safebox/guacamole-client
4
0
Fork 0
mirror of https://github.com/gyurix1968/guacamole-client.git synced 2025-09-06 05:07:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge staging/1.2.0 changes back to master.

Browse Source
This commit is contained in:
Virtually Nick
2020-06-13 21:49:06 -04:00
parent 4fec4638fc 678c772809
commit 2bbd039d5c
23 changed files with 780 additions and 539 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/RadiusAuthenticationProviderModule.java
View File

@@ -68,10 +68,10 @@ public class RadiusAuthenticationProviderModule extends AbstractModule {
// Check for MD4 requirement
RadiusAuthenticationProtocol authProtocol = environment.getProperty(RadiusGuacamoleProperties.RADIUS_AUTH_PROTOCOL);
RadiusAuthenticationProtocol innerProtocol = environment.getProperty(RadiusGuacamoleProperties.RADIUS_EAP_TTLS_INNER_PROTOCOL);
if (authProtocol == RadiusAuthenticationProtocol.MSCHAPv1
|| authProtocol == RadiusAuthenticationProtocol.MSCHAPv2
|| innerProtocol == RadiusAuthenticationProtocol.MSCHAPv1
|| innerProtocol == RadiusAuthenticationProtocol.MSCHAPv2) {
if (authProtocol == RadiusAuthenticationProtocol.MSCHAP_V1
|| authProtocol == RadiusAuthenticationProtocol.MSCHAP_V2
|| innerProtocol == RadiusAuthenticationProtocol.MSCHAP_V1
|| innerProtocol == RadiusAuthenticationProtocol.MSCHAP_V2) {
try {
MessageDigest.getInstance("MD4");

78
extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/RadiusConnectionService.java
View File

