diff --git a/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/AuthenticationProviderService.java b/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/AuthenticationProviderService.java index 4fd37f18a..d44205b8d 100644 --- a/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/AuthenticationProviderService.java +++ b/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/AuthenticationProviderService.java @@ -25,6 +25,7 @@ import com.google.inject.Provider; import java.util.Arrays; import javax.servlet.http.HttpServletRequest; import org.apache.guacamole.auth.radius.user.AuthenticatedUser; +import org.apache.guacamole.auth.radius.form.GuacamoleRadiusChallenge; import org.apache.guacamole.auth.radius.form.RadiusChallengeResponseField; import org.apache.guacamole.auth.radius.form.RadiusStateField; import org.apache.guacamole.GuacamoleException; @@ -67,18 +68,20 @@ public class AuthenticationProviderService { private Provider authenticatedUserProvider; /** - * Returns the expected credentials from a RADIUS challenge. + * Returns an object containing the challenge message and the expected + * credentials from a RADIUS challenge. * * @param challengePacket * The AccessChallenge RadiusPacket received from the RADIUS * server. * * @return - * A CredentialsInfo object that represents fields that need to - * be presented to the user in order to complete authentication. - * One of these must be the RADIUS state. + * A GuacamoleRadiusChallenge object that contains the challenge message + * sent by the RADIUS server and the expected credentials that should + * be requested of the user in order to continue authentication. One + * of the expected credentials *must* be the RADIUS state. */ - private CredentialsInfo getRadiusChallenge(RadiusPacket challengePacket) { + private GuacamoleRadiusChallenge getRadiusChallenge(RadiusPacket challengePacket) { // Try to get the state attribute - if it's not there, we have a problem RadiusAttribute stateAttr = challengePacket.findAttribute(Attr_State.TYPE); @@ -97,13 +100,17 @@ public class AuthenticationProviderService { } // We have the required attributes - convert to strings and then generate the additional login box/field - String replyMsg = replyAttr.toString(); + logger.debug("Received challenge: {}", replyAttr.toString()); + String replyMsg = replyAttr.toString().split(" = ", 2)[1]; String radiusState = BaseEncoding.base16().encode(stateAttr.getValue().getBytes()); Field radiusResponseField = new RadiusChallengeResponseField(replyMsg); Field radiusStateField = new RadiusStateField(radiusState); - // Return the CredentialsInfo object that has the state and the expected response. - return new CredentialsInfo(Arrays.asList(radiusResponseField,radiusStateField)); + // Return the GuacamoleRadiusChallenge object that has the state + // and the expected response. + return new GuacamoleRadiusChallenge(replyMsg, + new CredentialsInfo(Arrays.asList(radiusResponseField, + radiusStateField))); } /** @@ -200,12 +207,14 @@ public class AuthenticationProviderService { // Received AccessChallenge packet, more credentials required to complete authentication else if (radPack instanceof AccessChallenge) { - CredentialsInfo expectedCredentials = getRadiusChallenge(radPack); + GuacamoleRadiusChallenge challenge = getRadiusChallenge(radPack); - if (expectedCredentials == null) + if (challenge == null) throw new GuacamoleInvalidCredentialsException("Authentication error.", CredentialsInfo.USERNAME_PASSWORD); - throw new GuacamoleInsufficientCredentialsException("LOGIN.INFO_RADIUS_ADDL_REQUIRED", expectedCredentials); + throw new GuacamoleInsufficientCredentialsException( + challenge.getChallengeText(), + challenge.getExpectedCredentials()); } // Something unanticipated happened, so panic and go back to login. diff --git a/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/form/GuacamoleRadiusChallenge.java b/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/form/GuacamoleRadiusChallenge.java new file mode 100644 index 000000000..581675ff0 --- /dev/null +++ b/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/form/GuacamoleRadiusChallenge.java @@ -0,0 +1,77 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.guacamole.auth.radius.form; + +import org.apache.guacamole.net.auth.credentials.CredentialsInfo; + +/** + * A class for storing the RADIUS challenge message and expected credentials + * in a single object. + */ +public class GuacamoleRadiusChallenge { + + /** + * The challenge text sent by the RADIUS server. + */ + private final String challengeText; + + /** + * The expected credentials that need to be provided to satisfy the + * RADIUS authentication challenge. + */ + private final CredentialsInfo expectedCredentials; + + /** + * Create a new GuacamoleRadiusChallenge object with the provided + * challenge message and expected credentials. + * + * @param challengeText + * The challenge message sent by the RADIUS server. + * + * @param expectedCredentials + * The credentials required to complete the challenge. + */ + public GuacamoleRadiusChallenge(String challengeText, + CredentialsInfo expectedCredentials) { + this.challengeText = challengeText; + this.expectedCredentials = expectedCredentials; + } + + /** + * Return the challenge message provided by the RADIUS server. + * + * @return + * The challenge message provided by the RADIUS server. + */ + public String getChallengeText() { + return challengeText; + } + + /** + * Return the credentials required to satisfy the RADIUS challenge. + * + * @return + * The credentials required to satisfy the RADIUS challenge. + */ + public CredentialsInfo getExpectedCredentials() { + return expectedCredentials; + } + +} diff --git a/extensions/guacamole-auth-radius/src/main/resources/config/radiusConfig.js b/extensions/guacamole-auth-radius/src/main/resources/config/radiusConfig.js index dab0ffc24..09aefd668 100644 --- a/extensions/guacamole-auth-radius/src/main/resources/config/radiusConfig.js +++ b/extensions/guacamole-auth-radius/src/main/resources/config/radiusConfig.js @@ -26,7 +26,6 @@ angular.module('guacRadius').config(['formServiceProvider', // Define field for the challenge from the RADIUS service formServiceProvider.registerFieldType('GUAC_RADIUS_CHALLENGE_RESPONSE', { module : 'guacRadius', - controller : 'radiusResponseController', templateUrl : 'app/ext/radius/templates/radiusResponseField.html' }); diff --git a/extensions/guacamole-auth-radius/src/main/resources/controllers/radiusResponseController.js b/extensions/guacamole-auth-radius/src/main/resources/controllers/radiusResponseController.js deleted file mode 100644 index 4782b208f..000000000 --- a/extensions/guacamole-auth-radius/src/main/resources/controllers/radiusResponseController.js +++ /dev/null @@ -1,30 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -/** - * Controller for the "GUAC_RADIUS_CHALLENGE_RESPONSE" field which - * passes the RADIUS server challenge to the user and takes the response. - */ -angular.module('guacRadius').controller('radiusResponseController', ['$scope', '$injector', - function radiusResponseController($scope, $injector) { - - // Populate the reply message field - $scope.radiusPlaceholder = $scope.field.challenge; - -}]); diff --git a/extensions/guacamole-auth-radius/src/main/resources/templates/radiusResponseField.html b/extensions/guacamole-auth-radius/src/main/resources/templates/radiusResponseField.html index eec760ff4..ced48f642 100644 --- a/extensions/guacamole-auth-radius/src/main/resources/templates/radiusResponseField.html +++ b/extensions/guacamole-auth-radius/src/main/resources/templates/radiusResponseField.html @@ -1 +1,6 @@ - + diff --git a/extensions/guacamole-auth-radius/src/main/resources/translations/en.json b/extensions/guacamole-auth-radius/src/main/resources/translations/en.json index c068a70af..203db185d 100644 --- a/extensions/guacamole-auth-radius/src/main/resources/translations/en.json +++ b/extensions/guacamole-auth-radius/src/main/resources/translations/en.json @@ -6,8 +6,7 @@ "LOGIN" : { "FIELD_HEADER_GUAC_RADIUS_CHALLENGE_RESPONSE" : "", - "FIELD_HEADER_GUAC_RADIUS_STATE" : "", - "INFO_RADIUS_ADDL_REQUIRED" : "Please supply additional credentials" + "FIELD_HEADER_GUAC_RADIUS_STATE" : "" } }