Features Download
From: David Joyner <David.Joyner <at> edmz.com>
Subject: Limited RDPv6 + CredSSP patches
Newsgroups: gmane.network.rdesktop.devel
Date: Tuesday 23rd November 2010 20:55:46 UTC (over 6 years ago)
I have recently finished a project that adds support for limited aspects of
RDPv6 to rdesktop.  Specifically I have added support for SSL and SSL +
CredSSP.  These are the protocols that must be used when "High Security" or
"Network Level Authentication" is enabled on the server side.  I've tested
the attached changes against Server 2008, 2008R2 and Windows 7 and both
scenarios are working well.

Diffs are attached.

A few notes:

*         These diffs were generated from SVN revision 1600.

*         CredSSP allows for Kerberos as well as NTLM authentication.  This
enhancement supports NTLMv2 only.

*         Where NTLMv2 is concerned, I tried to use the Heimdal NTLM
library however I could not make this work.  After going around for a while
with Microsoft support, I came to suspect Heimdal's NTLMv2 implementation. 
The best alternate implementation of NTLMSSP that I could find is buried in
Samba.  Unfortunately, Samba does not produce externally useful shared
libraries as part of its build.  So, if you wish to enable CredSSP (not
required for mere SSL but it is required for NLA) then you'll have to
download and build Samba3 from source before you rebuild rdesktop.  I used
samba-3.5.5, configured with --without-winbind and then built normally. 
Reconfigure rdesktop, adding --with-samba= to your
configure command line.  With this option the rdesktop link will pull in
3-4 extra static libraries from the samba build.  Thus there is no runtime
dependency on Samba, only a built-time dependency.  This is unfortunate and
if someone could produce a better standalone NTLMSSP implementation that
would obviously be a great improvement.

*         No other aspects of RDPv6+ were added.

*         This has been tested with Ubuntu 10.04.1 and Cygwin.

We hope these are useful to the community and can help to jump-start RDPv6
support in the trunk.

David Joyner
e-DMZ Security, LLC

The information contained in this communication is confidential, is
intended only for the personal and confidential use of the recipient (s)
named above. Distribution, publication, or retransmission of this message
is strictly prohibited, as this message may be a vendor to client
communication. If the reader of this message is not the intended recipient,
you are hereby notified that any dissemination, distribution, or copying of
this communication is strictly prohibited. If you have received this
communication in error, please re-send this communication to the sender and
delete the original message or any copy of it. Thank you
CD: 5ms