From 5aa29af1f64c32e8efa2761e009a6145c48cf482 Mon Sep 17 00:00:00 2001
From: snowie2000 <mactype.feedback@gmail.com>
Date: Tue, 7 Jan 2025 18:35:27 +0800
Subject: [PATCH] implement NTLM dockerfile

---
 dev/docker/default.rdp             |  9 ++++++
 dev/docker/docker-compose-ntlm.yml | 18 +++++++++++
 dev/docker/rdpgw-auth.yaml         |  2 ++
 dev/docker/rdpgw.yaml              | 50 +++++++++++++++++++-----------
 dev/docker/run.sh                  | 24 +-------------
 5 files changed, 62 insertions(+), 41 deletions(-)
 create mode 100644 dev/docker/default.rdp
 create mode 100644 dev/docker/docker-compose-ntlm.yml
 create mode 100644 dev/docker/rdpgw-auth.yaml

diff --git a/dev/docker/default.rdp b/dev/docker/default.rdp
new file mode 100644
index 0000000..59f4225
--- /dev/null
+++ b/dev/docker/default.rdp
@@ -0,0 +1,9 @@
+connection type:i:7
+bandwidthautodetect:i:1
+networkautodetect:i:1
+audiomode:i:2
+autoreconnect max retries:i:5
+autoreconnection enabled:i:1
+session bpp:i:16
+smart sizing:i:1
+redirectclipboard:i:1
\ No newline at end of file
diff --git a/dev/docker/docker-compose-ntlm.yml b/dev/docker/docker-compose-ntlm.yml
new file mode 100644
index 0000000..8f170e0
--- /dev/null
+++ b/dev/docker/docker-compose-ntlm.yml
@@ -0,0 +1,18 @@
+version: '3.4'
+
+services:
+  rdpgw:
+       build: .
+       ports:
+         - 9443:9443
+       restart: on-failure
+       volumes:
+        - ./rdpgw.yaml:/opt/rdpgw/rdpgw.yaml
+        - ./rdpgw-auth.yaml:/opt/rdpgw/rdpgw-auth.yaml
+        - ./default.rdp:/etc/rdpgw/default.rdp
+       environment:
+         RDPGW_SERVER__GATEWAY_ADDRESS: https://rdg.domain.tld
+         RDPGW_SERVER__PORT: 9443
+         RDPGW_SERVER__ROUND_ROBIN: "false"
+         RDPGW_SERVER__SESSION_STORE: "file"
+
diff --git a/dev/docker/rdpgw-auth.yaml b/dev/docker/rdpgw-auth.yaml
new file mode 100644
index 0000000..cd43716
--- /dev/null
+++ b/dev/docker/rdpgw-auth.yaml
@@ -0,0 +1,2 @@
+Users:
+ - {Username: "admin", Password: "test"} 
\ No newline at end of file
diff --git a/dev/docker/rdpgw.yaml b/dev/docker/rdpgw.yaml
index 5d2cc59..8c6772e 100644
--- a/dev/docker/rdpgw.yaml
+++ b/dev/docker/rdpgw.yaml
@@ -1,20 +1,34 @@
 Server:
- CertFile: /opt/rdpgw/server.pem
- KeyFile: /opt/rdpgw/key.pem
- GatewayAddress: localhost:9443
- Port: 9443
- Hosts:
-  - xrdp:3389
- RoundRobin: false
- SessionKey: thisisasessionkeyreplacethisjetz
- SessionEncryptionKey: thisisasessionkeyreplacethisnunu
-OpenId:
- ProviderUrl: http://keycloak:8080/auth/realms/rdpgw
- ClientId: rdpgw
- ClientSecret: 01cd304c-6f43-4480-9479-618eb6fd578f
-Client:
- UsernameTemplate: "{{ username }}"
-Security:
-  PAATokenSigningKey: prettypleasereplacemeinproductio
+  Authentication:
+    - ntlm
+
+  BasicAuthTimeout: "5"
+
+  Tls: "auto"
+
+  Hosts:
+    - "localhost:3389" # Don't get cute and think you're smarter than the author who made the app. Your gonna need the port
+    - "127.0.0.1:3389" # Don't forget that this is linux. What you use in the rdp file or the default.rdp if you add one, has to match the case of what you enter here. 
+
+  HostSelection: "unsigned" # somewhere on the issues page its listed what options are available. This was the only option that worked for me if I had multiple hosts
+  SessionKey: "GENERATE A 32 CHAR 332" # CHANNGE
+  SessionEncryptionKey: "GENERATE A 32 CHAR 445" # CHANNGE
+
+AuthSocket: /tmp/rdpgw-auth.sock # this MF thing... Remember the run.sh script... yeah...
+
 Caps:
- TokenAuth: true
+  TokenAuth: "false"
+  IdleTimeout: "120"
+  EnableClipboard: "true" # If you do not add this you will not be able to copy/paste no matter what setting you put into your RDP configs
+  EnableDrive: "true" # If you do not add this you will not be able to copy/paste no matter what setting you put into your RDP configs
+
+Client:
+  defaults: "/etc/rdpgw/default.rdp"
+  UsernameTemplate: "{{ username }}@DN.domain.tld" # Change the domain or remove I did not notice a difference either way
+  SplitUserDomain: "false"
+
+Security:
+  PAATokenSigningKey: "GENERATE A 32 CHAR KEY" # CHANNGE
+  UserTokenEncryptionKey: "GENERATE A 32 CHAR KEY" # CHANNGE
+  EnableUserToken: "true"
+  VerifyClientIp: "true"
\ No newline at end of file
diff --git a/dev/docker/run.sh b/dev/docker/run.sh
index e99dec1..0ae3b50 100755
--- a/dev/docker/run.sh
+++ b/dev/docker/run.sh
@@ -2,31 +2,9 @@
 
 USER=rdpgw
 
-file="/root/createusers.txt"
-if [ -f $file ]
-  then
-    while IFS=: read -r username password is_sudo
-        do
-            echo "Username: $username, Password: **** , Sudo: $is_sudo"
-
-            if getent passwd "$username" > /dev/null 2>&1
-              then
-                echo "User Exists"
-              else
-                adduser -s /sbin/nologin "$username"
-                echo "$username:$password" | chpasswd
-            fi
-    done <"$file"
-fi
-
 cd /opt/rdpgw || exit 1
 
-if [ -n "${RDPGW_SERVER__AUTHENTICATION}" ]; then
-  if [ "${RDPGW_SERVER__AUTHENTICATION}" = "local" ]; then
-    echo "Starting rdpgw-auth"
-    /opt/rdpgw/rdpgw-auth &
-  fi
-fi
+/opt/rdpgw/rdpgw-auth -n rdpgw -s /tmp/rdpgw-auth.sock &
 
 # drop privileges and run the application
 su -c /opt/rdpgw/rdpgw "${USER}" -- "$@" &