diff --git a/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/AuthenticationProviderService.java b/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/AuthenticationProviderService.java index 4fd37f18a..fee43575d 100644 --- a/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/AuthenticationProviderService.java +++ b/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/AuthenticationProviderService.java @@ -25,7 +25,7 @@ import com.google.inject.Provider; import java.util.Arrays; import javax.servlet.http.HttpServletRequest; import org.apache.guacamole.auth.radius.user.AuthenticatedUser; -import org.apache.guacamole.auth.radius.form.RadiusChallengeResponseField; +import org.apache.guacamole.auth.radius.form.GuacamoleRadiusChallenge; import org.apache.guacamole.auth.radius.form.RadiusStateField; import org.apache.guacamole.GuacamoleException; import org.apache.guacamole.form.Field; @@ -42,6 +42,7 @@ import net.jradius.packet.AccessAccept; import net.jradius.packet.AccessChallenge; import net.jradius.packet.AccessReject; import net.jradius.packet.attribute.RadiusAttribute; +import org.apache.guacamole.form.PasswordField; /** * Service providing convenience functions for the RADIUS AuthenticationProvider @@ -53,6 +54,12 @@ public class AuthenticationProviderService { * Logger for this class. */ private final Logger logger = LoggerFactory.getLogger(AuthenticationProviderService.class); + + /** + * The name of the password field where the user will enter a response to + * the RADIUS challenge. + */ + private static final String CHALLENGE_RESPONSE_PARAM = "radiusChallenge"; /** * Service for creating and managing connections to RADIUS servers. @@ -67,18 +74,23 @@ public class AuthenticationProviderService { private Provider authenticatedUserProvider; /** - * Returns the expected credentials from a RADIUS challenge. + * Returns an object containing the challenge message and the expected + * credentials from a RADIUS challenge, or null if either state or reply + * attributes are missing from the challenge. * * @param challengePacket * The AccessChallenge RadiusPacket received from the RADIUS * server. * * @return - * A CredentialsInfo object that represents fields that need to - * be presented to the user in order to complete authentication. - * One of these must be the RADIUS state. + * A GuacamoleRadiusChallenge object that contains the challenge message + * sent by the RADIUS server and the expected credentials that should + * be requested of the user in order to continue authentication. One + * of the expected credentials *must* be the RADIUS state. If either + * state or the reply are missing from the challenge this method will + * return null. */ - private CredentialsInfo getRadiusChallenge(RadiusPacket challengePacket) { + private GuacamoleRadiusChallenge getRadiusChallenge(RadiusPacket challengePacket) { // Try to get the state attribute - if it's not there, we have a problem RadiusAttribute stateAttr = challengePacket.findAttribute(Attr_State.TYPE); @@ -97,13 +109,16 @@ public class AuthenticationProviderService { } // We have the required attributes - convert to strings and then generate the additional login box/field - String replyMsg = replyAttr.toString(); + String replyMsg = replyAttr.getValue().toString(); String radiusState = BaseEncoding.base16().encode(stateAttr.getValue().getBytes()); - Field radiusResponseField = new RadiusChallengeResponseField(replyMsg); + Field radiusResponseField = new PasswordField(CHALLENGE_RESPONSE_PARAM); Field radiusStateField = new RadiusStateField(radiusState); - // Return the CredentialsInfo object that has the state and the expected response. - return new CredentialsInfo(Arrays.asList(radiusResponseField,radiusStateField)); + // Return the GuacamoleRadiusChallenge object that has the state + // and the expected response. + return new GuacamoleRadiusChallenge(replyMsg, + new CredentialsInfo(Arrays.asList(radiusResponseField, + radiusStateField))); } /** @@ -134,7 +149,7 @@ public class AuthenticationProviderService { // Grab HTTP request object and a response to a challenge. HttpServletRequest request = credentials.getRequest(); - String challengeResponse = request.getParameter(RadiusChallengeResponseField.PARAMETER_NAME); + String challengeResponse = request.getParameter(CHALLENGE_RESPONSE_PARAM); // RadiusPacket object to store response from server. RadiusPacket radPack; @@ -200,12 +215,14 @@ public class AuthenticationProviderService { // Received AccessChallenge packet, more credentials required to complete authentication else if (radPack instanceof AccessChallenge) { - CredentialsInfo expectedCredentials = getRadiusChallenge(radPack); + GuacamoleRadiusChallenge challenge = getRadiusChallenge(radPack); - if (expectedCredentials == null) + if (challenge == null) throw new GuacamoleInvalidCredentialsException("Authentication error.", CredentialsInfo.USERNAME_PASSWORD); - throw new GuacamoleInsufficientCredentialsException("LOGIN.INFO_RADIUS_ADDL_REQUIRED", expectedCredentials); + throw new GuacamoleInsufficientCredentialsException( + challenge.getChallengeText(), + challenge.getExpectedCredentials()); } // Something unanticipated happened, so panic and go back to login. diff --git a/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/form/GuacamoleRadiusChallenge.java b/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/form/GuacamoleRadiusChallenge.java new file mode 100644 index 000000000..45897944b --- /dev/null +++ b/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/form/GuacamoleRadiusChallenge.java @@ -0,0 +1,77 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.guacamole.auth.radius.form; + +import org.apache.guacamole.net.auth.credentials.CredentialsInfo; + +/** + * Stores the RADIUS challenge message and expected credentials in a single + * object. + */ +public class GuacamoleRadiusChallenge { + + /** + * The challenge text sent by the RADIUS server. + */ + private final String challengeText; + + /** + * The expected credentials that need to be provided to satisfy the + * RADIUS authentication challenge. + */ + private final CredentialsInfo expectedCredentials; + + /** + * Creates a new GuacamoleRadiusChallenge object with the provided + * challenge message and expected credentials. + * + * @param challengeText + * The challenge message sent by the RADIUS server. + * + * @param expectedCredentials + * The credentials required to complete the challenge. + */ + public GuacamoleRadiusChallenge(String challengeText, + CredentialsInfo expectedCredentials) { + this.challengeText = challengeText; + this.expectedCredentials = expectedCredentials; + } + + /** + * Returns the challenge message provided by the RADIUS server. + * + * @return + * The challenge message provided by the RADIUS server. + */ + public String getChallengeText() { + return challengeText; + } + + /** + * Returns the credentials required to satisfy the RADIUS challenge. + * + * @return + * The credentials required to satisfy the RADIUS challenge. + */ + public CredentialsInfo getExpectedCredentials() { + return expectedCredentials; + } + +} diff --git a/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/form/RadiusChallengeResponseField.java b/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/form/RadiusChallengeResponseField.java deleted file mode 100644 index 32ceb90de..000000000 --- a/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/form/RadiusChallengeResponseField.java +++ /dev/null @@ -1,68 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.guacamole.auth.radius.form; - -import org.apache.guacamole.form.Field; - -/** - * A form used to prompt the user for additional information when - * the RADIUS server sends a challenge back to the user with a reply - * message. - */ -public class RadiusChallengeResponseField extends Field { - - /** - * The field returned by the RADIUS challenge/response. - */ - public static final String PARAMETER_NAME = "guac-radius-challenge-response"; - - /** - * The type of field to initialize for the challenge/response. - */ - private static final String RADIUS_FIELD_TYPE = "GUAC_RADIUS_CHALLENGE_RESPONSE"; - - /** - * The message the RADIUS server sent back in the challenge. - */ - private final String challenge; - - /** - * Initialize the field with the challenge sent back by the RADIUS server. - * - * @param challenge - * The challenge message sent back by the RADIUS server. - */ - public RadiusChallengeResponseField(String challenge) { - super(PARAMETER_NAME, RADIUS_FIELD_TYPE); - this.challenge = challenge; - - } - - /** - * Get the challenge sent by the RADIUS server. - * - * @return - * A String that indicates the challenge returned - * by the RADIUS server. - */ - public String getChallenge() { - return challenge; - } -} diff --git a/extensions/guacamole-auth-radius/src/main/resources/config/radiusConfig.js b/extensions/guacamole-auth-radius/src/main/resources/config/radiusConfig.js index dab0ffc24..a3d72bf3a 100644 --- a/extensions/guacamole-auth-radius/src/main/resources/config/radiusConfig.js +++ b/extensions/guacamole-auth-radius/src/main/resources/config/radiusConfig.js @@ -23,13 +23,6 @@ angular.module('guacRadius').config(['formServiceProvider', function guacRadiusConfig(formServiceProvider) { - // Define field for the challenge from the RADIUS service - formServiceProvider.registerFieldType('GUAC_RADIUS_CHALLENGE_RESPONSE', { - module : 'guacRadius', - controller : 'radiusResponseController', - templateUrl : 'app/ext/radius/templates/radiusResponseField.html' - }); - // Define the hidden field for the RADIUS state formServiceProvider.registerFieldType('GUAC_RADIUS_STATE', { module : 'guacRadius', diff --git a/extensions/guacamole-auth-radius/src/main/resources/controllers/radiusResponseController.js b/extensions/guacamole-auth-radius/src/main/resources/controllers/radiusResponseController.js deleted file mode 100644 index 4782b208f..000000000 --- a/extensions/guacamole-auth-radius/src/main/resources/controllers/radiusResponseController.js +++ /dev/null @@ -1,30 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -/** - * Controller for the "GUAC_RADIUS_CHALLENGE_RESPONSE" field which - * passes the RADIUS server challenge to the user and takes the response. - */ -angular.module('guacRadius').controller('radiusResponseController', ['$scope', '$injector', - function radiusResponseController($scope, $injector) { - - // Populate the reply message field - $scope.radiusPlaceholder = $scope.field.challenge; - -}]); diff --git a/extensions/guacamole-auth-radius/src/main/resources/guac-manifest.json b/extensions/guacamole-auth-radius/src/main/resources/guac-manifest.json index 6e8e07899..707f233b7 100644 --- a/extensions/guacamole-auth-radius/src/main/resources/guac-manifest.json +++ b/extensions/guacamole-auth-radius/src/main/resources/guac-manifest.json @@ -19,7 +19,6 @@ ], "resources" : { - "templates/radiusResponseField.html" : "text/html", "templates/radiusStateField.html" : "text/html" } diff --git a/extensions/guacamole-auth-radius/src/main/resources/templates/radiusResponseField.html b/extensions/guacamole-auth-radius/src/main/resources/templates/radiusResponseField.html deleted file mode 100644 index eec760ff4..000000000 --- a/extensions/guacamole-auth-radius/src/main/resources/templates/radiusResponseField.html +++ /dev/null @@ -1 +0,0 @@ - diff --git a/extensions/guacamole-auth-radius/src/main/resources/translations/en.json b/extensions/guacamole-auth-radius/src/main/resources/translations/en.json index c068a70af..66232e4e7 100644 --- a/extensions/guacamole-auth-radius/src/main/resources/translations/en.json +++ b/extensions/guacamole-auth-radius/src/main/resources/translations/en.json @@ -5,9 +5,7 @@ }, "LOGIN" : { - "FIELD_HEADER_GUAC_RADIUS_CHALLENGE_RESPONSE" : "", - "FIELD_HEADER_GUAC_RADIUS_STATE" : "", - "INFO_RADIUS_ADDL_REQUIRED" : "Please supply additional credentials" + "FIELD_HEADER_GUAC_RADIUS_STATE" : "" } }