You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@guacamole.apache.org by mj...@apache.org on 2018/01/30 23:44:45 UTC
[33/50] guacamole-client git commit: GUACAMOLE-197: Collapse
authenticate methods together into single method,
add minimal method for challenge/response.
GUACAMOLE-197: Collapse authenticate methods together into single method, add minimal method for challenge/response.
Project: http://git-wip-us.apache.org/repos/asf/guacamole-client/repo
Commit: http://git-wip-us.apache.org/repos/asf/guacamole-client/commit/fa820cb4
Tree: http://git-wip-us.apache.org/repos/asf/guacamole-client/tree/fa820cb4
Diff: http://git-wip-us.apache.org/repos/asf/guacamole-client/diff/fa820cb4
Branch: refs/heads/master
Commit: fa820cb46f5abffd57b73a558db4cbedd7e6b065
Parents: 84276af
Author: Nick Couchman <vn...@apache.org>
Authored: Sun Jul 16 14:25:55 2017 -0400
Committer: Nick Couchman <vn...@apache.org>
Committed: Mon Jan 29 17:08:11 2018 -0500
----------------------------------------------------------------------
.../radius/AuthenticationProviderService.java | 8 +-
.../auth/radius/RadiusConnectionService.java | 120 ++++---------------
2 files changed, 30 insertions(+), 98 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/fa820cb4/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/AuthenticationProviderService.java
----------------------------------------------------------------------
diff --git a/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/AuthenticationProviderService.java b/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/AuthenticationProviderService.java
index fdb7737..530de15 100644
--- a/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/AuthenticationProviderService.java
+++ b/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/AuthenticationProviderService.java
@@ -153,7 +153,7 @@ public class AuthenticationProviderService {
try {
radPack = radiusService.authenticate(credentials.getUsername(),
- credentials.getPassword());
+ credentials.getPassword(), null);
}
catch (GuacamoleException e) {
logger.error("Cannot configure RADIUS server: {}", e.getMessage());
@@ -168,9 +168,9 @@ public class AuthenticationProviderService {
// This is a response to a previous challenge, authenticate with that.
else {
try {
- radPack = radiusService.authenticate(credentials.getUsername(),
- request.getParameter(RadiusStateField.PARAMETER_NAME),
- challengeResponse);
+ radPack = radiusService.sendChallengeResponse(credentials.getUsername(),
+ challengeResponse,
+ request.getParameter(RadiusStateField.PARAMETER_NAME));
}
catch (GuacamoleException e) {
logger.error("Cannot configure RADIUS server: {}", e.getMessage());
http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/fa820cb4/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/RadiusConnectionService.java
----------------------------------------------------------------------
diff --git a/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/RadiusConnectionService.java b/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/RadiusConnectionService.java
index c3524cd..22c8d82 100644
--- a/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/RadiusConnectionService.java
+++ b/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/RadiusConnectionService.java
@@ -165,54 +165,57 @@ public class RadiusConnectionService {
}
/**
- * Authenticate to the RADIUS server and return the response from the
- * server.
+ * Authenticate to the RADIUS server using existing state and a response
*
* @param username
- * The username for authentication.
- * @param password
- * The password for authentication.
+ * The username for the authentication
+ * @param state
+ * The previous state of the RADIUS connection
+ * @param response
+ * The response to the RADIUS challenge
*
* @return
* A RadiusPacket with the response of the server.
*
* @throws GuacamoleException
- * If an error occurs while talking to the server.
+ * If an error occurs while talking to the server.