@@ -47,7 +47,6 @@ import net.jradius.packet.attribute.AttributeList;
import net.jradius.client.auth.EAPTLSAuthenticator;
import net.jradius.client.auth.EAPTTLSAuthenticator;
import net.jradius.client.auth.RadiusAuthenticator;
import net.jradius.client.auth.PEAPAuthenticator;
import net.jradius.packet.attribute.AttributeFactory;
import net.jradius.packet.AccessChallenge;
import net.jradius.packet.RadiusResponse;
@@ -102,74 +101,57 @@ public class RadiusConnectionService {
}
/**
* Creates a new instance of RadiusAuthentictor, configured with
* Creates a new instance of RadiusAuthenticator, configured with
* parameters specified within guacamole.properties.
*
* @param radiusClient
* A RadiusClient instance that has been initialized to
* communicate with a RADIUS server.
*
* @return
* A new RadiusAuthenticator instance which has been configured
* with parameters from guacamole.properties, or null if
* configuration fails.
* with parameters from guacamole.properties.
*
* @throws GuacamoleException
* If the configuration cannot be read or the inner protocol is
* not configured when the client is set up for a tunneled
* RADIUS connection.
*/
private RadiusAuthenticator setupRadiusAuthenticator(
RadiusClient radiusClient) throws GuacamoleException {
private RadiusAuthenticator getRadiusAuthenticator() throws GuacamoleException {
// If we don't have a radiusClient object, yet, don't go any further.
if (radiusClient == null) {
logger.error("RADIUS client hasn't been set up, yet.");
logger.debug("We can't run this method until the RADIUS client has been set up.");
return null;
}
RadiusAuthenticator radAuth = radiusClient.getAuthProtocol(
confService.getRadiusAuthProtocol().toString());
if (radAuth == null)
throw new GuacamoleException("Could not get a valid RadiusAuthenticator for specified protocol: " + confService.getRadiusAuthProtocol());
RadiusAuthenticator radAuth = confService.getRadiusAuthProtocol().getAuthenticator();
// If we're using any of the TLS protocols, we need to configure them
if (radAuth instanceof PEAPAuthenticator ||
radAuth instanceof EAPTLSAuthenticator ||
radAuth instanceof EAPTTLSAuthenticator) {
if (radAuth instanceof EAPTLSAuthenticator) {
// Pull TLS configuration parameters from guacamole.properties
EAPTLSAuthenticator tlsAuth = (EAPTLSAuthenticator) radAuth;
// If provided, use the configured certificate authority for
// validating the connection to the RADIUS server
File caFile = confService.getRadiusCAFile();
String caPassword = confService.getRadiusCAPassword();
File keyFile = confService.getRadiusKeyFile();
String keyPassword = confService.getRadiusKeyPassword();
if (caFile != null) {
((EAPTLSAuthenticator)radAuth).setCaFile(caFile.toString());
((EAPTLSAuthenticator)radAuth).setCaFileType(confService.getRadiusCAType());
tlsAuth.setCaFile(caFile.toString());
tlsAuth.setCaFileType(confService.getRadiusCAType());
String caPassword = confService.getRadiusCAPassword();
if (caPassword != null)
((EAPTLSAuthenticator)radAuth).setCaPassword(caPassword);
tlsAuth.setCaPassword(caPassword);
}
// Use configured password for unlocking the RADIUS private key,
// if specified
String keyPassword = confService.getRadiusKeyPassword();
if (keyPassword != null)
((EAPTLSAuthenticator)radAuth).setKeyPassword(keyPassword);
tlsAuth.setKeyPassword(keyPassword);
// Use configured RADIUS certificate and private key (always
// required for TLS-based protocols)
File keyFile = confService.getRadiusKeyFile();
tlsAuth.setKeyFile(keyFile.toString());
tlsAuth.setKeyFileType(confService.getRadiusKeyType());
tlsAuth.setTrustAll(confService.getRadiusTrustAll());
((EAPTLSAuthenticator)radAuth).setKeyFile(keyFile.toString());
((EAPTLSAuthenticator)radAuth).setKeyFileType(confService.getRadiusKeyType());
((EAPTLSAuthenticator)radAuth).setTrustAll(confService.getRadiusTrustAll());
}
// If we're using EAP-TTLS, we need to define tunneled protocol
if (radAuth instanceof EAPTTLSAuthenticator) {
RadiusAuthenticationProtocol innerProtocol =
confService.getRadiusEAPTTLSInnerProtocol();
if (innerProtocol == null)
throw new GuacamoleException("Missing or invalid inner protocol for EAP-TTLS.");
((EAPTTLSAuthenticator)radAuth).setInnerProtocol(innerProtocol.toString());
RadiusAuthenticationProtocol innerProtocol = confService.getRadiusEAPTTLSInnerProtocol();
((EAPTTLSAuthenticator)radAuth).setInnerProtocol(innerProtocol.JRADIUS_PROTOCOL_NAME);
}
return radAuth;
@@ -219,14 +201,8 @@ public class RadiusConnectionService {
RadiusClient radiusClient = createRadiusConnection();
AttributeFactory.loadAttributeDictionary("net.jradius.dictionary.AttributeDictionaryImpl");
// Client failed to set up, so we return null
if (radiusClient == null)
return null;
// Set up the RadiusAuthenticator
RadiusAuthenticator radAuth = setupRadiusAuthenticator(radiusClient);
if (radAuth == null)
throw new GuacamoleException("Unknown RADIUS authentication protocol.");
RadiusAuthenticator radAuth = getRadiusAuthenticator();
// Add attributes to the connection and send the packet
try {

2
extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/conf/ConfigurationService.java
View File

@@ -317,7 +317,7 @@ public class ConfigurationService {
public RadiusAuthenticationProtocol getRadiusEAPTTLSInnerProtocol()
throws GuacamoleException {
RadiusAuthenticationProtocol authProtocol = environment.getProperty(
RadiusAuthenticationProtocol authProtocol = environment.getRequiredProperty(
RadiusGuacamoleProperties.RADIUS_EAP_TTLS_INNER_PROTOCOL
);

125
extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/conf/RadiusAuthenticationProtocol.java
View File

