safebox/guacamole-client
4
0
Fork 0
mirror of https://github.com/gyurix1968/guacamole-client.git synced 2025-09-06 13:17:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

GUAC-1126: Document that active connection information may be missing. If a user is a non-admin, hide sensitive information about active connections.

Browse Source
This commit is contained in:
Michael Jumper
2015-04-09 14:41:34 -07:00
parent f8714b735f
commit 4caddb9c29
4 changed files with 35 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/activeconnection/ActiveConnectionService.java
View File

@@ -83,6 +83,7 @@ public class ActiveConnectionService
public Collection<TrackedActiveConnection> retrieveObjects(AuthenticatedUser user, public Collection<TrackedActiveConnection> retrieveObjects(AuthenticatedUser user,
Collection<String> identifiers) throws GuacamoleException { Collection<String> identifiers) throws GuacamoleException {
boolean isAdmin = user.getUser().isAdministrator();
Set<String> identifierSet = new HashSet<String>(identifiers); Set<String> identifierSet = new HashSet<String>(identifiers);
// Retrieve all visible connections (permissions enforced by tunnel service) // Retrieve all visible connections (permissions enforced by tunnel service)
@@ -95,7 +96,7 @@ public class ActiveConnectionService
// Add connection if within requested identifiers // Add connection if within requested identifiers
if (identifierSet.contains(record.getUUID().toString())) { if (identifierSet.contains(record.getUUID().toString())) {
TrackedActiveConnection activeConnection = trackedActiveConnectionProvider.get(); TrackedActiveConnection activeConnection = trackedActiveConnectionProvider.get();
activeConnection.init(user, record); activeConnection.init(user, record, isAdmin);
activeConnections.add(activeConnection); activeConnections.add(activeConnection);
} }

26
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/activeconnection/TrackedActiveConnection.java
View File

@@ -69,26 +69,40 @@ public class TrackedActiveConnection extends RestrictedObject implements ActiveC
/** /**
* Initializes this TrackedActiveConnection, copying the data associated * Initializes this TrackedActiveConnection, copying the data associated
* with the given active connection record. * with the given active connection record. At a minimum, the identifier
* of this active connection will be set, the start date, and the
* identifier of the associated connection will be copied. If requested,
* sensitive information like the associated username will be copied, as
* well.
* *
* @param currentUser * @param currentUser
* The user that created or retrieved this object. * The user that created or retrieved this object.
* *
* @param activeConnectionRecord * @param activeConnectionRecord
* The active connection record to copy. * The active connection record to copy.
*
* @param includeSensitiveInformation
* Whether sensitive data should be copied from the connection record
* as well. This includes the remote host, associated tunnel, and
* username.
*/ */
public void init(AuthenticatedUser currentUser, public void init(AuthenticatedUser currentUser,
ActiveConnectionRecord activeConnectionRecord) { ActiveConnectionRecord activeConnectionRecord,
boolean includeSensitiveInformation) {
super.init(currentUser); super.init(currentUser);
// Copy all data from given record // Copy all non-sensitive data from given record
this.connectionIdentifier = activeConnectionRecord.getConnection().getIdentifier(); this.connectionIdentifier = activeConnectionRecord.getConnection().getIdentifier();
this.identifier = activeConnectionRecord.getUUID().toString(); this.identifier = activeConnectionRecord.getUUID().toString();
this.remoteHost = activeConnectionRecord.getRemoteHost();
this.startDate = activeConnectionRecord.getStartDate(); this.startDate = activeConnectionRecord.getStartDate();
this.tunnel = activeConnectionRecord.getTunnel();
this.username = activeConnectionRecord.getUsername(); // Include sensitive data, too, if requested
if (includeSensitiveInformation) {
this.remoteHost = activeConnectionRecord.getRemoteHost();
this.tunnel = activeConnectionRecord.getTunnel();
this.username = activeConnectionRecord.getUsername();
}
} }

16
guacamole-ext/src/main/java/org/glyptodon/guacamole/net/auth/ActiveConnection.java
View File

@@ -34,7 +34,9 @@ import org.glyptodon.guacamole.net.GuacamoleTunnel;
public interface ActiveConnection extends Identifiable { public interface ActiveConnection extends Identifiable {
/** /**
* Returns the identifier of the connection being actively used. * Returns the identifier of the connection being actively used. Unlike the
* other information stored in this object, the connection identifier must
* be present and MAY NOT be null.
* *
* @return * @return
* The identifier of the connection being actively used. * The identifier of the connection being actively used.
@@ -53,7 +55,8 @@ public interface ActiveConnection extends Identifiable {
* Returns the date and time the connection began. * Returns the date and time the connection began.
* *
* @return * @return
* The date and time the connection began. * The date and time the connection began, or null if this
* information is not available.
*/ */
Date getStartDate(); Date getStartDate();
@@ -61,7 +64,8 @@ public interface ActiveConnection extends Identifiable {
* Sets the date and time the connection began. * Sets the date and time the connection began.
* *
* @param startDate * @param startDate
* The date and time the connection began. * The date and time the connection began, or null if this
* information is not available.
*/ */
void setStartDate(Date startDate); void setStartDate(Date startDate);
@@ -90,7 +94,8 @@ public interface ActiveConnection extends Identifiable {
* Returns the name of the user who is using this connection. * Returns the name of the user who is using this connection.
* *
* @return * @return
* The name of the user who is using this connection. * The name of the user who is using this connection, or null if this
* information is not available.
*/ */
String getUsername(); String getUsername();
@@ -98,7 +103,8 @@ public interface ActiveConnection extends Identifiable {
* Sets the name of the user who is using this connection. * Sets the name of the user who is using this connection.
* *
* @param username * @param username
* The name of the user who is using this connection. * The name of the user who is using this connection, or null if this
* information is not available.
*/ */
void setUsername(String username); void setUsername(String username);

4
guacamole/src/main/webapp/app/rest/types/ActiveConnection.js
View File

@@ -59,7 +59,7 @@ angular.module('rest').factory('ActiveConnection', [function defineActiveConnect
/** /**
* The time that the connection began, in seconds since * The time that the connection began, in seconds since
* 1970-01-01 00:00:00 UTC. * 1970-01-01 00:00:00 UTC, if known.
* *
* @type Number * @type Number
*/ */
@@ -73,7 +73,7 @@ angular.module('rest').factory('ActiveConnection', [function defineActiveConnect
this.remoteHost = template.remoteHost; this.remoteHost = template.remoteHost;
/** /**
* The username of the user associated with the connection. * The username of the user associated with the connection, if known.
* *
* @type String * @type String
*/ */