Merge 1.0.0 changes back to master.

2025-09-06 05:07:41 +00:00 · 2018-07-01 23:18:04 -07:00
parent 7481c181ed 34faa5d928
commit d53b43ce29
5 changed files with 45 additions and 74 deletions
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledUserContext.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledUserContext.java
@@ -137,7 +137,7 @@ public class ModeledUserContext extends RestrictedObject
        userRecord = new ActivityRecordModel();
        userRecord.setUsername(currentUser.getIdentifier());
        userRecord.setStartDate(new Date());
-        userRecord.setRemoteHost(currentUser.getCredentials().getRemoteHostname());
+        userRecord.setRemoteHost(currentUser.getCredentials().getRemoteAddress());

        // Insert record representing login
        userRecordMapper.insert(userRecord);
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/RemoteAuthenticatedUser.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/RemoteAuthenticatedUser.java
@@ -21,9 +21,6 @@ package org.apache.guacamole.auth.jdbc.user;

 import java.util.HashMap;
 import java.util.Map;
-import java.util.regex.Matcher;
-import java.util.regex.Pattern;
-import javax.servlet.http.HttpServletRequest;
 import org.apache.guacamole.net.auth.AuthenticatedUser;
 import org.apache.guacamole.net.auth.AuthenticationProvider;
 import org.apache.guacamole.net.auth.Credentials;
@@ -48,27 +45,6 @@ public abstract class RemoteAuthenticatedUser implements AuthenticatedUser {
     */
    private final String remoteHost;

-    /**
-     * Regular expression which matches any IPv4 address.
-     */
-    private static final String IPV4_ADDRESS_REGEX = "([0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3})";
-
-    /**
-     * Regular expression which matches any IPv6 address.
-     */
-    private static final String IPV6_ADDRESS_REGEX = "([0-9a-fA-F]*(:[0-9a-fA-F]*){0,7})";
-
-    /**
-     * Regular expression which matches any IP address, regardless of version.
-     */
-    private static final String IP_ADDRESS_REGEX = "(" + IPV4_ADDRESS_REGEX + "|" + IPV6_ADDRESS_REGEX + ")";
-
-    /**
-     * Pattern which matches valid values of the de-facto standard
-     * "X-Forwarded-For" header.
-     */
-    private static final Pattern X_FORWARDED_FOR = Pattern.compile("^" + IP_ADDRESS_REGEX + "(, " + IP_ADDRESS_REGEX + ")*$");
-
    /**
     * Arbitrary attributes associated with this RemoteAuthenticatedUser object.
     */
@@ -84,38 +60,6 @@ public abstract class RemoteAuthenticatedUser implements AuthenticatedUser {
        this.attributes = attributes;
    }

-    /**
-     * Derives the remote host of the authenticating user from the given
-     * credentials object. The remote host is derived from X-Forwarded-For
-     * in addition to the actual source IP of the request, and thus is not
-     * trusted. The derived remote host is really only useful for logging,
-     * unless the server is configured such that X-Forwarded-For is guaranteed
-     * to be trustworthy.
-     *
-     * @param credentials
-     *     The credentials to derive the remote host from.
-     *
-     * @return
-     *     The remote host from which the user with the given credentials is
-     *     authenticating.
-     */
-    private static String getRemoteHost(Credentials credentials) {
-
-        HttpServletRequest request = credentials.getRequest();
-
-        // Use X-Forwarded-For, if present and valid
-        String header = request.getHeader("X-Forwarded-For");
-        if (header != null) {
-            Matcher matcher = X_FORWARDED_FOR.matcher(header);
-            if (matcher.matches())
-                return matcher.group(1);
-        }
-
-        // If header absent or invalid, just use source IP
-        return request.getRemoteAddr();
-
-    }
-
    /**
     * Creates a new RemoteAuthenticatedUser, deriving the associated remote
     * host from the given credentials.
@@ -130,7 +74,7 @@ public abstract class RemoteAuthenticatedUser implements AuthenticatedUser {
            Credentials credentials) {
        this.authenticationProvider = authenticationProvider;
        this.credentials = credentials;
-        this.remoteHost = getRemoteHost(credentials);
+        this.remoteHost = credentials.getRemoteAddress();
    }

    @Override
--- a/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/Credentials.java
+++ b/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/Credentials.java
@@ -72,8 +72,41 @@ public class Credentials implements Serializable {
     */
    private transient HttpSession session;

+    /**
+     * Construct a Credentials object with the given username, password,
+     * and HTTP request.  The information is assigned to the various
+     * storage objects, and the remote hostname and address is parsed out
+     * of the request object.
+     * 
+     * @param username
+     *     The username that was provided for authentication.
+     * 
+     * @param password
+     *     The password that was provided for authentication.
+     * 
+     * @param request 
+     *     The HTTP request associated with the authentication
+     *     request.
+     */
+    public Credentials(String username, String password, HttpServletRequest request) {
+        this.username = username;
+        this.password = password;
+        this.request = request;
+
+        // Set the remote address
+        this.remoteAddress = request.getRemoteAddr();
+
+        // Get the remote hostname
+        this.remoteHostname = request.getRemoteHost();
+
+        // If session exists get it, but don't create a new one.
+        this.session = request.getSession(false);
+
+    }
+    
    /**
     * Returns the password associated with this set of credentials.
+     *
     * @return The password associated with this username/password pair, or
     *         null if no password has been set.
     */
@@ -83,6 +116,7 @@ public class Credentials implements Serializable {

    /**
     * Sets the password associated with this set of credentials.
+     *
     * @param password The password to associate with this username/password
     *                 pair.
     */
@@ -92,6 +126,7 @@ public class Credentials implements Serializable {

    /**
     * Returns the username associated with this set of credentials.
+     *
     * @return The username associated with this username/password pair, or
     *         null if no username has been set.
     */
@@ -101,6 +136,7 @@ public class Credentials implements Serializable {

    /**
     * Sets the username associated with this set of credentials.
+     *
     * @param username The username to associate with this username/password
     *                 pair.
     */
@@ -110,6 +146,7 @@ public class Credentials implements Serializable {

    /**
     * Returns the HttpServletRequest associated with this set of credentials.
+     *
     * @return The HttpServletRequest associated with this set of credentials,
     *         or null if no such request exists.
     */
@@ -119,6 +156,7 @@ public class Credentials implements Serializable {

    /**
     * Sets the HttpServletRequest associated with this set of credentials.
+     *
     * @param request  The HttpServletRequest to associated with this set of
     *                 credentials.
     */
@@ -128,6 +166,7 @@ public class Credentials implements Serializable {

    /**
     * Returns the HttpSession associated with this set of credentials.
+     *
     * @return The HttpSession associated with this set of credentials, or null
     *         if no such request exists.
     */
@@ -137,6 +176,7 @@ public class Credentials implements Serializable {

    /**
     * Sets the HttpSession associated with this set of credentials.
+     *
     * @param session The HttpSession to associated with this set of
     *                credentials.
     */
--- a/guacamole/src/main/java/org/apache/guacamole/rest/auth/TokenRESTService.java
+++ b/guacamole/src/main/java/org/apache/guacamole/rest/auth/TokenRESTService.java
@@ -117,15 +117,7 @@ public class TokenRESTService {
        } // end Authorization header fallback

        // Build credentials
-        Credentials credentials = new Credentials();
-        credentials.setUsername(username);
-        credentials.setPassword(password);
-        credentials.setRequest(request);
-        credentials.setSession(request.getSession(false));
-        credentials.setRemoteAddress(request.getRemoteAddr());
-        credentials.setRemoteHostname(request.getRemoteHost());
-
-        return credentials;
+        return new Credentials(username, password, request);

    }

--- a/guacamole/src/main/java/org/apache/guacamole/rest/user/UserResource.java
+++ b/guacamole/src/main/java/org/apache/guacamole/rest/user/UserResource.java
@@ -155,13 +155,8 @@ public class UserResource
            @Context HttpServletRequest request) throws GuacamoleException {

        // Build credentials
-        Credentials credentials = new Credentials();
-        credentials.setUsername(user.getIdentifier());
-        credentials.setPassword(userPasswordUpdate.getOldPassword());
-        credentials.setRequest(request);
-        credentials.setSession(request.getSession(false));
-        credentials.setRemoteAddress(request.getRemoteAddr());
-        credentials.setRemoteHostname(request.getRemoteHost());
+        Credentials credentials = new Credentials(user.getIdentifier(),
+                userPasswordUpdate.getOldPassword(), request);

        // Verify that the old password was correct
        try {