safebox/guacamole-client
4
0
Fork 0
mirror of https://github.com/gyurix1968/guacamole-client.git synced 2025-09-05 20:57:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

GUACAMOLE-1956: Rename SSL client auth properties to use "ssl-auth" prefix (not just "ssl").

Browse Source 
The "ssl" prefix sounds like it's meant for configuring general use of
SSL/TLS for encryption in front of Guacamole, which is confusing,
particularly when encountering the "SSL_ENABLED" environment variable.

The "ssl-auth" prefix and "SSL_AUTH_ENABLED" environment variable don't
suffer from the same issue.
This commit is contained in:
Michael Jumper
2025-04-08 11:25:16 -07:00
parent 8ffa897088
commit 95dc96cf33
2 changed files with 26 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
extensions/guacamole-auth-sso/modules/guacamole-auth-sso-ssl/src/main/java/org/apache/guacamole/auth/ssl/conf/ConfigurationService.java
View File

@@ -28,7 +28,6 @@ import javax.ws.rs.core.UriBuilder;
import org.apache.guacamole.GuacamoleException; import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.GuacamoleServerException; import org.apache.guacamole.GuacamoleServerException;
import org.apache.guacamole.environment.Environment; import org.apache.guacamole.environment.Environment;
import org.apache.guacamole.properties.BooleanGuacamoleProperty;
import org.apache.guacamole.properties.IntegerGuacamoleProperty; import org.apache.guacamole.properties.IntegerGuacamoleProperty;
import org.apache.guacamole.properties.StringGuacamoleProperty; import org.apache.guacamole.properties.StringGuacamoleProperty;
import org.apache.guacamole.properties.URIGuacamoleProperty; import org.apache.guacamole.properties.URIGuacamoleProperty;
@@ -71,11 +70,11 @@ public class ConfigurationService {
* to THIS instance of Guacamole, but behind SSL termination that requires * to THIS instance of Guacamole, but behind SSL termination that requires
* SSL/TLS client authentication. * SSL/TLS client authentication.
*/ */
private static final WildcardURIGuacamoleProperty SSL_CLIENT_AUTH_URI = private static final WildcardURIGuacamoleProperty SSL_AUTH_URI =
new WildcardURIGuacamoleProperty() { new WildcardURIGuacamoleProperty() {
@Override @Override
public String getName() { return "ssl-client-auth-uri"; } public String getName() { return "ssl-auth-uri"; }
}; };
@@ -85,11 +84,11 @@ public class ConfigurationService {
* to THIS instance of Guacamole, but behind SSL termination that DOES NOT * to THIS instance of Guacamole, but behind SSL termination that DOES NOT
* require or request SSL/TLS client authentication. * require or request SSL/TLS client authentication.
*/ */
private static final URIGuacamoleProperty SSL_PRIMARY_URI = private static final URIGuacamoleProperty SSL_AUTH_PRIMARY_URI =
new URIGuacamoleProperty() { new URIGuacamoleProperty() {
@Override @Override
public String getName() { return "ssl-primary-uri"; } public String getName() { return "ssl-auth-primary-uri"; }
}; };
@@ -98,11 +97,11 @@ public class ConfigurationService {
* URL-encoded client certificate from an HTTP request received from an * URL-encoded client certificate from an HTTP request received from an
* SSL termination service providing SSL/TLS client authentication. * SSL termination service providing SSL/TLS client authentication.
*/ */
private static final StringGuacamoleProperty SSL_CLIENT_CERTIFICATE_HEADER = private static final StringGuacamoleProperty SSL_AUTH_CLIENT_CERTIFICATE_HEADER =
new StringGuacamoleProperty() { new StringGuacamoleProperty() {
@Override @Override
public String getName() { return "ssl-client-certificate-header"; } public String getName() { return "ssl-auth-client-certificate-header"; }
}; };
@@ -113,11 +112,11 @@ public class ConfigurationService {
* value of this header must be "SUCCESS" (all uppercase) if the * value of this header must be "SUCCESS" (all uppercase) if the
* certificate was successfully verified. * certificate was successfully verified.
*/ */
