sendnrw/rdpgw
2
0
Fork 0
mirror of https://github.com/bolkedebruin/rdpgw.git synced 2026-03-27 22:46:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

Make stackable

Browse Source
This commit is contained in:
Bolke de Bruin
2022-10-18 11:39:26 +02:00
parent db98550455
commit ee20553f08
3 changed files with 14 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
cmd/rdpgw/config/configuration.go
View File

@@ -236,7 +236,7 @@ func (s *ServerConfig) KerberosEnabled() bool {
}
func (s *ServerConfig) BasicAuthEnabled() bool {
return s.matchAuth("local")
return s.matchAuth("local") || s.matchAuth("basic")
}
func (s *ServerConfig) matchAuth(needle string) bool {

8
cmd/rdpgw/main.go
View File

@@ -226,12 +226,13 @@ func main() {
// for stacking of authentication
auth := web.NewAuthMux()
rdp.MatcherFunc(web.NoAuthz).HandlerFunc(auth.SetAuthenticate)
// basic auth
if conf.Server.BasicAuthEnabled() {
log.Printf("enabling basic authentication")
q := web.BasicAuthHandler{SocketAddress: conf.Server.AuthSocket}
rdp.Headers("Authorization", "Basic*").HandlerFunc(q.BasicAuth(gw.HandleGatewayProtocol))
rdp.NewRoute().HeadersRegexp("Authorization", "Basic").HandlerFunc(q.BasicAuth(gw.HandleGatewayProtocol))
auth.Register(`Basic realm="restricted", charset="UTF-8"`)
}
@@ -242,7 +243,7 @@ func main() {
if err != nil {
log.Fatalf("Cannot load keytab: %s", err)
}
rdp.Headers("Authorization", "Negotiate*").Handler(
rdp.NewRoute().HeadersRegexp("Authorization", "Negotiate").Handler(
spnego.SPNEGOKRB5Authenticate(web.TransposeSPNEGOContext(http.HandlerFunc(gw.HandleGatewayProtocol)),
keytab,
service.Logger(log.Default())))
@@ -253,9 +254,6 @@ func main() {
auth.Register("Negotiate")
}
// allow stacking of authentication
rdp.Use(auth.Route)
// setup server
server := http.Server{
Addr: ":" + strconv.Itoa(conf.Server.Port),

22
cmd/rdpgw/web/router.go
View File

@@ -1,6 +1,7 @@
package web
import (
"github.com/gorilla/mux"
"net/http"
)
@@ -16,16 +17,13 @@ func (a *AuthMux) Register(s string) {
a.headers = append(a.headers, s)
}
func (a *AuthMux) Route(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
h := r.Header.Get("Authorization")
if h == "" {
for _, s := range a.headers {
w.Header().Add("WWW-Authenticate", s)
http.Error(w, "Unauthorized", http.StatusUnauthorized)
return
}
}
next.ServeHTTP(w, r)
})
func (a *AuthMux) SetAuthenticate(w http.ResponseWriter, r *http.Request) {
for _, s := range a.headers {
w.Header().Add("WWW-Authenticate", s)
}
http.Error(w, "Unauthorized", http.StatusUnauthorized)
}
func NoAuthz(r *http.Request, rm *mux.RouteMatch) bool {
return r.Header.Get("Authorization") == ""
}