From 21b6c855d2f2b30d087b8eab6ae9a2e47a6150cb Mon Sep 17 00:00:00 2001 From: Serge NOEL Date: Wed, 3 Dec 2025 13:11:40 +0100 Subject: [PATCH] Initial commit --- README.md | 251 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 251 insertions(+) create mode 100644 README.md diff --git a/README.md b/README.md new file mode 100644 index 0000000..3b92583 --- /dev/null +++ b/README.md @@ -0,0 +1,251 @@ +# RdpBroker + +A high-performance RDP connection broker written in C for Kubernetes environments. RdpBroker provides centralized authentication via Samba AD and intelligent RDP connection forwarding to multiple target machines. + +## Overview + +RdpBroker acts as an RDP gateway that: +- Presents users with an RDP login screen +- Authenticates credentials against a Samba Active Directory server +- Displays a list of available RDP targets +- Forwards connections to selected targets +- Monitors active sessions and user activity + +## Architecture + +``` +User RDP Client + ↓ +RdpBroker (Kubernetes Pod) + ↓ + ┌──────────────────────────┐ + │ Authentication Layer │ + │ (Samba AD) │ + └──────────────────────────┘ + ↓ + ┌──────────────────────────┐ + │ Target Selection UI │ + │ (from targets.yaml) │ + └──────────────────────────┘ + ↓ + ┌──────────────────────────┐ + │ RDP Connection Forward │ + │ to Target Machine │ + └──────────────────────────┘ +``` + +## Features + +- **Centralized Authentication**: Validates user credentials against Samba AD +- **Dynamic Target Management**: Configure available RDP targets via YAML +- **Connection Forwarding**: Transparent RDP proxy to backend targets +- **Session Monitoring**: Track active connections and user activity +- **Kubernetes Native**: Designed to run in containerized environments +- **High Performance**: Written in C for minimal latency + +## Project Structure + +``` +RdpBroker/ +├── src/ # Source code +│ ├── main.c # Application entry point +│ ├── rdp_server.c # RDP server implementation +│ ├── auth.c # Samba AD authentication +│ ├── session_manager.c # Session tracking and monitoring +│ ├── config.c # Configuration parser +│ ├── rdp_broker.h # Main header file +│ ├── Makefile # Build configuration +│ └── Dockerfile # Container image definition +├── chart/ # Helm chart for Kubernetes deployment +│ └── rdpbroker/ +│ ├── Chart.yaml +│ ├── values.yaml +│ └── templates/ +│ ├── deployment.yaml +│ ├── service.yaml +│ ├── configmap.yaml +│ └── secret.yaml +├── docs/ # Additional documentation +│ └── deployment.md +├── targets.yaml # RDP target configuration +└── README.md # This file +``` + +## Prerequisites + +### Build Requirements +- GCC compiler +- Make +- FreeRDP development libraries +- libyaml development libraries +- libldap development libraries (for Samba AD) +- Docker (for containerization) + +### Runtime Requirements +- Kubernetes cluster (1.20+) +- Helm 3.x +- Samba AD server (accessible from cluster) +- Network access to RDP target machines + +## Configuration + +### targets.yaml + +Define your RDP targets in `targets.yaml`: + +```yaml +targets: + - name: "Windows Server 01" + host: "192.168.1.10" + port: 3389 + description: "Production Web Server" + + - name: "Windows Server 02" + host: "192.168.1.11" + port: 3389 + description: "Database Server" + + - name: "Development Desktop" + host: "dev-machine.local" + port: 3389 + description: "Developer Workstation" +``` + +### Environment Variables + +Configure the application via environment variables: + +- `SAMBA_AD_SERVER`: Samba AD server hostname/IP (required) +- `SAMBA_AD_PORT`: LDAP port (default: 389) +- `SAMBA_AD_BASE_DN`: Base DN for user searches (e.g., `DC=example,DC=com`) +- `RDP_LISTEN_PORT`: Port to listen for incoming RDP connections (default: 3389) +- `TARGETS_CONFIG_PATH`: Path to targets.yaml (default: `/etc/rdpbroker/targets.yaml`) +- `LOG_LEVEL`: Logging verbosity (DEBUG, INFO, WARN, ERROR) + +## Building + +### Local Build + +```bash +cd src/ +make +``` + +### Docker Build + +```bash +cd src/ +docker build -t rdpbroker:latest . +``` + +## Deployment + +### Using Helm + +1. Configure your values: + +```bash +cd chart/rdpbroker +cp values.yaml my-values.yaml +# Edit my-values.yaml with your configuration +``` + +2. Install the chart: + +```bash +helm install rdpbroker ./chart/rdpbroker -f my-values.yaml +``` + +3. Verify deployment: + +```bash +kubectl get pods -l app=rdpbroker +kubectl logs -f deployment/rdpbroker +``` + +### Manual Deployment + +See `docs/deployment.md` for manual Kubernetes deployment instructions. + +## Usage + +1. **Connect via RDP Client**: + ```bash + # Get the service endpoint + kubectl get svc rdpbroker + + # Connect using any RDP client + xfreerdp /v::3389 /u:yourusername + ``` + +2. **Login**: Enter your Samba AD credentials + +3. **Select Target**: Choose from the list of available RDP machines + +4. **Session**: Your RDP session is forwarded to the selected target + +## Monitoring + +View active sessions and user activity: + +```bash +# Check logs +kubectl logs -f deployment/rdpbroker + +# View metrics (if configured) +kubectl exec -it deployment/rdpbroker -- cat /var/log/rdpbroker/sessions.log +``` + +## Security Considerations + +- Use TLS/SSL for RDP connections in production +- Store Samba AD credentials securely (use Kubernetes Secrets) +- Implement network policies to restrict access +- Regular security audits of target configurations +- Enable audit logging for compliance + +## Troubleshooting + +### Connection Issues +- Verify network connectivity to Samba AD server +- Check firewall rules for RDP ports +- Validate credentials in Samba AD + +### Target Access +- Ensure target machines are accessible from Kubernetes pods +- Verify targets.yaml configuration +- Check target machine RDP service status + +### Performance +- Monitor CPU/memory usage in Kubernetes +- Adjust resource limits in Helm values +- Check network latency to targets + +## Contributing + +Contributions are welcome! Please: +1. Fork the repository +2. Create a feature branch +3. Make your changes +4. Submit a pull request + +## License + +This project is licensed under the MIT License. + +## Support + +For issues and questions: +- Check the documentation in `docs/` +- Review logs for error messages +- Open an issue on the project repository + +## Roadmap + +- [ ] TLS/SSL support for encrypted RDP +- [ ] Web-based management interface +- [ ] Load balancing across multiple targets +- [ ] Session recording and playback +- [ ] Multi-factor authentication +- [ ] Role-based access control (RBAC) +- [ ] Metrics and Prometheus integration