You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@guacamole.apache.org by GitBox <gi...@apache.org> on 2019/01/16 00:14:06 UTC
[guacamole-client] Diff for: [GitHub] mike-jumper merged pull request #355:
GUACAMOLE-271: Duo in docker image
diff --git a/guacamole-docker/bin/build-guacamole.sh b/guacamole-docker/bin/build-guacamole.sh
index c5ff255d4..88087e5bf 100755
--- a/guacamole-docker/bin/build-guacamole.sh
+++ b/guacamole-docker/bin/build-guacamole.sh
@@ -134,3 +134,18 @@ if [ -f extensions/guacamole-auth-openid/target/guacamole-auth-openid*.jar ]; th
mkdir -p "$DESTINATION/openid"
cp extensions/guacamole-auth-openid/target/guacamole-auth-openid*.jar "$DESTINATION/openid"
fi
+
+#
+# Copy Duo auth extension if it was built
+#
+
+if [ -f extensions/guacamole-auth-duo/target/*.tar.gz ]; then
+ mkdir -p "$DESTINATION/duo"
+ tar -xzf extensions/guacamole-auth-duo/target/*.tar.gz \
+ -C "$DESTINATION/duo/" \
+ --wildcards \
+ --no-anchored \
+ --no-wildcards-match-slash \
+ --strip-components=1 \
+ "*.jar"
+fi
diff --git a/guacamole-docker/bin/start.sh b/guacamole-docker/bin/start.sh
index 2ed50a929..e5ad51ead 100755
--- a/guacamole-docker/bin/start.sh
+++ b/guacamole-docker/bin/start.sh
@@ -460,6 +460,45 @@ END
}
+##
+## Adds properties to guacamole.properties which configure the Duo two-factor
+## authentication service. Checks to see if all variables are defined and makes sure
+## DUO_APPLICATION_KEY is >= 40 characters.
+##
+associate_duo() {
+ # Verify required parameters are present
+ if [ -z "$DUO_INTEGRATION_KEY" ] || \
+ [ -z "$DUO_SECRET_KEY" ] || \
+ [ ${#DUO_APPLICATION_KEY} -lt 40 ]
+ then
+ cat <<END
+FATAL: Missing required environment variables
+-------------------------------------------------------------------------------
+If using the Duo authentication extension, you must provide each of the
+following environment variables:
+
+ DUO_API_HOSTNAME The hostname of the Duo API endpoint.
+
+ DUO_INTEGRATION_KEY The integration key provided for Guacamole by Duo.
+
+ DUO_SECRET_KEY The secret key provided for Guacamole by Duo.
+
+ DUO_APPLICATION_KEY An arbitrary, random key.
+ This value must be at least 40 characters.
+END
+ exit 1;
+ fi
+
+ # Update config file
+ set_property "duo-api-hostname" "$DUO_API_HOSTNAME"
+ set_property "duo-integration-key" "$DUO_INTEGRATION_KEY"
+ set_property "duo-secret-key" "$DUO_SECRET_KEY"
+ set_property "duo-application-key" "$DUO_APPLICATION_KEY"
+
+ # Add required .jar files to GUACAMOLE_EXT
+ ln -s /opt/guacamole/duo/guacamole-auth-*.jar "$GUACAMOLE_EXT"
+}
+
##
## Starts Guacamole under Tomcat, replacing the current process with the
## Tomcat process. As the current process will be replaced, this MUST be the
@@ -591,6 +630,11 @@ END
exit 1;
fi
+# Use Duo if specified.
+if [ -n "$DUO_API_HOSTNAME" ]; then
+ associate_duo
+fi
+
#
# Finally start Guacamole (under Tomcat)
#
With regards,
Apache Git Services