zydronium/rdpgw
1
0
Fork 0
mirror of https://github.com/bolkedebruin/rdpgw.git synced 2025-08-30 04:02:55 +02:00
Code Issues Projects Releases Packages Wiki Activity
280 commits 5 branches 9 tags 578 KiB
Commit graph

89 commits

Author SHA1 Message Date
Mike Marchetti
20307b9a76
fix: handle multiple message frames inside packet (#143) 
Running the gateway as non-tls, but using an external TLS gateway in
kubernetes+istio, I determined that the istio TLS gateway would join
messages frames into a single TCP packet. The packet read code assumed
that a single packet is a message. This is not the case for a TCP
stream, since you don't know how the frames are segmented via proxies,
etc.

The fix turned out more complex that I would have liked, but added a
number of unit tests to cover all the corner cases. Likely fragmentation
was not working correctly as well, as there was some cases that were
previously not handled.

Note that this might address issue #126 as well.
 2025-05-06 17:38:16 +02:00
Beat Rubischon
6b4e6bdced
Disable UserTokenSigningKey randomization (#107) 2025-02-27 15:06:29 +01:00
m7913d
372dc43ef2
Support for NTLM authentication added (#109) 
* Support for NTLM authentication added

To support NTLM authentication, a database is added as an authentication source.
Currently, only the configuration file is supported as a database.
Database authentication supports Basic and NTLM authentication protcols.

ServerConfig.BasicAuthEnabled renamed to LocalEnabled as Basic auth can be used with NTLM or Local.
 2024-04-24 14:12:41 +02:00
Bolke de Bruin
d76ccf324a Let's not leak 2024-04-12 12:44:07 +02:00
Bolke de Bruin
9c6d056d69 Use jose v4 and make clearer and fix signing/encryption 2024-04-12 12:33:46 +02:00
Bolke de Bruin
bc36b2b0cb Fix b parsing 2024-03-30 12:12:55 +01:00
Bolke de Bruin
a963ca0d00 Fix parsing of bool to int 2024-03-30 12:07:28 +01:00
Bolke de Bruin
5d30deb48c Add untested explicit settings in rdp file 2024-03-21 16:22:14 +01:00
Bolke de Bruin
95a8623cb6 Change remoteapplicationmode to default to false as that seems to be the case 2024-03-21 15:35:45 +01:00
Bolke de Bruin
447599b92a Add request uri for better debugging 2024-03-20 10:56:58 +01:00
Bolke de Bruin
a7ea3121d9 Only split when required 2024-03-19 10:23:57 +01:00
Bolke de Bruin
7bf2a59838 Testing 2024-03-19 10:20:14 +01:00
Bolke de Bruin
ec63346c8a Handle arrays in env variables 2024-03-19 09:42:19 +01:00
Bolke de Bruin
46620c87b7 upgrades 2024-03-18 15:27:30 +01:00
Bolke de Bruin
e939275a8a Make dynamic 2024-03-18 14:09:22 +01:00
Bolke de Bruin
1b1d54b572 Debug 2024-03-18 14:03:18 +01:00
Bolke de Bruin
91e382c586 Move to more flexibility in image 2024-03-18 13:36:41 +01:00
Bolke de Bruin
ecbe63f175 Use list of kdcs and ensure length is removed / added when necessary 2024-03-16 13:10:30 +01:00
Bolke de Bruin
a67962b02d Fix no username issues 2024-03-16 11:32:02 +01:00
Jonathan Giroux (Koltes)
8e117ad083
Can omit username from rendered RDP (#83) 2024-03-15 12:30:22 +01:00
fliaping
6325c0c4b7
add "username" as claim key (#98) 2024-03-15 12:29:00 +01:00
ryanblenis
f72613c2ba
Add BasicAuthTimeout setting versus static 5 seconds (#90) 2023-12-16 21:07:37 +01:00
Bolke de Bruin
e9e592b43a Add missing rdp options 
Some options were missing so they could not be set
in the rdp template.

Closes: #78
 2023-09-13 11:27:19 +02:00
Bolke de Bruin
6b32631434 Finalize rdp templating 2023-05-15 10:43:38 +02:00
Bolke de Bruin
cdc497f365 Add templating option for RDP files 2023-05-15 10:43:38 +02:00
Bolke de Bruin
303ed64744 bump koanf 2023-04-16 10:42:16 +02:00
Bolke de Bruin
9d9b7a9ab5 Add test 2023-04-16 10:02:47 +02:00
totomz
cdf6e68684 Use multiple oidc claim to find the username 
The clim `preferred_username` is optional in Azure AD. Although is listed as preferred, in some enterprise environment it's not possible to add this additional claim. `unique_name` and `upn` are legacy alternatives
 2023-04-07 12:15:06 +02:00
Bolke de Bruin
43eb2d5f47 Make session length configurable 2022-10-22 10:17:43 +02:00
Bolke de Bruin
2abf83f0be Set max session storage to 8kb 
If using the filesystem storage provider
for session store it can be set than a larger value than 4kb
as it is not tied to the restriction of a cookie anymore.
 2022-10-22 10:08:42 +02:00
Bolke de Bruin
7e3c4abea7 Change name 2022-10-18 11:40:28 +02:00
Bolke de Bruin
ee20553f08 Make stackable 2022-10-18 11:39:26 +02:00
Bolke de Bruin
db98550455 Refactor identity and http routing 2022-10-18 09:36:41 +02:00
Bolke de Bruin
b42c3cd3cc Refactor identity framework to be more robust 2022-10-13 11:13:24 +02:00
Bolke de Bruin
bbd0735289 Fix context when using spnego 2022-10-12 16:50:13 +02:00
Bolke de Bruin
df175da330 Add kdcproxy to support spnego 2022-10-12 16:32:05 +02:00
Bolke de Bruin
81abbf7633 Fix code 2022-10-06 09:36:33 +02:00
Bolke de Bruin
04988650e8 Fix rdp setting and fix username can be nil with openid 2022-10-06 09:19:50 +02:00
Bolke de Bruin
e3ae09b525 Prepare for merge 2022-09-26 08:32:49 +02:00
Bolke de Bruin
0566f90488 Make sure to use right keys 2022-09-24 16:47:03 +02:00
Bolke de Bruin
94d7cddc4b Rework tunnels to support statistics 2022-09-24 13:21:01 +02:00
Bolke de Bruin
eb1b287751 refactor tunnel and transport 2022-09-24 11:23:41 +02:00
Bolke de Bruin
ce6692d22f Refactor add bit of tracking 2022-09-22 17:21:16 +02:00
Bolke de Bruin
8aa7c8cbb7 Verify if account is valid 2022-09-09 16:44:19 +02:00
Bolke de Bruin
df3ca7917c Add web tests 2022-09-09 11:17:03 +02:00
Bolke de Bruin
cc6420b037 Fix check against disabled TLS 2022-09-09 08:49:35 +02:00
Bolke de Bruin
51af7d2ce4 Fix enum 2022-09-08 09:45:35 +02:00
Bolke de Bruin
96030f79f3 Make sure gateway address is set 2022-09-08 09:41:52 +02:00
Bolke de Bruin
090a5797d0 Use rdp builder for generating the rdp file 2022-09-07 10:52:20 +02:00
Bolke de Bruin
0c5f93e810 Split web api so it becomes more testable and maintainable 2022-09-06 12:14:08 +02:00