From 16c087d3bf3e0191402a3c758a786f0fef27bdf9 Mon Sep 17 00:00:00 2001
From: Bolke de Bruin <bolke@xs4all.nl>
Date: Thu, 25 Aug 2022 12:26:03 +0200
Subject: [PATCH] Add config items and checks

---
 README.md                         | 8 ++++++++
 cmd/rdpgw/config/configuration.go | 4 ++++
 2 files changed, 12 insertions(+)

diff --git a/README.md b/README.md
index 79c6434..ded9426 100644
--- a/README.md
+++ b/README.md
@@ -45,6 +45,14 @@ template.
 ```yaml
 # web server configuration. 
 Server:
+ # can be set to openid (default) and local. If openid is used rdpgw expects
+ # a configured openid provider, make sure to set caps.tokenauth to true. If local
+ # rdpgw connects to rdpgw-auth over a socket to verify users and password. Note:
+ # rdpgw-auth needs to be run as root or setuid in order to work
+ Authentication: openid
+ # The socket to connect to if using local auth. Ensure rdpgw auth is configured to
+ # use the same socket.
+ AuthSocket: /tmp/rdpgw-auth.sock
  # disable TLS if termination happens somehwere else (e.g. a load balancer)
  # Note: rdp connections over a gateway require TLS
  DisableTLS: false
diff --git a/cmd/rdpgw/config/configuration.go b/cmd/rdpgw/config/configuration.go
index f034964..1c8db65 100644
--- a/cmd/rdpgw/config/configuration.go
+++ b/cmd/rdpgw/config/configuration.go
@@ -189,6 +189,10 @@ func Load(configFile string) Configuration {
 	if Conf.Server.Authentication == "local" && Conf.Server.DisableTLS {
 		log.Fatalf("basicauth=local and disabletls are mutually exclusive")
 	}
+
+	if !Conf.Caps.TokenAuth && Conf.Server.Authentication == "openid" {
+		log.Fatalf("openid is configured but tokenauth disabled")
+	}
 	return Conf
 
 }
-- 
GitLab