Fix checking host from list

184ff320 · Bolke de Bruin · 19e9e326 · 184ff320 · 184ff320 · 184ff320
Commit 184ff320 authored Aug 26, 2022 by Bolke de Bruin
--- a/cmd/rdpgw/protocol/common.go
+++ b/cmd/rdpgw/protocol/common.go
@@ -35,6 +35,8 @@ type SessionInfo struct {
 	RemoteServer string
 	// The obtained client ip address
 	ClientIp string
+	// User
+	UserName string
 }
 // readMessage parses and defragments a packet from a Transport. It returns

--- a/cmd/rdpgw/security/basic.go
+++ b/cmd/rdpgw/security/basic.go
@@ -22,10 +22,13 @@ func CheckHost(ctx context.Context, host string) (bool, error) {
 		return false, errors.New("cannot verify host in 'signed' mode as token data is missing")
 	case "roundrobin", "unsigned":
 		log.Printf("Checking host")
-		username := ctx.Value("preferred_username").(string)
+		s := getSessionInfo(ctx)
+		if s == nil {
+			return false, errors.New("no valid session info found in context")
+		}
 		for _, h := range Hosts {
-			if username != "" {
+			if s.UserName != "" {
-				h = strings.Replace(h, "{{ preferred_username }}", username, 1)
+				h = strings.Replace(h, "{{ preferred_username }}", s.UserName, 1)
 			}
 			if h == host {
 				return true, nil

--- a/cmd/rdpgw/security/jwt.go
+++ b/cmd/rdpgw/security/jwt.go
@@ -95,19 +95,18 @@ func VerifyPAAToken(ctx context.Context, tokenString string) (bool, error) {
 	}
 	// validate the access token
-	if custom.AccessToken != "EMPTY" {
 	tokenSource := Oauth2Config.TokenSource(ctx, &oauth2.Token{AccessToken: custom.AccessToken})
-		_, err = OIDCProvider.UserInfo(ctx, tokenSource)
+	user, err := OIDCProvider.UserInfo(ctx, tokenSource)
 	if err != nil {
 		log.Printf("Cannot get user info for access token: %s", err)
 		return false, err
 	}
-	}
 	s := getSessionInfo(ctx)
 	s.RemoteServer = custom.RemoteServer
 	s.ClientIp = custom.ClientIP
+	s.UserName = user.Subject
 	return true, nil
 }