Add local PAM docker-compose

79f8d8f5 · Bolke de Bruin · 46620c87 · 79f8d8f5 · 79f8d8f5 · 79f8d8f5
Commit 79f8d8f5 authored 1 year ago by Bolke de Bruin
--- a/dev/docker/Dockerfile
+++ b/dev/docker/Dockerfile
@@ -35,13 +35,15 @@ RUN apk --no-cache add linux-pam musl
 # make tempdir in case filestore is used
 ADD tmp.tar /
-USER 1001
+COPY --chown=0 rdpgw-pam /etc/pam.d/rdpgw
+USER 1001
 COPY --chown=1001 run.sh run.sh
 COPY --chown=1001 --from=builder /opt/rdpgw /opt/rdpgw
 COPY --chown=1001 --from=builder /etc/passwd /etc/passwd
 COPY --chown=1001 --from=builder /etc/ssl/certs /etc/ssl/certs
-#COPY --chown=1001 rdpgw.yaml /opt/rdpgw/rdpgw.yaml
+USER 0
 WORKDIR /opt/rdpgw
 ENTRYPOINT ["/bin/sh", "/run.sh"]
--- a/dev/docker/rdpgw-pam
+++ b/dev/docker/rdpgw-pam
+# basic PAM configuration for rdpgw on Alpine
+auth include base-auth
+auth include base-account
--- a/dev/docker/run.sh
+++ b/dev/docker/run.sh
 #!/bin/sh
-cd /opt/rdpgw || exit 1
-if ! [ -e /opt/rdpgw/rdpgw.yaml ]; then
+USER=rdpgw
-  cp /opt/rdpgw/rdpgw.yaml.default /opt/rdpgw/rdpgw.yaml
+file="/root/createusers.txt"
+if [ -f $file ]
+  then
+    while IFS=: read -r username password is_sudo
+        do
+            echo "Username: $username, Password: **** , Sudo: $is_sudo"
+            if getent passwd "$username" > /dev/null 2>&1
+              then
+                echo "User Exists"
+              else
+                adduser -s /sbin/nologin "$username"
+                echo "$username:$password" | chpasswd
+            fi
+    done <"$file"
 fi
+cd /opt/rdpgw || exit 1
+if [ -n "${RDPGW_SERVER__AUTHENTICATION}" ]; then
+  if [ "${RDPGW_SERVER__AUTHENTICATION}" = "local" ]; then
+    echo "Starting rdpgw-auth"
    /opt/rdpgw/rdpgw-auth &
-/opt/rdpgw/rdpgw &
+  fi
+fi
+# drop privileges and run the application
+su -c /opt/rdpgw/rdpgw ${USER} &
 wait
 exit $?