*/
- public RadiusPacket authenticate(String username, String password)
+ public RadiusPacket authenticate(String username, String secret, String state)
throws GuacamoleException {
- // If a username hasn't been provided, stop
+ // If a username wasn't passed, we quit
if (username == null || username.isEmpty()) {
logger.warn("Anonymous access not allowed with RADIUS client.");
return null;
}
- // If a password hasn't been provided, stop
- if (password == null || password.isEmpty()) {
- logger.warn("Password required for RADIUS authentication.");
+ // If secret wasn't passed, we quit
+ if (secret == null || secret.isEmpty()) {
+ logger.warn("Password/secret required for RADIUS authentication.");
return null;
}
- // Create the connection and load the attribute dictionary
+ // Create the RADIUS connection and set up the dictionary
createRadiusConnection();
AttributeFactory.loadAttributeDictionary("net.jradius.dictionary.AttributeDictionaryImpl");
- // If the client is null, we return null - something has gone wrong
+ // Client failed to set up, so we return null
if (radiusClient == null)
return null;
+ // Set up the RadiusAuthenticator
RadiusAuthenticator radAuth = setupRadiusAuthenticator();
-
if (radAuth == null)
throw new GuacamoleException("Unknown RADIUS authentication protocol.");
- // Set up attributes, create the access request, and send the packet
- try {
+ // Add attributes to the connection and send the packet
+ try {
AttributeList radAttrs = new AttributeList();
radAttrs.add(new Attr_UserName(username));
- radAttrs.add(new Attr_UserPassword(password));
- radAttrs.add(new Attr_CleartextPassword(password));
+ if (state != null && !state.isEmpty())
+ radAttrs.add(new Attr_State(state));
+ radAttrs.add(new Attr_UserPassword(secret));
+ radAttrs.add(new Attr_CleartextPassword(secret));
AccessRequest radAcc = new AccessRequest(radiusClient);
@@ -235,13 +238,11 @@ public class RadiusConnectionService {
}
return reply;
}
-
catch (RadiusException e) {
logger.error("Unable to complete authentication.", e.getMessage());
logger.debug("Authentication with RADIUS failed.", e);
return null;
}
-
catch (NoSuchAlgorithmException e) {
logger.error("No such RADIUS algorithm: {}", e.getMessage());
logger.debug("Unknown RADIUS algorithm.", e);
@@ -249,95 +250,26 @@ public class RadiusConnectionService {
}
}
- /**
- * Authenticate to the RADIUS server using existing state and a response
- *
- * @param username
- * The username for the authentication
- * @param state
- * The previous state of the RADIUS connection
- * @param response
- * The response to the RADIUS challenge
- *
- * @return
- * A RadiusPacket with the response of the server.
- *
- * @throws GuacamoleException
- * If an error occurs while talking to the server.
- */
- public RadiusPacket authenticate(String username, String state, String response)
+ public RadiusPacket sendChallengeResponse(String username, String response, String state)
throws GuacamoleException {
- // If a username wasn't passed, we quit
if (username == null || username.isEmpty()) {
- logger.warn("Anonymous access not allowed with RADIUS client.");
+ logger.error("Challenge/response to RADIUS requires a username.");
return null;
}
- // If the state wasn't passed, we quit
if (state == null || state.isEmpty()) {
- logger.warn("This method needs a previous RADIUS state to respond to.");
+ logger.error("Challenge/response to RADIUS requires a prior state.");
return null;
}
- // If the response wasn't passed, we quit
if (response == null || response.isEmpty()) {
- logger.warn("Response required for RADIUS authentication.");
+ logger.error("Challenge/response to RADIUS requires a response.");
return null;
}
- // Create the RADIUS connection and set up the dictionary
- createRadiusConnection();
- AttributeFactory.loadAttributeDictionary("net.jradius.dictionary.AttributeDictionaryImpl");
-
- // Client failed to set up, so we return null
- if (radiusClient == null)
- return null;
-
- // Set up the RadiusAuthenticator
- RadiusAuthenticator radAuth = setupRadiusAuthenticator();
- if (radAuth == null)
- throw new GuacamoleException("Unknown RADIUS authentication protocol.");
+ return authenticate(username,response,state);
- // Add attributes to the connection and send the packet
- try {
- AttributeList radAttrs = new AttributeList();
- radAttrs.add(new Attr_UserName(username));
- radAttrs.add(new Attr_State(state));
- radAttrs.add(new Attr_UserPassword(response));
- radAttrs.add(new Attr_CleartextPassword(response));
-
- AccessRequest radAcc = new AccessRequest(radiusClient);
-
- // EAP-TTLS tunnels protected attributes inside the TLS layer
- if (radAuth instanceof EAPTTLSAuthenticator) {
- radAuth.setUsername(new Attr_UserName(username));
- ((EAPTTLSAuthenticator)radAuth).setTunneledAttributes(radAttrs);
- }
- else
- radAcc.addAttributes(radAttrs);
-
- radAuth.setupRequest(radiusClient, radAcc);
- radAuth.processRequest(radAcc);
- RadiusResponse reply = radiusClient.sendReceive(radAcc, confService.getRadiusRetries());
-
- // We receive a Challenge not asking for user input, so silently process the challenge
- while((reply instanceof AccessChallenge) && (reply.findAttribute(Attr_ReplyMessage.TYPE) == null)) {
- radAuth.processChallenge(radAcc, reply);
- reply = radiusClient.sendReceive(radAcc, confService.getRadiusRetries());
- }
- return reply;
- }
- catch (RadiusException e) {
- logger.error("Unable to complete authentication.", e.getMessage());
- logger.debug("Authentication with RADIUS failed.", e);
- return null;
- }
- catch (NoSuchAlgorithmException e) {
- logger.error("No such RADIUS algorithm: {}", e.getMessage());
- logger.debug("Unknown RADIUS algorithm.", e);
- return null;
- }
}
/**