sendnrw/rdpgw
2
0
Fork 0
mirror of https://github.com/bolkedebruin/rdpgw.git synced 2026-03-27 14:36:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: improve ios compatibility

Browse Source
This commit is contained in:
Bolke de Bruin
2025-09-05 15:02:57 +02:00
parent c99b4ee58b
commit 85fec5fb2a
2 changed files with 24 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
cmd/rdpgw/main.go
View File

@@ -239,8 +239,9 @@ func main() {
ntlm := web.NTLMAuthHandler{SocketAddress: conf.Server.AuthSocket, Timeout: conf.Server.BasicAuthTimeout}
rdp.NewRoute().HeadersRegexp("Authorization", "NTLM").HandlerFunc(ntlm.NTLMAuth(gw.HandleGatewayProtocol))
rdp.NewRoute().HeadersRegexp("Authorization", "Negotiate").HandlerFunc(ntlm.NTLMAuth(gw.HandleGatewayProtocol))
auth.Register(`NTLM`)
auth.Register(`Negotiate`)
auth.Register([]string{`NTLM`, `Negotiate`}, func(r *http.Request) bool {
return r.Header.Get("Sec-WebSocket-Protocol") != "binary" // rdp client for ios is incompatible with this NTLM method.
})
}
// basic auth
@@ -248,7 +249,7 @@ func main() {
log.Printf("enabling basic authentication")
q := web.BasicAuthHandler{SocketAddress: conf.Server.AuthSocket, Timeout: conf.Server.BasicAuthTimeout}
rdp.NewRoute().HeadersRegexp("Authorization", "Basic").HandlerFunc(q.BasicAuth(gw.HandleGatewayProtocol))
auth.Register(`Basic realm="restricted", charset="UTF-8"`)
auth.Register([]string{`Basic realm="restricted", charset="UTF-8"`}, nil)
}
// spnego / kerberos
@@ -266,7 +267,7 @@ func main() {
// kdcproxy
k := kdcproxy.InitKdcProxy(conf.Kerberos.Krb5Conf)
r.HandleFunc(kdcProxyEndPoint, k.Handler).Methods("POST")
auth.Register("Negotiate")
auth.Register([]string{"Negotiate"}, nil)
}
// setup server

24
cmd/rdpgw/web/mux.go
View File

@@ -5,21 +5,35 @@ import (
"net/http"
)
type AuthHeader struct {
header string
condition func(*http.Request) bool
}
type AuthMux struct {
headers []string
headers []AuthHeader
}
func NewAuthMux() *AuthMux {
return &AuthMux{}
}
func (a *AuthMux) Register(s string) {
a.headers = append(a.headers, s)
// Register adds authentication methods with optional condition function
func (a *AuthMux) Register(headers []string, condition func(*http.Request) bool) {
for _, header := range headers {
a.headers = append(a.headers, AuthHeader{
header: header,
condition: condition,
})
}
}
func (a *AuthMux) SetAuthenticate(w http.ResponseWriter, r *http.Request) {
for _, s := range a.headers {
w.Header().Add("WWW-Authenticate", s)
for _, authHeader := range a.headers {
// If condition is nil or condition returns true, add the header
if authHeader.condition == nil || authHeader.condition(r) {
w.Header().Add("WWW-Authenticate", authHeader.header)
}
}
http.Error(w, "Unauthorized", http.StatusUnauthorized)
}