@@ -19,6 +19,17 @@
package org.apache.guacamole.auth.radius.conf;
import net.jradius.client.RadiusClient;
import net.jradius.client.auth.CHAPAuthenticator;
import net.jradius.client.auth.EAPMD5Authenticator;
import net.jradius.client.auth.EAPTLSAuthenticator;
import net.jradius.client.auth.EAPTTLSAuthenticator;
import net.jradius.client.auth.MSCHAPv1Authenticator;
import net.jradius.client.auth.MSCHAPv2Authenticator;
import net.jradius.client.auth.PAPAuthenticator;
import net.jradius.client.auth.RadiusAuthenticator;
import org.apache.guacamole.properties.EnumGuacamoleProperty.PropertyValue;
/**
* This enum represents supported RADIUS authentication protocols for
* the guacamole-auth-radius extension.
@@ -26,93 +37,91 @@ package org.apache.guacamole.auth.radius.conf;
public enum RadiusAuthenticationProtocol {
/**
* Password Authentication Protocol (PAP)
* Password Authentication Protocol (PAP).
*/
PAP("pap"),
@PropertyValue("pap")
PAP(PAPAuthenticator.NAME),
/**
* Challenge-Handshake Authentication Protocol (CHAP)
* Challenge-Handshake Authentication Protocol (CHAP).
*/
CHAP("chap"),
@PropertyValue("chap")
CHAP(CHAPAuthenticator.NAME),
/**
* Microsoft implementation of CHAP, Version 1 (MS-CHAPv1)
* Microsoft implementation of CHAP, Version 1 (MS-CHAPv1).
*/
MSCHAPv1("mschapv1"),
@PropertyValue("mschapv1")
MSCHAP_V1(MSCHAPv1Authenticator.NAME),
/**
* Microsoft implementation of CHAP, Version 2 (MS-CHAPv2)
* Microsoft implementation of CHAP, Version 2 (MS-CHAPv2).
*/
MSCHAPv2("mschapv2"),
@PropertyValue("mschapv2")
MSCHAP_V2(MSCHAPv2Authenticator.NAME),
/**
* Extensible Authentication Protocol (EAP) with MD5 Hashing (EAP-MD5)
* Extensible Authentication Protocol (EAP) with MD5 Hashing (EAP-MD5).
*/
EAP_MD5("eap-md5"),
@PropertyValue("eap-md5")
EAP_MD5(EAPMD5Authenticator.NAME),
/**
* Extensible Authentication Protocol (EAP) with TLS encryption (EAP-TLS).
*/
EAP_TLS("eap-tls"),
@PropertyValue("eap-tls")
EAP_TLS(EAPTLSAuthenticator.NAME),
/**
* Extensible Authentication Protocol (EAP) with Tunneled TLS (EAP-TTLS).
*/
EAP_TTLS("eap-ttls");
@PropertyValue("eap-ttls")
EAP_TTLS(EAPTTLSAuthenticator.NAME);
/**
* This variable stores the string value of the protocol, and is also
* used within the extension to pass to JRadius for configuring the
* library to talk to the RADIUS server.
* The unique name of the JRadius {@link RadiusAuthenticator} that
* implements this protocol.
*/
private final String strValue;
public final String JRADIUS_PROTOCOL_NAME;
/**
* Create a new RadiusAuthenticationProtocol object having the
* given string value.
*
* @param strValue
* The value of the protocol to store as a string, which will be used
* in specifying the protocol within the guacamole.properties file, and
* will also be used by the JRadius library for its configuration.
* Creates a new RadiusAuthenticationProtocol associated with the given
* JRadius protocol name.
*
* @param protocolName
* The unique name of the JRadius {@link RadiusAuthenticator} that
* implements this protocol.
*/
RadiusAuthenticationProtocol(String strValue) {
this.strValue = strValue;
RadiusAuthenticationProtocol(String protocolName) {
this.JRADIUS_PROTOCOL_NAME = protocolName;
}
/**
* {@inheritDoc}
* <p>
* This function returns the stored string values of the selected RADIUS
* protocol, which is used both in Guacamole configuration and also to pass
* on to the JRadius library for its configuration.
*
* @return
* The string value stored for the selected RADIUS protocol.
*/
@Override
public String toString() {
return strValue;
}
/**
* For a given String value, return the enum value that matches that string,
* or null if no matchi is found.
*
* @param value
* The string value to search for in the list of enums.
*
* Returns a new instance of the JRadius {@link RadiusAuthenticator} that
* implements this protocol. This function will never return null.
*
* @return
* The RadiusAuthenticationProtocol value that is identified by the
* provided String value.
* A new instance of the JRadius {@link RadiusAuthenticator} that
* implements this protocol.
*
* @throws IllegalStateException
* If a bug within the JRadius library prevents retrieval of the
* authenticator for a protocol that is known to be supported.
*/
public static RadiusAuthenticationProtocol getEnum(String value) {
for (RadiusAuthenticationProtocol v : values())
if(v.toString().equals(value))
return v;
return null;
public RadiusAuthenticator getAuthenticator() throws IllegalStateException {
// As we are using JRadius' own NAME constants for retrieving
// authenticator instances, the retrieval operation should always
// succeed except in the case of a bug within the JRadius library
RadiusAuthenticator authenticator = RadiusClient.getAuthProtocol(JRADIUS_PROTOCOL_NAME);
if (authenticator == null)
throw new IllegalStateException(String.format("JRadius failed "
+"to locate its own support for protocol \"%s\". This is "
+ "likely a bug in the JRadius library.",
JRADIUS_PROTOCOL_NAME));
return authenticator;
}
}

