From 1142419ed47cd2c510d280b5ea39edefa99a30b9 Mon Sep 17 00:00:00 2001 From: Michael Jumper Date: Thu, 22 Aug 2013 15:34:35 -0700 Subject: [PATCH] Add source from existing guacamole-auth-ldap. --- extensions/guacamole-auth-ldap/.gitignore | 2 + extensions/guacamole-auth-ldap/LICENSE | 470 ++++++++++++++++++ extensions/guacamole-auth-ldap/README | 101 ++++ .../doc/examples/exampleConfigGroup.ldif | 11 + extensions/guacamole-auth-ldap/pom.xml | 89 ++++ .../schema/guacConfigGroup.ldif | 9 + .../schema/guacConfigGroup.schema | 13 + .../src/main/assembly/dist.xml | 54 ++ .../auth/ldap/LDAPAuthenticationProvider.java | 266 ++++++++++ .../properties/LDAPGuacamoleProperties.java | 110 ++++ 10 files changed, 1125 insertions(+) create mode 100644 extensions/guacamole-auth-ldap/.gitignore create mode 100644 extensions/guacamole-auth-ldap/LICENSE create mode 100644 extensions/guacamole-auth-ldap/README create mode 100644 extensions/guacamole-auth-ldap/doc/examples/exampleConfigGroup.ldif create mode 100644 extensions/guacamole-auth-ldap/pom.xml create mode 100644 extensions/guacamole-auth-ldap/schema/guacConfigGroup.ldif create mode 100644 extensions/guacamole-auth-ldap/schema/guacConfigGroup.schema create mode 100644 extensions/guacamole-auth-ldap/src/main/assembly/dist.xml create mode 100644 extensions/guacamole-auth-ldap/src/main/java/net/sourceforge/guacamole/net/auth/ldap/LDAPAuthenticationProvider.java create mode 100644 extensions/guacamole-auth-ldap/src/main/java/net/sourceforge/guacamole/net/auth/ldap/properties/LDAPGuacamoleProperties.java diff --git a/extensions/guacamole-auth-ldap/.gitignore b/extensions/guacamole-auth-ldap/.gitignore new file mode 100644 index 000000000..42f4a1a64 --- /dev/null +++ b/extensions/guacamole-auth-ldap/.gitignore @@ -0,0 +1,2 @@ +target/ +*~ diff --git a/extensions/guacamole-auth-ldap/LICENSE b/extensions/guacamole-auth-ldap/LICENSE new file mode 100644 index 000000000..7714141d1 --- /dev/null +++ b/extensions/guacamole-auth-ldap/LICENSE @@ -0,0 +1,470 @@ + MOZILLA PUBLIC LICENSE + Version 1.1 + + --------------- + +1. Definitions. + + 1.0.1. "Commercial Use" means distribution or otherwise making the + Covered Code available to a third party. + + 1.1. "Contributor" means each entity that creates or contributes to + the creation of Modifications. + + 1.2. "Contributor Version" means the combination of the Original + Code, prior Modifications used by a Contributor, and the Modifications + made by that particular Contributor. + + 1.3. "Covered Code" means the Original Code or Modifications or the + combination of the Original Code and Modifications, in each case + including portions thereof. + + 1.4. "Electronic Distribution Mechanism" means a mechanism generally + accepted in the software development community for the electronic + transfer of data. + + 1.5. "Executable" means Covered Code in any form other than Source + Code. + + 1.6. "Initial Developer" means the individual or entity identified + as the Initial Developer in the Source Code notice required by Exhibit + A. + + 1.7. "Larger Work" means a work which combines Covered Code or + portions thereof with code not governed by the terms of this License. + + 1.8. "License" means this document. + + 1.8.1. "Licensable" means having the right to grant, to the maximum + extent possible, whether at the time of the initial grant or + subsequently acquired, any and all of the rights conveyed herein. + + 1.9. "Modifications" means any addition to or deletion from the + substance or structure of either the Original Code or any previous + Modifications. When Covered Code is released as a series of files, a + Modification is: + A. Any addition to or deletion from the contents of a file + containing Original Code or previous Modifications. + + B. Any new file that contains any part of the Original Code or + previous Modifications. + + 1.10. "Original Code" means Source Code of computer software code + which is described in the Source Code notice required by Exhibit A as + Original Code, and which, at the time of its release under this + License is not already Covered Code governed by this License. + + 1.10.1. "Patent Claims" means any patent claim(s), now owned or + hereafter acquired, including without limitation, method, process, + and apparatus claims, in any patent Licensable by grantor. + + 1.11. "Source Code" means the preferred form of the Covered Code for + making modifications to it, including all modules it contains, plus + any associated interface definition files, scripts used to control + compilation and installation of an Executable, or source code + differential comparisons against either the Original Code or another + well known, available Covered Code of the Contributor's choice. The + Source Code can be in a compressed or archival form, provided the + appropriate decompression or de-archiving software is widely available + for no charge. + + 1.12. "You" (or "Your") means an individual or a legal entity + exercising rights under, and complying with all of the terms of, this + License or a future version of this License issued under Section 6.1. + For legal entities, "You" includes any entity which controls, is + controlled by, or is under common control with You. For purposes of + this definition, "control" means (a) the power, direct or indirect, + to cause the direction or