Skip to content

Instantly share code, notes, and snippets.

@shibz

shibz/gist:5195903

Created March 19, 2013 12:59
Show Gist options
  • Save shibz/5195903 to your computer and use it in GitHub Desktop.
Save shibz/5195903 to your computer and use it in GitHub Desktop.
Download ZIP
Patch to disable Guacamole authentication and allow users to connect to any host without needing it to be whitelisted in the configuration file.
Raw
gistfile1.diff
diff -Naur guacamole-0.6.2/src/main/java/net/sourceforge/guacamole/net/basic/AuthenticatingHttpServlet.java guacamole-0.6.2-mod/src/main/java/net/sourceforge/guacamole/net/basic/AuthenticatingHttpServlet.java
--- guacamole-0.6.2/src/main/java/net/sourceforge/guacamole/net/basic/AuthenticatingHttpServlet.java 2012-10-16 21:21:38.000000000 -0400
+++ guacamole-0.6.2-mod/src/main/java/net/sourceforge/guacamole/net/basic/AuthenticatingHttpServlet.java 2012-10-24 11:55:50.156924252 -0400
@@ -173,93 +173,18 @@
HttpSession httpSession = request.getSession(true);
// Try to get configs from session
- Map<String, GuacamoleConfiguration> configs = getConfigurations(httpSession);
-
- // If no configs, try to authenticate the user to get the configs using
- // this request.
- if (configs == null) {
-
- SessionListenerCollection listeners;
- try {
- listeners = new SessionListenerCollection(httpSession);
- }
- catch (GuacamoleException e) {
- logger.error("Failed to retrieve listeners. Authentication canceled.", e);
- failAuthentication(response);
- return;
- }
-
- // Retrieve username and password from parms
- String username = request.getParameter("username");
- String password = request.getParameter("password");
-
- // Build credentials object
- Credentials credentials = new Credentials();
- credentials.setSession(httpSession);
- credentials.setRequest(request);
- credentials.setUsername(username);
- credentials.setPassword(password);
-
- // Get authorized configs
- try {
- configs = authProvider.getAuthorizedConfigurations(credentials);
- }
-
-
- /******** HANDLE FAILED AUTHENTICATION ********/
-
- // If error retrieving configs, fail authentication, notify listeners
- catch (GuacamoleException e) {
- logger.error("Error retrieving configuration(s) for user \"{}\".",
- credentials.getUsername(), e);
-
- notifyFailed(listeners, credentials);
- failAuthentication(response);
- return;
- }
-
- // If no configs, fail authentication, notify listeners
- if (configs == null) {
- logger.warn("Authentication attempt from {} for user \"{}\" failed.",
- request.getRemoteAddr(), credentials.getUsername());
-
- notifyFailed(listeners, credentials);
- failAuthentication(response);
- return;
- }
-
-
- /******** HANDLE SUCCESSFUL AUTHENTICATION ********/
-
- try {
-
- // Otherwise, authentication has been succesful
- logger.info("User \"{}\" successfully authenticated from {}.",
- credentials.getUsername(), request.getRemoteAddr());
-
- // Notify of success, cancel if requested
- if (!notifySuccess(listeners, credentials)) {
- logger.info("Successful authentication canceled by hook.");
- failAuthentication(response);
- return;
- }
-
- }
- catch (GuacamoleException e) {
-
- // Cancel authentication success if hook throws exception
- logger.error("Successful authentication canceled by error in hook.", e);
- failAuthentication(response);
- return;
-
- }
-
- // Associate configs and credentials with session
- httpSession.setAttribute(CONFIGURATIONS_ATTRIBUTE, configs);
- httpSession.setAttribute(CREDENTIALS_ATTRIBUTE, credentials);
-
-
- }
+ Map<String, GuacamoleConfiguration> configs = null;
+
+ // Build credentials object
+ Credentials credentials = new Credentials();
+ credentials.setSession(httpSession);
+ credentials.setRequest(request);
+ credentials.setUsername(request.getRemoteAddr() + ":" + request.getRemotePort());
+ credentials.setPassword("");
+
+ // Associate configs and credentials with session
+ httpSession.setAttribute(CONFIGURATIONS_ATTRIBUTE, configs);
+ httpSession.setAttribute(CREDENTIALS_ATTRIBUTE, credentials);
// Allow servlet to run now that authentication has been validated
authenticatedService(configs, request, response);
diff -Naur guacamole-0.6.2/src/main/java/net/sourceforge/guacamole/net/basic/BasicGuacamoleTunnelServlet.java guacamole-0.6.2-mod/src/main/java/net/sourceforge/guacamole/net/basic/BasicGuacamoleTunnelServlet.java
--- guacamole-0.6.2/src/main/java/net/sourceforge/guacamole/net/basic/BasicGuacamoleTunnelServlet.java 2012-10-16 21:21:38.000000000 -0400
+++ guacamole-0.6.2-mod/src/main/java/net/sourceforge/guacamole/net/basic/BasicGuacamoleTunnelServlet.java 2012-10-24 11:31:36.775926341 -0400
@@ -171,18 +171,32 @@
