[v14] Fix the RDP licensing flow (#47544)

* Fix the RDP licensing flow on v14 Licenses are stored in-memory, so if the agent restarts it will be forced to go through the "new license" flow for the first session. * Store RDP licenses in a LRU cache instead of a HashMap This ensures memory doesn't grow unbounded if we end up caching a large number of licenses.
gravitational · Oct 30, 2024 · 039d7a3 · 039d7a3
1 parent 0175288
commit 039d7a3
Show file tree

Hide file tree

Showing 7 changed files with 159 additions and 22 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/lib/srv/desktop/rdp/rdpclient/Cargo.toml b/lib/srv/desktop/rdp/rdpclient/Cargo.toml
@@ -1,7 +1,10 @@
 [package]
 name = "rdp-client"
 version = "0.1.0"
-authors = ["Andrew Lytvynov <[email protected]>", "Zac Bergquist <[email protected]>"]
+authors = [
+    "Andrew Lytvynov <[email protected]>",
+    "Zac Bergquist <[email protected]>",
+]
 edition = "2018"
 
 [lib]
@@ -20,10 +23,11 @@ num-traits = "0.2.16"
 rand = { version = "0.8.5", features = ["getrandom"] }
 rand_chacha = "0.3.1"
 rsa = "0.9.2"
-rdp-rs = { git = "https://github.com/gravitational/rdp-rs", rev = "edfb5330a11d11eaf36d65e4300555368b4c6b02" }
+rdp-rs = { git = "https://github.com/gravitational/rdp-rs", rev = "2b0d99cc60c7b6474a1e2224a0bd6b2beca56b63" }
 uuid = { version = "1.4.1", features = ["v4"] }
 utf16string = "0.2.0"
 png = "0.17.10"
+lru = "0.12.5"
 
 [build-dependencies]
 cbindgen = "0.25.0"

diff --git a/lib/srv/desktop/rdp/rdpclient/client.go b/lib/srv/desktop/rdp/rdpclient/client.go
@@ -237,12 +237,14 @@ func (c *Client) connect(ctx context.Context) error {
 		return trace.Wrap(err)
 	}
 
-	// Addr and username strings only need to be valid for the duration of
+	// These strings only need to be valid for the duration of
 	// C.connect_rdp. They are copied on the Rust side and can be freed here.
 	addr := C.CString(c.cfg.Addr)
 	defer C.free(unsafe.Pointer(addr))
 	username := C.CString(c.username)
 	defer C.free(unsafe.Pointer(username))
+	hostID := C.CString(c.cfg.HostID)
+	defer C.free(unsafe.Pointer(hostID))
 
 	cert_der, err := utils.UnsafeSliceData(userCertDER)
 	if err != nil {
@@ -261,8 +263,9 @@ func (c *Client) connect(ctx context.Context) error {
 	res := C.connect_rdp(
 		C.uintptr_t(c.handle),
 		C.CGOConnectParams{
-			go_addr:     addr,
-			go_username: username,
+			go_addr:      addr,
+			go_username:  username,
+			go_client_id: hostID,
 			// cert length and bytes.
 			cert_der_len: C.uint32_t(len(userCertDER)),
 			cert_der:     (*C.uint8_t)(cert_der),

diff --git a/lib/srv/desktop/rdp/rdpclient/client_common.go b/lib/srv/desktop/rdp/rdpclient/client_common.go
@@ -32,10 +32,14 @@ import (
 type Config struct {
 	// Addr is the network address of the RDP server, in the form host:port.
 	Addr string
-	// UserCertGenerator generates user certificates for RDP authentication.
+
+	// GenerateUserCert generates user certificates for RDP authentication.
 	GenerateUserCert GenerateUserCertFn
 	CertTTL          time.Duration
 
+	// HostID uniquely identifies the Teleport agent running the RDP client.
+	HostID string
+
 	// AuthorizeFn is called to authorize a user connecting to a Windows desktop.
 	AuthorizeFn func(login string) error
 

diff --git a/lib/srv/desktop/rdp/rdpclient/src/cliprdr.rs b/lib/srv/desktop/rdp/rdpclient/src/cliprdr.rs
@@ -749,6 +749,7 @@ enum ClipboardFormat {
 /// Sent as a reply to the format list PDU - used to indicate whether
 /// the format list PDU was processed succesfully.
 #[derive(Debug)]
+#[allow(dead_code)]
 struct FormatListResponsePDU {
     // empty, the only information needed is the flags in the header
 }