From b0ac5d22ffec3000e892b564e1634ff1e8ffeb13 Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Thu, 27 Aug 2015 15:34:12 -0700
Subject: [PATCH] GUAC-586: Associate unique identifier with each
 AuthenticationProvider.

---
 .../mysql/MySQLAuthenticationProvider.java    |  5 ++++
 .../PostgreSQLAuthenticationProvider.java     |  5 ++++
 .../auth/ldap/LDAPAuthenticationProvider.java |  5 ++++
 .../auth/noauth/NoAuthenticationProvider.java |  5 ++++
 .../net/auth/AuthenticationProvider.java      | 12 ++++++++
 .../BasicFileAuthenticationProvider.java      |  5 ++++
 .../AuthenticationProviderFacade.java         | 21 +++++++++++++
 .../basic/rest/ObjectRetrievalService.java    | 30 +++++++++++--------
 8 files changed, 75 insertions(+), 13 deletions(-)

diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProvider.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProvider.java
index 95e5d6bc7..ed4f60c87 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProvider.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProvider.java
@@ -192,6 +192,11 @@ public class MySQLAuthenticationProvider implements AuthenticationProvider {
 
     }
 
+    @Override
+    public String getIdentifier() {
+        return "mysql";
+    }
+
     @Override
     public AuthenticatedUser authenticateUser(Credentials credentials)
             throws GuacamoleException {
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/java/org/glyptodon/guacamole/auth/postgresql/PostgreSQLAuthenticationProvider.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/java/org/glyptodon/guacamole/auth/postgresql/PostgreSQLAuthenticationProvider.java
index e4046a7bf..db0fe1b08 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/java/org/glyptodon/guacamole/auth/postgresql/PostgreSQLAuthenticationProvider.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/java/org/glyptodon/guacamole/auth/postgresql/PostgreSQLAuthenticationProvider.java
@@ -192,6 +192,11 @@ public class PostgreSQLAuthenticationProvider implements AuthenticationProvider
 
     }
 
+    @Override
+    public String getIdentifier() {
+        return "postgresql";
+    }
+
     @Override
     public AuthenticatedUser authenticateUser(Credentials credentials)
             throws GuacamoleException {
diff --git a/extensions/guacamole-auth-ldap/src/main/java/net/sourceforge/guacamole/net/auth/ldap/LDAPAuthenticationProvider.java b/extensions/guacamole-auth-ldap/src/main/java/net/sourceforge/guacamole/net/auth/ldap/LDAPAuthenticationProvider.java
index db1e92c2e..9a25b94a2 100644
--- a/extensions/guacamole-auth-ldap/src/main/java/net/sourceforge/guacamole/net/auth/ldap/LDAPAuthenticationProvider.java
+++ b/extensions/guacamole-auth-ldap/src/main/java/net/sourceforge/guacamole/net/auth/ldap/LDAPAuthenticationProvider.java
@@ -74,6 +74,11 @@ public class LDAPAuthenticationProvider extends SimpleAuthenticationProvider {
         environment = new LocalEnvironment();
     }
 
+    @Override
+    public String getIdentifier() {
+        return "ldap";
+    }
+
     // Courtesy of OWASP: https://www.owasp.org/index.php/Preventing_LDAP_Injection_in_Java
     private static String escapeLDAPSearchFilter(String filter) {
         StringBuilder sb = new StringBuilder();
diff --git a/extensions/guacamole-auth-noauth/src/main/java/net/sourceforge/guacamole/net/auth/noauth/NoAuthenticationProvider.java b/extensions/guacamole-auth-noauth/src/main/java/net/sourceforge/guacamole/net/auth/noauth/NoAuthenticationProvider.java
index 3752f8029..fe38e13aa 100644
--- a/extensions/guacamole-auth-noauth/src/main/java/net/sourceforge/guacamole/net/auth/noauth/NoAuthenticationProvider.java
+++ b/extensions/guacamole-auth-noauth/src/main/java/net/sourceforge/guacamole/net/auth/noauth/NoAuthenticationProvider.java
@@ -122,6 +122,11 @@ public class NoAuthenticationProvider extends SimpleAuthenticationProvider {
         environment = new LocalEnvironment();
     }
 
+    @Override
+    public String getIdentifier() {
+        return "noauth";
+    }
+
     /**
      * Retrieves the configuration file, as defined within guacamole.properties.
      *
diff --git a/guacamole-ext/src/main/java/org/glyptodon/guacamole/net/auth/AuthenticationProvider.java b/guacamole-ext/src/main/java/org/glyptodon/guacamole/net/auth/AuthenticationProvider.java
index e269179ec..077edbd5a 100644
--- a/guacamole-ext/src/main/java/org/glyptodon/guacamole/net/auth/AuthenticationProvider.java
+++ b/guacamole-ext/src/main/java/org/glyptodon/guacamole/net/auth/AuthenticationProvider.java
@@ -33,6 +33,18 @@ import org.glyptodon.guacamole.GuacamoleException;
  */
 public interface AuthenticationProvider {
 
