GUACAMOLE-271: Merge changes adding Duo support to the Guacamole Docker image.

2025-09-06 13:17:41 +00:00 · 2019-01-15 16:14:04 -08:00
parent 9dcee8bdac 2f3cbf7fa1
commit 435df3c028
2 changed files with 59 additions and 0 deletions
--- a/guacamole-docker/bin/build-guacamole.sh
+++ b/guacamole-docker/bin/build-guacamole.sh
@@ -134,3 +134,18 @@ if [ -f extensions/guacamole-auth-openid/target/guacamole-auth-openid*.jar ]; th
    mkdir -p "$DESTINATION/openid"
    cp extensions/guacamole-auth-openid/target/guacamole-auth-openid*.jar "$DESTINATION/openid"
 fi
+
+#
+# Copy Duo auth extension if it was built
+#
+
+if [ -f extensions/guacamole-auth-duo/target/*.tar.gz ]; then
+    mkdir -p "$DESTINATION/duo"
+    tar -xzf extensions/guacamole-auth-duo/target/*.tar.gz \
+        -C "$DESTINATION/duo/"                             \
+        --wildcards                                        \
+        --no-anchored                                      \
+        --no-wildcards-match-slash                         \
+        --strip-components=1                               \
+        "*.jar"
+fi
--- a/guacamole-docker/bin/start.sh
+++ b/guacamole-docker/bin/start.sh
@@ -464,6 +464,45 @@ END

 }

+##
+## Adds properties to guacamole.properties which configure the Duo two-factor
+## authentication service. Checks to see if all variables are defined and makes sure
+## DUO_APPLICATION_KEY is >= 40 characters.
+##
+associate_duo() {
+    # Verify required parameters are present
+    if [ -z "$DUO_INTEGRATION_KEY" ]      || \
+       [ -z "$DUO_SECRET_KEY" ]           || \
+       [ ${#DUO_APPLICATION_KEY} -lt 40 ]
+    then
+        cat <<END
+FATAL: Missing required environment variables
+-------------------------------------------------------------------------------
+If using the Duo authentication extension, you must provide each of the 
+following environment variables:
+
+    DUO_API_HOSTNAME        The hostname of the Duo API endpoint.
+
+    DUO_INTEGRATION_KEY     The integration key provided for Guacamole by Duo.
+
+    DUO_SECRET_KEY          The secret key provided for Guacamole by Duo. 
+
+    DUO_APPLICATION_KEY     An arbitrary, random key.
+                            This value must be at least 40 characters.
+END
+        exit 1;
+    fi
+
+    # Update config file
+    set_property "duo-api-hostname"                 "$DUO_API_HOSTNAME"
+    set_property "duo-integration-key"              "$DUO_INTEGRATION_KEY"
+    set_property "duo-secret-key"                   "$DUO_SECRET_KEY"
+    set_property "duo-application-key"              "$DUO_APPLICATION_KEY"
+
+    # Add required .jar files to GUACAMOLE_EXT
+    ln -s /opt/guacamole/duo/guacamole-auth-*.jar   "$GUACAMOLE_EXT"
+}
+
 ##
 ## Starts Guacamole under Tomcat, replacing the current process with the
 ## Tomcat process. As the current process will be replaced, this MUST be the
@@ -595,6 +634,11 @@ END
    exit 1;
 fi

+# Use Duo if specified.
+if [ -n "$DUO_API_HOSTNAME" ]; then
+    associate_duo
+fi
+
 #
 # Finally start Guacamole (under Tomcat)
 #