54
extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/conf/RadiusAuthenticationProtocolProperty.java
View File

@@ -1,54 +0,0 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.guacamole.auth.radius.conf;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.GuacamoleServerException;
import org.apache.guacamole.properties.GuacamoleProperty;
/**
* A GuacamoleProperty whose value is a RadiusAuthenticationProtocol.
*/
public abstract class RadiusAuthenticationProtocolProperty
implements GuacamoleProperty<RadiusAuthenticationProtocol> {
@Override
public RadiusAuthenticationProtocol parseValue(String value)
throws GuacamoleException {
// Nothing provided, nothing returned
if (value == null)
return null;
// Attempt to parse the string value
RadiusAuthenticationProtocol authProtocol =
RadiusAuthenticationProtocol.getEnum(value);
// Throw an exception if nothing matched.
if (authProtocol == null)
throw new GuacamoleServerException(
"Invalid or unsupported RADIUS authentication protocol.");
// Return the answer
return authProtocol;
}
}

9
extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/conf/RadiusGuacamoleProperties.java
View File

@@ -20,6 +20,7 @@
package org.apache.guacamole.auth.radius.conf;
import org.apache.guacamole.properties.BooleanGuacamoleProperty;
import org.apache.guacamole.properties.EnumGuacamoleProperty;
import org.apache.guacamole.properties.FileGuacamoleProperty;
import org.apache.guacamole.properties.IntegerGuacamoleProperty;
import org.apache.guacamole.properties.StringGuacamoleProperty;
@@ -81,8 +82,8 @@ public class RadiusGuacamoleProperties {
/**
* The authentication protocol of the RADIUS server to connect to when authenticating users.
*/
public static final RadiusAuthenticationProtocolProperty RADIUS_AUTH_PROTOCOL =
new RadiusAuthenticationProtocolProperty() {
public static final EnumGuacamoleProperty<RadiusAuthenticationProtocol> RADIUS_AUTH_PROTOCOL =
new EnumGuacamoleProperty<RadiusAuthenticationProtocol>(RadiusAuthenticationProtocol.class) {
@Override
public String getName() { return "radius-auth-protocol"; }
@@ -182,8 +183,8 @@ public class RadiusGuacamoleProperties {
/**
* The tunneled protocol to use inside a RADIUS EAP-TTLS connection.
*/
public static final RadiusAuthenticationProtocolProperty RADIUS_EAP_TTLS_INNER_PROTOCOL =
new RadiusAuthenticationProtocolProperty() {
public static final EnumGuacamoleProperty<RadiusAuthenticationProtocol> RADIUS_EAP_TTLS_INNER_PROTOCOL =
new EnumGuacamoleProperty<RadiusAuthenticationProtocol>(RadiusAuthenticationProtocol.class) {
@Override
public String getName() { return "radius-eap-ttls-inner-protocol"; }