private static final StringGuacamoleProperty SSL_CLIENT_VERIFIED_HEADER = private static final StringGuacamoleProperty SSL_AUTH_CLIENT_VERIFIED_HEADER =
new StringGuacamoleProperty() { new StringGuacamoleProperty() {
@Override @Override
public String getName() { return "ssl-client-verified-header"; } public String getName() { return "ssl-auth-client-verified-header"; }
}; };
@@ -131,11 +130,11 @@ public class ConfigurationService {
* resources and cannot potentially be guessed while the token is still * resources and cannot potentially be guessed while the token is still
* valid. These tokens are 256-bit secure random values. * valid. These tokens are 256-bit secure random values.
*/ */
private static final IntegerGuacamoleProperty SSL_MAX_TOKEN_VALIDITY = private static final IntegerGuacamoleProperty SSL_AUTH_MAX_TOKEN_VALIDITY =
new IntegerGuacamoleProperty() { new IntegerGuacamoleProperty() {
@Override @Override
public String getName() { return "ssl-max-token-validity"; } public String getName() { return "ssl-auth-max-token-validity"; }
}; };
@@ -146,11 +145,11 @@ public class ConfigurationService {
* one of these attributes, the certificate will be rejected. By default, * one of these attributes, the certificate will be rejected. By default,
* any attribute is accepted. * any attribute is accepted.
*/ */
private static final StringGuacamoleProperty SSL_SUBJECT_USERNAME_ATTRIBUTE = private static final StringGuacamoleProperty SSL_AUTH_SUBJECT_USERNAME_ATTRIBUTE =
new StringGuacamoleProperty () { new StringGuacamoleProperty () {
@Override @Override
public String getName() { return "ssl-subject-username-attribute"; } public String getName() { return "ssl-auth-subject-username-attribute"; }
}; };
@@ -159,11 +158,11 @@ public class ConfigurationService {
* specified, only certificates asserting subject DNs beneath this base DN * specified, only certificates asserting subject DNs beneath this base DN
* will be accepted. By default, all DNs are accepted. * will be accepted. By default, all DNs are accepted.
*/ */
private static final LdapNameGuacamoleProperty SSL_SUBJECT_BASE_DN = private static final LdapNameGuacamoleProperty SSL_AUTH_SUBJECT_BASE_DN =
new LdapNameGuacamoleProperty () { new LdapNameGuacamoleProperty () {
@Override @Override
public String getName() { return "ssl-subject-base-dn"; } public String getName() { return "ssl-auth-subject-base-dn"; }
}; };
@@ -180,11 +179,11 @@ public class ConfigurationService {
* guessed while that subdomain is still valid. These subdomains are * guessed while that subdomain is still valid. These subdomains are
* 128-bit secure random values. * 128-bit secure random values.
*/ */
private static final IntegerGuacamoleProperty SSL_MAX_DOMAIN_VALIDITY = private static final IntegerGuacamoleProperty SSL_AUTH_MAX_DOMAIN_VALIDITY =
new IntegerGuacamoleProperty() { new IntegerGuacamoleProperty() {
@Override @Override
public String getName() { return "ssl-max-domain-validity"; } public String getName() { return "ssl-auth-max-domain-validity"; }
}; };
@@ -214,7 +213,7 @@ public class ConfigurationService {
*/ */
public URI getClientAuthenticationURI(String subdomain) throws GuacamoleException { public URI getClientAuthenticationURI(String subdomain) throws GuacamoleException {
URI authURI = environment.getRequiredProperty(SSL_CLIENT_AUTH_URI); URI authURI = environment.getRequiredProperty(SSL_AUTH_URI);
String baseHostname = authURI.getHost(); String baseHostname = authURI.getHost();
// Add provided subdomain to auth URI // Add provided subdomain to auth URI
@@ -249,7 +248,7 @@ public class ConfigurationService {
if (isPrimaryHostname(hostname)) if (isPrimaryHostname(hostname))
return null; return null;
URI authURI = environment.getRequiredProperty(SSL_CLIENT_AUTH_URI); URI authURI = environment.getRequiredProperty(SSL_AUTH_URI);
String baseHostname = authURI.getHost(); String baseHostname = authURI.getHost();
// Verify the first domain component is at least one character in // Verify the first domain component is at least one character in
