From 1ed73e6a9778c321aefc4587c5bd96cb658a0291 Mon Sep 17 00:00:00 2001 From: Michael Jumper Date: Sat, 28 Jan 2017 11:20:23 -0800 Subject: [PATCH 1/2] GUACAMOLE-47: Correct documentation of address/hostname token names. --- .../org/apache/guacamole/token/StandardTokens.java | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/guacamole-ext/src/main/java/org/apache/guacamole/token/StandardTokens.java b/guacamole-ext/src/main/java/org/apache/guacamole/token/StandardTokens.java index 9cb1f4137..2d0dd3401 100644 --- a/guacamole-ext/src/main/java/org/apache/guacamole/token/StandardTokens.java +++ b/guacamole-ext/src/main/java/org/apache/guacamole/token/StandardTokens.java @@ -21,8 +21,8 @@ package org.apache.guacamole.token; import java.text.SimpleDateFormat; import java.util.Date; -import org.apache.guacamole.net.auth.Credentials; import javax.servlet.http.HttpServletRequest; +import org.apache.guacamole.net.auth.Credentials; /** * Utility class which provides access to standardized token names, as well as @@ -43,14 +43,14 @@ public class StandardTokens { public static final String PASSWORD_TOKEN = "GUAC_PASSWORD"; /** - * The name of the client token added via addStandardTokens(). + * The name of the client hostname token added via addStandardTokens(). */ - public static final String REMHOST_TOKEN = "GUAC_CLIENT_HOSTNAME"; + public static final String CLIENT_HOSTNAME_TOKEN = "GUAC_CLIENT_HOSTNAME"; /** - * The IP of the client token added via addStandardTokens(). + * The name of the client address token added via addStandardTokens(). */ - public static final String REMIP_TOKEN = "GUAC_CLIENT_ADDRESS"; + public static final String CLIENT_ADDRESS_TOKEN = "GUAC_CLIENT_ADDRESS"; /** * The name of the date token (server-local time) added via @@ -129,8 +129,8 @@ public class StandardTokens { // Add client hostname and ip tokens HttpServletRequest request = credentials.getRequest(); if (request != null) { - filter.setToken(REMHOST_TOKEN, request.getRemoteHost()); - filter.setToken(REMIP_TOKEN, request.getRemoteAddr()); + filter.setToken(CLIENT_HOSTNAME_TOKEN, request.getRemoteHost()); + filter.setToken(CLIENT_ADDRESS_TOKEN, request.getRemoteAddr()); } // Add any tokens which do not require credentials From b336e26cb2e4cda2f309f5cf0c26875099dcdaa7 Mon Sep 17 00:00:00 2001 From: Michael Jumper Date: Sat, 28 Jan 2017 11:23:31 -0800 Subject: [PATCH 2/2] GUACAMOLE-47: Store remote address and hostname within Credentials. --- .../guacamole/net/auth/Credentials.java | 65 +++++++++++++++++++ .../guacamole/token/StandardTokens.java | 16 +++-- .../guacamole/rest/auth/TokenRESTService.java | 2 + .../guacamole/rest/user/UserResource.java | 2 + 4 files changed, 78 insertions(+), 7 deletions(-) diff --git a/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/Credentials.java b/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/Credentials.java index e6bb846fb..d9ea2d66f 100644 --- a/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/Credentials.java +++ b/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/Credentials.java @@ -51,6 +51,19 @@ public class Credentials implements Serializable { */ private String password; + /** + * The address of the client end of the connection which provided these + * credentials, if known. + */ + private String remoteAddress; + + /** + * The hostname or, if the hostname cannot be determined, the address of + * the client end of the connection which provided these credentials, if + * known. + */ + private String remoteHostname; + /** * The HttpServletRequest carrying additional credentials, if any. */ @@ -133,4 +146,56 @@ public class Credentials implements Serializable { this.session = session; } + /** + * Returns the address of the client end of the connection which provided + * these credentials, if known. + * + * @return + * The address of the client end of the connection which provided these + * credentials, or null if the address is not known. + */ + public String getRemoteAddress() { + return remoteAddress; + } + + /** + * Sets the address