GUACAMOLE-189: Merge per-connection guacd functionality.

2025-09-06 13:17:41 +00:00 · 2017-05-10 20:38:05 -07:00
parent ea5c8c546a 31b1b42ba6
commit d9b888e99a
12 changed files with 616 additions and 81 deletions
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connection/ConnectionModel.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connection/ConnectionModel.java
@@ -22,6 +22,7 @@ package org.apache.guacamole.auth.jdbc.connection;
 import java.util.HashSet;
 import java.util.Set;
 import org.apache.guacamole.auth.jdbc.base.ChildObjectModel;
+import org.apache.guacamole.net.auth.GuacamoleProxyConfiguration.EncryptionMethod;

 /**
 * Object representation of a Guacamole connection, as represented in the
@@ -59,6 +60,24 @@ public class ConnectionModel extends ChildObjectModel {
     */
    private Set<String> sharingProfileIdentifiers = new HashSet<String>();

+    /**
+     * The hostname of the guacd instance to use, or null if the hostname of the
+     * default guacd instance should be used.
+     */
+    private String proxyHostname;
+
+    /**
+     * The port of the guacd instance to use, or null if the port of the default
+     * guacd instance should be used.
+     */
+    private Integer proxyPort;
+
+    /**
+     * The encryption method required by the desired guacd instance, or null if
+     * the encryption method of the default guacd instance should be used.
+     */
+    private EncryptionMethod proxyEncryptionMethod;
+
    /**
     * Creates a new, empty connection.
     */
@@ -158,6 +177,79 @@ public class ConnectionModel extends ChildObjectModel {
        this.maxConnectionsPerUser = maxConnectionsPerUser;
    }

+    /**
+     * Returns the hostname of the guacd instance to use. If the hostname of the
+     * default guacd instance should be used instead, null is returned.
+     *
+     * @return
+     *     The hostname of the guacd instance to use, or null if the hostname
+     *     of the default guacd instance should be used.
+     */
+    public String getProxyHostname() {
+        return proxyHostname;
+    }
+
+    /**
+     * Sets the hostname of the guacd instance to use.
+     *
+     * @param proxyHostname
+     *     The hostname of the guacd instance to use, or null if the hostname
+     *     of the default guacd instance should be used.
+     */
+    public void setProxyHostname(String proxyHostname) {
+        this.proxyHostname = proxyHostname;
+    }
+
+    /**
+     * Returns the port of the guacd instance to use. If the port of the default
+     * guacd instance should be used instead, null is returned.
+     *
+     * @return
+     *     The port of the guacd instance to use, or null if the port of the
+     *     default guacd instance should be used.
+     */
+    public Integer getProxyPort() {
+        return proxyPort;
+    }
+
+    /**
+     * Sets the port of the guacd instance to use.
+     *
+     * @param proxyPort
+     *     The port of the guacd instance to use, or null if the port of the
+     *     default guacd instance should be used.
+     */
+    public void setProxyPort(Integer proxyPort) {
+        this.proxyPort = proxyPort;
+    }
+
+    /**
+     * Returns the type of encryption required by the desired guacd instance.
+     * If the encryption method of the default guacd instance should be used
+     * instead, null is returned.
+     *
+     * @return
+     *     The type of encryption required by the desired guacd instance, or
+     *     null if the encryption method of the default guacd instance should
+     *     be used.
+     */
+    public EncryptionMethod getProxyEncryptionMethod() {
+        return proxyEncryptionMethod;
+    }
+
+    /**
+     * Sets the type of encryption which should be used when connecting to
+     * guacd, if any.
+     *
+     * @param proxyEncryptionMethod
+     *     The type of encryption required by the desired guacd instance, or
+     *     null if the encryption method of the default guacd instance should
+     *     be used.
+     */
+    public void setProxyEncryptionMethod(EncryptionMethod proxyEncryptionMethod) {
+        this.proxyEncryptionMethod = proxyEncryptionMethod;
+    }
+
    /**
     * Returns the identifiers of all readable sharing profiles associated with
     * this connection. This is set only when the connection is queried, and has
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connection/ModeledConnection.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connection/ModeledConnection.java
@@ -32,12 +32,16 @@ import org.apache.guacamole.auth.jdbc.tunnel.GuacamoleTunnelService;
 import org.apache.guacamole.GuacamoleException;
 import org.apache.guacamole.auth.jdbc.JDBCEnvironment;
 import org.apache.guacamole.auth.jdbc.base.ModeledChildDirectoryObject;
+import org.apache.guacamole.form.EnumField;
 import org.apache.guacamole.form.Field;
 import org.apache.guacamole.form.Form;
 import org.apache.guacamole.form.NumericField;
+import org.apache.guacamole.form.TextField;
 import org.apache.guacamole.net.GuacamoleTunnel;
 import org.apache.guacamole.net.auth.Connection;
 import org.apache.guacamole.net.auth.ConnectionRecord;
+import org.apache.guacamole.net.auth.GuacamoleProxyConfiguration;
+import org.apache.guacamole.net.auth.GuacamoleProxyConfiguration.EncryptionMethod;
 import org.apache.guacamole.protocol.GuacamoleClientInformation;
 import org.apache.guacamole.protocol.GuacamoleConfiguration;
 import org.slf4j.Logger;
@@ -55,6 +59,51 @@ public class ModeledConnection extends ModeledChildDirectoryObject<ConnectionMod
     */
    private static final Logger logger = LoggerFactory.getLogger(ModeledConnection.class);

