Skip to content

feat(pam): native RDP client support #191

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
bernie-g merged 53 commits into from
May 5, 2026
Merged

feat(pam): native RDP client support #191

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
53 commits
Select commit Hold shift + click to select a range
013cab5
feat(pam): add rust rdp bridge with post-credssp passthrough
bernie-g Apr 22, 2026
a91f967
feat(pam): add c abi + cgo wrapper for rdp bridge
bernie-g Apr 22, 2026
39328fd
feat(pam): wire rdp handler into gateway dispatch
bernie-g Apr 22, 2026
e84febf
feat(pam): add rdp access CLI subcommand
bernie-g Apr 22, 2026
55ca651
chore(pam): rdp UX polish
bernie-g Apr 22, 2026
afb0ec2
chore(pam): remove rdp native crate README
bernie-g Apr 22, 2026
5e2e46b
fix: add .vscode folder to gitignore
bernie-g Apr 22, 2026
095b900
ci(pam): pin Rust toolchain + add RDP bridge smoke test
bernie-g Apr 23, 2026
8a04e54
ci: retrigger
bernie-g Apr 23, 2026
492f656
ci(pam): add dry-run option to release workflow
bernie-g Apr 23, 2026
83dc9ab
ci(pam): cross-compile RDP bridge static libs across 11 targets
bernie-g Apr 23, 2026
6ef384f
feat(pam-rdp): add Windows CGo wrapper and extract shared bridge ops
bernie-g Apr 23, 2026
0611a97
ci(pam-rdp): wire RDP bridge static libs into goreleaser release
bernie-g Apr 23, 2026
7585478
Merge remote-tracking branch 'origin/main' into feat/pam-rdp-mvp
bernie-g Apr 23, 2026
9beb635
feat(pam-rdp): wire --reason flag through to RDP access
bernie-g Apr 23, 2026
a3f4408
fix(ci): correct mingw apt package name and skip docker on dry-run
bernie-g Apr 23, 2026
3bc0a78
Revert skip=docker change; keep only the mingw package name fix
bernie-g Apr 23, 2026
0c9424d
ci(pam-rdp): use zig cc for darwin cross-compile instead of osxcross
bernie-g Apr 23, 2026
b0aff6c
ci(pam-rdp): expand RDP support from 5 to 11 targets (option 1)
bernie-g Apr 23, 2026
05fcb11
chore: remove accidentally committed local PAM session artifact
bernie-g Apr 23, 2026
8329f79
fix(pam-rdp): statically bundle zlib into the bridge archive
bernie-g Apr 23, 2026
a515cbd
ci(pam-rdp): drop windows/arm64 from RDP tier
bernie-g Apr 23, 2026
2b2ccab
ci(pam-rdp): build only the staticlib target in cross-compile jobs
bernie-g Apr 23, 2026
eb75047
chore(pam-rdp): strip redundant comments across the PR
bernie-g Apr 23, 2026
65aaa12
ci(pam-rdp): drop FreeBSD and NetBSD from RDP tier
bernie-g Apr 23, 2026
50e29ce
ci(pam-rdp): bump zig to 0.16.0
bernie-g Apr 23, 2026
b15371b
fix(pam-rdp): clean up .rdp file on session end + pin zig 0.14.0
bernie-g Apr 23, 2026
3887a5a
fix(ci): stub libresolv.tbd for darwin cross-compile
bernie-g Apr 23, 2026
08f0809
ci(pam-rdp): ditch zig for darwin, use macos-latest runner instead
bernie-g Apr 23, 2026
cf674f1
chore(pam-rdp): remove rdp-bridge-test dev binary
bernie-g Apr 23, 2026
348de42
ci(pam-rdp): parallelize goreleaser + goreleaser-darwin via shared draft
bernie-g Apr 23, 2026
3291a54
fix(ci): link libwinpthread for windows CGO
bernie-g Apr 23, 2026
57438fe
ci: group goreleaser-windows into the create-release-draft column
bernie-g Apr 23, 2026
7511234
ci(pam-rdp): enable RDP in Windows Docker container images
bernie-g Apr 23, 2026
6f3ac49
ci(pam-rdp): build Rust bridge natively on windows-2022 runner
bernie-g Apr 23, 2026
e22812a
fix(pam-rdp): format Safety doc as proper heading for clippy
bernie-g Apr 24, 2026
b375428
ci: shorten dry_run description in release workflow
bernie-g Apr 24, 2026
ef74e90
chore(pam-rdp): remove bridge-test harness
bernie-g Apr 24, 2026
85c23d2
fix(pam-rdp): address PR bot review comments
bernie-g Apr 24, 2026
6916ff6
fix(pam-rdp): address PR review feedback
bernie-g Apr 29, 2026
e5d2acb
docs(pam-rdp): add README for Rust bridge setup
bernie-g May 1, 2026
4f0e3e2
refactor(pam-rdp): rename bridge_cgo.go to bridge_cgo_unix.go
bernie-g May 1, 2026
7675e95
feat(pam-rdp): use empty password for acceptor credentials
bernie-g May 1, 2026
c2b68da
feat(pam-rdp): use account name as RDP acceptor username
bernie-g May 2, 2026
e350e47
feat(pam-rdp): strip virtual channels from MCS Connect Initial
bernie-g May 4, 2026
8ffb72b
refactor(pam-rdp): consolidate HandleConnection + cargo fmt
bernie-g May 4, 2026
e0a9157
refactor(pam-rdp): use target username for acceptor, autofill via met…
bernie-g May 4, 2026
ad8bcfc
fix(release): make npm-release tolerate skipped validate-tag-branch
bernie-g May 4, 2026
54e921b
Merge remote-tracking branch 'origin/main' into feat/pam-rdp-mvp
bernie-g May 4, 2026
92102e9
fix(pam-rdp): don't shut down proxy on per-connection gateway close
bernie-g May 5, 2026
e0619d7
chore(pam-rdp): lowercase example account name in help text
bernie-g May 5, 2026
98e076f
chore(pam-rdp): drop unused /target-docker from .gitignore
bernie-g May 5, 2026
f2f4f99
fix(release): append windows artifacts to shared draft
bernie-g May 5, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
93 changes: 93 additions & 0 deletions .github/workflows/build-rdp-bridge.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,93 @@
name: Build RDP Bridge Static Libs