management of such entity, whether by + contract or otherwise, or (b) ownership of more than fifty percent + (50%) of the outstanding shares or beneficial ownership of such + entity. + +2. Source Code License. + + 2.1. The Initial Developer Grant. + The Initial Developer hereby grants You a world-wide, royalty-free, + non-exclusive license, subject to third party intellectual property + claims: + (a) under intellectual property rights (other than patent or + trademark) Licensable by Initial Developer to use, reproduce, + modify, display, perform, sublicense and distribute the Original + Code (or portions thereof) with or without Modifications, and/or + as part of a Larger Work; and + + (b) under Patents Claims infringed by the making, using or + selling of Original Code, to make, have made, use, practice, + sell, and offer for sale, and/or otherwise dispose of the + Original Code (or portions thereof). + + (c) the licenses granted in this Section 2.1(a) and (b) are + effective on the date Initial Developer first distributes + Original Code under the terms of this License. + + (d) Notwithstanding Section 2.1(b) above, no patent license is + granted: 1) for code that You delete from the Original Code; 2) + separate from the Original Code; or 3) for infringements caused + by: i) the modification of the Original Code or ii) the + combination of the Original Code with other software or devices. + + 2.2. Contributor Grant. + Subject to third party intellectual property claims, each Contributor + hereby grants You a world-wide, royalty-free, non-exclusive license + + (a) under intellectual property rights (other than patent or + trademark) Licensable by Contributor, to use, reproduce, modify, + display, perform, sublicense and distribute the Modifications + created by such Contributor (or portions thereof) either on an + unmodified basis, with other Modifications, as Covered Code + and/or as part of a Larger Work; and + + (b) under Patent Claims infringed by the making, using, or + selling of Modifications made by that Contributor either alone + and/or in combination with its Contributor Version (or portions + of such combination), to make, use, sell, offer for sale, have + made, and/or otherwise dispose of: 1) Modifications made by that + Contributor (or portions thereof); and 2) the combination of + Modifications made by that Contributor with its Contributor + Version (or portions of such combination). + + (c) the licenses granted in Sections 2.2(a) and 2.2(b) are + effective on the date Contributor first makes Commercial Use of + the Covered Code. + + (d) Notwithstanding Section 2.2(b) above, no patent license is + granted: 1) for any code that Contributor has deleted from the + Contributor Version; 2) separate from the Contributor Version; + 3) for infringements caused by: i) third party modifications of + Contributor Version or ii) the combination of Modifications made + by that Contributor with other software (except as part of the + Contributor Version) or other devices; or 4) under Patent Claims + infringed by Covered Code in the absence of Modifications made by + that Contributor. + +3. Distribution Obligations. + + 3.1. Application of License. + The Modifications which You create or to which You contribute are + governed by the terms of this License, including without limitation + Section 2.2. The Source Code version of Covered Code may be + distributed only under the terms of this License or a future version + of this License released under Section 6.1, and You must include a + copy of this License with every copy of the Source Code You + distribute. You may not offer or impose any terms on any Source Code + version that alters or restricts the applicable version of this + License or the recipients' rights hereunder. However, You may include + an additional document offering the additional rights described in + Section 3.5. + + 3.2. Availability of Source Code. + Any Modification which You create or to which You contribute must be + made available in Source Code form under the terms of this License + either on the same media as an Executable version or via an accepted + Electronic Distribution Mechanism to anyone to whom you made an + Executable version available; and if made available via Electronic + Distribution Mechanism, must remain available for at least twelve (12) + months after the date it initially became available, or at least six + (6) months after a subsequent version of that particular Modification + has been made available to such recipients. You are responsible for + ensuring that the Source Code version remains available even if the + Electronic Distribution Mechanism is maintained by a third party. + + 3.3. Description of Modifications. + You must cause all Covered Code to which You contribute to contain a + file documenting the changes You made to create that Covered Code and + the date of any change. You must include a prominent statement that + the Modification is derived, directly or indirectly, from Original + Code provided by the Initial Developer and including the name of the + Initial Developer in (a) the Source Code, and (b) in any notice in an + Executable version or related documentation in which You describe the + origin or ownership of the Covered Code. + + 3.4. Intellectual Property Matters + (a) Third Party Claims. + If Contributor