easylinux/RdpBroker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
Serge NOEL
2025-12-03 13:11:40 +01:00
commit 21b6c855d2
1 changed files with 251 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

251
README.md Normal file
View File

@@ -0,0 +1,251 @@
# RdpBroker
A high-performance RDP connection broker written in C for Kubernetes environments. RdpBroker provides centralized authentication via Samba AD and intelligent RDP connection forwarding to multiple target machines.
## Overview
RdpBroker acts as an RDP gateway that:
- Presents users with an RDP login screen
- Authenticates credentials against a Samba Active Directory server
- Displays a list of available RDP targets
- Forwards connections to selected targets
- Monitors active sessions and user activity
## Architecture
```
User RDP Client
RdpBroker (Kubernetes Pod)
┌──────────────────────────┐
│ Authentication Layer │
│ (Samba AD) │
└──────────────────────────┘
┌──────────────────────────┐
│ Target Selection UI │
│ (from targets.yaml) │
└──────────────────────────┘
┌──────────────────────────┐
│ RDP Connection Forward │
│ to Target Machine │
└──────────────────────────┘
```
## Features
- **Centralized Authentication**: Validates user credentials against Samba AD
- **Dynamic Target Management**: Configure available RDP targets via YAML
- **Connection Forwarding**: Transparent RDP proxy to backend targets
- **Session Monitoring**: Track active connections and user activity
- **Kubernetes Native**: Designed to run in containerized environments
- **High Performance**: Written in C for minimal latency
## Project Structure
```
RdpBroker/
├── src/ # Source code
│ ├── main.c # Application entry point
│ ├── rdp_server.c # RDP server implementation
│ ├── auth.c # Samba AD authentication
│ ├── session_manager.c # Session tracking and monitoring
│ ├── config.c # Configuration parser
│ ├── rdp_broker.h # Main header file
│ ├── Makefile # Build configuration
│ └── Dockerfile # Container image definition
├── chart/ # Helm chart for Kubernetes deployment
│ └── rdpbroker/
│ ├── Chart.yaml
│ ├── values.yaml
│ └── templates/
│ ├── deployment.yaml
│ ├── service.yaml
│ ├── configmap.yaml
│ └── secret.yaml
├── docs/ # Additional documentation
│ └── deployment.md
├── targets.yaml # RDP target configuration
└── README.md # This file
```
## Prerequisites
### Build Requirements
- GCC compiler
- Make
- FreeRDP development libraries
- libyaml development libraries
- libldap development libraries (for Samba AD)
- Docker (for containerization)
### Runtime Requirements
- Kubernetes cluster (1.20+)
- Helm 3.x
- Samba AD server (accessible from cluster)
- Network access to RDP target machines
## Configuration
### targets.yaml
Define your RDP targets in `targets.yaml`:
```yaml
targets:
- name: "Windows Server 01"
host: "192.168.1.10"
port: 3389
description: "Production Web Server"
- name: "Windows Server 02"
host: "192.168.1.11"
port: 3389
description: "Database Server"
- name: "Development Desktop"
host: "dev-machine.local"
port: 3389
description: "Developer Workstation"
```
### Environment Variables
Configure the application via environment variables:
- `SAMBA_AD_SERVER`: Samba AD server hostname/IP (required)
- `SAMBA_AD_PORT`: LDAP port (default: 389)
- `SAMBA_AD_BASE_DN`: Base DN for user searches (e.g., `DC=example,DC=com`)
- `RDP_LISTEN_PORT`: Port to listen for incoming RDP connections (default: 3389)
- `TARGETS_CONFIG_PATH`: Path to targets.yaml (default: `/etc/rdpbroker/targets.yaml`)
- `LOG_LEVEL`: Logging verbosity (DEBUG, INFO, WARN, ERROR)
## Building
### Local Build
```bash
cd src/
make
```
### Docker Build
```bash
cd src/
docker build -t rdpbroker:latest .
```
## Deployment
### Using Helm
1. Configure your values:
```bash
cd chart/rdpbroker
cp values.yaml my-values.yaml
# Edit my-values.yaml with your configuration
```
2. Install the chart:
```bash
helm install rdpbroker ./chart/rdpbroker -f my-values.yaml
```
3. Verify deployment:
```bash
kubectl get pods -l app=rdpbroker
kubectl logs -f deployment/rdpbroker
```
### Manual Deployment
See `docs/deployment.md` for manual Kubernetes deployment instructions.
## Usage
1. **Connect via RDP Client**:
```bash
# Get the service endpoint
kubectl get svc rdpbroker
# Connect using any RDP client
xfreerdp /v:<SERVICE_IP>:3389 /u:yourusername
```
2. **Login**: Enter your Samba AD credentials
3. **Select Target**: Choose from the list of available RDP machines
4. **Session**: Your RDP session is forwarded to the selected target
## Monitoring
View active sessions and user activity:
```bash
# Check logs
kubectl logs -f deployment/rdpbroker
# View metrics (if configured)
kubectl exec -it deployment/rdpbroker -- cat /var/log/rdpbroker/sessions.log
```
## Security Considerations
- Use TLS/SSL for RDP connections in production
- Store Samba AD credentials securely (use Kubernetes Secrets)
- Implement network policies to restrict access
- Regular security audits of target configurations
- Enable audit logging for compliance
## Troubleshooting
### Connection Issues
- Verify network connectivity to Samba AD server
- Check firewall rules for RDP ports
- Validate credentials in Samba AD
### Target Access
- Ensure target machines are accessible from Kubernetes pods
- Verify targets.yaml configuration
- Check target machine RDP service status
### Performance
- Monitor CPU/memory usage in Kubernetes
- Adjust resource limits in Helm values
- Check network latency to targets
## Contributing
Contributions are welcome! Please:
1. Fork the repository
2. Create a feature branch
3. Make your changes
4. Submit a pull request
## License
This project is licensed under the MIT License.
## Support
For issues and questions:
- Check the documentation in `docs/`
- Review logs for error messages
- Open an issue on the project repository
## Roadmap
- [ ] TLS/SSL support for encrypted RDP
- [ ] Web-based management interface
- [ ] Load balancing across multiple targets
- [ ] Session recording and playback
- [ ] Multi-factor authentication
- [ ] Role-based access control (RBAC)
- [ ] Metrics and Prometheus integration