From 79f8d8f54521d93c8617e770c029edcb7578a282 Mon Sep 17 00:00:00 2001 From: Bolke de Bruin Date: Tue, 19 Mar 2024 09:25:15 +0100 Subject: [PATCH] Add local PAM docker-compose --- dev/docker/Dockerfile | 6 ++++-- dev/docker/rdpgw-pam | 3 +++ dev/docker/run.sh | 31 +++++++++++++++++++++++++++---- 3 files changed, 34 insertions(+), 6 deletions(-) create mode 100644 dev/docker/rdpgw-pam diff --git a/dev/docker/Dockerfile b/dev/docker/Dockerfile index f0e4a75..998a1cd 100644 --- a/dev/docker/Dockerfile +++ b/dev/docker/Dockerfile @@ -35,13 +35,15 @@ RUN apk --no-cache add linux-pam musl # make tempdir in case filestore is used ADD tmp.tar / -USER 1001 +COPY --chown=0 rdpgw-pam /etc/pam.d/rdpgw +USER 1001 COPY --chown=1001 run.sh run.sh COPY --chown=1001 --from=builder /opt/rdpgw /opt/rdpgw COPY --chown=1001 --from=builder /etc/passwd /etc/passwd COPY --chown=1001 --from=builder /etc/ssl/certs /etc/ssl/certs -#COPY --chown=1001 rdpgw.yaml /opt/rdpgw/rdpgw.yaml + +USER 0 WORKDIR /opt/rdpgw ENTRYPOINT ["/bin/sh", "/run.sh"] diff --git a/dev/docker/rdpgw-pam b/dev/docker/rdpgw-pam new file mode 100644 index 0000000..8ed41ab --- /dev/null +++ b/dev/docker/rdpgw-pam @@ -0,0 +1,3 @@ +# basic PAM configuration for rdpgw on Alpine +auth include base-auth +auth include base-account diff --git a/dev/docker/run.sh b/dev/docker/run.sh index 49c6a9e..c8d4c3f 100755 --- a/dev/docker/run.sh +++ b/dev/docker/run.sh @@ -1,11 +1,34 @@ #!/bin/sh + +USER=rdpgw + +file="/root/createusers.txt" +if [ -f $file ] + then + while IFS=: read -r username password is_sudo + do + echo "Username: $username, Password: **** , Sudo: $is_sudo" + + if getent passwd "$username" > /dev/null 2>&1 + then + echo "User Exists" + else + adduser -s /sbin/nologin "$username" + echo "$username:$password" | chpasswd + fi + done <"$file" +fi + cd /opt/rdpgw || exit 1 -if ! [ -e /opt/rdpgw/rdpgw.yaml ]; then - cp /opt/rdpgw/rdpgw.yaml.default /opt/rdpgw/rdpgw.yaml +if [ -n "${RDPGW_SERVER__AUTHENTICATION}" ]; then + if [ "${RDPGW_SERVER__AUTHENTICATION}" = "local" ]; then + echo "Starting rdpgw-auth" + /opt/rdpgw/rdpgw-auth & + fi fi -/opt/rdpgw/rdpgw-auth & -/opt/rdpgw/rdpgw & +# drop privileges and run the application +su -c /opt/rdpgw/rdpgw ${USER} & wait exit $?