 1.46.1", + "url", ] [[package]] @@ -2920,7 +2985,7 @@ dependencies = [ "sysinfo", "test-utils", "tinyjson", - "tokio 1.45.1", + "tokio 1.46.1", "tokio-tungstenite", "tracing", "tracing-appender", @@ -2957,7 +3022,7 @@ dependencies = [ "bytes 1.10.1", "futures-util", "jmux-proto", - "tokio 1.45.1", + "tokio 1.46.1", "tokio-util", "tracing", ] @@ -3156,7 +3221,6 @@ checksum = "1580801010e535496706ba011c15f8532df6b42297d2e471fec38ceadd8c0638" dependencies = [ "bitflags 2.9.1", "libc", - "redox_syscall", ] [[package]] @@ -3186,7 +3250,7 @@ dependencies = [ "serde", "serde_json", "thiserror 1.0.69", - "tokio 1.45.1", + "tokio 1.46.1", "tokio-stream", "tokio-util", "tonic", @@ -3245,7 +3309,7 @@ dependencies = [ "bitflags 2.9.1", "cc", "fallible-iterator 0.3.0", - "indexmap 2.9.0", + "indexmap 2.10.0", "log", "memchr", "phf", @@ -3285,7 +3349,7 @@ dependencies = [ "prost", "serde", "thiserror 1.0.69", - "tokio 1.45.1", + "tokio 1.46.1", "tokio-stream", "tokio-util", "tonic", @@ -3304,6 +3368,12 @@ dependencies = [ "libc", ] +[[package]] +name = "linked-hash-map" +version = "0.5.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0717cef1bc8b636c6e1c1bbdefc09e6322da8a9321966e8928ef80d20f7f770f" + [[package]] name = "linux-raw-sys" version = "0.4.15" @@ -3354,6 +3424,15 @@ dependencies = [ "tracing-subscriber", ] +[[package]] +name = "lru-cache" +version = "0.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "31e24f1ad8321ca0e8a1e0ac13f23cb668e6f5466c2c57319f6a5cf1cc8e3b1c" +dependencies = [ + "linked-hash-map", +] + [[package]] name = "lru-slab" version = "0.1.2" @@ -3492,7 +3571,7 @@ name = "mock-net" version = "0.0.0" dependencies = [ "loom", - "tokio 1.45.1", + "tokio 1.46.1", ] [[package]] @@ -3520,7 +3599,7 @@ dependencies = [ "pin-project 1.1.10", "rand 0.8.5", "thiserror 1.0.69", - "tokio 1.45.1", + "tokio 1.46.1", "tokio-util", "tracing", ] @@ -3603,7 +3682,7 @@ dependencies = [ "futures", "libc", "log", - "tokio 1.45.1", + "tokio 1.46.1", ] [[package]] @@ -3636,7 +3715,7 @@ dependencies = [ "rtnetlink", "socket2", "thiserror 2.0.12", - "tokio 1.45.1", + "tokio 1.46.1", "tracing", "tracing-subscriber", "typed-builder", @@ -3652,7 +3731,7 @@ dependencies = [ "polling 3.8.0", "socket2", "thiserror 2.0.12", - "tokio 1.45.1", + "tokio 1.46.1", "tracing", "tracing-cov-mark", "tracing-subscriber", @@ -3687,7 +3766,7 @@ dependencies = [ "serde", "serde_json", "thiserror 1.0.69", - "tokio 1.45.1", + "tokio 1.46.1", "tokio-retry", "tokio-util", "tracing", @@ -3735,12 +3814,11 @@ checksum = "549e471b99ccaf2f89101bec68f4d244457d5a95a9c3d0672e9564124397741d" [[package]] name = "notify" -version = "8.0.0" +version = "8.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2fee8403b3d66ac7b26aee6e40a897d85dc5ce26f44da36b8b73e987cc52e943" +checksum = "3163f59cd3fa0e9ef8c32f242966a7b9994fd7378366099593e0e73077cd8c97" dependencies = [ "bitflags 2.9.1", - "filetime", "fsevent-sys", "inotify", "kqueue", @@ -3749,7 +3827,7 @@ dependencies = [ "mio", "notify-types", "walkdir", - "windows-sys 0.59.0", + "windows-sys 0.60.2", ] [[package]] @@ -3777,8 +3855,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "063dca685ea8efa62d1a3566332b08be0198922f1d8aced1ead413c9f02fd89e" dependencies = [ "bitflags 2.9.1", - "ironrdp-core", - "ironrdp-error 0.1.2", + "ironrdp-core 0.1.5 (registry+https://github.com/rust-lang/crates.io-index)", + "ironrdp-error 0.1.2 (registry+https://github.com/rust-lang/crates.io-index)", ] [[package]] @@ -4304,31 +4382,6 @@ dependencies = [ "uuid", ] -[[package]] -name = "picky-krb" -version = "0.10.