implement NTLM dockerfile

dev/docker/default.rdp

@@ -0,0 +1,9 @@
+connection type:i:7
+bandwidthautodetect:i:1
+networkautodetect:i:1
+audiomode:i:2
+autoreconnect max retries:i:5
+autoreconnection enabled:i:1
+session bpp:i:16
+smart sizing:i:1
+redirectclipboard:i:1

dev/docker/docker-compose-ntlm.yml

@@ -0,0 +1,18 @@
+version: '3.4'
+
+services:
+  rdpgw:
+       build: .
+       ports:
+         - 9443:9443
+       restart: on-failure
+       volumes:
+        - ./rdpgw.yaml:/opt/rdpgw/rdpgw.yaml
+        - ./rdpgw-auth.yaml:/opt/rdpgw/rdpgw-auth.yaml
+        - ./default.rdp:/etc/rdpgw/default.rdp
+       environment:
+         RDPGW_SERVER__GATEWAY_ADDRESS: https://rdg.domain.tld
+         RDPGW_SERVER__PORT: 9443
+         RDPGW_SERVER__ROUND_ROBIN: "false"
+         RDPGW_SERVER__SESSION_STORE: "file"
+

dev/docker/rdpgw-auth.yaml

@@ -0,0 +1,2 @@
+Users:
+ - {Username: "admin", Password: "test"} 

dev/docker/rdpgw.yaml

@@ -1,20 +1,34 @@
 Server:
- CertFile: /opt/rdpgw/server.pem
+  Authentication:
- KeyFile: /opt/rdpgw/key.pem
+    - ntlm
- GatewayAddress: localhost:9443
+
- Port: 9443
+  BasicAuthTimeout: "5"
+
+  Tls: "auto"
+
   Hosts:
-  - xrdp:3389
+    - "localhost:3389" # Don't get cute and think you're smarter than the author who made the app. Your gonna need the port
- RoundRobin: false
+    - "127.0.0.1:3389" # Don't forget that this is linux. What you use in the rdp file or the default.rdp if you add one, has to match the case of what you enter here. 
- SessionKey: thisisasessionkeyreplacethisjetz
+
- SessionEncryptionKey: thisisasessionkeyreplacethisnunu
+  HostSelection: "unsigned" # somewhere on the issues page its listed what options are available. This was the only option that worked for me if I had multiple hosts
-OpenId:
+  SessionKey: "GENERATE A 32 CHAR 332" # CHANNGE
- ProviderUrl: http://keycloak:8080/auth/realms/rdpgw
+  SessionEncryptionKey: "GENERATE A 32 CHAR 445" # CHANNGE
- ClientId: rdpgw
+
- ClientSecret: 01cd304c-6f43-4480-9479-618eb6fd578f
+AuthSocket: /tmp/rdpgw-auth.sock # this MF thing... Remember the run.sh script... yeah...
-Client:
+
- UsernameTemplate: "{{ username }}"
-Security:
-  PAATokenSigningKey: prettypleasereplacemeinproductio
 Caps:
- TokenAuth: true
+  TokenAuth: "false"
+  IdleTimeout: "120"
+  EnableClipboard: "true" # If you do not add this you will not be able to copy/paste no matter what setting you put into your RDP configs
+  EnableDrive: "true" # If you do not add this you will not be able to copy/paste no matter what setting you put into your RDP configs
+
+Client:
+  defaults: "/etc/rdpgw/default.rdp"
+  UsernameTemplate: "{{ username }}@DN.domain.tld" # Change the domain or remove I did not notice a difference either way
+  SplitUserDomain: "false"
+
+Security:
+  PAATokenSigningKey: "GENERATE A 32 CHAR KEY" # CHANNGE
+  UserTokenEncryptionKey: "GENERATE A 32 CHAR KEY" # CHANNGE
+  EnableUserToken: "true"
+  VerifyClientIp: "true"

dev/docker/run.sh

@@ -2,31 +2,9 @@
 
 USER=rdpgw
 
-file="/root/createusers.txt"
-if [ -f $file ]
-  then
-    while IFS=: read -r username password is_sudo
-        do
-            echo "Username: $username, Password: **** , Sudo: $is_sudo"
-
-            if getent passwd "$username" > /dev/null 2>&1
-              then
-                echo "User Exists"
-              else
-                adduser -s /sbin/nologin "$username"
-                echo "$username:$password" | chpasswd
-            fi
-    done <"$file"
-fi
-
 cd /opt/rdpgw || exit 1
 
-if [ -n "${RDPGW_SERVER__AUTHENTICATION}" ]; then
+/opt/rdpgw/rdpgw-auth -n rdpgw -s /tmp/rdpgw-auth.sock &
-  if [ "${RDPGW_SERVER__AUTHENTICATION}" = "local" ]; then
-    echo "Starting rdpgw-auth"
-    /opt/rdpgw/rdpgw-auth &
-  fi
-fi
 
 # drop privileges and run the application
 su -c /opt/rdpgw/rdpgw "${USER}" -- "$@" &