@@ -281,7 +280,7 @@ public class ConfigurationService {
* or cannot be parsed. * or cannot be parsed.
*/ */
public URI getPrimaryURI() throws GuacamoleException { public URI getPrimaryURI() throws GuacamoleException {
return environment.getRequiredProperty(SSL_PRIMARY_URI); return environment.getRequiredProperty(SSL_AUTH_PRIMARY_URI);
} }
/** /**
@@ -345,7 +344,7 @@ public class ConfigurationService {
* be parsed. * be parsed.
*/ */
public String getClientCertificateHeader() throws GuacamoleException { public String getClientCertificateHeader() throws GuacamoleException {
return environment.getProperty(SSL_CLIENT_CERTIFICATE_HEADER, DEFAULT_CLIENT_CERTIFICATE_HEADER); return environment.getProperty(SSL_AUTH_CLIENT_CERTIFICATE_HEADER, DEFAULT_CLIENT_CERTIFICATE_HEADER);
} }
/** /**
@@ -363,7 +362,7 @@ public class ConfigurationService {
* cannot be parsed. * cannot be parsed.
*/ */
public String getClientVerifiedHeader() throws GuacamoleException { public String getClientVerifiedHeader() throws GuacamoleException {
return environment.getProperty(SSL_CLIENT_VERIFIED_HEADER, DEFAULT_CLIENT_VERIFIED_HEADER); return environment.getProperty(SSL_AUTH_CLIENT_VERIFIED_HEADER, DEFAULT_CLIENT_VERIFIED_HEADER);
} }
/** /**
@@ -382,7 +381,7 @@ public class ConfigurationService {
* If guacamole.properties cannot be parsed. * If guacamole.properties cannot be parsed.
*/ */
public int getMaxTokenValidity() throws GuacamoleException { public int getMaxTokenValidity() throws GuacamoleException {
return environment.getProperty(SSL_MAX_TOKEN_VALIDITY, DEFAULT_MAX_TOKEN_VALIDITY); return environment.getProperty(SSL_AUTH_MAX_TOKEN_VALIDITY, DEFAULT_MAX_TOKEN_VALIDITY);
} }
/** /**
@@ -402,7 +401,7 @@ public class ConfigurationService {
* If guacamole.properties cannot be parsed. * If guacamole.properties cannot be parsed.
*/ */
public int getMaxDomainValidity() throws GuacamoleException { public int getMaxDomainValidity() throws GuacamoleException {
return environment.getProperty(SSL_MAX_DOMAIN_VALIDITY, DEFAULT_MAX_DOMAIN_VALIDITY); return environment.getProperty(SSL_AUTH_MAX_DOMAIN_VALIDITY, DEFAULT_MAX_DOMAIN_VALIDITY);
} }
/** /**
@@ -417,7 +416,7 @@ public class ConfigurationService {
* If the configured base DN cannot be read or is not a valid LDAP DN. * If the configured base DN cannot be read or is not a valid LDAP DN.
*/ */
public LdapName getSubjectBaseDN() throws GuacamoleException { public LdapName getSubjectBaseDN() throws GuacamoleException {
return environment.getProperty(SSL_SUBJECT_BASE_DN); return environment.getProperty(SSL_AUTH_SUBJECT_BASE_DN);
} }
/** /**
@@ -434,7 +433,7 @@ public class ConfigurationService {
* If the configured set of username attributes cannot be read. * If the configured set of username attributes cannot be read.
*/ */
public Collection<String> getSubjectUsernameAttributes() throws GuacamoleException { public Collection<String> getSubjectUsernameAttributes() throws GuacamoleException {
return environment.getPropertyCollection(SSL_SUBJECT_USERNAME_ATTRIBUTE); return environment.getPropertyCollection(SSL_AUTH_SUBJECT_USERNAME_ATTRIBUTE);
} }
} }

2
guacamole-docker/build.d/010-map-guacamole-extensions.sh
View File

@@ -110,7 +110,7 @@ map_extensions <<'EOF'
guacamole-auth-sso/cas......................CAS_ guacamole-auth-sso/cas......................CAS_
guacamole-auth-sso/openid...................OPENID_ guacamole-auth-sso/openid...................OPENID_
guacamole-auth-sso/saml.....................SAML_ guacamole-auth-sso/saml.....................SAML_
guacamole-auth-sso/ssl......................SSL_ guacamole-auth-sso/ssl......................SSL_AUTH_
guacamole-auth-totp.........................TOTP_ guacamole-auth-totp.........................TOTP_
guacamole-display-statistics................DISPLAY_STATISTICS_ guacamole-display-statistics................DISPLAY_STATISTICS_
guacamole-history-recording-storage.........RECORDING_ guacamole-history-recording-storage.........RECORDING_