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dd24e82ec97008ec01a89a40ba4eeacf09c573da78915674e7127bf33bced64d" -dependencies = [ - "aes", - "byteorder", - "cbc", - "crypto", - "des", - "hmac", - "num-bigint-dig", - "oid", - "pbkdf2", - "picky-asn1 0.10.1", - "picky-asn1-der 0.5.2", - "picky-asn1-x509 0.14.4", - "rand 0.8.5", - "serde", - "sha1", - "thiserror 1.0.69", - "uuid", -] - [[package]] name = "picky-krb" version = "0.11.0" @@ -4675,7 +4728,7 @@ dependencies = [ "proptest", "proxy-generators", "proxy-types", - "tokio 1.45.1", + "tokio 1.46.1", ] [[package]] @@ -4685,7 +4738,7 @@ dependencies = [ "proxy-http", "proxy-socks", "proxy-types", - "tokio 1.45.1", + "tokio 1.46.1", ] [[package]] @@ -4695,7 +4748,7 @@ dependencies = [ "proptest", "proxy-generators", "proxy-types", - "tokio 1.45.1", + "tokio 1.46.1", "tokio-test", ] @@ -4705,7 +4758,7 @@ version = "0.0.0" dependencies = [ "proxy-http", "proxy-socks", - "tokio 1.45.1", + "tokio 1.46.1", ] [[package]] @@ -4719,7 +4772,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4873cd217803ccb250f2563adf3f7a128a6a2039a0aeb2417a58130a079748b4" dependencies = [ "core-foundation 0.9.4", - "system-configuration-sys", + "system-configuration-sys 0.5.0", "url", "winapi", "winreg 0.9.0", @@ -4746,7 +4799,7 @@ dependencies = [ "rustls 0.23.28", "socket2", "thiserror 2.0.12", - "tokio 1.45.1", + "tokio 1.46.1", "tracing", "web-time", ] @@ -4977,14 +5030,16 @@ checksum = "ba39f3699c378cd8970968dcbff9c43159ea4cfbd88d43c00b22f2ef10a435d2" [[package]] name = "reqwest" -version = "0.12.20" +version = "0.12.22" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "eabf4c97d9130e2bf606614eb937e86edac8292eaa6f422f995d7e8de1eb1813" +checksum = "cbc931937e6ca3a06e3b6c0aa7841849b160a90351d6ab467a8b9b9959767531" dependencies = [ "base64 0.22.1", "bytes 1.10.1", + "futures-channel", "futures-core", "futures-util", + "h2 0.4.11", "http 1.3.1", "http-body 1.0.1", "http-body-util", @@ -5003,7 +5058,7 @@ dependencies = [ "serde_json", "serde_urlencoded", "sync_wrapper 1.0.2", - "tokio 1.45.1", + "tokio 1.46.1", "tokio-rustls", "tokio-util", "tower 0.5.2", @@ -5016,6 +5071,12 @@ dependencies = [ "web-sys", ] +[[package]] +name = "resolv-conf" +version = "0.7.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "95325155c684b1c89f7765e30bc1c42e4a6da51ca513615660cb8a62ef9a88e3" + [[package]] name = "retour" version = "0.3.1" @@ -5137,7 +5198,7 @@ dependencies = [ "netlink-sys", "nix 0.27.1", "thiserror 1.0.69", - "tokio 1.45.1", + "tokio 1.46.1", ] [[package]] @@ -5349,7 +5410,7 @@ checksum = "3fbf2ae1b8bc8e02df939598064d22402220cd5bbcca1c76f7d6a310974d5615" dependencies = [ "chrono", "dyn-clone", - "indexmap 2.9.0", + "indexmap 2.10.0", "schemars_derive", "serde", "serde_json", @@ -5509,7 +5570,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9d2de91cf02bbc07cde38891769ccd5d4f073d22a40683aa4bc7a95781aaa2c4" dependencies = [ "form_urlencoded", - "indexmap 2.9.0", + "indexmap 2.10.0", "itoa", "ryu", "serde", @@ -5577,7 +5638,7 @@ version = "0.9.34+deprecated" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6a8b1a1a2ebf674015cc02edccce75287f1a0130d394307b36743c2f5d504b47" dependencies = [ - "indexmap 2.9.0", + "indexmap 2.10.0", "itoa", "ryu", "serde", @@ -5760,7 +5821,7 @@ dependencies = [ "sha1", "sha2", "time", - "tokio 1.45.1", + "tokio 1.46.1", "tracing", "url", "uuid", @@ -5773,9 +5834,9 @@ dependencies = [ [[package]] name = "sspi" -version = "0.15.13" +version = "0.16.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "52de87ee3f7beae3d311fa9a8a866ef71f53ac59807ce4d15d1b1d39f0aedb56" +checksum = "6ebd88036b841e6e50370c1d2b7711ae1fc04d4269abda80427cda4b8230a53d" dependencies = [ "async-dnssd", "async-recursion", @@ -5784,6 +5845,7 @@ dependencies = [ "cfg-if", "crypto-mac", "futures", + "hickory-resolver", "hmac", "lazy_static", "md-5", @@ -5796,16 +5858,19 @@ dependencies = [ "picky-asn1 0.10.1", "picky-asn1-der 0.5.2", "picky-asn1-x509 0.14.4", - "picky-krb 0.10.0", + "picky-krb 0.11.0", + "portpicker", "rand 0.8.5", + "reqwest", "rsa", "rustls 0.23.28", + "rustls-native-certs", "serde", "serde_derive", "sha1", "sha2", "time", - "tokio 1.45.1", + "tokio 1.46.1", "tracing", "url", "uuid", @@ -5917,6 +5982,17 @@ dependencies = [ "windows 0.61.3", ] +[[package]] +name = "system-configuration" +version = "0.6.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3c879d448e9d986b661742763247d3693ed13609438cf3d006f51f5368a5ba6b" +dependencies = [ + "bitflags 2.9.1", + "core-foundation 0.9.4", + "system-configuration-sys 0.6.0", +] + [[package]] name = "system-configuration-sys" version = "0.5.0" @@ -5927,6 +6003,16 @@ dependencies = [ "libc", ] +[[package]] +name = "system-configuration-sys" +version = "0.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8e1d1b10ced5ca923a1fcb8d03e96b8d3268065d724548c0211415ff6ac6bac4" +dependencies = [ + "core-foundation-sys", + "libc", +] + [[package]] name = "tap" version = "1.0.1" @@ -5951,7 +6037,7 @@ name = "terminal-streamer" version = "0.1.0" dependencies = [ "anyhow", - "tokio 1.45.1", + "tokio 1.46.1", "tracing", ] @@ -5963,7 +6049,7 @@ dependencies = [ "futures-util", "portpicker", "proptest", - "tokio 1.45.1", + "tokio 1.46.1", "tokio-tungstenite", "transport", ] @@ -6125,17 +6211,19 @@ dependencies = [ [[package]] name = "tokio" -version = "1.45.1" +version = "1.46.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "75ef51a33ef1da925cea3e4eb122833cb377c61439ca401b770f54902b806779" +checksum = "0cc3a2344dafbe23a245241fe8b09735b521110d30fcefbbd5feb1797ca35d17" dependencies = [ "backtrace", "bytes 1.10.1", + "io-uring", "libc", "mio", "parking_lot", "pin-project-lite 0.2.16", "signal-hook-registry", + "slab", "socket2", "tokio-macros", "tracing", @@ -6149,7 +6237,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "30b74022ada614a1b4834de765f9bb43877f910cc8ce4be40e89042c9223a8bf" dependencies = [ "pin-project-lite 0.2.16", - "tokio 1.45.1", + "tokio 1.46.1", ] [[package]] @@ -6170,7 +6258,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bbae76ab933c85776efabc971569dd6119c580d8f5d448769dec1764bf796ef2" dependencies = [ "native-tls", - "tokio 1.45.1", + "tokio 1.46.1", ] [[package]] @@ -6194,7 +6282,7 @@ dependencies = [ "postgres-types", "rand 0.9.1", "socket2", - "tokio 1.45.1", + "tokio 1.46.1", "tokio-util", "whoami", ] @@ -6207,7 +6295,7 @@ checksum = "7f57eb36ecbe0fc510036adff84824dd3c24bb781e21bfa67b69d556aa85214f" dependencies = [ "pin-project 1.1.10", "rand 0.8.5", - "tokio 1.45.1", + "tokio 1.46.1", ] [[package]] @@ -6217,7 +6305,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8e727b36a1a0e8b74c376ac2211e40c2c8af09fb4013c60d910495810f008e9b" dependencies = [ "rustls 0.23.28", - "tokio 1.45.1", + "tokio 1.46.1", ] [[package]] @@ -6228,7 +6316,7 @@ checksum = "eca58d7bba4a75707817a2c44174253f9236b2d5fbd055602e9d5c07c139a047" dependencies = [ "futures-core", "pin-project-lite 0.2.16", - "tokio 1.45.1", + "tokio 1.46.1", ] [[package]] @@ -6240,7 +6328,7 @@ dependencies = [ "async-stream", "bytes 1.10.1", "futures-core", - "tokio 1.45.1", + "tokio 1.46.1", "tokio-stream", ] @@ -6256,7 +6344,7 @@ dependencies = [ "rustls 0.23.28", "rustls-native-certs", "rustls-pki-types", - "tokio 1.45.1", + "tokio 1.46.1", "tokio-native-tls", "tokio-rustls", "tungstenite", @@ -6273,7 +6361,7 @@ dependencies = [ "futures-io", "futures-sink", "pin-project-lite 0.2.16", - "tokio 1.45.1", + "tokio 1.46.1", ] [[package]] @@ -6303,7 +6391,7 @@ version = "0.22.27" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "41fe8c660ae4257887cf66394862d21dbca4a6ddd26f04a3560410406a2f819a" dependencies = [ - "indexmap 2.9.0", + "indexmap 2.10.0", "serde", "serde_spanned", "toml_datetime", @@ -6336,7 +6424,7 @@ dependencies = [ "percent-encoding", "pin-project 1.1.10", "prost", - "tokio 1.45.1", + "tokio 1.46.1", "tokio-stream", "tower 0.4.13", "tower-layer", @@ -6395,7 +6483,7 @@ dependencies = [ "pin-project-lite 0.2.16", "rand 0.8.5", "slab", - "tokio 1.45.1", + "tokio 1.46.1", "tokio-util", "tower-layer", "tower-service", @@ -6412,7 +6500,7 @@ dependencies = [ "futures-util", "pin-project-lite 0.2.16", "sync_wrapper 1.0.2", - "tokio 1.45.1", + "tokio 1.46.1", "tower-layer", "tower-service", "tracing", @@ -6481,7 +6569,7 @@ dependencies = [ "mime_guess", "percent-encoding", "pin-project-lite 0.2.16", - "tokio 1.45.1", + "tokio 1.46.1", "tokio-util", "tower-layer", "tower-service", @@ -6690,7 +6778,7 @@ dependencies = [ "pin-project-lite 0.2.16", "proptest", "test-utils", - "tokio 1.45.1", + "tokio 1.46.1", "tracing", ] @@ -6869,7 +6957,7 @@ version = "4.2.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c5afb1a60e207dca502682537fefcfd9921e71d0b83e9576060f09abc6efab23" dependencies = [ - "indexmap 2.9.0", + "indexmap 2.10.0", "serde", "serde_json", "serde_yaml", @@ -6931,7 +7019,7 @@ dependencies = [ "futures-util", "num_cpus", "thiserror 2.0.12", - "tokio 1.45.1", + "tokio 1.46.1", "tokio-tungstenite", "tokio-util", "tracing", diff --git a/devolutions-gateway/Cargo.toml b/devolutions-gateway/Cargo.toml index 4a546a080..b077b6297 100644 --- a/devolutions-gateway/Cargo.toml +++ b/devolutions-gateway/Cargo.toml @@ -26,12 +26,14 @@ devolutions-gateway-task = { path = "../crates/devolutions-gateway-task" } devolutions-log = { path = "../crates/devolutions-log" } job-queue = { path = "../crates/job-queue" } job-queue-libsql = { path = "../crates/job-queue-libsql" } -ironrdp-pdu = { version = "0.5", features = ["std"] } -ironrdp-core = { version = "0.1", features = ["std"] } -ironrdp-rdcleanpath = "0.1" -ironrdp-tokio = "0.5" -ironrdp-connector = { version = "0.5" } -ironrdp-acceptor = { version = "0.5" } + +ironrdp-pdu = { path = "../../ironrdp/crates/ironrdp-pdu", features = ["std"] } +ironrdp-core = { path = "../../ironrdp/crates/ironrdp-core", features = ["std"] } +ironrdp-rdcleanpath = { path = "../../ironrdp/crates/ironrdp-rdcleanpath" } +ironrdp-tokio = { path = "../../ironrdp/crates/ironrdp-tokio", default-features = false, features = ["reqwest"]} +ironrdp-connector = { path = "../../ironrdp/crates/ironrdp-connector" } +ironrdp-acceptor = { path = "../../ironrdp/crates/ironrdp-acceptor" } + ceviche = "0.6.1" picky-krb = "0.11" network-scanner = { version = "0.0.0", path = "../crates/network-scanner" } diff --git a/devolutions-gateway/src/config.rs b/devolutions-gateway/src/config.rs index ea5b3a69d..30fd748bf 100644 --- a/devolutions-gateway/src/config.rs +++ b/devolutions-gateway/src/config.rs @@ -1096,6 +1096,35 @@ pub mod dto { } } + /// Domain user credentials. + #[derive(PartialEq, Eq, Debug, Clone, Serialize, Deserialize)] + pub struct DomainUser { + pub username: String, + pub domain: String, + pub password: String, + } + + /// Kerberos server config + /// + /// This config is used to configure the Kerberos server during RDP proxying. + #[derive(PartialEq, Eq, Debug, Clone, Serialize, Deserialize)] + pub struct KerberosServer { + /// The maximum allowed time difference between client and proxy clocks + /// + /// The value must be in seconds. + pub max_time_skew: u64, + /// Ticket decryption key + /// + /// This key is used to decrypt the TGS ticket sent by the client. If you do not plan + /// to use Kerberos U2U authentication, then the `ticket_decryption_key' is required. + pub ticket_decryption_key: Option>, + /// The domain user credentials for the Kerberos U2U authentication + /// + /// This field is needed only for Kerberos User-to-User authentication. If you do not plan + /// to use Kerberos U2U, do not specify it. + pub service_user: Option, + } + /// Unsafe debug options that should only ever be used at development stage /// /// These options might change or get removed without further notice. @@ -1136,6 +1165,11 @@ pub mod dto { #[serde(default = "ws_keep_alive_interval_default_value")] pub ws_keep_alive_interval: u64, + /// Kerberos application server configuration + /// + /// It is used only during RDP proxying. + pub kerberos_server: Option, + /// Enable unstable features which may break at any point #[serde(default)] pub enable_unstable: bool, @@ -1153,6 +1187,7 @@ pub mod dto { capture_path: None, lib_xmf_path: None, enable_unstable: false, + kerberos_server: None, ws_keep_alive_interval: ws_keep_alive_interval_default_value(), } } diff --git a/devolutions-gateway/src/credential.rs b/devolutions-gateway/src/credential.rs index feee21a4c..41aa67aef 100644 --- a/devolutions-gateway/src/credential.rs +++ b/devolutions-gateway/src/credential.rs @@ -14,7 +14,11 @@ use uuid::Uuid; #[serde(tag = "kind")] pub enum AppCredential { #[serde(rename = "username-password")] - UsernamePassword { username: String, password: Password }, + UsernamePassword { + username: String, + domain: Option, + password: Password, + }, } /// Application protocol level credential mapping diff --git a/devolutions-gateway/src/rdp_proxy.rs b/devolutions-gateway/src/rdp_proxy.rs index 8d5a40c8a..423f8d8b3 100644 --- a/devolutions-gateway/src/rdp_proxy.rs +++ b/devolutions-gateway/src/rdp_proxy.rs @@ -1,6 +1,8 @@ use std::net::{IpAddr, SocketAddr}; use std::sync::Arc; +use std::time::Duration; +use crate::config::dto::{DomainUser, KerberosServer}; use crate::config::Conf; use crate::credential::{AppCredentialMapping, ArcCredentialEntry}; use crate::proxy::Proxy; @@ -8,7 +10,16 @@ use crate::session::{DisconnectInterest, SessionInfo, SessionMessageSender}; use crate::subscriber::SubscriberSender; use anyhow::Context as _; +use ironrdp_acceptor::credssp::CredsspProcessGenerator as CredsspServerProcessGenerator; +use ironrdp_connector::credssp::CredsspProcessGenerator as CredsspClientProcessGenerator; +use ironrdp_connector::sspi::credssp::{ClientState, ServerError, ServerState}; +use ironrdp_connector::sspi::generator::GeneratorState; +use ironrdp_connector::sspi::kerberos::ServerProperties; +use ironrdp_connector::sspi::{ + self, AuthIdentityBuffers, CredentialsBuffers, KerberosConfig as SspiKerberosConfig, KerberosServerConfig, +}; use ironrdp_pdu::{mcs, nego, x224}; +use ironrdp_tokio::reqwest::ReqwestNetworkClient; use tokio::io::{AsyncRead, AsyncWrite, AsyncWriteExt}; use typed_builder::TypedBuilder; @@ -63,13 +74,14 @@ where .tls .as_ref() .context("TLS configuration required for credential injection feature")?; + let gateway_hostname = conf.hostname.clone(); let credential_mapping = credential_entry.mapping.as_ref().context("no credential mapping")?; // -- Retrieve the Gateway TLS public key that must be used for client-proxy CredSSP later on -- // let gateway_public_key_handle = tokio::spawn(get_cached_gateway_public_key( - conf.hostname.clone(), + gateway_hostname.clone(), tls_conf.acceptor.clone(), )); @@ -103,20 +115,61 @@ where let mut client_framed = ironrdp_tokio::TokioFramed::new(client_stream); let mut server_framed = ironrdp_tokio::TokioFramed::new(server_stream); + let krb_server_config = if conf.debug.enable_unstable { + if let Some(KerberosServer { + max_time_skew, + ticket_decryption_key, + service_user, + }) = conf.debug.kerberos_server.as_ref() + { + let user = service_user.as_ref().map(|user| { + let DomainUser { + username, + domain, + password, + } = user; + CredentialsBuffers::AuthIdentity(AuthIdentityBuffers::from_utf8(username, domain, password)) + }); + + Some(KerberosServerConfig { + kerberos_config: SspiKerberosConfig { + // The sspi will automatically try to resolve the KDC host via DNS and/or environment variable. + kdc_url: None, + client_computer_name: Some(client_addr.to_string()), + }, + server_properties: ServerProperties::new( + &["TERMSRV", &gateway_hostname], + user, + Duration::from_secs(*max_time_skew), + ticket_decryption_key.clone(), + )?, + }) + } else { + None + } + } else { + None + }; + + let mut network_client = ReqwestNetworkClient::new(); let client_credssp_fut = perform_credssp_with_client( &mut client_framed, client_addr.ip(), gateway_public_key, handshake_result.client_security_protocol, &credential_mapping.proxy, + Some(&mut network_client), + krb_server_config, ); + let mut network_client = ReqwestNetworkClient::new(); let server_credssp_fut = perform_credssp_with_server( &mut server_framed, server_dns_name, server_public_key, handshake_result.server_security_protocol, &credential_mapping.target, + Some(&mut network_client), ); let (client_credssp_res, server_credssp_res) = tokio::join!(client_credssp_fut, server_credssp_fut); @@ -323,36 +376,49 @@ async fn perform_credssp_with_server( server_public_key: Vec, security_protocol: nego::SecurityProtocol, credentials: &crate::credential::AppCredential, + mut network_client: Option<&mut ReqwestNetworkClient>, ) -> anyhow::Result<()> where S: ironrdp_tokio::FramedRead + ironrdp_tokio::FramedWrite, { use ironrdp_tokio::FramedWrite as _; - let credentials = match credentials { - crate::credential::AppCredential::UsernamePassword { username, password } => { + let (credentials, domain) = match credentials { + crate::credential::AppCredential::UsernamePassword { + username, + domain, + password, + } => ( ironrdp_connector::Credentials::UsernamePassword { username: username.clone(), password: password.expose_secret().to_owned(), - } - } + }, + domain.as_deref(), + ), }; let (mut sequence, mut ts_request) = ironrdp_connector::credssp::CredsspSequence::init( credentials, - None, + domain, security_protocol, ironrdp_connector::ServerName::new(server_name), server_public_key, + // We do not need to specify the Kerberos config here: the sspi-rs can automatically resolve the KDC host via DNS and/or env variable. None, )?; let mut buf = ironrdp_pdu::WriteBuf::new(); loop { - let mut generator = sequence.process_ts_request(ts_request); - let client_state = generator.resolve_to_result().context("sspi generator resolve")?; - drop(generator); + let client_state = { + let mut generator = sequence.process_ts_request(ts_request); + + if let Some(network_client_ref) = network_client.as_deref_mut() { + resolve_client_generator(&mut generator, network_client_ref).await? + } else { + generator.resolve_to_result().context("sspi generator resolve")? + } + }; // drop generator buf.clear(); let written = sequence.handle_process_result(client_state, &mut buf)?; @@ -381,6 +447,49 @@ where Ok(()) } +async fn resolve_server_generator( + generator: &mut CredsspServerProcessGenerator<'_>, + network_client: &mut ReqwestNetworkClient, +) -> Result { + let mut state = generator.start(); + + loop { + match state { + GeneratorState::Suspended(request) => { + let response = network_client.send(&request).await.map_err(|err| ServerError { + ts_request: None, + error: sspi::Error::new(sspi::ErrorKind::InternalError, err), + })?; + state = generator.resume(Ok(response)); + } + GeneratorState::Completed(client_state) => { + break client_state; + } + } + } +} + +async fn resolve_client_generator( + generator: &mut CredsspClientProcessGenerator<'_>, + network_client: &mut ReqwestNetworkClient, +) -> ironrdp_connector::ConnectorResult { + let mut state = generator.start(); + + loop { + match state { + GeneratorState::Suspended(request) => { + let response = network_client.send(&request).await?; + state = generator.resume(Ok(response)); + } + GeneratorState::Completed(client_state) => { + break client_state.map_err(|e| { + ironrdp_connector::ConnectorError::new("CredSSP", ironrdp_connector::ConnectorErrorKind::Credssp(e)) + }) + } + } + } +} + #[instrument(name = "client_credssp", level = "debug", ret, skip_all)] async fn perform_credssp_with_client( framed: &mut ironrdp_tokio::Framed, @@ -388,6 +497,8 @@ async fn perform_credssp_with_client( gateway_public_key: Vec, security_protocol: nego::SecurityProtocol, credentials: &crate::credential::AppCredential, + network_client: Option<&mut ReqwestNetworkClient>, + kerberos_server_config: Option, ) -> anyhow::Result<()> where S: ironrdp_tokio::FramedRead + ironrdp_tokio::FramedWrite, @@ -401,7 +512,16 @@ where // But this does not seem to matter so far, so we stringify the IP address of the client instead. let client_computer_name = ironrdp_connector::ServerName::new(client_addr.to_string()); - let result = credssp_loop(framed, &mut buf, client_computer_name, gateway_public_key, credentials).await; + let result = credssp_loop( + framed, + &mut buf, + client_computer_name, + gateway_public_key, + credentials, + network_client, + kerberos_server_config, + ) + .await; if security_protocol.intersects(nego::SecurityProtocol::HYBRID_EX) { trace!(?result, "HYBRID_EX"); @@ -426,21 +546,31 @@ where client_computer_name: ironrdp_connector::ServerName, public_key: Vec, credentials: &crate::credential::AppCredential, + mut network_client: Option<&mut ReqwestNetworkClient>, + kerberos_server_config: Option, ) -> anyhow::Result<()> where S: ironrdp_tokio::FramedRead + ironrdp_tokio::FramedWrite, { - let crate::credential::AppCredential::UsernamePassword { username, password } = credentials; + let crate::credential::AppCredential::UsernamePassword { + username, + domain, + password, + } = credentials; - let username = ironrdp_connector::sspi::Username::parse(username).context("invalid username")?; + let username = sspi::Username::new(username, domain.as_deref()).context("invalid username")?; - let identity = ironrdp_connector::sspi::AuthIdentity { + let identity = sspi::AuthIdentity { username, password: password.expose_secret().to_owned().into(), }; - let mut sequence = - ironrdp_acceptor::credssp::CredsspSequence::init(&identity, client_computer_name, public_key, None)?; + let mut sequence = ironrdp_acceptor::credssp::CredsspSequence::init( + &identity, + client_computer_name, + public_key, + kerberos_server_config, + )?; loop { let Some(next_pdu_hint) = sequence.next_pdu_hint()? else { @@ -456,7 +586,16 @@ where break; }; - let result = sequence.process_ts_request(ts_request); + let result = { + let mut generator = sequence.process_ts_request(ts_request); + + if let Some(network_client_ref) = network_client.as_deref_mut() { + resolve_server_generator(&mut generator, network_client_ref).await + } else { + generator.resolve_to_result() + } + }; // drop generator + buf.clear(); let written = sequence.handle_process_result(result, buf)?;