+    /**
+     * The name of the attribute which overrides the hostname used to connect
+     * to guacd for this connection.
+     */
+    public static final String GUACD_HOSTNAME_NAME = "guacd-hostname";
+
+    /**
+     * The name of the attribute which overrides the port used to connect to
+     * guacd for this connection.
+     */
+    public static final String GUACD_PORT_NAME = "guacd-port";
+
+    /**
+     * The name of the attribute which overrides the encryption method used to
+     * connect to guacd for this connection.
+     */
+    public static final String GUACD_ENCRYPTION_NAME = "guacd-encryption";
+
+    /**
+     * The value specified for the "guacd-encryption" attribute if encryption
+     * should not be used to connect to guacd.
+     */
+    public static final String GUACD_ENCRYPTION_VALUE_NONE = "none";
+
+    /**
+     * The value specified for the "guacd-encryption" attribute if SSL/TLS
+     * encryption should be used to connect to guacd.
+     */
+    public static final String GUACD_ENCRYPTION_VALUE_SSL = "ssl";
+
+    /**
+     * All attributes which describe the configuration of the guacd instance
+     * which will be used to connect to the remote desktop described by this
+     * connection.
+     */
+    public static final Form GUACD_PARAMETERS = new Form("guacd", Arrays.<Field>asList(
+        new TextField(GUACD_HOSTNAME_NAME),
+        new NumericField(GUACD_PORT_NAME),
+        new EnumField(GUACD_ENCRYPTION_NAME, Arrays.asList(
+            "",
+            GUACD_ENCRYPTION_VALUE_NONE,
+            GUACD_ENCRYPTION_VALUE_SSL
+        ))
+    ));
+
    /**
     * The name of the attribute which controls the maximum number of
     * concurrent connections.
@@ -81,7 +130,8 @@ public class ModeledConnection extends ModeledChildDirectoryObject<ConnectionMod
     * logical forms.
     */
    public static final Collection<Form> ATTRIBUTES = Collections.unmodifiableCollection(Arrays.asList(
-        CONCURRENCY_LIMITS
+        CONCURRENCY_LIMITS,
+        GUACD_PARAMETERS
    ));

    /**
@@ -186,6 +236,35 @@ public class ModeledConnection extends ModeledChildDirectoryObject<ConnectionMod
        // Set per-user connection limit attribute
        attributes.put(MAX_CONNECTIONS_PER_USER_NAME, NumericField.format(getModel().getMaxConnectionsPerUser()));

