From a5af6c00d249ffc7d5c50414541545e53cad3f4c Mon Sep 17 00:00:00 2001 From: Michael Jumper Date: Mon, 25 Jul 2016 14:10:54 -0700 Subject: [PATCH 1/3] GUACAMOLE-5: Throw clean "resource not found" if the active connection of a tunnel cannot be determined. --- .../org/apache/guacamole/rest/tunnel/TunnelResource.java | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/guacamole/src/main/java/org/apache/guacamole/rest/tunnel/TunnelResource.java b/guacamole/src/main/java/org/apache/guacamole/rest/tunnel/TunnelResource.java index 6583a0774..b49852778 100644 --- a/guacamole/src/main/java/org/apache/guacamole/rest/tunnel/TunnelResource.java +++ b/guacamole/src/main/java/org/apache/guacamole/rest/tunnel/TunnelResource.java @@ -30,6 +30,7 @@ import javax.ws.rs.Produces; import javax.ws.rs.QueryParam; import javax.ws.rs.core.MediaType; import org.apache.guacamole.GuacamoleException; +import org.apache.guacamole.GuacamoleResourceNotFoundException; import org.apache.guacamole.net.auth.ActiveConnection; import org.apache.guacamole.net.auth.UserContext; import org.apache.guacamole.rest.activeconnection.APIActiveConnection; @@ -96,10 +97,14 @@ public class TunnelResource { // Pull the UserContext from the tunnel UserContext userContext = tunnel.getUserContext(); + // Fail if the active connection cannot be found + ActiveConnection activeConnection = tunnel.getActiveConnection(); + if (activeConnection == null) + throw new GuacamoleResourceNotFoundException("No readable active connection for tunnel."); + // Return the associated ActiveConnection as a resource return activeConnectionResourceFactory.create(userContext, - userContext.getActiveConnectionDirectory(), - tunnel.getActiveConnection()); + userContext.getActiveConnectionDirectory(), activeConnection); } From 8fad01c65c350d10d2bb86dedcf4eb246d82b0c6 Mon Sep 17 00:00:00 2001 From: Michael Jumper Date: Mon, 25 Jul 2016 14:20:03 -0700 Subject: [PATCH 2/3] GUACAMOLE-5: Include the sensitive information of an active connection if the current user started that active connection. --- .../jdbc/activeconnection/ActiveConnectionService.java | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/activeconnection/ActiveConnectionService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/activeconnection/ActiveConnectionService.java index 3d5696773..1fc438a57 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/activeconnection/ActiveConnectionService.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/activeconnection/ActiveConnectionService.java @@ -80,6 +80,7 @@ public class ActiveConnectionService public Collection retrieveObjects(AuthenticatedUser user, Collection identifiers) throws GuacamoleException { + String username = user.getIdentifier(); boolean isAdmin = user.getUser().isAdministrator(); Set identifierSet = new HashSet(identifiers); @@ -90,10 +91,15 @@ public class ActiveConnectionService Collection activeConnections = new ArrayList(identifiers.size()); for (ActiveConnectionRecord record : records) { + // Sensitive information should be included if the connection was + // started by the current user OR the user is an admin + boolean includeSensitiveInformation = + isAdmin || username.equals(record.getUsername()); + // Add connection if within requested identifiers if (identifierSet.contains(record.getUUID().toString())) { TrackedActiveConnection activeConnection = trackedActiveConnectionProvider.get(); - activeConnection.init(user, record, isAdmin); + activeConnection.init(user, record, includeSensitiveInformation); activeConnections.add(activeConnection); } From f119b972301cb42f2c17ee7011452c05af0ab9bc Mon Sep 17 00:00:00 2001 From: Michael Jumper Date: Mon, 25 Jul 2016 14:25:53 -0700 Subject: [PATCH 3/3] GUACAMOLE-5: Column "sharing_profile_id" is ambiguous without the table name. --- .../guacamole/auth/jdbc/sharingprofile/SharingProfileMapper.xml | 2 +- .../guacamole/auth/jdbc/sharingprofile/SharingProfileMapper.xml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileMapper.xml index 8b8727fe9..5c761961e 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileMapper.xml @@ -55,7 +55,7 @@ - SELECT sharing_profile_id + SELECT guacamole_sharing_profile.sharing_profile_id FROM guacamole_sharing_profile JOIN guacamole_sharing_profile_permission ON guacamole_sharing_profile_permission.sharing_profile_id = guacamole_sharing_profile.sharing_profile_id WHERE