From 66902b2f34b0e149fadf17744821fc53b7e07e07 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jakob=20Aar=C3=B8e=20Dam?= Date: Thu, 30 Apr 2015 14:29:11 +0200 Subject: [PATCH] Propagate error message from RADIUS server to RD Web Through the RADIUS Reply-Message attribute. --- server/handlers/RDSHandler.vb | 25 +++++++++++++++++-------- web/RDWeb/Pages/en-US/login.aspx | 25 +++++++++++++++++++++++-- web/RDWeb/Pages/en-US/tokenform.aspx.cs | 18 ++++++++++++++---- 3 files changed, 54 insertions(+), 14 deletions(-) diff --git a/server/handlers/RDSHandler.vb b/server/handlers/RDSHandler.vb index 1e1c06b..0010f51 100644 --- a/server/handlers/RDSHandler.vb +++ b/server/handlers/RDSHandler.vb @@ -185,14 +185,14 @@ Public Class RDSHandler Dim ldapResult = Authenticate() If RDSFactor.EnableOTP Then - TwoFactorChallenge() + TwoFactorChallenge(ldapResult) Exit Sub Else Accept() End If Catch ex As Exception RDSFactor.LogDebug(mPacket, "Authentication failed. Sending reject. Error: " & ex.Message) - mPacket.RejectAccessRequest() + mPacket.RejectAccessRequest(ex.Message) End Try End Sub @@ -230,7 +230,7 @@ Public Class RDSHandler End If End Sub - Private Sub TwoFactorChallenge() + Private Sub TwoFactorChallenge(ldapResult As SearchResult) Dim challangeCode = RDSFactor.GenerateCode Dim authToken = System.Guid.NewGuid.ToString Dim clientIP = mPacket.EndPoint.Address.ToString @@ -247,11 +247,13 @@ Public Class RDSHandler encryptedChallangeResults(mUsername) = encryptedChallangeResult If mUseSMSFactor Then - RDSFactor.LogDebug(mPacket, "TODO: Send SMS") + Dim mobile = LdapGetNumber(ldapResult) + RDSFactor.SendSMS(mobile, challangeCode) End If If mUseEmailFactor Then - RDSFactor.LogDebug(mPacket, "TODO: Send Email") + Dim email = LdapGetEmail(ldapResult) + RDSFactor.SendEmail(email, challangeCode) End If Dim attributes As New RADIUSAttributes @@ -283,7 +285,7 @@ Public Class RDSHandler search.PropertiesToLoad.Add("distinguishedName") If RDSFactor.EnableOTP = True Then - search.PropertiesToLoad.Add(RDSFactor.ADField) + search.PropertiesToLoad.Add(RDSFactor.ADMobileField) search.PropertiesToLoad.Add(RDSFactor.ADMailField) End If @@ -298,19 +300,26 @@ Public Class RDSHandler End Function Private Function LdapGetNumber(result As SearchResult) As String - Dim mobile = result.Properties(RDSFactor.ADField)(0) + If Not result.Properties.Contains(RDSFactor.ADMobileField) Then + Throw New MissingLdapField(RDSFactor.ADMobileField, mUsername) + End If + Dim mobile = result.Properties(RDSFactor.ADMobileField)(0) mobile = Replace(mobile, "+", "") If mobile.Trim.Length = 0 Then RDSFactor.LogDebug(mPacket, "Unable to find correct phone number for user " & mUsername) + Throw New MissingNumber(mUsername) End If Return mobile End Function Private Function LdapGetEmail(result As SearchResult) As String + If Not result.Properties.Contains(RDSFactor.ADMailField) Then + Throw New MissingLdapField(RDSFactor.ADMailField, mUsername) + End If Dim email = result.Properties(RDSFactor.ADMailField)(0) - If InStr(email, "@") = 0 Then RDSFactor.LogDebug(mPacket, "Unable to find correct email for user " & mUsername) + Throw New MissingEmail(mUsername) End If Return email End Function diff --git a/web/RDWeb/Pages/en-US/login.aspx b/web/RDWeb/Pages/en-US/login.aspx index fc415bd..79989b7 100644 --- a/web/RDWeb/Pages/en-US/login.aspx +++ b/web/RDWeb/Pages/en-US/login.aspx @@ -1,7 +1,8 @@  -<% @Page Language="C#" Debug="false" ResponseEncoding="utf-8" ContentType="text/xml" %> + +<% @Page Language="C#" Debug="true" ResponseEncoding="utf-8" ContentType="text/xml" %> <% @Import Namespace="System " %> <% @Import Namespace="System.Security" %> <% @Import Namespace="Microsoft.TerminalServices.Publishing.Portal.FormAuthentication" %> @@ -67,6 +68,7 @@ public bool bSessionExpired = false; public string strPrivateModeTimeout = "240"; public string strPublicModeTimeout = "20"; + public string message; public WorkspaceInfo objWorkspaceInfo = null; @@ -103,6 +105,11 @@ void Page_Load(object sender, EventArgs e) { + if (Session["Message"] != null) { + message = (string)Session["Message"]; + Session["Message"] = null; + } + if (!Page.IsPostBack) { Session["UserPass"] = ""; @@ -343,7 +350,7 @@ onload="onLoginPageLoad(event)" onunload="onPageUnload(event)"/> - +
@@ -430,6 +437,20 @@ + <% if (message != null){ %> + + + + + + + + + +
 
<%=message%>
+ + + <% } %> <% strErrorMessageRowStyle = "style=\"display:none\""; diff --git a/web/RDWeb/Pages/en-US/tokenform.aspx.cs b/web/RDWeb/Pages/en-US/tokenform.aspx.cs index ae973ea..7bc119a 100644 --- a/web/RDWeb/Pages/en-US/tokenform.aspx.cs +++ b/web/RDWeb/Pages/en-US/tokenform.aspx.cs @@ -60,19 +60,29 @@ public partial class SMSToken : System.Web.UI.Page onRadiusAccept(response); } else { - Session["UserPass"] = ""; - Session["DomainUserName"] = ""; - SafeRedirect("logoff.aspx?Error=LoginSMSFailed"); + onRadiusReject(response); } } + void onRadiusReject(RADIUSPacket response) { + if (response.Attributes.AttributeExists(RadiusAttributeType.ReplyMessage)){ + // Why on earth did the RD Web developer(s) use a thousand different URL parameters to logoff to indicate the error + // message, when they could just put the message in the session + String message = response.Attributes.GetFirstAttribute(RadiusAttributeType.ReplyMessage).ToString(); + Session["Message"] = message; + } + Session["UserPass"] = ""; + Session["DomainUserName"] = ""; + SafeRedirect("logoff.aspx"); + } + void onRadiusChallange(RADIUSPacket response){ RADIUSAttribute state = response.Attributes.GetFirstAttribute(RadiusAttributeType.State); Session["State"] = state; } void onRadiusAccept(RADIUSPacket response){ - string sessionGuid = response.Attributes.GetFirstAttribute(RadiusAttributeType.ReplyMessage).GetString(); + string sessionGuid = response.Attributes.GetFirstAttribute(RadiusAttributeType.ReplyMessage).ToString(); Session["SESSIONGUID"] = sessionGuid; HttpCookie myCookie = new HttpCookie("RadiusSessionId");