+        // Set guacd (proxy) hostname and port
+        attributes.put(GUACD_HOSTNAME_NAME, getModel().getProxyHostname());
+        attributes.put(GUACD_PORT_NAME, NumericField.format(getModel().getProxyPort()));
+
+        // Set guacd (proxy) encryption method
+        EncryptionMethod encryptionMethod = getModel().getProxyEncryptionMethod();
+        if (encryptionMethod == null)
+            attributes.put(GUACD_ENCRYPTION_NAME, null);
+
+        else {
+            switch (encryptionMethod) {
+
+                // Unencrypted
+                case NONE:
+                    attributes.put(GUACD_ENCRYPTION_NAME, GUACD_ENCRYPTION_VALUE_NONE);
+                    break;
+
+                // SSL / TLS encryption
+                case SSL:
+                    attributes.put(GUACD_ENCRYPTION_NAME, GUACD_ENCRYPTION_VALUE_SSL);
+                    break;
+
+                // Unimplemented / unspecified
+                default:
+                    attributes.put(GUACD_ENCRYPTION_NAME, null);
+
+            }
+        }
+
        return attributes;
    }

@@ -206,6 +285,31 @@ public class ModeledConnection extends ModeledChildDirectoryObject<ConnectionMod
            logger.debug("Unable to parse numeric attribute.", e);
        }

+        // Set guacd hostname (no translation necessary)
+        getModel().setProxyHostname(attributes.get(GUACD_HOSTNAME_NAME));
+
+        // Translate guacd port
+        try { getModel().setProxyPort(NumericField.parse(attributes.get(GUACD_PORT_NAME))); }
+        catch (NumberFormatException e) {
+            logger.warn("Not setting guacd port: {}", e.getMessage());
+            logger.debug("Unable to parse numeric attribute.", e);
+        }
+
+        // Translate guacd encryption method
+        String encryptionMethod = attributes.get(GUACD_ENCRYPTION_NAME);
+
+        // Unencrypted
+        if (GUACD_ENCRYPTION_VALUE_NONE.equals(encryptionMethod))
+            getModel().setProxyEncryptionMethod(EncryptionMethod.NONE);
+
+        // SSL / TLS
+        else if (GUACD_ENCRYPTION_VALUE_SSL.equals(encryptionMethod))
+            getModel().setProxyEncryptionMethod(EncryptionMethod.SSL);
+
+        // Unimplemented / unspecified
+        else
+            getModel().setProxyEncryptionMethod(null);
+
    }

    /**
@@ -257,4 +361,39 @@ public class ModeledConnection extends ModeledChildDirectoryObject<ConnectionMod

