Initialisation depot

2026-02-10 12:12:11 +01:00
commit c3176e8d79
818 changed files with 52573 additions and 0 deletions
--- a/RdpBroker/README.md
+++ b/RdpBroker/README.md
@@ -0,0 +1,251 @@
+# RdpBroker
+
+A high-performance RDP connection broker written in C for Kubernetes environments. RdpBroker provides centralized authentication via Samba AD and intelligent RDP connection forwarding to multiple target machines.
+
+## Overview
+
+RdpBroker acts as an RDP gateway that:
+- Presents users with an RDP login screen
+- Authenticates credentials against a Samba Active Directory server
+- Displays a list of available RDP targets
+- Forwards connections to selected targets
+- Monitors active sessions and user activity
+
+## Architecture
+
+```
+User RDP Client
+      ↓
+RdpBroker (Kubernetes Pod)
+      ↓
+   ┌──────────────────────────┐
+   │  Authentication Layer    │
+   │  (Samba AD)             │
+   └──────────────────────────┘
+      ↓
+   ┌──────────────────────────┐
+   │  Target Selection UI     │
+   │  (from targets.yaml)    │
+   └──────────────────────────┘
+      ↓
+   ┌──────────────────────────┐
+   │  RDP Connection Forward  │
+   │  to Target Machine      │
+   └──────────────────────────┘
+```
+
+## Features
+
+- **Centralized Authentication**: Validates user credentials against Samba AD
+- **Dynamic Target Management**: Configure available RDP targets via YAML
+- **Connection Forwarding**: Transparent RDP proxy to backend targets
+- **Session Monitoring**: Track active connections and user activity
+- **Kubernetes Native**: Designed to run in containerized environments
+- **High Performance**: Written in C for minimal latency
+
+## Project Structure
+
+```
+RdpBroker/
+├── src/                    # Source code
+│   ├── main.c             # Application entry point
+│   ├── rdp_server.c       # RDP server implementation
+│   ├── auth.c             # Samba AD authentication
+│   ├── session_manager.c  # Session tracking and monitoring
+│   ├── config.c           # Configuration parser
+│   ├── rdp_broker.h       # Main header file
+│   ├── Makefile           # Build configuration
+│   └── Dockerfile         # Container image definition
+├── chart/                  # Helm chart for Kubernetes deployment
+│   └── rdpbroker/
+│       ├── Chart.yaml
+│       ├── values.yaml
+│       └── templates/
+│           ├── deployment.yaml
+│           ├── service.yaml
+│           ├── configmap.yaml
+│           └── secret.yaml
+├── docs/                   # Additional documentation
+│   └── deployment.md
+├── targets.yaml           # RDP target configuration
+└── README.md              # This file
+```
+
+## Prerequisites
+
+### Build Requirements
+- GCC compiler
+- Make
+- FreeRDP development libraries
+- libyaml development libraries
+- libldap development libraries (for Samba AD)
+- Docker (for containerization)
+
+### Runtime Requirements
+- Kubernetes cluster (1.20+)
+- Helm 3.x
+- Samba AD server (accessible from cluster)
+- Network access to RDP target machines
+
+## Configuration
+
+### targets.yaml
+
+Define your RDP targets in `targets.yaml`:
+
+```yaml
+targets:
+  - name: "Windows Server 01"
+    host: "192.168.1.10"
+    port: 3389
+    description: "Production Web Server"
+  
+  - name: "Windows Server 02"
+    host: "192.168.1.11"
+    port: 3389
+    description: "Database Server"
+  
+  - name: "Development Desktop"
+    host: "dev-machine.local"
+    port: 3389
+    description: "Developer Workstation"
+```
+
+### Environment Variables
+
+Configure the application via environment variables:
+
+- `SAMBA_AD_SERVER`: Samba AD server hostname/IP (required)
+- `SAMBA_AD_PORT`: LDAP port (default: 389)
+- `SAMBA_AD_BASE_DN`: Base DN for user searches (e.g., `DC=example,DC=com`)
+- `RDP_LISTEN_PORT`: Port to listen for incoming RDP connections (default: 3389)
+- `TARGETS_CONFIG_PATH`: Path to targets.yaml (default: `/etc/rdpbroker/targets.yaml`)
+- `LOG_LEVEL`: Logging verbosity (DEBUG, INFO, WARN, ERROR)
+
+## Building
+
+### Local Build
+
+```bash
+cd src/
+make
+```
+
+### Docker Build
+
+```bash
+cd src/
+docker build -t rdpbroker:latest .
+```
+
+## Deployment
+
+### Using Helm
+
+1. Configure your values:
+
+```bash
+cd chart/rdpbroker
+cp values.yaml my-values.yaml
+# Edit my-values.yaml with your configuration
+```
+
+2. Install the chart:
+
+```bash
+helm install rdpbroker ./chart/rdpbroker -f my-values.yaml
+```
+
+3. Verify deployment:
+
+```bash
+kubectl get pods -l app=rdpbroker
+kubectl logs -f deployment/rdpbroker
+```
+
+### Manual Deployment
+
+See `docs/deployment.md` for manual Kubernetes deployment instructions.
+
+## Usage
+
+1. **Connect via RDP Client**:
+   ```bash
+   # Get the service endpoint
+   kubectl get svc rdpbroker
+   
+   # Connect using any RDP client
+   xfreerdp /v:<SERVICE_IP>:3389 /u:yourusername
+   ```
+
+2. **Login**: Enter your Samba AD credentials
+
+3. **Select Target**: Choose from the list of available RDP machines
+
+4. **Session**: Your RDP session is forwarded to the selected target
+
+## Monitoring
+
+View active sessions and user activity:
+
+```bash
+# Check logs
+kubectl logs -f deployment/rdpbroker
+
+# View metrics (if configured)
+kubectl exec -it deployment/rdpbroker -- cat /var/log/rdpbroker/sessions.log
+```
+
+## Security Considerations
+
+- Use TLS/SSL for RDP connections in production
+- Store Samba AD credentials securely (use Kubernetes Secrets)
+- Implement network policies to restrict access
+- Regular security audits of target configurations
+- Enable audit logging for compliance
+
+## Troubleshooting
+
+### Connection Issues
+- Verify network connectivity to Samba AD server
+- Check firewall rules for RDP ports
+- Validate credentials in Samba AD
+
+### Target Access
+- Ensure target machines are accessible from Kubernetes pods
+- Verify targets.yaml configuration
+- Check target machine RDP service status
+
+### Performance
+- Monitor CPU/memory usage in Kubernetes
+- Adjust resource limits in Helm values
+- Check network latency to targets
+
+## Contributing
+
+Contributions are welcome! Please:
+1. Fork the repository
+2. Create a feature branch
+3. Make your changes
+4. Submit a pull request
+
+## License
+
+This project is licensed under the MIT License.
+
+## Support
+
+For issues and questions:
+- Check the documentation in `docs/`
+- Review logs for error messages
+- Open an issue on the project repository
+
+## Roadmap
+
+- [ ] TLS/SSL support for encrypted RDP
+- [ ] Web-based management interface
+- [ ] Load balancing across multiple targets
+- [ ] Session recording and playback
+- [ ] Multi-factor authentication
+- [ ] Role-based access control (RBAC)
+- [ ] Metrics and Prometheus integration