of the client end of the connection which provided + * these credentials. + * + * @param remoteAddress + * The address of the client end of the connection which provided these + * credentials, or null if the address is not known. + */ + public void setRemoteAddress(String remoteAddress) { + this.remoteAddress = remoteAddress; + } + + /** + * Returns the hostname of the client end of the connection which provided + * these credentials, if known. If the hostname of the client cannot be + * determined, but the address is known, the address may be returned + * instead. + * + * @return + * The hostname or address of the client end of the connection which + * provided these credentials, or null if the hostname is not known. + */ + public String getRemoteHostname() { + return remoteHostname; + } + + /** + * Sets the hostname of the client end of the connection which provided + * these credentials, if known. If the hostname of the client cannot be + * determined, but the address is known, the address may be specified + * instead. + * + * @param remoteHostname + * The hostname or address of the client end of the connection which + * provided these credentials, or null if the hostname is not known. + */ + public void setRemoteHostname(String remoteHostname) { + this.remoteHostname = remoteHostname; + } + } diff --git a/guacamole-ext/src/main/java/org/apache/guacamole/token/StandardTokens.java b/guacamole-ext/src/main/java/org/apache/guacamole/token/StandardTokens.java index 2d0dd3401..04058fe08 100644 --- a/guacamole-ext/src/main/java/org/apache/guacamole/token/StandardTokens.java +++ b/guacamole-ext/src/main/java/org/apache/guacamole/token/StandardTokens.java @@ -21,7 +21,6 @@ package org.apache.guacamole.token; import java.text.SimpleDateFormat; import java.util.Date; -import javax.servlet.http.HttpServletRequest; import org.apache.guacamole.net.auth.Credentials; /** @@ -126,12 +125,15 @@ public class StandardTokens { if (password != null) filter.setToken(PASSWORD_TOKEN, password); - // Add client hostname and ip tokens - HttpServletRequest request = credentials.getRequest(); - if (request != null) { - filter.setToken(CLIENT_HOSTNAME_TOKEN, request.getRemoteHost()); - filter.setToken(CLIENT_ADDRESS_TOKEN, request.getRemoteAddr()); - } + // Add client hostname token + String hostname = credentials.getRemoteHostname(); + if (hostname != null) + filter.setToken(CLIENT_HOSTNAME_TOKEN, hostname); + + // Add client address token + String address = credentials.getRemoteAddress(); + if (address != null) + filter.setToken(CLIENT_ADDRESS_TOKEN, address); // Add any tokens which do not require credentials addStandardTokens(filter); diff --git a/guacamole/src/main/java/org/apache/guacamole/rest/auth/TokenRESTService.java b/guacamole/src/main/java/org/apache/guacamole/rest/auth/TokenRESTService.java index 14adeb542..2ba6459d5 100644 --- a/guacamole/src/main/java/org/apache/guacamole/rest/auth/TokenRESTService.java +++ b/guacamole/src/main/java/org/apache/guacamole/rest/auth/TokenRESTService.java @@ -125,6 +125,8 @@ public class TokenRESTService { credentials.setPassword(password); credentials.setRequest(request); credentials.setSession(request.getSession(true)); + credentials.setRemoteAddress(request.getRemoteAddr()); + credentials.setRemoteHostname(request.getRemoteHost()); return credentials; diff --git a/guacamole/src/main/java/org/apache/guacamole/rest/user/UserResource.java b/guacamole/src/main/java/org/apache/guacamole/rest/user/UserResource.java index 7329a0253..a0ca3ecbd 100644 --- a/guacamole/src/main/java/org/apache/guacamole/rest/user/UserResource.java +++ b/guacamole/src/main/java/org/apache/guacamole/rest/user/UserResource.java @@ -130,6 +130,8 @@ public class UserResource credentials.setPassword(userPasswordUpdate.getOldPassword()); credentials.setRequest(request); credentials.setSession(request.getSession(true)); + credentials.setRemoteAddress(request.getRemoteAddr()); + credentials.setRemoteHostname(request.getRemoteHost()); // Verify that the old password was correct try {