    }

+    /**
+     * Returns the connection information which should be used to connect to
+     * guacd when establishing a connection to the remote desktop described by
+     * this connection. If no such information is defined for this specific
+     * remote desktop connection, the default guacd connection information will
+     * be used instead, as defined by JDBCEnvironment.
+     *
+     * @return
+     *     The connection information which should be used to connect to guacd
+     *     when establishing a connection to the remote desktop described by
+     *     this connection.
+     *
+     * @throws GuacamoleException
+     *     If the connection information for guacd cannot be parsed.
+     */
+    public GuacamoleProxyConfiguration getGuacamoleProxyConfiguration()
+            throws GuacamoleException {
+
+        // Retrieve default proxy configuration from environment
+        GuacamoleProxyConfiguration defaultConfig = environment.getDefaultGuacamoleProxyConfiguration();
+
+        // Retrieve proxy configuration overrides from model
+        String hostname = getModel().getProxyHostname();
+        Integer port = getModel().getProxyPort();
+        EncryptionMethod encryptionMethod = getModel().getProxyEncryptionMethod();
+
+        // Produce new proxy configuration from model, using defaults where unspecified
+        return new GuacamoleProxyConfiguration(
+            hostname         != null ? hostname         : defaultConfig.getHostname(),
+            port             != null ? port             : defaultConfig.getPort(),
+            encryptionMethod != null ? encryptionMethod : defaultConfig.getEncryptionMethod()
+        );
+
+    }
+
 }
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/tunnel/AbstractGuacamoleTunnelService.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/tunnel/AbstractGuacamoleTunnelService.java
@@ -42,10 +42,10 @@ import org.apache.guacamole.GuacamoleException;
 import org.apache.guacamole.GuacamoleResourceConflictException;
 import org.apache.guacamole.GuacamoleResourceNotFoundException;
 import org.apache.guacamole.GuacamoleSecurityException;
+import org.apache.guacamole.GuacamoleServerException;
 import org.apache.guacamole.GuacamoleUpstreamException;
 import org.apache.guacamole.auth.jdbc.JDBCEnvironment;
 import org.apache.guacamole.auth.jdbc.connection.ConnectionMapper;
-import org.apache.guacamole.environment.Environment;
 import org.apache.guacamole.net.GuacamoleSocket;
 import org.apache.guacamole.net.GuacamoleTunnel;
 import org.apache.guacamole.net.auth.Connection;
@@ -62,6 +62,7 @@ import org.apache.guacamole.auth.jdbc.sharingprofile.ModeledSharingProfile;
 import org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileParameterMapper;
 import org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileParameterModel;
 import org.apache.guacamole.auth.jdbc.user.RemoteAuthenticatedUser;
+import org.apache.guacamole.net.auth.GuacamoleProxyConfiguration;
 import org.apache.guacamole.protocol.FailoverGuacamoleSocket;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -79,12 +80,6 @@ public abstract class AbstractGuacamoleTunnelService implements GuacamoleTunnelS
     */
    private final Logger logger = LoggerFactory.getLogger(AbstractGuacamoleTunnelService.class);

-    /**
-     * The environment of the Guacamole server.
-     */
-    @Inject
-    private JDBCEnvironment environment;
- 
    /**
     * Mapper for accessing connections.
     */
@@ -121,18 +116,6 @@ public abstract class AbstractGuacamoleTunnelService implements GuacamoleTunnelS
    @Inject
    private Provider<ActiveConnectionRecord> activeConnectionRecordProvider;

-    /**
-     * The hostname to use when connecting to guacd if no hostname is provided
-     * within guacamole.properties.
-     */
-    private static final String DEFAULT_GUACD_HOSTNAME = "localhost";
-
-    /**
-     * The port to use when connecting to guacd if no port is provided within
-     * guacamole.properties.
-     */
-    private static final int DEFAULT_GUACD_PORT = 4822;
-
    /**
     * All active connections through the tunnel having a given UUID.
     */
@@ -333,6 +316,13 @@ public abstract class AbstractGuacamoleTunnelService implements GuacamoleTunnelS
     * Returns an unconfigured GuacamoleSocket that is already connected to
     * guacd as specified in guacamole.properties, using SSL if necessary.
     *
+     * @param proxyConfig
+     *     The configuration information to use when connecting to guacd.
+     *
+     * @param socketClosedCallback
+     *     The callback which should be invoked whenever the returned socket
+     *     closes.
+     *
     * @return
     *     An unconfigured GuacamoleSocket, already connected to guacd.
     *
@@ -340,23 +330,33 @@ public abstract class AbstractGuacamoleTunnelService implements GuacamoleTunnelS
     *     If an error occurs while connecting to guacd, or while parsing
     *     guacd-related properties.
     */
-    private GuacamoleSocket getUnconfiguredGuacamoleSocket(Runnable socketClosedCallback)
-        throws GuacamoleException {
+    private GuacamoleSocket getUnconfiguredGuacamoleSocket(
+            GuacamoleProxyConfiguration proxyConfig,
+            Runnable socketClosedCallback) throws GuacamoleException {

-        // Use SSL if requested
-        if (environment.getProperty(Environment.GUACD_SSL, false))
-            return new ManagedSSLGuacamoleSocket(
-                environment.getProperty(Environment.GUACD_HOSTNAME, DEFAULT_GUACD_HOSTNAME),
-                environment.getProperty(Environment.GUACD_PORT,     DEFAULT_GUACD_PORT),
-                socketClosedCallback
-            );
+        // Select socket type depending on desired encryption
+        switch (proxyConfig.getEncryptionMethod()) {

-        // Otherwise, just use straight TCP
-        return new ManagedInetGuacamoleSocket(
-            environment.getProperty(Environment.GUACD_HOSTNAME, DEFAULT_GUACD_HOSTNAME),
-            environment.getProperty(Environment.GUACD_PORT,     DEFAULT_GUACD_PORT),
-            socketClosedCallback
-        );
+            // Use SSL if requested
+            case SSL:
+                return new ManagedSSLGuacamoleSocket(
+                    proxyConfig.getHostname(),
+                    proxyConfig.getPort(),
+                    socketClosedCallback
+                );
+
+            // Use straight TCP if unencrypted
+            case NONE:
+                return new ManagedInetGuacamoleSocket(
+                    proxyConfig.getHostname(),
+                    proxyConfig.getPort(),
+                    socketClosedCallback
+                );
+
+        }
+
+        // Bail out if encryption method is unknown
+        throw new GuacamoleServerException("Unimplemented encryption method.");

    }

@@ -472,10 +472,12 @@ public abstract class AbstractGuacamoleTunnelService implements GuacamoleTunnelS

            GuacamoleConfiguration config;

+            // Retrieve connection information associated with given connection record
+            ModeledConnection connection = activeConnection.getConnection();
+
            // Pull configuration directly from the connection if we are not
            // joining an active connection
            if (activeConnection.isPrimaryConnection()) {
-                ModeledConnection connection = activeConnection.getConnection();
                activeConnections.put(connection.getIdentifier(), activeConnection);
                activeConnectionGroups.put(connection.getParentIdentifier(), activeConnection);
                config = getGuacamoleConfiguration(activeConnection.getUser(), connection);
@@ -499,7 +501,8 @@ public abstract class AbstractGuacamoleTunnelService implements GuacamoleTunnelS

            // Obtain socket which will automatically run the cleanup task
            ConfiguredGuacamoleSocket socket = new ConfiguredGuacamoleSocket(
-                getUnconfiguredGuacamoleSocket(cleanupTask), config, info);
+                getUnconfiguredGuacamoleSocket(connection.getGuacamoleProxyConfiguration(),
+                        cleanupTask), config, info);

            // Assign and return new tunnel
            if (interceptErrors)
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/resources/translations/en.json
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/resources/translations/en.json
@@ -20,7 +20,16 @@
        "FIELD_HEADER_MAX_CONNECTIONS"          : "Maximum number of connections:",
        "FIELD_HEADER_MAX_CONNECTIONS_PER_USER" : "Maximum number of connections per user:",

-        "SECTION_HEADER_CONCURRENCY" : "Concurrency Limits"
+        "FIELD_HEADER_GUACD_HOSTNAME"   : "Hostname:",
+        "FIELD_HEADER_GUACD_ENCRYPTION" : "Encryption:",
+        "FIELD_HEADER_GUACD_PORT"       : "Port:",
+
+        "FIELD_OPTION_GUACD_ENCRYPTION_EMPTY" : "",
+        "FIELD_OPTION_GUACD_ENCRYPTION_NONE"  : "None (unencrypted)",
+        "FIELD_OPTION_GUACD_ENCRYPTION_SSL"   : "SSL / TLS",
+
+        "SECTION_HEADER_CONCURRENCY" : "Concurrency Limits",
+        "SECTION_HEADER_GUACD"       : "Guacamole Proxy Parameters (guacd)"

    },