has knowledge that a license under a third party's + intellectual property rights is required to exercise the rights + granted by such Contributor under Sections 2.1 or 2.2, + Contributor must include a text file with the Source Code + distribution titled "LEGAL" which describes the claim and the + party making the claim in sufficient detail that a recipient will + know whom to contact. If Contributor obtains such knowledge after + the Modification is made available as described in Section 3.2, + Contributor shall promptly modify the LEGAL file in all copies + Contributor makes available thereafter and shall take other steps + (such as notifying appropriate mailing lists or newsgroups) + reasonably calculated to inform those who received the Covered + Code that new knowledge has been obtained. + + (b) Contributor APIs. + If Contributor's Modifications include an application programming + interface and Contributor has knowledge of patent licenses which + are reasonably necessary to implement that API, Contributor must + also include this information in the LEGAL file. + + (c) Representations. + Contributor represents that, except as disclosed pursuant to + Section 3.4(a) above, Contributor believes that Contributor's + Modifications are Contributor's original creation(s) and/or + Contributor has sufficient rights to grant the rights conveyed by + this License. + + 3.5. Required Notices. + You must duplicate the notice in Exhibit A in each file of the Source + Code. If it is not possible to put such notice in a particular Source + Code file due to its structure, then You must include such notice in a + location (such as a relevant directory) where a user would be likely + to look for such a notice. If You created one or more Modification(s) + You may add your name as a Contributor to the notice described in + Exhibit A. You must also duplicate this License in any documentation + for the Source Code where You describe recipients' rights or ownership + rights relating to Covered Code. You may choose to offer, and to + charge a fee for, warranty, support, indemnity or liability + obligations to one or more recipients of Covered Code. However, You + may do so only on Your own behalf, and not on behalf of the Initial + Developer or any Contributor. You must make it absolutely clear than + any such warranty, support, indemnity or liability obligation is + offered by You alone, and You hereby agree to indemnify the Initial + Developer and every Contributor for any liability incurred by the + Initial Developer or such Contributor as a result of warranty, + support, indemnity or liability terms You offer. + + 3.6. Distribution of Executable Versions. + You may distribute Covered Code in Executable form only if the + requirements of Section 3.1-3.5 have been met for that Covered Code, + and if You include a notice stating that the Source Code version of + the Covered Code is available under the terms of this License, + including a description of how and where You have fulfilled the + obligations of Section 3.2. The notice must be conspicuously included + in any notice in an Executable version, related documentation or + collateral in which You describe recipients' rights relating to the + Covered Code. You may distribute the Executable version of Covered + Code or ownership rights under a license of Your choice, which may + contain terms different from this License, provided that You are in + compliance with the terms of this License and that the license for the + Executable version does not attempt to limit or alter the recipient's + rights in the Source Code version from the rights set forth in this + License. If You distribute the Executable version under a different + license You must make it absolutely clear that any terms which differ + from this License are offered by You alone, not by the Initial + Developer or any Contributor. You hereby agree to indemnify the + Initial Developer and every Contributor for any liability incurred by + the Initial Developer or such Contributor as a result of any such + terms You offer. + + 3.7. Larger Works. + You may create a Larger Work by combining Covered Code with other code + not governed by the terms of this License and distribute the Larger + Work as a single product. In such a case, You must make sure the + requirements of this License are fulfilled for the Covered Code. + +4. Inability to Comply Due to Statute or Regulation. + + If it is impossible for You to comply with any of the terms of this + License with respect to some or all of the Covered Code due to + statute, judicial order, or regulation then You must: (a) comply with + the terms of this License to the maximum extent possible; and (b) + describe the limitations and the code they affect. Such description + must be included in the LEGAL file described in Section 3.4 and must + be included with all distributions of the Source Code. Except to the + extent prohibited by statute or regulation, such description must be + sufficiently detailed for a recipient of ordinary skill to be able to + understand it. + +5. Application of this License. + + This License applies to code to which the Initial Developer has + attached the notice in Exhibit A and to related Covered Code. + +6. Versions of the License. + + 6.1. New Versions. + Netscape Communications Corporation ("Netscape") may publish revised + and/or new versions of the License from time to time. Each version + will be given a distinguishing version number. + + 6.2. Effect of New Versions. + Once Covered Code has been published under a particular version of the + License, You may always continue to use it under the terms of that + version. You may also choose to use such Covered Code under the terms + of any subsequent version of the License published by Netscape. No one + other than Netscape has the right to modify the terms applicable to + Covered Code created under this License. + + 6.3. Derivative Works. + If You create or use a modified version of this License (which you may + only do in order to apply it to code which is not already Covered Code + governed by this License), You must (a) rename Your license so that + the phrases "Mozilla", "MOZILLAPL", "MOZPL", "Netscape", + "MPL", "NPL" or any confusingly similar phrase do not appear in your + license (except to note that your license differs from this License) + and (b) otherwise make it clear that Your version of the license + contains terms which differ from the Mozilla Public License and + Netscape Public License. (Filling in the name of the Initial + Developer, Original Code or Contributor in the notice described in + Exhibit A shall not of themselves be deemed to be modifications of + this License.) + +7. DISCLAIMER OF WARRANTY. + + COVERED CODE IS PROVIDED UNDER THIS LICENSE ON AN "AS IS" BASIS, + WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, + WITHOUT LIMITATION, WARRANTIES THAT THE COVERED CODE IS FREE OF + DEFECTS, MERCHANTABLE, FIT FOR A PARTICULAR PURPOSE OR NON-INFRINGING. + THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE COVERED CODE + IS WITH YOU. SHOULD ANY COVERED CODE PROVE DEFECTIVE IN ANY RESPECT, + YOU (NOT THE INITIAL DEVELOPER OR ANY OTHER CONTRIBUTOR) ASSUME THE + COST OF ANY NECESSARY SERVICING, REPAIR OR CORRECTION. THIS DISCLAIMER + OF WARRANTY CONSTITUTES AN ESSENTIAL PART OF THIS LICENSE. NO USE OF + ANY COVERED CODE IS AUTHORIZED HEREUNDER EXCEPT UNDER THIS DISCLAIMER. + +8. TERMINATION. + + 8.1. This License and the rights granted hereunder will terminate + automatically if You fail to comply with terms herein and fail to cure + such breach within 30 days of becoming aware of the breach. All + sublicenses to the Covered Code which are properly granted shall + survive any termination of this License. Provisions which, by their + nature, must remain in effect beyond the termination of this License + shall survive. + + 8.2. If You initiate litigation by asserting a patent infringement + claim (excluding declatory judgment actions) against Initial Developer + or a Contributor (the Initial Developer or Contributor against whom + You file such action is referred to as "Participant") alleging that: + + (a) such Participant's Contributor Version directly or indirectly + infringes any patent, then any and all rights granted by such + Participant to You under Sections 2.1 and/or 2.2 of this License + shall, upon 60 days notice from Participant terminate prospectively, + unless if within 60 days after receipt of notice You either: (i) + agree in writing to pay Participant a mutually agreeable reasonable + royalty for Your past and future use of Modifications made by such + Participant, or (ii) withdraw Your litigation claim with respect to + the Contributor Version against such Participant. If within 60 days + of notice, a reasonable royalty and payment arrangement are not + mutually agreed upon in writing by the parties or the litigation claim + is not withdrawn, the rights granted by Participant to You under + Sections 2.1 and/or 2.2 automatically terminate at the expiration of + the 60 day notice period specified above. + + (b) any software, hardware, or device, other than such Participant's + Contributor Version, directly or indirectly infringes any patent, then + any rights granted to You by such Participant under Sections 2.1(b) + and 2.2(b) are revoked effective as of the date You first made, used, + sold, distributed, or had made, Modifications made by that + Participant. + + 8.3. If You assert a patent infringement claim against Participant + alleging that such Participant's Contributor Version directly or + indirectly infringes any patent where such claim is resolved (such as + by license or settlement) prior to the initiation of patent + infringement litigation, then the reasonable value of the licenses + granted by such Participant under Sections 2.1 or 2.2 shall be taken + into account in determining the amount or value of any payment or + license. + + 8.4. In the event of termination under Sections 8.1 or 8.2 above, + all end user license agreements (excluding distributors and resellers) + which have been validly granted by You or any distributor hereunder + prior to termination shall survive termination. + +9. LIMITATION OF LIABILITY. + + UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY, WHETHER TORT + (INCLUDING NEGLIGENCE), CONTRACT, OR OTHERWISE, SHALL YOU, THE INITIAL + DEVELOPER, ANY OTHER CONTRIBUTOR, OR ANY DISTRIBUTOR OF COVERED CODE, + OR ANY SUPPLIER OF ANY OF SUCH PARTIES, BE LIABLE TO ANY PERSON FOR + ANY INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY + CHARACTER INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF GOODWILL, + WORK STOPPAGE, COMPUTER FAILURE OR MALFUNCTION, OR ANY AND ALL OTHER + COMMERCIAL DAMAGES OR LOSSES, EVEN IF SUCH PARTY SHALL HAVE BEEN + INFORMED OF THE POSSIBILITY OF SUCH DAMAGES. THIS LIMITATION OF + LIABILITY SHALL NOT APPLY TO LIABILITY FOR DEATH OR PERSONAL INJURY + RESULTING FROM SUCH PARTY'S NEGLIGENCE TO THE EXTENT APPLICABLE LAW + PROHIBITS SUCH LIMITATION. SOME JURISDICTIONS DO NOT ALLOW THE + EXCLUSION OR LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO + THIS EXCLUSION AND LIMITATION MAY NOT APPLY TO YOU. + +10. U.S. GOVERNMENT END USERS. + + The Covered Code is a "commercial item," as that term is defined in + 48 C.F.R. 2.101 (Oct. 1995), consisting of "commercial computer + software" and "commercial computer software documentation," as such + terms are used in 48 C.F.R. 12.212 (Sept. 1995). Consistent with 48 + C.F.R. 12.212 and 48 C.F.R. 227.7202-1 through 227.7202-4 (June 1995), + all U.S. Government End Users acquire Covered Code with only those + rights set forth herein. + +11. MISCELLANEOUS. + + This License represents the complete agreement concerning subject + matter hereof. If any provision of this License is held to be + unenforceable, such provision shall be reformed only to the extent + necessary to make it enforceable. This License shall be governed by + California law provisions (except to the extent applicable law, if + any, provides otherwise), excluding its conflict-of-law provisions. + With respect to disputes in which at least one party is a citizen of, + or an entity chartered or registered to do business in the United + States of America, any litigation relating to this License shall be + subject to the jurisdiction of the Federal Courts of the Northern + District of California, with venue lying in Santa Clara County, + California, with the losing party responsible for costs, including + without limitation, court costs and reasonable attorneys' fees and + expenses. The application of the United Nations Convention on + Contracts for the International Sale of Goods is expressly excluded. + Any law or regulation which provides that the language of a contract + shall be construed against the drafter shall not apply to this + License. + +12. RESPONSIBILITY FOR CLAIMS. + + As between Initial Developer and the Contributors, each party is + responsible for claims and damages arising, directly or indirectly, + out of its utilization of rights under this License and You agree to + work with Initial Developer and Contributors to distribute such + responsibility on an equitable basis. Nothing herein is intended or + shall be deemed to constitute any admission of liability. + +13. MULTIPLE-LICENSED CODE. + + Initial Developer may designate portions of the Covered Code as + "Multiple-Licensed". "Multiple-Licensed" means that the Initial + Developer permits you to utilize portions of the Covered Code under + Your choice of the NPL or the alternative licenses, if any, specified + by the Initial Developer in the file described in Exhibit A. + +EXHIBIT A -Mozilla Public License. + + ``The contents of this file are subject to the Mozilla Public License + Version 1.1 (the "License"); you may not use this file except in + compliance with the License. You may obtain a copy of the License at + http://www.mozilla.org/MPL/ + + Software distributed under the License is distributed on an "AS IS" + basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the + License for the specific language governing rights and limitations + under the License. + + The Original Code is ______________________________________. + + The Initial Developer of the Original Code is ________________________. + Portions created by ______________________ are Copyright (C) ______ + _______________________. All Rights Reserved. + + Contributor(s): ______________________________________. + + Alternatively, the contents of this file may be used under the terms + of the _____ license (the "[___] License"), in which case the + provisions of [______] License are applicable instead of those + above. If you wish to allow use of your version of this file only + under the terms of the [____] License and not to allow others to use + your version of this file under the MPL, indicate your decision by + deleting the provisions above and replace them with the notice and + other provisions required by the [___] License. If you do not delete + the provisions above, a recipient may use your version of this file + under either the MPL or the [___] License." + + [NOTE: The text of this Exhibit A may differ slightly from the text of + the notices in the Source Code files of the Original Code. You should + use the text of this Exhibit A rather than the text found in the + Original Code Source Code for Your Modifications.] + diff --git a/extensions/guacamole-auth-ldap/README b/extensions/guacamole-auth-ldap/README new file mode 100644 index 000000000..223cbf7cb --- /dev/null +++ b/extensions/guacamole-auth-ldap/README @@ -0,0 +1,101 @@ + +------------------------------------------------------------ + About this README +------------------------------------------------------------ + +This README is intended to provide quick and to-the-point documentation for +technical users intending to compile parts of Guacamole themselves. + +Distribution-specific packages are available from the files section of the main +project page: + + http://sourceforge.net/projects/guacamole/files/ + +Distribution-specific documentation is provided on the Guacamole wiki: + + http://guac-dev.org/ + + +------------------------------------------------------------ + What is guacamole-auth-ldap? +------------------------------------------------------------ + +guacamole-auth-ldap is a Java library for use with the Guacamole web +application to provide LDAP based authentication. + +guacamole-auth-ldap provides an authentication provider which can be +set in guacamole.properties to allow LDAP authentication of Guacamole +users. Additional properties are required to configure the LDAP +connection and search parameters. + +Schema files are provided to create the required object classes in your +LDAP directory. + + +------------------------------------------------------------ + Compiling and installing guacamole-auth-ldap +------------------------------------------------------------ + +guacamole-auth-ldap is built using Maven. Building guacamole-auth-ldap +compiles all classes and packages them into a redistributable .jar file. This +.jar file can be installed in the library directory configured in +guacamole.properties such that the authentication provider is available. + +1) Run mvn package + + $ mvn package + + Maven will download any needed dependencies for building the .jar file. + Once all dependencies have been downloaded, the .jar file will be + created in the target/ subdirectory of the current directory. + +2) Copy the .jar file into the library directory specified in your + guacamole.properties + + You will likely need to do this as root. + + If you do not have a library directory configured in your + guacamole.properties, you will need to specify one. The directory + is specified using the "lib-directory" property. + +3) Set up your LDAP server to authenticate Guacamole users + + Schema files are provided in the doc directory for creating + the "guacConfig" object class required. + + You must add guacConfig objects to your LDAP directory. Each + guacConfig represents a connection configuration, which is made + up of a protocol and any number of protocol-specific parameters. + +4) Configure guacamole.properties for LDAP + + There are additional properties required by the LDAP authentication + provider which must be added/changed in your guacamole.properties: + + # Use LDAP authentication + auth-provider: net.sourceforge.guacamole.net.auth.ldap.LDAPAuthenticationProvider + + # Configuration for LDAP connection + ldap-hostname: LDAP_SERVER_HOSTNAME + ldap-port: 389 + + # The attribute which uniquely identifies users + ldap-username-attribute: uid + + # The base DN which, when appended to the user identifier attribute, + # produces the full DN of the user being authenticated. + ldap-user-base-dn: ou=people,dc=example,dc=net + + # The base DN within which all guacConfig objects can be found. + ldap-config-base-dn: dc=example,dc=net + + +------------------------------------------------------------ + Reporting problems +------------------------------------------------------------ + +Please report any bugs encountered by opening a new ticket at the Trac system +hosted at: + + http://guac-dev.org/trac/ + diff --git a/extensions/guacamole-auth-ldap/doc/examples/exampleConfigGroup.ldif b/extensions/guacamole-auth-ldap/doc/examples/exampleConfigGroup.ldif new file mode 100644 index 000000000..d1508cde0 --- /dev/null +++ b/extensions/guacamole-auth-ldap/doc/examples/exampleConfigGroup.ldif @@ -0,0 +1,11 @@ + +dn: cn=Example Config,dc=guac-dev,dc=org +objectClass: guacConfigGroup +objectClass: groupOfNames +cn: Example Config +guacConfigProtocol: vnc +guacConfigParameter: hostname=localhost +guacConfigParameter: port=5900 +guacConfigParameter: password=secret +member: cn=user1,dc=example,dc=com +member: cn=user2,dc=example,dc=com diff --git a/extensions/guacamole-auth-ldap/pom.xml b/extensions/guacamole-auth-ldap/pom.xml new file mode 100644 index 000000000..9563dab2e --- /dev/null +++ b/extensions/guacamole-auth-ldap/pom.xml @@ -0,0 +1,89 @@ + + + 4.0.0 + net.sourceforge.guacamole + guacamole-auth-ldap + jar + 0.8.0 + guacamole-auth-ldap + http://guac-dev.org/ + + + UTF-8 + + + + + + + + org.apache.maven.plugins + maven-compiler-plugin + + 1.6 + 1.6 + + + + + + maven-assembly-plugin + 2.2-beta-5 + + ${project.artifactId}-${project.version} + false + + src/main/assembly/dist.xml + + + + + make-dist-archive + package + + single + + + + + + + + + + + + + net.sourceforge.guacamole + guacamole-common + 0.8.0 + + + + + net.sourceforge.guacamole + guacamole-ext + 0.8.1 + + + + + com.novell.ldap + jldap + 4.3 + + + + + + + + + guac-dev + http://guac-dev.org/repo + + + + + diff --git a/extensions/guacamole-auth-ldap/schema/guacConfigGroup.ldif b/extensions/guacamole-auth-ldap/schema/guacConfigGroup.ldif new file mode 100644 index 000000000..4cac36cd2 --- /dev/null +++ b/extensions/guacamole-auth-ldap/schema/guacConfigGroup.ldif @@ -0,0 +1,9 @@ +dn: cn=guacConfigGroup,cn=schema,cn=config +objectClass: olcSchemaConfig +cn: guacConfigGroup +olcAttributeTypes: {0}( 1.3.6.1.4.1.38971.1.1.1 NAME 'guacConfigProtocol' SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.15 ) +olcAttributeTypes: {1}( 1.3.6.1.4.1.38971.1.1.2 NAME 'guacConfigParameter' SYNTAX 1.3.6.1.4.1.146 + 6.115.121.1.15 ) +olcObjectClasses: {0}( 1.3.6.1.4.1.38971.1.2.1 NAME 'guacConfigGroup' DESC 'Guacamole config + uration group' SUP groupOfNames MUST guacConfigProtocol MAY guacConfigParameter ) diff --git a/extensions/guacamole-auth-ldap/schema/guacConfigGroup.schema b/extensions/guacamole-auth-ldap/schema/guacConfigGroup.schema new file mode 100644 index 000000000..33542f9ca --- /dev/null +++ b/extensions/guacamole-auth-ldap/schema/guacConfigGroup.schema @@ -0,0 +1,13 @@ + +attributetype ( 1.3.6.1.4.1.38971.1.1.1 NAME 'guacConfigProtocol' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( 1.3.6.1.4.1.38971.1.1.2 NAME 'guacConfigParameter' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +objectClass ( 1.3.6.1.4.1.38971.1.2.1 NAME 'guacConfigGroup' + DESC 'Guacamole configuration group' + SUP groupOfNames + MUST protocol + MAY parameter ) + diff --git a/extensions/guacamole-auth-ldap/src/main/assembly/dist.xml b/extensions/guacamole-auth-ldap/src/main/assembly/dist.xml new file mode 100644 index 000000000..a13bce3e2 --- /dev/null +++ b/extensions/guacamole-auth-ldap/src/main/assembly/dist.xml @@ -0,0 +1,54 @@ + + + dist + ${project.artifactId}-${project.version} + + + + tar.gz + + + + + + + + / + doc + + + + + /schema + schema + + + + + + + + + /lib + runtime + false + true + true + + + + + net.sourceforge.guacamole:guacamole-common + + + net.sourceforge.guacamole:guacamole-ext + + + + + + diff --git a/extensions/guacamole-auth-ldap/src/main/java/net/sourceforge/guacamole/net/auth/ldap/LDAPAuthenticationProvider.java b/extensions/guacamole-auth-ldap/src/main/java/net/sourceforge/guacamole/net/auth/ldap/LDAPAuthenticationProvider.java new file mode 100644 index 000000000..95d937b3a --- /dev/null +++ b/extensions/guacamole-auth-ldap/src/main/java/net/sourceforge/guacamole/net/auth/ldap/LDAPAuthenticationProvider.java @@ -0,0 +1,266 @@ + +package net.sourceforge.guacamole.net.auth.ldap; + +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is guacamole-auth-ldap. + * + * The Initial Developer of the Original Code is + * Michael Jumper. + * Portions created by the Initial Developer are Copyright (C) 2010 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ + +import com.novell.ldap.LDAPAttribute; +import com.novell.ldap.LDAPConnection; +import com.novell.ldap.LDAPEntry; +import com.novell.ldap.LDAPException; +import com.novell.ldap.LDAPSearchResults; +import java.io.UnsupportedEncodingException; +import java.util.Enumeration; +import java.util.Map; +import java.util.TreeMap; +import net.sourceforge.guacamole.GuacamoleException; +import net.sourceforge.guacamole.net.auth.Credentials; +import net.sourceforge.guacamole.net.auth.ldap.properties.LDAPGuacamoleProperties; +import net.sourceforge.guacamole.net.auth.simple.SimpleAuthenticationProvider; +import net.sourceforge.guacamole.properties.GuacamoleProperties; +import net.sourceforge.guacamole.protocol.GuacamoleConfiguration; + +/** + * Allows users to be authenticated against an LDAP server. Each user may have + * any number of authorized configurations. Authorized configurations may be + * shared. + * + * @author Michael Jumper + */ +public class LDAPAuthenticationProvider extends SimpleAuthenticationProvider { + + // Courtesy of OWASP: https://www.owasp.org/index.php/Preventing_LDAP_Injection_in_Java + private static String escapeLDAPSearchFilter(String filter) { + StringBuilder sb = new StringBuilder(); + for (int i = 0; i < filter.length(); i++) { + char curChar = filter.charAt(i); + switch (curChar) { + case '\\': + sb.append("\\5c"); + break; + case '*': + sb.append("\\2a"); + break; + case '(': + sb.append("\\28"); + break; + case ')': + sb.append("\\29"); + break; + case '\u0000': + sb.append("\\00"); + break; + default: + sb.append(curChar); + } + } + return sb.toString(); + } + + // Courtesy of OWASP: https://www.owasp.org/index.php/Preventing_LDAP_Injection_in_Java + private static String escapeDN(String name) { + StringBuilder sb = new StringBuilder(); + if ((name.length() > 0) && ((name.charAt(0) == ' ') || (name.charAt(0) == '#'))) { + sb.append('\\'); // add the leading backslash if needed + } + for (int i = 0; i < name.length(); i++) { + char curChar = name.charAt(i); + switch (curChar) { + case '\\': + sb.append("\\\\"); + break; + case ',': + sb.append("\\,"); + break; + case '+': + sb.append("\\+"); + break; + case '"': + sb.append("\\\""); + break; + case '<': + sb.append("\\<"); + break; + case '>': + sb.append("\\>"); + break; + case ';': + sb.append("\\;"); + break; + default: + sb.append(curChar); + } + } + if ((name.length() > 1) && (name.charAt(name.length() - 1) == ' ')) { + sb.insert(sb.length() - 1, '\\'); // add the trailing backslash if needed + } + return sb.toString(); + } + + + @Override + public Map getAuthorizedConfigurations(Credentials credentials) throws GuacamoleException { + + try { + + // Require username + if (credentials.getUsername() == null) { + // TODO: log "LDAP authentication requires a username." + return null; + } + + // Require password, and do not allow anonymous binding + if (credentials.getPassword() == null + || credentials.getPassword().length() == 0) { + // TODO: log "LDAP authentication requires a password." + return null; + } + + // Connect to LDAP server + LDAPConnection ldapConnection = new LDAPConnection(); + ldapConnection.connect( + GuacamoleProperties.getRequiredProperty(LDAPGuacamoleProperties.LDAP_HOSTNAME), + GuacamoleProperties.getRequiredProperty(LDAPGuacamoleProperties.LDAP_PORT) + ); + + // Get username attribute + String username_attribute = GuacamoleProperties.getRequiredProperty( + LDAPGuacamoleProperties.LDAP_USERNAME_ATTRIBUTE + ); + + // Get user base DN + String user_base_dn = GuacamoleProperties.getRequiredProperty( + LDAPGuacamoleProperties.LDAP_USER_BASE_DN + ); + + // Construct user DN + String user_dn = + escapeDN(username_attribute) + "=" + escapeDN(credentials.getUsername()) + + "," + user_base_dn; + + // Bind as user + try { + ldapConnection.bind( + LDAPConnection.LDAP_V3, + user_dn, + credentials.getPassword().getBytes("UTF-8") + ); + } + catch (UnsupportedEncodingException e) { + throw new GuacamoleException(e); + } + + // Get config base DN + String config_base_dn = GuacamoleProperties.getRequiredProperty( + LDAPGuacamoleProperties.LDAP_CONFIG_BASE_DN + ); + + // Find all guac configs for this user + LDAPSearchResults results = ldapConnection.search( + config_base_dn, + LDAPConnection.SCOPE_SUB, + "(&(objectClass=guacConfigGroup)(member=" + escapeLDAPSearchFilter(user_dn) + "))", + null, + false + ); + + // Add all configs + Map configs = new TreeMap(); + while (results.hasMore()) { + + LDAPEntry entry = results.next(); + + // New empty configuration + GuacamoleConfiguration config = new GuacamoleConfiguration(); + + // Get CN + LDAPAttribute cn = entry.getAttribute("cn"); + if (cn == null) + throw new GuacamoleException("guacConfigGroup without cn"); + + // Get protocol + LDAPAttribute protocol = entry.getAttribute("guacConfigProtocol"); + if (protocol == null) + throw new GuacamoleException("guacConfigGroup without guacConfigProtocol"); + + // Set protocol + config.setProtocol(protocol.getStringValue()); + + // Get parameters, if any + LDAPAttribute parameterAttribute = entry.getAttribute("guacConfigParameter"); + if (parameterAttribute != null) { + + // For each parameter + Enumeration parameters = parameterAttribute.getStringValues(); + while (parameters.hasMoreElements()) { + + String parameter = parameters.nextElement(); + + // Parse parameter + int equals = parameter.indexOf('='); + if (equals != -1) { + + // Parse name + String name = parameter.substring(0, equals); + String value = parameter.substring(equals+1); + + config.setParameter(name, value); + + } + + } + + } + + // Store config by CN + configs.put(cn.getStringValue(), config); + + } + + // Disconnect + ldapConnection.disconnect(); + return configs; + + } + catch (LDAPException e) { + throw new GuacamoleException(e); + } + + + } + +} + diff --git a/extensions/guacamole-auth-ldap/src/main/java/net/sourceforge/guacamole/net/auth/ldap/properties/LDAPGuacamoleProperties.java b/extensions/guacamole-auth-ldap/src/main/java/net/sourceforge/guacamole/net/auth/ldap/properties/LDAPGuacamoleProperties.java new file mode 100644 index 000000000..206492a1f --- /dev/null +++ b/extensions/guacamole-auth-ldap/src/main/java/net/sourceforge/guacamole/net/auth/ldap/properties/LDAPGuacamoleProperties.java @@ -0,0 +1,110 @@ + +package net.sourceforge.guacamole.net.auth.ldap.properties; + +import net.sourceforge.guacamole.properties.IntegerGuacamoleProperty; +import net.sourceforge.guacamole.properties.StringGuacamoleProperty; + +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is guacamole-auth-ldap. + * + * The Initial Developer of the Original Code is + * Michael Jumper. + * Portions created by the Initial Developer are Copyright (C) 2010 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ + +/** + * Provides properties required for use of the LDAP authentication provider. + * These properties will be read from guacamole.properties when the LDAP + * authentication provider is used. + * + * @author Michael Jumper + */ +public class LDAPGuacamoleProperties { + + /** + * This class should not be instantiated. + */ + private LDAPGuacamoleProperties() {} + + /** + * The base DN to search for Guacamole configurations. + */ + public static final StringGuacamoleProperty LDAP_CONFIG_BASE_DN = new StringGuacamoleProperty() { + + @Override + public String getName() { return "ldap-config-base-dn"; } + + }; + + /** + * The base DN of users. All users must be direct children of this DN, + * varying only by LDAP_USERNAME_ATTRIBUTE. + */ + public static final StringGuacamoleProperty LDAP_USER_BASE_DN = new StringGuacamoleProperty() { + + @Override + public String getName() { return "ldap-user-base-dn"; } + + }; + + /** + * The attribute which identifies users. This attribute must be part of + * each user's DN such that the concatenation of this attribute and + * LDAP_USER_BASE_DN equals the users full DN. + */ + public static final StringGuacamoleProperty LDAP_USERNAME_ATTRIBUTE = new StringGuacamoleProperty() { + + @Override + public String getName() { return "ldap-username-attribute"; } + + }; + + /** + * The port on the LDAP server to connect to when authenticating users. + */ + public static final IntegerGuacamoleProperty LDAP_PORT = new IntegerGuacamoleProperty() { + + @Override + public String getName() { return "ldap-port"; } + + }; + + /** + * The hostname of the LDAP server to connect to when authenticating users. + */ + public static final StringGuacamoleProperty LDAP_HOSTNAME = new StringGuacamoleProperty() { + + @Override + public String getName() { return "ldap-hostname"; } + + }; + +}