mirror of
https://github.com/bolkedebruin/rdpgw.git
synced 2025-08-17 14:03:50 +02:00
Add comments and make client ip address verification optional but enabled by default
This commit is contained in:
Bolke de Bruin
parent
db00ce7be0
commit
c9213414c5
4 changed files with 21 additions and 6 deletions
|
|
@ -48,6 +48,7 @@ type SecurityConfig struct {
|
|||
PAATokenSigningKey string
|
||||
UserTokenEncryptionKey string
|
||||
UserTokenSigningKey string
|
||||
VerifyClientIp bool
|
||||
}
|
||||
|
||||
type ClientConfig struct {
|
||||
|
|
@ -61,9 +62,9 @@ func init() {
|
|||
viper.SetDefault("server.certFile", "server.pem")
|
||||
viper.SetDefault("server.keyFile", "key.pem")
|
||||
viper.SetDefault("server.port", 443)
|
||||
viper.SetDefault("security.enableOpenId", true)
|
||||
viper.SetDefault("client.networkAutoDetect", 1)
|
||||
viper.SetDefault("client.bandwidthAutoDetect", 1)
|
||||
viper.SetDefault("security.verifyClientIp", true)
|
||||
}
|
||||
|
||||
func Load(configFile string) Configuration {
|
||||
|
|
|
|||
2
main.go
2
main.go
|
|
@ -34,6 +34,8 @@ func main() {
|
|||
cmd.PersistentFlags().StringVarP(&configFile, "conf", "c", "rdpgw.yaml", "config file (json, yaml, ini)")
|
||||
conf = config.Load(configFile)
|
||||
|
||||
security.VerifyClientIP = conf.Security.VerifyClientIp
|
||||
|
||||
// set security keys
|
||||
security.SigningKey = []byte(conf.Security.PAATokenSigningKey)
|
||||
security.EncryptionKey = []byte(conf.Security.PAATokenEncryptionKey)
|
||||
|
|
|
|||
|
|
@ -21,13 +21,22 @@ type RedirectFlags struct {
|
|||
}
|
||||
|
||||
type SessionInfo struct {
|
||||
// The connection-id (RDG-ConnID) as reported by the client
|
||||
ConnId string
|
||||
// The underlying incoming transport being either websocket or legacy http
|
||||
// in case of websocket TransportOut will equal TransportIn
|
||||
TransportIn transport.Transport
|
||||
// The underlying outgoing transport being either websocket or legacy http
|
||||
// in case of websocket TransportOut will equal TransportOut
|
||||
TransportOut transport.Transport
|
||||
// The remote desktop server (rdp, vnc etc) the clients intends to connect to
|
||||
RemoteServer string
|
||||
// The obtained client ip address
|
||||
ClientIp string
|
||||
}
|
||||
|
||||
// readMessage parses and defragments a packet from a Transport. It returns
|
||||
// at most the bytes that have been reported by the packet
|
||||
func readMessage(in transport.Transport) (pt int, n int, msg []byte, err error) {
|
||||
fragment := false
|
||||
index := 0
|
||||
|
|
@ -66,6 +75,7 @@ func readMessage(in transport.Transport) (pt int, n int, msg []byte, err error)
|
|||
}
|
||||
}
|
||||
|
||||
// createPacket wraps the data into the protocol packet
|
||||
func createPacket(pktType uint16, data []byte) (packet []byte) {
|
||||
size := len(data) + 8
|
||||
buf := new(bytes.Buffer)
|
||||
|
|
@ -78,6 +88,7 @@ func createPacket(pktType uint16, data []byte) (packet []byte) {
|
|||
return buf.Bytes()
|
||||
}
|
||||
|
||||
// readHeader parses a packet and verifies its reported size
|
||||
func readHeader(data []byte) (packetType uint16, size uint32, packet []byte, err error) {
|
||||
// header needs to be 8 min
|
||||
if len(data) < 8 {
|
||||
|
|
@ -90,10 +101,10 @@ func readHeader(data []byte) (packetType uint16, size uint32, packet []byte, err
|
|||
if len(data) < int(size) {
|
||||
return packetType, size, data[8:], errors.New("data incomplete, fragment received")
|
||||
}
|
||||
return packetType, size, data[8:], nil
|
||||
return packetType, size, data[8:size-8], nil
|
||||
}
|
||||
|
||||
// sends data wrapped inside the rdpgw protocol
|
||||
// forwards data from a Connection to Transport and wraps it in the rdpgw protocol
|
||||
func forward(in net.Conn, out transport.Transport) {
|
||||
defer in.Close()
|
||||
|
||||
|
|
@ -113,7 +124,7 @@ func forward(in net.Conn, out transport.Transport) {
|
|||
}
|
||||
}
|
||||
|
||||
// receive data from the wire, unwrap and forward to the client
|
||||
// receive data received from the gateway client, unwrap and forward the remote desktop server
|
||||
func receive(data []byte, out net.Conn) {
|
||||
buf := bytes.NewReader(data)
|
||||
|
||||
|
|
|
|||
|
|
@ -24,6 +24,7 @@ var (
|
|||
)
|
||||
|
||||
var ExpiryTime time.Duration = 5
|
||||
var VerifyClientIP bool = true
|
||||
|
||||
type customClaims struct {
|
||||
RemoteServer string `json:"remoteServer"`
|
||||
|
|
@ -89,11 +90,11 @@ func VerifyServerFunc(ctx context.Context, host string) (bool, error) {
|
|||
return false, nil
|
||||
}
|
||||
|
||||
/*if s.ClientIp != common.GetClientIp(ctx) {
|
||||
if VerifyClientIP && s.ClientIp != common.GetClientIp(ctx) {
|
||||
log.Printf("Current client ip address %s does not match token client ip %s",
|
||||
common.GetClientIp(ctx), s.ClientIp)
|
||||
return false, nil
|
||||
}*/
|
||||
}
|
||||
|
||||
return true, nil
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue