mirror of
https://github.com/bolkedebruin/rdpgw.git
synced 2025-08-17 05:53:50 +02:00
Add support for splitting the username from the domain to enable smaller tokens
This commit is contained in:
Bolke de Bruin
parent
2628ba11d0
commit
c6cfdc4dd4
4 changed files with 22 additions and 12 deletions
|
|
@ -85,6 +85,9 @@ client:
|
||||||
networkAutoDetect: 0
|
networkAutoDetect: 0
|
||||||
bandwidthAutoDetect: 1
|
bandwidthAutoDetect: 1
|
||||||
ConnectionType: 6
|
ConnectionType: 6
|
||||||
|
# If true puts splits "user@domain.com" into the user and domain component so that
|
||||||
|
# domain gets set in the rdp file and the domain name is stripped from the username
|
||||||
|
SplitUserDomain: false
|
||||||
security:
|
security:
|
||||||
# a random string of at least 32 characters to secure cookies on the client
|
# a random string of at least 32 characters to secure cookies on the client
|
||||||
# make sure to share this amongst different pods
|
# make sure to share this amongst different pods
|
||||||
|
|
|
||||||
25
api/web.go
25
api/web.go
|
|
@ -42,6 +42,7 @@ type Config struct {
|
||||||
NetworkAutoDetect int
|
NetworkAutoDetect int
|
||||||
BandwidthAutoDetect int
|
BandwidthAutoDetect int
|
||||||
ConnectionType int
|
ConnectionType int
|
||||||
|
SplitUserDomain bool
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *Config) NewApi() {
|
func (c *Config) NewApi() {
|
||||||
|
|
@ -157,17 +158,23 @@ func (c *Config) HandleDownload(w http.ResponseWriter, r *http.Request) {
|
||||||
host = strings.Replace(host, "{{ preferred_username }}", userName, 1)
|
host = strings.Replace(host, "{{ preferred_username }}", userName, 1)
|
||||||
|
|
||||||
// split the username into user and domain
|
// split the username into user and domain
|
||||||
creds := strings.SplitN(userName, "@", 2)
|
var user string
|
||||||
user := creds[0]
|
|
||||||
var domain string
|
var domain string
|
||||||
|
if c.SplitUserDomain {
|
||||||
|
creds := strings.SplitN(userName, "@", 2)
|
||||||
|
user = creds[0]
|
||||||
if len(creds) > 1 {
|
if len(creds) > 1 {
|
||||||
domain = creds[1]
|
domain = creds[1]
|
||||||
}
|
}
|
||||||
|
} else {
|
||||||
|
user = userName
|
||||||
|
}
|
||||||
|
|
||||||
|
render := user
|
||||||
if c.UsernameTemplate != "" {
|
if c.UsernameTemplate != "" {
|
||||||
c.UsernameTemplate = fmt.Sprintf(c.UsernameTemplate)
|
render = fmt.Sprintf(c.UsernameTemplate)
|
||||||
user = strings.Replace(c.UsernameTemplate, "{{ username }}", user, 1)
|
render = strings.Replace(render, "{{ username }}", user, 1)
|
||||||
if c.UsernameTemplate == user {
|
if c.UsernameTemplate == render {
|
||||||
log.Printf("Invalid username template. %s == %s", c.UsernameTemplate, user)
|
log.Printf("Invalid username template. %s == %s", c.UsernameTemplate, user)
|
||||||
http.Error(w, errors.New("invalid server configuration").Error(), http.StatusInternalServerError)
|
http.Error(w, errors.New("invalid server configuration").Error(), http.StatusInternalServerError)
|
||||||
return
|
return
|
||||||
|
|
@ -180,17 +187,15 @@ func (c *Config) HandleDownload(w http.ResponseWriter, r *http.Request) {
|
||||||
http.Error(w, errors.New("unable to generate gateway credentials").Error(), http.StatusInternalServerError)
|
http.Error(w, errors.New("unable to generate gateway credentials").Error(), http.StatusInternalServerError)
|
||||||
}
|
}
|
||||||
|
|
||||||
userToken := user
|
|
||||||
if c.EnableUserToken {
|
if c.EnableUserToken {
|
||||||
userToken, err = c.UserTokenGenerator(ctx, user)
|
userToken, err := c.UserTokenGenerator(ctx, user)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Printf("Cannot generate token for user %s due to %s", user, err)
|
log.Printf("Cannot generate token for user %s due to %s", user, err)
|
||||||
http.Error(w, errors.New("unable to generate gateway credentials").Error(), http.StatusInternalServerError)
|
http.Error(w, errors.New("unable to generate gateway credentials").Error(), http.StatusInternalServerError)
|
||||||
}
|
}
|
||||||
|
render = strings.Replace(render, "{{ token }}", userToken, 1)
|
||||||
}
|
}
|
||||||
|
|
||||||
user = strings.Replace(user,"{{ token }}", userToken, 1)
|
|
||||||
|
|
||||||
// authenticated
|
// authenticated
|
||||||
seed := make([]byte, 16)
|
seed := make([]byte, 16)
|
||||||
rand.Read(seed)
|
rand.Read(seed)
|
||||||
|
|
@ -207,7 +212,7 @@ func (c *Config) HandleDownload(w http.ResponseWriter, r *http.Request) {
|
||||||
"networkautodetect:i:"+strconv.Itoa(c.NetworkAutoDetect)+"\r\n"+
|
"networkautodetect:i:"+strconv.Itoa(c.NetworkAutoDetect)+"\r\n"+
|
||||||
"bandwidthautodetect:i:"+strconv.Itoa(c.BandwidthAutoDetect)+"\r\n"+
|
"bandwidthautodetect:i:"+strconv.Itoa(c.BandwidthAutoDetect)+"\r\n"+
|
||||||
"connection type:i:"+strconv.Itoa(c.ConnectionType)+"\r\n"+
|
"connection type:i:"+strconv.Itoa(c.ConnectionType)+"\r\n"+
|
||||||
"username:s:"+user+"\r\n"+
|
"username:s:"+render+"\r\n"+
|
||||||
"domain:s:"+domain+"\r\n"+
|
"domain:s:"+domain+"\r\n"+
|
||||||
"bitmapcachesize:i:32000\r\n"
|
"bitmapcachesize:i:32000\r\n"
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -57,6 +57,7 @@ type ClientConfig struct {
|
||||||
BandwidthAutoDetect int
|
BandwidthAutoDetect int
|
||||||
ConnectionType int
|
ConnectionType int
|
||||||
UsernameTemplate string
|
UsernameTemplate string
|
||||||
|
SplitUserDomain bool
|
||||||
}
|
}
|
||||||
|
|
||||||
func init() {
|
func init() {
|
||||||
|
|
|
||||||
1
main.go
1
main.go
|
|
@ -76,6 +76,7 @@ func main() {
|
||||||
UsernameTemplate: conf.Client.UsernameTemplate,
|
UsernameTemplate: conf.Client.UsernameTemplate,
|
||||||
BandwidthAutoDetect: conf.Client.BandwidthAutoDetect,
|
BandwidthAutoDetect: conf.Client.BandwidthAutoDetect,
|
||||||
ConnectionType: conf.Client.ConnectionType,
|
ConnectionType: conf.Client.ConnectionType,
|
||||||
|
SplitUserDomain: conf.Client.SplitUserDomain,
|
||||||
}
|
}
|
||||||
api.NewApi()
|
api.NewApi()
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue