zydronium/rdpgw
1
0
Fork 0
mirror of https://github.com/bolkedebruin/rdpgw.git synced 2025-08-17 14:03:50 +02:00
Code Issues Projects Releases Packages Wiki Activity

Add BasicAuthTimeout setting versus static 5 seconds

Browse source
This commit is contained in:
Ryan Blenis 2023-12-16 03:06:20 -05:00
parent 017f338d86
commit e18423d6a8
4 changed files with 7 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -66,6 +66,8 @@ Server:
# The socket to connect to if using local auth. Ensure rdpgw auth is configured to # The socket to connect to if using local auth. Ensure rdpgw auth is configured to
# use the same socket. # use the same socket.
AuthSocket: /tmp/rdpgw-auth.sock AuthSocket: /tmp/rdpgw-auth.sock
# Basic auth timeout (in seconds). Useful if you're planning on waiting for MFA
BasicAuthTimeout: 5
# The default option 'auto' uses a certificate file if provided and found otherwise # The default option 'auto' uses a certificate file if provided and found otherwise
# it uses letsencrypt to obtain a certificate, the latter requires that the host is reachable # it uses letsencrypt to obtain a certificate, the latter requires that the host is reachable
# from letsencrypt servers. If TLS termination happens somewhere else (e.g. a load balancer) # from letsencrypt servers. If TLS termination happens somewhere else (e.g. a load balancer)

2
cmd/rdpgw/config/configuration.go
View file

@ -51,6 +51,7 @@ type ServerConfig struct {
Tls string `koanf:"tls"` Tls string `koanf:"tls"`
Authentication []string `koanf:"authentication"` Authentication []string `koanf:"authentication"`
AuthSocket string `koanf:"authsocket"` AuthSocket string `koanf:"authsocket"`
BasicAuthTimeout int `koanf:"basicauthtimeout"`
} }
type KerberosConfig struct { type KerberosConfig struct {
@ -143,6 +144,7 @@ func Load(configFile string) Configuration {
"Server.HostSelection": "roundrobin", "Server.HostSelection": "roundrobin",
"Server.Authentication": "openid", "Server.Authentication": "openid",
"Server.AuthSocket": "/tmp/rdpgw-auth.sock", "Server.AuthSocket": "/tmp/rdpgw-auth.sock",
"Server.BasicAuthTimeout": 5,
"Client.NetworkAutoDetect": 1, "Client.NetworkAutoDetect": 1,
"Client.BandwidthAutoDetect": 1, "Client.BandwidthAutoDetect": 1,
"Security.VerifyClientIp": true, "Security.VerifyClientIp": true,

2
cmd/rdpgw/main.go
View file

@ -232,7 +232,7 @@ func main() {
// basic auth // basic auth
if conf.Server.BasicAuthEnabled() { if conf.Server.BasicAuthEnabled() {
log.Printf("enabling basic authentication") log.Printf("enabling basic authentication")
q := web.BasicAuthHandler{SocketAddress: conf.Server.AuthSocket} q := web.BasicAuthHandler{SocketAddress: conf.Server.AuthSocket, Timeout: conf.Server.BasicAuthTimeout}
rdp.NewRoute().HeadersRegexp("Authorization", "Basic").HandlerFunc(q.BasicAuth(gw.HandleGatewayProtocol)) rdp.NewRoute().HeadersRegexp("Authorization", "Basic").HandlerFunc(q.BasicAuth(gw.HandleGatewayProtocol))
auth.Register(`Basic realm="restricted", charset="UTF-8"`) auth.Register(`Basic realm="restricted", charset="UTF-8"`)
} }

3
cmd/rdpgw/web/basic.go
View file

@ -18,6 +18,7 @@ const (
type BasicAuthHandler struct { type BasicAuthHandler struct {
SocketAddress string SocketAddress string
Timeout int
} }
func (h *BasicAuthHandler) BasicAuth(next http.HandlerFunc) http.HandlerFunc { func (h *BasicAuthHandler) BasicAuth(next http.HandlerFunc) http.HandlerFunc {
@ -38,7 +39,7 @@ func (h *BasicAuthHandler) BasicAuth(next http.HandlerFunc) http.HandlerFunc {
defer conn.Close() defer conn.Close()
c := auth.NewAuthenticateClient(conn) c := auth.NewAuthenticateClient(conn)
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5) ctx, cancel := context.WithTimeout(context.Background(), time.Second*time.Duration(h.Timeout))
defer cancel() defer cancel()
req := &auth.UserPass{Username: username, Password: password} req := &auth.UserPass{Username: username, Password: password}