nla: renames, c->keyspec cleanup, suppress credentials for NLA, add serialiser tests, ESS fix, debug hex dump, TargetName propagation, credential delegation, CredSSP v5 upgrade

README.md

@@ -59,7 +59,7 @@ Rd follows the conventional Plan 9 build workflow:
 ## Usage
 
 ```
-rd [-0A] [-T title] [-a depth] [-c wdir] [-d dom] [-k keyspec] [-s shell] [net!]server[!port]
+rd [-0AN] [-T title] [-a depth] [-c wdir] [-d dom] [-k keyspec] [-s shell] [net!]server[!port]
 ```
 
 Rd takes exactly **one non-optional argument**: a **server connection string**.
@@ -82,13 +82,16 @@ Examples:
 ### Options
 
 - `-k keyspec`  
-  Adds extra attributes to the **factotum** key query used to obtain credentials (the attributes are appended to the query passed to `auth_getuserpasswd`).
+  Adds extra attributes to the **factotum** key query used to obtain credentials. With plain TLS logon the attributes are appended to the `proto=pass service=rdp` query passed to `auth_getuserpasswd`. With `-N` (NLA) they are appended to the `proto=mschap service=rdp` query passed to `auth_respond`.
 
 - `-d dom`  
   Specifies a **Windows domain name** to authenticate against (for domain logons).
 
+- `-N`  
+  Enables **Network Level Authentication (NLA)** using CredSSP/NTLM. After TLS is established, Rd performs an NTLM handshake encapsulated in ASN.1 DER `TSRequest` messages (MS-CSSP protocol). The NT response is computed by **factotum** via `auth_respond` with `proto=mschap`, so the plaintext password never leaves factotum. NLA is required by some Windows configurations and provides pre-session authentication.
+
 - `-A`  
-  Disables factotum-based “auto logon”. With `-A`, Rd requests the server to present an interactive **logon screen** instead, and credentials are entered and validated inside the remote GUI session. At that stage, credential submission occurs over an **encrypted channel**.
+  Disables factotum-based “auto logon”. With `-A`, Rd requests the server to present an interactive **logon screen** instead, and credentials are entered and validated inside the remote GUI session. At that stage, credential submission occurs over an **encrypted channel**. (Not applicable with `-N`: NLA always authenticates before the session starts.)
 
 - `-T title`  
   Customizes the local window label. By default it is:
@@ -122,12 +125,14 @@ A quick overview of the runtime flow and the major modules.
 
 Connection setup follows a staged pipeline:
 
-1. Parse command-line options (title, depth, domain, shell override, working directory, console attach).
-2. Optionally obtain credentials from factotum.
+1. Parse command-line options (title, depth, domain, shell override, working directory, console attach, NLA flag).
+2. Optionally obtain credentials from factotum (skipped when `-N` NLA is used, as factotum is consulted during the NLA handshake instead).
 3. `dial()` the server (default TCP port 3389).
-4. Perform **X.224** transport/session handshake.
-5. Initialize the local screen/window.
-6. Perform the main **RDP handshake** (negotiation/capabilities/licensing/activation).
+4. Perform **X.224** transport/session handshake (negotiating TLS or CredSSP as the security protocol).
+5. Upgrade the connection to **TLS** (`starttls`).
+6. If `-N` was given, perform the **NLA (CredSSP/NTLM) handshake** (`nlahandshake`): a three-message NTLM exchange (Negotiate → Challenge → Authenticate) wrapped in ASN.1 DER `TSRequest` structures, with the NT response computed by factotum.
+7. Initialize the local screen/window.
+8. Perform the main **RDP handshake** (negotiation/capabilities/licensing/activation).
 