+    /**
+     * Returns the identifier which uniquely and consistently identifies this
+     * AuthenticationProvider implementation. This identifier may not be null
+     * and must be unique across all AuthenticationProviders loaded by the
+     * Guacamole web application.
+     *
+     * @return
+     *     The unique identifier assigned to this AuthenticationProvider, which
+     *     may not be null.
+     */
+    String getIdentifier();
+
     /**
      * Returns an AuthenticatedUser representing the user authenticated by the
      * given credentials, if any.
diff --git a/guacamole/src/main/java/net/sourceforge/guacamole/net/basic/BasicFileAuthenticationProvider.java b/guacamole/src/main/java/net/sourceforge/guacamole/net/basic/BasicFileAuthenticationProvider.java
index 5b7173906..e868a9117 100644
--- a/guacamole/src/main/java/net/sourceforge/guacamole/net/basic/BasicFileAuthenticationProvider.java
+++ b/guacamole/src/main/java/net/sourceforge/guacamole/net/basic/BasicFileAuthenticationProvider.java
@@ -105,6 +105,11 @@ public class BasicFileAuthenticationProvider extends SimpleAuthenticationProvide
         environment = new LocalEnvironment();
     }
 
+    @Override
+    public String getIdentifier() {
+        return "default";
+    }
+
     /**
      * Returns a UserMapping containing all authorization data given within
      * the XML file specified by the "basic-user-mapping" property in
diff --git a/guacamole/src/main/java/org/glyptodon/guacamole/net/basic/extension/AuthenticationProviderFacade.java b/guacamole/src/main/java/org/glyptodon/guacamole/net/basic/extension/AuthenticationProviderFacade.java
index 4db9abfd3..227d43017 100644
--- a/guacamole/src/main/java/org/glyptodon/guacamole/net/basic/extension/AuthenticationProviderFacade.java
+++ b/guacamole/src/main/java/org/glyptodon/guacamole/net/basic/extension/AuthenticationProviderFacade.java
@@ -23,6 +23,7 @@
 package org.glyptodon.guacamole.net.basic.extension;
 
 import java.lang.reflect.InvocationTargetException;
+import java.util.UUID;
 import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.net.auth.AuthenticatedUser;
 import org.glyptodon.guacamole.net.auth.AuthenticationProvider;
@@ -53,6 +54,12 @@ public class AuthenticationProviderFacade implements AuthenticationProvider {
      */
     private final AuthenticationProvider authProvider;
 
+    /**
+     * The identifier to provide for the underlying authentication provider if
+     * the authentication provider could not be loaded.
+     */
+    private final String facadeIdentifier = UUID.randomUUID().toString();
+
     /**
      * Creates a new AuthenticationProviderFacade which delegates all function
      * calls to an instance of the given AuthenticationProvider subclass. If
@@ -118,6 +125,20 @@ public class AuthenticationProviderFacade implements AuthenticationProvider {
 
     }
 
+    @Override
+    public String getIdentifier() {
+
+        // Ignore auth attempts if no auth provider could be loaded
+        if (authProvider == null) {
+            logger.warn("The authentication system could not be loaded. Please check for errors earlier in the logs.");
+            return facadeIdentifier;
+        }
+
+        // Delegate to underlying auth provider
+        return authProvider.getIdentifier();
+
+    }
+
     @Override
     public AuthenticatedUser authenticateUser(Credentials credentials)
             throws GuacamoleException {
diff --git a/guacamole/src/main/java/org/glyptodon/guacamole/net/basic/rest/ObjectRetrievalService.java b/guacamole/src/main/java/org/glyptodon/guacamole/net/basic/rest/ObjectRetrievalService.java
index f012d2757..981233eb5 100644
--- a/guacamole/src/main/java/org/glyptodon/guacamole/net/basic/rest/ObjectRetrievalService.java
+++ b/guacamole/src/main/java/org/glyptodon/guacamole/net/basic/rest/ObjectRetrievalService.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014 Glyptodon LLC
+ * Copyright (C) 2015 Glyptodon LLC
  *
  * Permission is hereby granted, free of charge, to any person obtaining a copy
  * of this software and associated documentation files (the "Software"), to deal
@@ -48,29 +48,33 @@ public class ObjectRetrievalService {
      * @param session
      *     The GuacamoleSession to retrieve the UserContext from.
      *
-     * @param id
-     *     The numeric ID of the UserContext to retrieve. This ID is the index
-     *     of the UserContext within the overall list of UserContexts
-     *     associated with the user's session.
+     * @param identifier
+     *     The unique identifier of the AuthenticationProvider that created the
+     *     UserContext being retrieved. Only one UserContext per
+     *     AuthenticationProvider can exist.
      *
      * @return
-     *     The user having the given identifier.
+     *     The UserContext that was created by the AuthenticationProvider
+     *     having the given identifier.
      *
      * @throws GuacamoleException
-     *     If an error occurs while retrieving the user, or if the
-     *     user does not exist.
+     *     If an error occurs while retrieving the UserContext, or if the
+     *     UserContext does not exist.
      */
     public UserContext retrieveUserContext(GuacamoleSession session,
-            int id) throws GuacamoleException {
+            String identifier) throws GuacamoleException {
 
         // Get list of UserContexts
         List<UserContext> userContexts = session.getUserContexts();
 
-        // Verify context exists
-        if (id < 0 || id >= userContexts.size())
-            throw new GuacamoleResourceNotFoundException("No such user context: \"" + id + "\"");
+        // Locate and return the UserContext associated with the
+        // AuthenticationProvider having the given identifier, if any
+        for (UserContext userContext : userContexts) {
+            if (userContext.getAuthenticationProvider().getIdentifier().equals(identifier))
+                return userContext;
+        }
 
-        return userContexts.get(id);
+        throw new GuacamoleResourceNotFoundException("Session not associated with authentication provider \"" + identifier + "\".");
 
     }