sendnrw/rdpgw
2
0
Fork 0
mirror of https://github.com/bolkedebruin/rdpgw.git synced 2026-03-31 07:56:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

Make stackable

Browse Source
This commit is contained in:
Bolke de Bruin
2022-10-18 11:39:26 +02:00
parent db98550455
commit ee20553f08
3 changed files with 14 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
cmd/rdpgw/config/configuration.go
View File

@@ -236,7 +236,7 @@ func (s *ServerConfig) KerberosEnabled() bool {
} }
func (s *ServerConfig) BasicAuthEnabled() bool { func (s *ServerConfig) BasicAuthEnabled() bool {
return s.matchAuth("local") return s.matchAuth("local") || s.matchAuth("basic")
} }
func (s *ServerConfig) matchAuth(needle string) bool { func (s *ServerConfig) matchAuth(needle string) bool {

8
cmd/rdpgw/main.go
View File

@@ -226,12 +226,13 @@ func main() {
// for stacking of authentication // for stacking of authentication
auth := web.NewAuthMux() auth := web.NewAuthMux()
rdp.MatcherFunc(web.NoAuthz).HandlerFunc(auth.SetAuthenticate)
// basic auth // basic auth
if conf.Server.BasicAuthEnabled() { if conf.Server.BasicAuthEnabled() {
log.Printf("enabling basic authentication") log.Printf("enabling basic authentication")
q := web.BasicAuthHandler{SocketAddress: conf.Server.AuthSocket} q := web.BasicAuthHandler{SocketAddress: conf.Server.AuthSocket}
rdp.Headers("Authorization", "Basic*").HandlerFunc(q.BasicAuth(gw.HandleGatewayProtocol)) rdp.NewRoute().HeadersRegexp("Authorization", "Basic").HandlerFunc(q.BasicAuth(gw.HandleGatewayProtocol))
auth.Register(`Basic realm="restricted", charset="UTF-8"`) auth.Register(`Basic realm="restricted", charset="UTF-8"`)
} }
@@ -242,7 +243,7 @@ func main() {
if err != nil { if err != nil {
log.Fatalf("Cannot load keytab: %s", err) log.Fatalf("Cannot load keytab: %s", err)
} }
rdp.Headers("Authorization", "Negotiate*").Handler( rdp.NewRoute().HeadersRegexp("Authorization", "Negotiate").Handler(
spnego.SPNEGOKRB5Authenticate(web.TransposeSPNEGOContext(http.HandlerFunc(gw.HandleGatewayProtocol)), spnego.SPNEGOKRB5Authenticate(web.TransposeSPNEGOContext(http.HandlerFunc(gw.HandleGatewayProtocol)),
keytab, keytab,
service.Logger(log.Default()))) service.Logger(log.Default())))
@@ -253,9 +254,6 @@ func main() {
auth.Register("Negotiate") auth.Register("Negotiate")
} }
// allow stacking of authentication
rdp.Use(auth.Route)
// setup server // setup server
server := http.Server{ server := http.Server{
Addr: ":" + strconv.Itoa(conf.Server.Port), Addr: ":" + strconv.Itoa(conf.Server.Port),

22
cmd/rdpgw/web/router.go
View File

@@ -1,6 +1,7 @@
package web package web
import ( import (
"github.com/gorilla/mux"
"net/http" "net/http"
) )
@@ -16,16 +17,13 @@ func (a *AuthMux) Register(s string) {
a.headers = append(a.headers, s) a.headers = append(a.headers, s)
} }
func (a *AuthMux) Route(next http.Handler) http.Handler { func (a *AuthMux) SetAuthenticate(w http.ResponseWriter, r *http.Request) {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { for _, s := range a.headers {
h := r.Header.Get("Authorization") w.Header().Add("WWW-Authenticate", s)
if h == "" { }
for _, s := range a.headers { http.Error(w, "Unauthorized", http.StatusUnauthorized)
w.Header().Add("WWW-Authenticate", s) }
http.Error(w, "Unauthorized", http.StatusUnauthorized)
return func NoAuthz(r *http.Request, rm *mux.RouteMatch) bool {
} return r.Header.Get("Authorization") == ""
}
next.ServeHTTP(w, r)
})
} }