Map<String, GuacamoleConfiguration> configs = getConfigurations(httpSession);
// If no configs/credentials in session, not authorized
- if (credentials == null || configs == null)
+ if (credentials == null)
throw new GuacamoleSecurityException("Cannot connect - user not logged in.");
- // Get authorized config
- GuacamoleConfiguration config = configs.get(id);
- if (config == null) {
- logger.warn("Configuration id={} not found.", id);
- throw new GuacamoleSecurityException("Requested configuration is not authorized.");
- }
+ GuacamoleConfiguration config = null;
+ if (configs == null) {
+ String width = request.getParameter("width");
+ String height = request.getParameter("height");
+ config = new GuacamoleConfiguration();
+ config.setProtocol("rdp");
+ config.setParameter("hostname", request.getParameter("host"));
+ config.setParameter("port", "3389");
+ if (width != null) config.setParameter("width", width);
+ if (height != null) config.setParameter("height", height);
+ } else {
+
+ // Get authorized config
+ config = configs.get(id);
+ if (config == null) {
+ logger.warn("Configuration id={} not found.", id);
+ throw new GuacamoleSecurityException("Requested configuration is not authorized.");
+ }
- logger.info("Successful connection from {} to \"{}\".", request.getRemoteAddr(), id);
+ logger.info("Successful connection from {} to \"{}\".", request.getRemoteAddr(), id);
+ }
+
// Configure and connect socket
String hostname = GuacamoleProperties.getProperty(GuacamoleProperties.GUACD_HOSTNAME);
int port = GuacamoleProperties.getProperty(GuacamoleProperties.GUACD_PORT);
diff -Naur guacamole-0.6.2/src/main/webapp/index.xhtml guacamole-0.6.2-mod/src/main/webapp/index.xhtml
--- guacamole-0.6.2/src/main/webapp/index.xhtml 2012-10-16 21:21:38.000000000 -0400
+++ guacamole-0.6.2-mod/src/main/webapp/index.xhtml 2012-10-24 11:53:36.957920966 -0400
@@ -38,17 +38,21 @@
<p id="login-error"></p>
- <form id="login-form" action="#" method="post">
+ <form id="login-form" action="client.xhtml" method="get">
<div id="login-fields">
<table>
<tr>
- <th>Username</th>
- <td><input type="text" name="username" id="username" autofocus="autofocus"/></td>
+ <th>Address</th>
+ <td><input type="text" name="host" id="host" autofocus="autofocus"/></td>
</tr>
<tr>
- <th>Password</th>
- <td><input type="password" name="password" id="password"/></td>
+ <th>Width</th>
+ <td><input type="text" name="width" id="width" value="1024"/></td>
+ </tr>
+ <tr>
+ <th>Height</th>
+ <td><input type="text" name="height" id="height" value="768"/></td>
</tr>
</table>
@@ -56,7 +60,7 @@
</div>
<div id="buttons">
- <input type="submit" name="login" id="login" value="Login"/>
+ <input type="submit" name="login" id="login" value="Connect"/>
</div>
</form>
@@ -186,66 +190,15 @@
var loginUI = document.getElementById("login-ui");
var connectionListUI = document.getElementById("connection-list-ui");
var logout = document.getElementById("logout");
- var username = document.getElementById("username");
- var password = document.getElementById("password");
+ var address = document.getElementById("host");
logout.onclick = function() {
window.location.href = "logout";
};
- loginForm.onsubmit = function() {
-
- // Get parameters from query string
- var parameters = window.location.search.substring(1);
-
- // Get username and password from form
- var data =
- "username=" + encodeURIComponent(username.value)
- + "&password=" + encodeURIComponent(password.value)
-
- // Include query parameters in submission data
- if (parameters) data += "&" + parameters;
-
- try {
-
- // Log in
- var xhr = new XMLHttpRequest();
- xhr.open("POST", "login", false);
- xhr.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
- xhr.send(data);
-
- // Handle failures
- if (xhr.status != 200)
- throw new Error("Invalid login");
-
- // Ensure username/password fiels are blurred after submit
- username.blur();
- password.blur();
-
- resetUI();
-
- }
- catch (e) {
-
- var loginError = document.getElementById("login-error");
-
- // Display error, reset and refocus password field
- loginError.textContent = e.message;
- password.value = "";
- password.focus();
-
- return false;
-
- }
-
- // On success, hide loginUI, get and show connection list.
- return false;
-
- }
-
- // Turn off autocorrect and autocapitalization on usename
- username.setAttribute("autocorrect", "off");
- username.setAttribute("autocapitalize", "off");
+ // Turn off autocorrect and autocapitalization on host field
+ address.setAttribute("autocorrect", "off");
+ address.setAttribute("autocapitalize", "off");
resetUI();
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment