Skip to content

Commit

Permalink
GUACAMOLE-1020: Merge extension providing additional connection/login…
Browse files Browse the repository at this point in the history 
… restrictions.
  • Loading branch information
@mike-jumper
mike-jumper authored Oct 2, 2024
2 parents ca343c7 + 95cd386 commit 5d44ae4
Show file tree
Hide file tree
Showing 40 changed files with 3,638 additions and 5 deletions.
3 changes: 3 additions & 0 deletions extensions/guacamole-auth-restrict/.gitignore
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
src/main/resources/generated/
target/
*~
Empty file added extensions/guacamole-auth-restrict/.ratignore
View file
Empty file.
179 changes: 179 additions & 0 deletions extensions/guacamole-auth-restrict/pom.xml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,179 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd">

<modelVersion>4.0.0</modelVersion>
<groupId>org.apache.guacamole</groupId>
<artifactId>guacamole-auth-restrict</artifactId>
<packaging>jar</packaging>
<version>1.6.0</version>
<name>guacamole-auth-restrict</name>
<url>http://guacamole.apache.org/</url>

<parent>
<groupId>org.apache.guacamole</groupId>
<artifactId>extensions</artifactId>
<version>1.6.0</version>
<relativePath>../</relativePath>
</parent>

<build>
<plugins>

<!-- Pre-cache Angular templates with maven-angular-plugin -->
<plugin>
<groupId>com.keithbranton.mojo</groupId>
<artifactId>angular-maven-plugin</artifactId>
<version>0.3.4</version>
<executions>
<execution>
<phase>generate-resources</phase>
<goals>
<goal>html2js</goal>
</goals>
</execution>
</executions>
<configuration>
<sourceDir>${basedir}/src/main/resources</sourceDir>
<include>**/*.html</include>
<target>${basedir}/src/main/resources/generated/templates-main/templates.js</target>
<prefix>app/ext/restrict</prefix>
</configuration>
</plugin>

<!-- JS/CSS Minification Plugin -->
<plugin>
<groupId>com.github.buckelieg</groupId>
<artifactId>minify-maven-plugin</artifactId>
<executions>
<execution>
<id>default-cli</id>
<configuration>
<charset>UTF-8</charset>

<webappSourceDir>${basedir}/src/main/resources</webappSourceDir>
<webappTargetDir>${project.build.directory}/classes</webappTargetDir>

<cssSourceDir>/</cssSourceDir>
<cssTargetDir>/</cssTargetDir>
<cssFinalFile>restrict.css</cssFinalFile>

<cssSourceFiles>
<cssSourceFile>license.txt</cssSourceFile>
</cssSourceFiles>

<cssSourceIncludes>
<cssSourceInclude>**/*.css</cssSourceInclude>
</cssSourceIncludes>

<jsSourceDir>/</jsSourceDir>
<jsTargetDir>/</jsTargetDir>
<jsFinalFile>restrict.js</jsFinalFile>

<jsSourceFiles>
<jsSourceFile>license.txt</jsSourceFile>
</jsSourceFiles>

<jsSourceIncludes>
<jsSourceInclude>**/*.js</jsSourceInclude>
</jsSourceIncludes>

<!-- Do not minify and include tests -->
<jsSourceExcludes>
<jsSourceExclude>**/*.test.js</jsSourceExclude>
</jsSourceExcludes>
<jsEngine>CLOSURE</jsEngine>

<!-- Disable warnings for JSDoc annotations -->
<closureWarningLevels>
<misplacedTypeAnnotation>OFF</misplacedTypeAnnotation>
<nonStandardJsDocs>OFF</nonStandardJsDocs>
</closureWarningLevels>

</configuration>
<goals>
<goal>minify</goal>
</goals>
</execution>
</executions>
</plugin>

</plugins>
</build>

<dependencies>

<!-- Guacamole Extension API -->
<dependency>
<groupId>org.apache.guacamole</groupId>
<artifactId>guacamole-ext</artifactId>
<version>1.6.0</version>
<scope>provided</scope>
</dependency>

<!-- Guava - Utility Library -->
<dependency>
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
</dependency>

<!-- Guice -->
<dependency>
<groupId>com.google.inject</groupId>
<artifactId>guice</artifactId>
</dependency>

<!-- Java servlet API -->
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>servlet-api</artifactId>
<version>2.5</version>
<scope>provided</scope>
</dependency>

<!-- JUnit -->
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<scope>test</scope>
</dependency>

<!-- Guacamole depends on an implementation of JAX-WS -->
<dependency>
<groupId>javax.ws.rs</groupId>
<artifactId>javax.ws.rs-api</artifactId>
<version>2.0</version>
<scope>provided</scope>
</dependency>

<!-- Library for unified IPv4/6 parsing and validation -->
<dependency>
<groupId>com.github.seancfoley</groupId>
<artifactId>ipaddress</artifactId>
<version>5.5.0</version>
<scope>provided</scope>
</dependency>

</dependencies>

</project>
53 changes: 53 additions & 0 deletions extensions/guacamole-auth-restrict/src/main/assembly/dist.xml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<assembly
xmlns="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.0 http://maven.apache.org/xsd/assembly-1.1.0.xsd">

<id>dist</id>
<baseDirectory>${project.artifactId}-${project.version}</baseDirectory>

<!-- Output tar.gz -->
<formats>
<format>tar.gz</format>
</formats>

<!-- Include licenses and extension .jar -->
<fileSets>

<!-- Include licenses -->
<fileSet>
<outputDirectory></outputDirectory>
<directory>target/licenses</directory>
</fileSet>

<!-- Include extension .jar -->
<fileSet>
<directory>target</directory>
<outputDirectory></outputDirectory>
<includes>
<include>*.jar</include>
</includes>
</fileSet>

</fileSets>

</assembly>
67 changes: 67 additions & 0 deletions ...uacamole-auth-restrict/src/main/java/org/apache/guacamole/auth/restrict/Restrictable.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,67 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.guacamole.auth.restrict;

import org.apache.guacamole.calendar.RestrictionType;
import org.apache.guacamole.net.auth.Attributes;

/**
* An interface which defines methods that apply to items that can have
* restrictions applied to them.
*/
public interface Restrictable extends Attributes {

/**
* Return the restriction state for this restrictable object at the
* current date and time. By default returns an implicit denial.
*
* @return
* The restriction status for the current date and time.
*/
default public RestrictionType getCurrentTimeRestriction() {
return RestrictionType.IMPLICIT_DENY;
}

/**
* Return the restriction state for this restrictable object for the host
* from which the current user is logged in. By default returns an implicit
* denial.
*
* @return
* The restriction status for the host from which the current user is
* logged in.
*/
default public RestrictionType getCurrentHostRestriction() {
return RestrictionType.IMPLICIT_DENY;
}

/**
* Returns true if the current item is available based on the restrictions
* for the given implementation of this interface, or false if the item is
* not currently available. The default implementation checks current time
* and host restrictions, allowing if both those restrictions allow access.
*
* @return
* true if the item is available, otherwise false.
*/
default public boolean isAvailable() {
return (getCurrentTimeRestriction().isAllowed() && getCurrentHostRestriction().isAllowed());
}

}
59 changes: 59 additions & 0 deletions ...t/src/main/java/org/apache/guacamole/auth/restrict/RestrictionAuthenticationProvider.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/

package org.apache.guacamole.auth.restrict;

import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.auth.restrict.user.RestrictedUserContext;
import org.apache.guacamole.net.auth.AbstractAuthenticationProvider;
import org.apache.guacamole.net.auth.AuthenticatedUser;
import org.apache.guacamole.net.auth.Credentials;
import org.apache.guacamole.net.auth.UserContext;

/**
* AuthenticationProvider implementation which provides additional restrictions
* for users, groups of users, connections, and connection groups, allowing
* administrators to further control access to Guacamole resources.
*/
public class RestrictionAuthenticationProvider extends AbstractAuthenticationProvider {

@Override
public String getIdentifier() {
return "restrict";
}

@Override
public UserContext decorate(UserContext context,
AuthenticatedUser authenticatedUser, Credentials credentials)
throws GuacamoleException {

String remoteAddress = credentials.getRemoteAddress();

// Verify identity of user
RestrictionVerificationService.verifyLoginRestrictions(context,
authenticatedUser.getEffectiveUserGroups(), remoteAddress);

// User has been verified, and authentication should be allowed to
// continue
return new RestrictedUserContext(context, remoteAddress,
authenticatedUser.getEffectiveUserGroups());

}

}
Loading

0 comments on commit 5d44ae4

Please sign in to comment.