# windows/arm64, freebsd, netbsd, openbsd excluded: no cgo-capable
# cross toolchain we can reasonably install in CI. They ship the RDP
# stub at runtime.

on:
workflow_call:
workflow_dispatch:

jobs:
rust-cross:
name: cross (${{ matrix.target }})
runs-on: ubuntu-latest-8-cores
strategy:
fail-fast: false
matrix:
include:
- target: x86_64-unknown-linux-gnu
- target: aarch64-unknown-linux-gnu
- target: i686-unknown-linux-gnu
- target: arm-unknown-linux-gnueabi
- target: armv7-unknown-linux-gnueabihf
- target: x86_64-pc-windows-gnu
steps:
- uses: actions/checkout@v4

- name: Cache cargo registry
uses: actions/cache@v4
with:
path: |
~/.cargo/registry
~/.cargo/git
key: rdp-cross-cargo-${{ matrix.target }}-${{ hashFiles('packages/pam/handlers/rdp/native/Cargo.lock') }}
restore-keys: rdp-cross-cargo-${{ matrix.target }}-

- name: Install cross
run: cargo install cross --locked --version 0.2.5

- name: Install pinned Rust toolchain
working-directory: packages/pam/handlers/rdp/native
run: rustup show active-toolchain

- name: cross build --release --target ${{ matrix.target }}
working-directory: packages/pam/handlers/rdp/native
run: cross build --release --target ${{ matrix.target }}

- name: Upload static library
uses: actions/upload-artifact@v4
with:
name: rdp-bridge-${{ matrix.target }}
path: packages/pam/handlers/rdp/native/target/${{ matrix.target }}/release/libinfisical_rdp_bridge.a
if-no-files-found: error
retention-days: 7

rust-darwin:
name: macos-latest (${{ matrix.target }})
runs-on: macos-latest
strategy:
fail-fast: false
matrix:
include:
- target: x86_64-apple-darwin
- target: aarch64-apple-darwin
steps:
- uses: actions/checkout@v4

- name: Cache cargo registry
uses: actions/cache@v4
with:
path: |
~/.cargo/registry
~/.cargo/git
key: rdp-darwin-cargo-${{ matrix.target }}-${{ hashFiles('packages/pam/handlers/rdp/native/Cargo.lock') }}
restore-keys: rdp-darwin-cargo-${{ matrix.target }}-

- name: Install pinned Rust toolchain + target
working-directory: packages/pam/handlers/rdp/native
run: |
rustup show active-toolchain
rustup target add ${{ matrix.target }}

- name: cargo build --release --target ${{ matrix.target }}
working-directory: packages/pam/handlers/rdp/native
run: cargo build --release --target ${{ matrix.target }}

- name: Upload static library
uses: actions/upload-artifact@v4
with:
name: rdp-bridge-${{ matrix.target }}
path: packages/pam/handlers/rdp/native/target/${{ matrix.target }}/release/libinfisical_rdp_bridge.a
if-no-files-found: error
retention-days: 7
Loading
Loading