 ### 3) Concurrency model: network loop + local input helpers
 
@@ -183,6 +188,7 @@ Rd includes a virtual-channel abstraction (`Vchan`) that:
 **Security:**
 
 - `tls.c` / `tls9f.c` — TLS support and certificate/thumbprint verification glue (build selects the appropriate file)
+- `nla.c` — Network Level Authentication (NLA/CredSSP): NTLM message serialisers/parsers (`mkntnego`, `mkntauth`, `getntchal`) and `TSRequest` ASN.1 DER framing (`writetsreq`, `readtsreq`, `gettsreq`)
 
 **Rendering and graphics updates:**
 
@@ -201,7 +207,7 @@ Rd includes a virtual-channel abstraction (`Vchan`) that:
 **Virtual channels and extensions:**
 
 - `vchan.c` — virtual channel table setup, fragmentation/defragmentation, and send/dispatch support
-- `rpc.c` — higher-level request/response helpers used by some channel-style interactions
+- `rpc.c` — higher-level request/response helpers; also contains `nlahandshake()`, the CredSSP orchestration that drives the three-message NTLM exchange via factotum
 - `audio.c` — audio virtual channel handling and client-side playback hooks
 - `efs.c` — extension/virtual channel support for device-redirection-style messages (see `Efsmsg` in `dat.h`)
 
@@ -212,6 +218,7 @@ Rd includes a virtual-channel abstraction (`Vchan`) that:
 - `aud_test.c` — audio-related tests
 - `efs_test.c` — tests for EFS/extension encoding/decoding
 - `msg_test.c` — message parsing/encoding tests
+- `nla_test.c` — NLA serialiser/parser tests (`writetsreq`/`gettsreq`, `mkntnego`, `getntchal`, `mkntauth`)
 
 **Headers:**
 

dat.h

@@ -50,6 +50,11 @@ struct Rdp
 	char		*passwd;		/* password for auto logon (sic) */
 	char		*shell;		/* remote shell override */
 	char		*rwd;		/* remote working directory */
+	char		*keyspec;		/* factotum key spec */
+	int		nla;			/* use NLA (CredSSP/NTLM) authentication */
+	char		*server;		/* server hostname (for NTLM SPN: "TERMSRV/<server>") */
+	uchar		*tlscert;		/* TLS server certificate DER (for CredSSP pubKeyAuth) */
+	int		tlscertlen;
 	int		xsz;			/* rfb dimensions */
 	int		ysz;			/* rfb dimensions */
 	int		depth;		/* rfb color depth */

efs_test.c

@@ -13,6 +13,7 @@ int audiotests(void);
 int egditests(void);
 int msgtests(void);
 int mppctests(void);
+int nlatests(void);
 int rletests(void);
 int utf16tests(void);
 
@@ -132,6 +133,7 @@ main(int, char**)
 	egditests();
 	msgtests();
 	mppctests();
+	nlatests();
 	rletests();
 	utf16tests();
 	print("ok\n");

fns.h

@@ -39,6 +39,32 @@ int		istpkt(uchar*,uchar*);
 int		tptype(uchar*,uchar*);
 uchar*	tpdat(uchar*,uchar*);
 
+/* nla.c buffer sizes (also used by rpc.c) */
+enum
+{
+	MaxNTLMTargetInfo	= 1024,	/* maximum TargetInfo AvPairs length from challenge */
+	MaxNTLMClientAvExtra	= 8 + (4+16) + (4+512) + 4,	/* MsvAvFlags+MsvAvChannelBindings+MsvAvTargetName+EOL */
+	NTv2RespMax		= 16 + 28 + MaxNTLMTargetInfo + MaxNTLMClientAvExtra,	/* max NTLMv2 NtChallengeResponse */
+};
+
+/* nla.c */
+int		mkntnego(uchar*, int);
+int		getntchal(uchar[8], uchar*, int);
+uchar*		getntargetinfo(uchar*, int, int*);
+int		ntv2frompasswd(char*, char*, char*, uchar*, uchar*, uchar*, int, uchar*, int, uchar*, uchar*, uchar*, int, char*);
+int		mkntauth(uchar*, int, char*, char*, uchar*, int, uchar*, uchar*);
+void		ntrespfrompasswd(char*, uchar[8], uchar[24]);
+int		writetsreq(int, uchar*, int);
+int		writetsreqnonce(int, uchar*, int, uchar*, int);
+int		writetsreqdone(int, uchar*, int, uchar*, int);
+int		nlafinish(int, uchar*, int, uchar*, char*, char*, char*, uchar*);
+int		readtsreq(int, uchar*, int);
+int		readtsreq_oreuarp(int, uchar*, int, ulong*);
+uchar*	gettsreq(uchar*, int, int*);
+
+/* rpc.c */
+int		nlahandshake(Rdp*);
+
 /* rd.c */
 void		atexitkiller(void);
 void		atexitkill(int pid);

