Add local PAM docker-compose

dev/docker/Dockerfile

@@ -35,13 +35,15 @@ RUN apk --no-cache add linux-pam musl
 # make tempdir in case filestore is used
 ADD tmp.tar /
 
-USER 1001
+COPY --chown=0 rdpgw-pam /etc/pam.d/rdpgw
 
+USER 1001
 COPY --chown=1001 run.sh run.sh
 COPY --chown=1001 --from=builder /opt/rdpgw /opt/rdpgw
 COPY --chown=1001 --from=builder /etc/passwd /etc/passwd
 COPY --chown=1001 --from=builder /etc/ssl/certs /etc/ssl/certs
-#COPY --chown=1001 rdpgw.yaml /opt/rdpgw/rdpgw.yaml
+
+USER 0
 
 WORKDIR /opt/rdpgw
 ENTRYPOINT ["/bin/sh", "/run.sh"]

dev/docker/rdpgw-pam

@@ -0,0 +1,3 @@
+# basic PAM configuration for rdpgw on Alpine
+auth include base-auth
+auth include base-account

dev/docker/run.sh

@@ -1,11 +1,34 @@
 #!/bin/sh
-cd /opt/rdpgw || exit 1
 
-if ! [ -e /opt/rdpgw/rdpgw.yaml ]; then
+USER=rdpgw
-  cp /opt/rdpgw/rdpgw.yaml.default /opt/rdpgw/rdpgw.yaml
+
+file="/root/createusers.txt"
+if [ -f $file ]
+  then
+    while IFS=: read -r username password is_sudo
+        do
+            echo "Username: $username, Password: **** , Sudo: $is_sudo"
+
+            if getent passwd "$username" > /dev/null 2>&1
+              then
+                echo "User Exists"
+              else
+                adduser -s /sbin/nologin "$username"
+                echo "$username:$password" | chpasswd
+            fi
+    done <"$file"
 fi
 
-/opt/rdpgw/rdpgw-auth &
+cd /opt/rdpgw || exit 1
-/opt/rdpgw/rdpgw &
+
+if [ -n "${RDPGW_SERVER__AUTHENTICATION}" ]; then
+  if [ "${RDPGW_SERVER__AUTHENTICATION}" = "local" ]; then
+    echo "Starting rdpgw-auth"
+    /opt/rdpgw/rdpgw-auth &
+  fi
+fi
+
+# drop privileges and run the application
+su -c /opt/rdpgw/rdpgw ${USER} &
 wait
 exit $?