zydronium/RDSFactor
1
0
Fork 0
mirror of https://github.com/jakobadam/RDSFactor.git synced 2025-07-23 18:15:55 +02:00
Code Issues Projects Releases Packages Wiki Activity

Propagate error message from RADIUS server to RD Web

Browse source 
Through the RADIUS Reply-Message attribute.
This commit is contained in:
Jakob Aarøe Dam 2015-04-30 14:29:11 +02:00
parent 258b3f5663
commit 66902b2f34
3 changed files with 54 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

25
server/handlers/RDSHandler.vb
View file

@ -185,14 +185,14 @@ Public Class RDSHandler
Dim ldapResult = Authenticate()
If RDSFactor.EnableOTP Then
TwoFactorChallenge()
TwoFactorChallenge(ldapResult)
Exit Sub
Else
Accept()
End If
Catch ex As Exception
RDSFactor.LogDebug(mPacket, "Authentication failed. Sending reject. Error: " & ex.Message)
mPacket.RejectAccessRequest()
mPacket.RejectAccessRequest(ex.Message)
End Try
End Sub
@ -230,7 +230,7 @@ Public Class RDSHandler
End If
End Sub
Private Sub TwoFactorChallenge()
Private Sub TwoFactorChallenge(ldapResult As SearchResult)
Dim challangeCode = RDSFactor.GenerateCode
Dim authToken = System.Guid.NewGuid.ToString
Dim clientIP = mPacket.EndPoint.Address.ToString
@ -247,11 +247,13 @@ Public Class RDSHandler
encryptedChallangeResults(mUsername) = encryptedChallangeResult
If mUseSMSFactor Then
RDSFactor.LogDebug(mPacket, "TODO: Send SMS")
Dim mobile = LdapGetNumber(ldapResult)
RDSFactor.SendSMS(mobile, challangeCode)
End If
If mUseEmailFactor Then
RDSFactor.LogDebug(mPacket, "TODO: Send Email")
Dim email = LdapGetEmail(ldapResult)
RDSFactor.SendEmail(email, challangeCode)
End If
Dim attributes As New RADIUSAttributes
@ -283,7 +285,7 @@ Public Class RDSHandler
search.PropertiesToLoad.Add("distinguishedName")
If RDSFactor.EnableOTP = True Then
search.PropertiesToLoad.Add(RDSFactor.ADField)
search.PropertiesToLoad.Add(RDSFactor.ADMobileField)
search.PropertiesToLoad.Add(RDSFactor.ADMailField)
End If
@ -298,19 +300,26 @@ Public Class RDSHandler
End Function
Private Function LdapGetNumber(result As SearchResult) As String
Dim mobile = result.Properties(RDSFactor.ADField)(0)
If Not result.Properties.Contains(RDSFactor.ADMobileField) Then
Throw New MissingLdapField(RDSFactor.ADMobileField, mUsername)
End If
Dim mobile = result.Properties(RDSFactor.ADMobileField)(0)
mobile = Replace(mobile, "+", "")
If mobile.Trim.Length = 0 Then
RDSFactor.LogDebug(mPacket, "Unable to find correct phone number for user " & mUsername)
Throw New MissingNumber(mUsername)
End If
Return mobile
End Function
Private Function LdapGetEmail(result As SearchResult) As String
If Not result.Properties.Contains(RDSFactor.ADMailField) Then
Throw New MissingLdapField(RDSFactor.ADMailField, mUsername)
End If
Dim email = result.Properties(RDSFactor.ADMailField)(0)
If InStr(email, "@") = 0 Then
RDSFactor.LogDebug(mPacket, "Unable to find correct email for user " & mUsername)
Throw New MissingEmail(mUsername)
End If
Return email
End Function

25
web/RDWeb/Pages/en-US/login.aspx
View file

@ -1,7 +1,8 @@
<?xml version="1.0" encoding="UTF-8"?>
<?xml-stylesheet type="text/xsl" href="../Site.xsl"?>
<?xml-stylesheet type="text/css" href="../RenderFail.css"?>
<% @Page Language="C#" Debug="false" ResponseEncoding="utf-8" ContentType="text/xml" %>
<% @Page Language="C#" Debug="true" ResponseEncoding="utf-8" ContentType="text/xml" %>
<% @Import Namespace="System " %>
<% @Import Namespace="System.Security" %>
<% @Import Namespace="Microsoft.TerminalServices.Publishing.Portal.FormAuthentication" %>
@ -67,6 +68,7 @@
public bool bSessionExpired = false;
public string strPrivateModeTimeout = "240";
public string strPublicModeTimeout = "20";
public string message;
public WorkspaceInfo objWorkspaceInfo = null;
@ -103,6 +105,11 @@
void Page_Load(object sender, EventArgs e)
{
if (Session["Message"] != null) {
message = (string)Session["Message"];
Session["Message"] = null;
}
if (!Page.IsPostBack)
{
Session["UserPass"] = "";
@ -343,7 +350,7 @@
onload="onLoginPageLoad(event)"
onunload="onPageUnload(event)"/>
<HTMLMainContent>
<form id="FrmLogin" name="FrmLogin" action="login.aspx<%=SecurityElement.Escape(strReturnUrl)%>" method="post" onsubmit="return onLoginFormSubmit()">
<input type="hidden" name="WorkSpaceID" value="<%=SecurityElement.Escape(strWorkSpaceID)%>"/>
@ -430,6 +437,20 @@
</td>
</tr>
<% if (message != null){ %>
<tr>
<td>
<table>
<tr>
<td height="20">&#160;</td>
</tr>
<tr>
<td><span class="wrng"><%=message%></span></td>
</tr>
</table>
</td>
</tr>
<% } %>
<%
strErrorMessageRowStyle = "style=\"display:none\"";

18
web/RDWeb/Pages/en-US/tokenform.aspx.cs
View file

@ -60,19 +60,29 @@ public partial class SMSToken : System.Web.UI.Page
onRadiusAccept(response);
}
else {
Session["UserPass"] = "";
Session["DomainUserName"] = "";
SafeRedirect("logoff.aspx?Error=LoginSMSFailed");
onRadiusReject(response);
}
}
void onRadiusReject(RADIUSPacket response) {
if (response.Attributes.AttributeExists(RadiusAttributeType.ReplyMessage)){
// Why on earth did the RD Web developer(s) use a thousand different URL parameters to logoff to indicate the error
// message, when they could just put the message in the session
String message = response.Attributes.GetFirstAttribute(RadiusAttributeType.ReplyMessage).ToString();
Session["Message"] = message;
}
Session["UserPass"] = "";
Session["DomainUserName"] = "";
SafeRedirect("logoff.aspx");
}
void onRadiusChallange(RADIUSPacket response){
RADIUSAttribute state = response.Attributes.GetFirstAttribute(RadiusAttributeType.State);
Session["State"] = state;
}
void onRadiusAccept(RADIUSPacket response){
string sessionGuid = response.Attributes.GetFirstAttribute(RadiusAttributeType.ReplyMessage).GetString();
string sessionGuid = response.Attributes.GetFirstAttribute(RadiusAttributeType.ReplyMessage).ToString();
Session["SESSIONGUID"] = sessionGuid;
HttpCookie myCookie = new HttpCookie("RadiusSessionId");