同步动态rdp网关功能
This commit is contained in:
parent
fe3f8885c6
commit
14cbe3b9f2
@ -138,13 +138,11 @@ func main() {
|
||||
|
||||
// 根据配置选择使用API认证或本地配置认证
|
||||
var db database.Database
|
||||
log.Printf("使用API认证,API URL: %s", conf.PXVDI.ApiUrl)
|
||||
log.Printf("使用API认证,API URL: %s", conf.PXVDI.Enabled)
|
||||
if conf.PXVDI.Enabled && conf.PXVDI.ApiUrl != "" {
|
||||
log.Printf("使用API认证,API URL: %s", conf.PXVDI.ApiUrl)
|
||||
log.Printf("Using API authentication, API URL: %s", conf.PXVDI.ApiUrl)
|
||||
db = database.NewApiDb(conf.PXVDI.ApiUrl, conf.PXVDI.ApiKey)
|
||||
} else {
|
||||
log.Printf("使用本地配置文件认证")
|
||||
log.Printf("Using local configuration file authentication")
|
||||
db = database.NewConfig(conf.Users)
|
||||
}
|
||||
|
||||
|
||||
@ -36,14 +36,22 @@ func (a *ApiDb) GetPassword(username string) string {
|
||||
return ""
|
||||
}
|
||||
|
||||
// 构建API URL,替换占位符
|
||||
apiUrl := a.ApiUrl
|
||||
// 构建API URL
|
||||
fullUrl := fmt.Sprintf("%s/api/custom/public/ntlmcheck", a.ApiUrl)
|
||||
|
||||
// 构建完整的URL,包括查询参数 - 使用getpassword模式
|
||||
fullUrl := fmt.Sprintf("%s/api/checkperm?username=%s&mode=getpassword&apikey=%s",
|
||||
apiUrl, url.QueryEscape(username), url.QueryEscape(a.ApiKey))
|
||||
// 构建POST请求体
|
||||
requestData := map[string]string{
|
||||
"user": username,
|
||||
"apikey": a.ApiKey,
|
||||
}
|
||||
|
||||
log.Printf("Sending API password request to: %s", fullUrl)
|
||||
jsonData, err := json.Marshal(requestData)
|
||||
if err != nil {
|
||||
log.Printf("Failed to marshal request data: %v", err)
|
||||
return ""
|
||||
}
|
||||
|
||||
log.Printf("Sending API password POST request to: %s", fullUrl)
|
||||
|
||||
// 创建自定义HTTP客户端,跳过SSL证书验证
|
||||
tr := &http.Transport{
|
||||
@ -51,8 +59,8 @@ func (a *ApiDb) GetPassword(username string) string {
|
||||
}
|
||||
client := &http.Client{Transport: tr}
|
||||
|
||||
// 发送请求到API,使用不验证SSL证书的客户端
|
||||
resp, err := client.Get(fullUrl)
|
||||
// 发送POST请求到API,使用不验证SSL证书的客户端
|
||||
resp, err := client.Post(fullUrl, "application/json", bytes.NewBuffer(jsonData))
|
||||
if err != nil {
|
||||
log.Printf("API password retrieval error: %v", err)
|
||||
return ""
|
||||
@ -73,10 +81,12 @@ func (a *ApiDb) GetPassword(username string) string {
|
||||
}
|
||||
log.Printf("API password response received")
|
||||
|
||||
// 解析响应
|
||||
// 解析响应 - 适应新的响应格式
|
||||
var result struct {
|
||||
Status string `json:"status"`
|
||||
Password string `json:"password"`
|
||||
Success bool `json:"success"`
|
||||
Data struct {
|
||||
Pass string `json:"pass"`
|
||||
} `json:"data"`
|
||||
}
|
||||
|
||||
err = json.NewDecoder(bytes.NewReader(body)).Decode(&result)
|
||||
@ -86,13 +96,13 @@ func (a *ApiDb) GetPassword(username string) string {
|
||||
}
|
||||
|
||||
// 检查响应内容
|
||||
if result.Status != "success" || result.Password == "" {
|
||||
if !result.Success || result.Data.Pass == "" {
|
||||
log.Printf("API did not return a valid password for user: %s", username)
|
||||
return ""
|
||||
}
|
||||
|
||||
log.Printf("API password retrieval successful for user: %s", username)
|
||||
return result.Password
|
||||
return result.Data.Pass
|
||||
}
|
||||
|
||||
// VerifyCredentials 验证用户凭据
|
||||
|
||||
@ -140,7 +140,7 @@ func (c *ntlmContext) authenticate(am *ntlm.AuthenticateMessage, r *auth.NtlmRes
|
||||
}
|
||||
|
||||
username := am.UserName.String()
|
||||
log.Printf("NTLM: 尝试验证用户: %s", username)
|
||||
log.Printf("NTLM: Trying to validate user: %s", username)
|
||||
|
||||
password := c.h.Database.GetPassword(username)
|
||||
if password == "" {
|
||||
@ -148,7 +148,7 @@ func (c *ntlmContext) authenticate(am *ntlm.AuthenticateMessage, r *auth.NtlmRes
|
||||
return nil
|
||||
}
|
||||
|
||||
log.Printf("NTLM: 成功获取到用户 %s 的密码", username)
|
||||
log.Printf("NTLM: Successfully retrieved password for user: %s", username)
|
||||
c.session.SetUserInfo(username, password, "")
|
||||
|
||||
err := c.session.ProcessAuthenticateMessage(am)
|
||||
@ -159,6 +159,6 @@ func (c *ntlmContext) authenticate(am *ntlm.AuthenticateMessage, r *auth.NtlmRes
|
||||
|
||||
r.Authenticated = true
|
||||
r.Username = username
|
||||
log.Printf("NTLM: 用户 %s 认证成功", username)
|
||||
log.Printf("NTLM: User %s authenticated successfully", username)
|
||||
return nil
|
||||
}
|
||||
|
||||
4
debian/rdpgw-auth.yaml
vendored
4
debian/rdpgw-auth.yaml
vendored
@ -1,2 +1,6 @@
|
||||
PXVDI:
|
||||
Enabled: true
|
||||
apiUrl: "https://10.13.16.164:3002"
|
||||
apiKey: "dasdasdasdas"
|
||||
Users:
|
||||
- {Username: "debian-rdpgw-start", Password: "debian-rdpgw-password"}
|
||||
Loading…
Reference in New Issue
Block a user