GUACAMOLE-524: Add LDAP attributes to credentials. AuthenticationProviderService gets LDAP attributes from confService and queries the LDAP server to find values on user for specified attributes. Added a Map<String, String> to Credentials named ldapAttrs and a getLDAPAttributes() and setLDAPAttributes() to manipulate ldapAttrs on credentials. Once AuthenticationProviderService gets the values for the LDAP attributes it sets ldapAttrs on the credentials object.
Project: http://git-wip-us.apache.org/repos/asf/guacamole-client/repo Commit: http://git-wip-us.apache.org/repos/asf/guacamole-client/commit/5ca32a22 Tree: http://git-wip-us.apache.org/repos/asf/guacamole-client/tree/5ca32a22 Diff: http://git-wip-us.apache.org/repos/asf/guacamole-client/diff/5ca32a22 Branch: refs/heads/master Commit: 5ca32a221afb9ff478e8b460e45fc14e790bcc5d Parents: 38eb97b Author: Jared Frees <[email protected]> Authored: Fri Jun 8 12:34:06 2018 -0400 Committer: Jared Frees <[email protected]> Committed: Fri Jun 8 15:05:59 2018 -0400 ---------------------------------------------------------------------- .../ldap/AuthenticationProviderService.java | 71 +++++++++++++++++++- .../apache/guacamole/net/auth/Credentials.java | 25 ++++++- 2 files changed, 94 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/5ca32a22/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/AuthenticationProviderService.java ---------------------------------------------------------------------- diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/AuthenticationProviderService.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/AuthenticationProviderService.java index a25c697..2d28c79 100644 --- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/AuthenticationProviderService.java +++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/AuthenticationProviderService.java @@ -26,12 +26,21 @@ import java.util.List; import org.apache.guacamole.auth.ldap.user.AuthenticatedUser; import org.apache.guacamole.auth.ldap.user.UserContext; import org.apache.guacamole.GuacamoleException; +import org.apache.guacamole.GuacamoleServerException; import org.apache.guacamole.auth.ldap.user.UserService; import org.apache.guacamole.net.auth.Credentials; import org.apache.guacamole.net.auth.credentials.CredentialsInfo; import org.apache.guacamole.net.auth.credentials.GuacamoleInvalidCredentialsException; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import java.util.HashMap; +import java.util.Map; +import java.util.List; +import java.util.Iterator; +import com.novell.ldap.LDAPAttributeSet; +import com.novell.ldap.LDAPEntry; +import com.novell.ldap.LDAPAttribute; +import com.novell.ldap.LDAPException; /** * Service providing convenience functions for the LDAP AuthenticationProvider @@ -189,7 +198,7 @@ public class AuthenticationProviderService { /** * Returns an AuthenticatedUser representing the user authenticated by the - * given credentials. + * given credentials. Also adds custom LDAP attributes to credentials object. * * @param credentials * The credentials to use for authentication. @@ -221,6 +230,14 @@ public class AuthenticationProviderService { throw new GuacamoleInvalidCredentialsException("Permission denied.", CredentialsInfo.USERNAME_PASSWORD); try { + try { + String username = credentials.getUsername(); + Map<String, String> ldapAttrs = getLDAPAttributes(ldapConnection, username); + credentials.setLDAPAttributes(ldapAttrs); + } + catch (LDAPException e) { + throw new GuacamoleServerException("Error while querying for LDAP User Attributes.", e); + } // Return AuthenticatedUser if bind succeeds AuthenticatedUser authenticatedUser = authenticatedUserProvider.get(); @@ -237,6 +254,58 @@ public class AuthenticationProviderService { } /** + * Returns all custom LDAP attributes on the user currently bound under + * the given LDAP connection. The custom attributes are specified in + * guacamole.properties. + * + * @param ldapConnection + * LDAP connection to find the custom LDAP attributes. + * @param username + * The username of the user whose attributes are queried. + * + * @return + * All attributes on the user currently bound under the + * given LDAP connection, as a map of attribute name to + * corresponding attribute value. + * + * @throws LDAPException + * If an error occurs while searching for the user attributes. + * + * @throws GuacamoleException + * If an error occurs retrieving the user DN. + */ + private Map<String, String> getLDAPAttributes(LDAPConnection ldapConnection, + String username) throws LDAPException, GuacamoleException { + + // Get attributes from configuration information + List<String> attrList = confService.getAttributes(); + + // If there are no attributes there is no reason to search LDAP + if (attrList.size() == 0) + return null; + + // Build LDAP query parameters + String[] attrArray = attrList.toArray(new String[attrList.size()]); + String userDN = getUserBindDN(username); + + // Get LDAP attributes by querying LDAP + LDAPEntry userEntry = ldapConnection.read(userDN, attrArray); + LDAPAttributeSet attrSet = userEntry.getAttributeSet(); + + // Add each attribute into Map + Map<String, String> attrMap = new HashMap<String, String>(); + Iterator attrIterator = attrSet.iterator(); + while (attrIterator.hasNext()) { + LDAPAttribute attr = (LDAPAttribute)attrIterator.next(); + String attrName = attr.getName(); + String attrValue = attr.getStringValue(); + attrMap.put(attrName, attrValue); + } + + return attrMap; + } + + /** * Returns a UserContext object initialized with data accessible to the * given AuthenticatedUser. * http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/5ca32a22/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/Credentials.java ---------------------------------------------------------------------- diff --git a/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/Credentials.java b/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/Credentials.java index 142c516..0769707 100644 --- a/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/Credentials.java +++ b/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/Credentials.java @@ -22,7 +22,7 @@ package org.apache.guacamole.net.auth; import java.io.Serializable; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpSession; - +import java.util.Map; /** * Simple arbitrary set of credentials, including a username/password pair, @@ -73,6 +73,29 @@ public class Credentials implements Serializable { private transient HttpSession session; /** + * Arbitrary LDAP attributes specified in guacamole.properties + */ + private Map<String, String> ldapAttrs; + + /** + * Returns the lDAP attributes associated with this set of credentials. + * @return The LDAP attributes Map associated with this set of credentials, + * or null if no LDAP Attributes have been set. + */ + public Map<String, String> getLDAPAttributes() { + return ldapAttrs; + } + + /** + * Sets the LDAP attributes associated with this set of credentials. + * @param attributes The LDAP attributes to associate with this set of + * credentials. + */ + public void setLDAPAttributes(Map<String, String> attributes) { + this.ldapAttrs = attributes; + } + + /** * Returns the password associated with this set of credentials. * @return The password associated with this username/password pair, or * null if no password has been set.