mkfile

@@ -21,6 +21,7 @@ OFILES=\
 	mpas.$O\
 	mppc.$O\
 	msg.$O\
+	nla.$O\
 	rd.$O\
 	rpc.$O\
 	utf16.$O\
@@ -31,12 +32,13 @@ OFILES=\
 
 THREADOFILES=${OFILES:rd.$O=rd-thread.$O}
 CLEANFILES=$O.thread $O.test
-TESTHFILES=audio.c mppc.c rle.c egdi.c
+TESTHFILES=audio.c mppc.c rle.c egdi.c nla.c
 TESTOFILES=\
 	efs_test.$O	errs.$O efs.$O utf16.$O \
 	aud_test.$O	\
 	msg_test.$O	x224.$O mcs.$O ele.$O mpas.$O alloc.$O cap.$O egdi_test.$O \
 	mppc_test.$O	\
+	nla_test.$O	\
 	rle_test.$O	\
 	utf16_test.$O	\
 

msg_test.c

@@ -22,6 +22,28 @@ testputmsgxconnect(void){
 
 }
 
+static int
+testputmsgxconnectnla(void)
+{
+	/* Xconnect advertising HYBRID+HYBRID_EX (ProtoCSSP|ProtoUAUTH) for NLA */
+	int n;
+	char *s, *want;
+	uchar buf[1042];
+	Msg m;
+
+	m.type = Xconnect;
+	m.negproto = ProtoCSSP | ProtoUAUTH;
+	n = putmsg(buf, sizeof buf, &m);
+	if(n < 0)
+		sysfatal("testputmsgxconnectnla: unexpected error: %r\n");
+	s = smprint("%.*H", n, buf);
+	want = "0300002722E00000000000436F6F6B69653A206D737473686173683D780D0A010008000A000000";
+	if(strcmp(s, want) != 0)
+		sysfatal("testputmsgxconnectnla: want %s, got %s", want, s);
+	free(s);
+	return 0;
+}
+
 static int
 testputmsgxhangup(void){
 	int n;
@@ -572,6 +594,26 @@ testgetmsgxconntls(void)
 	return 0;
 }
 
+static int
+testgetmsgxconnhybridex(void)
+{
+	/* X.224 connection confirm with HYBRID_EX (ProtoUAUTH) selected by server */
+	int n, nb;
+	uchar buf[32];
+	Msg m = {0};
+	char *hex = "0300001306D000000000000200080008000000";
+
+	nb = dec16(buf, sizeof buf, hex, strlen(hex));
+	n = getmsg(&m, buf, nb);
+	if(n <= 0)
+		sysfatal("testgetmsgxconnhybridex: unexpected error: %r");
+	if(m.type != Xconnected)
+		sysfatal("testgetmsgxconnhybridex: type: want %d, got %d", Xconnected, m.type);
+	if(m.negproto != ProtoUAUTH)
+		sysfatal("testgetmsgxconnhybridex: negproto: want %d (ProtoUAUTH), got %d", ProtoUAUTH, m.negproto);
+	return 0;
+}
+
 static int
 testgetmsgxconnnonego(void)
 {
@@ -1306,6 +1348,7 @@ msgtests(void)
 {
 	fmtinstall('H', encodefmt);
 	testputmsgxconnect();
+	testputmsgxconnectnla();
 	testputmsgxhangup();
 	testputmsgmattach();
 	testputmsgmjoin();
@@ -1326,6 +1369,7 @@ msgtests(void)
 	testgetmsgfp2();
 	testgetmsgfp3();
 	testgetmsgxconntls();
+	testgetmsgxconnhybridex();
 	testgetmsgxconnnonego();
 	testgetmsgmattacheduid();
 	testgetmsgmattachednouid();