Password management extension

2018-12-13 Thread geo varghese 
Hi Team,

Thanks for making such a wonderful software.

Is there any extension currently available for following customized feature

1) When a user clicks on a rdp server, before redirecting to server, it
will show a password interface.

2) When user enter password for server login, it save with connection
details in mysql db.

3) Next time user clicks on same server, this password used for login to
server

Can you please help us with updates.

Regards,
Geo Varghese

[GitHub] guacamole-client pull request #336: GUACAMOLE-641: Add support for populatin...

2018-12-13 Thread mike-jumper 
Github user mike-jumper commented on a diff in the pull request:

https://github.com/apache/guacamole-client/pull/336#discussion_r241549475
  
--- Diff: 
extensions/guacamole-auth-vault/modules/guacamole-auth-vault-base/src/main/java/org/apache/guacamole/auth/vault/user/VaultUserContext.java
 ---
@@ -0,0 +1,325 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.auth.vault.user;
+
+import com.google.inject.Inject;
+import com.google.inject.assistedinject.Assisted;
+import com.google.inject.assistedinject.AssistedInject;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.concurrent.ExecutionException;
+import java.util.concurrent.Future;
+import org.apache.guacamole.GuacamoleException;
+import org.apache.guacamole.GuacamoleServerException;
+import org.apache.guacamole.auth.vault.conf.VaultConfigurationService;
+import org.apache.guacamole.net.auth.Connection;
+import org.apache.guacamole.net.auth.ConnectionGroup;
+import org.apache.guacamole.net.auth.TokenInjectingUserContext;
+import org.apache.guacamole.net.auth.UserContext;
+import org.apache.guacamole.auth.vault.secret.VaultSecretService;
+import org.apache.guacamole.protocol.GuacamoleConfiguration;
+import org.apache.guacamole.token.GuacamoleTokenUndefinedException;
+import org.apache.guacamole.token.TokenFilter;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * UserContext implementation which automatically injects tokens 
containing the
+ * values of secrets retrieved from a vault.
+ */
+public class VaultUserContext extends TokenInjectingUserContext {
+
+/**
+ * Logger for this class.
+ */
+private final Logger logger = 
LoggerFactory.getLogger(VaultUserContext.class);
--- End diff --

SLF4J formerly recommended that instance variables be used (non-static), 
but no longer takes either stance: 
https://www.slf4j.org/faq.html#declared_static

If we have to pick something to be the standard going forward, I'd say 
let's stick with the accepted idiom of `private final static` loggers, with the 
exception being where it's actually necessary to not be `static` (dependency 
injection).


---

[GitHub] guacamole-client pull request #336: GUACAMOLE-641: Add support for populatin...

2018-12-13 Thread mike-jumper 
Github user mike-jumper commented on a diff in the pull request:

https://github.com/apache/guacamole-client/pull/336#discussion_r241526587
  
--- Diff: 
extensions/guacamole-auth-vault/modules/guacamole-auth-vault-base/src/main/java/org/apache/guacamole/auth/vault/user/VaultUserContext.java
 ---
@@ -0,0 +1,325 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.auth.vault.user;
+
+import com.google.inject.Inject;
+import com.google.inject.assistedinject.Assisted;
+import com.google.inject.assistedinject.AssistedInject;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.concurrent.ExecutionException;
+import java.util.concurrent.Future;
+import org.apache.guacamole.GuacamoleException;
+import org.apache.guacamole.GuacamoleServerException;
+import org.apache.guacamole.auth.vault.conf.VaultConfigurationService;
+import org.apache.guacamole.net.auth.Connection;
+import org.apache.guacamole.net.auth.ConnectionGroup;
+import org.apache.guacamole.net.auth.TokenInjectingUserContext;
+import org.apache.guacamole.net.auth.UserContext;
+import org.apache.guacamole.auth.vault.secret.VaultSecretService;
+import org.apache.guacamole.protocol.GuacamoleConfiguration;
+import org.apache.guacamole.token.GuacamoleTokenUndefinedException;
+import org.apache.guacamole.token.TokenFilter;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * UserContext implementation which automatically injects tokens 
containing the
+ * values of secrets retrieved from a vault.
+ */
+public class VaultUserContext extends TokenInjectingUserContext {
+
+/**
+ * Logger for this class.
+ */
+private final Logger logger = 
LoggerFactory.getLogger(VaultUserContext.class);
+
+/**
+ * The name of the token which will be replaced with the username of 
the
+ * current user if specified within the name of a secret. This token
+ * applies to both connections and connection groups.
+ */
+private static final String USERNAME_TOKEN = "GUAC_USERNAME";
+
+/**
+ * The name of the token which will be replaced with the name of the
+ * current connection group if specified within the name of a secret. 
This
+ * token only applies only to connection groups.
+ */
+private static final String CONNECTION_GROUP_NAME_TOKEN = 
"CONNECTION_GROUP_NAME";
+
+/**
+ * The name of the token which will be replaced with the identifier of 
the
+ * current connection group if specified within the name of a secret. 
This
+ * token only applies only to connection groups.
+ */
+private static final String CONNECTION_GROUP_IDENTIFIER_TOKEN = 
"CONNECTION_GROUP_ID";
+
+/**
+ * The name of the token which will be replaced with the \"hostname\"
+ * connection parameter of the current connection if specified within 
the
+ * name of a secret. This token only applies only to connections.
+ */
+private static final String CONNECTION_HOSTNAME_TOKEN = 
"CONNECTION_HOSTNAME";
+
+/**
+ * The name of the token which will be replaced with the \"username\"
+ * connection parameter of the current connection if specified within 
the
+ * name of a secret. This token only applies only to connections.
+ */
+private static final String CONNECTION_USERNAME_TOKEN = 
"CONNECTION_USERNAME";
+
+/**
+ * The name of the token which will be replaced with the name of the
+ * current connection if specified within the name of a secret. This 
token
+ * only applies only to connections.
+ */
+private static final String CONNECTION_NAME_TOKEN = "CONNECTION_NAME";
+
+/**
+ * The name of the token which will be replaced with the identifier of 
the
+ * current connection if specified within the name of a secret. This 
token

[GitHub] guacamole-client pull request #336: GUACAMOLE-641: Add support for populatin...

2018-12-13 Thread mike-jumper 
Github user mike-jumper commented on a diff in the pull request:

https://github.com/apache/guacamole-client/pull/336#discussion_r241526412
  
--- Diff: 
extensions/guacamole-auth-vault/modules/guacamole-auth-vault-azure/src/main/java/org/apache/guacamole/auth/vault/azure/secret/AzureKeyVaultSecretService.java
 ---
@@ -0,0 +1,121 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.auth.vault.azure.secret;
+
+import com.google.inject.Inject;
+import com.google.inject.Provider;
+import com.google.inject.Singleton;
+import com.microsoft.azure.keyvault.KeyVaultClient;
+import com.microsoft.azure.keyvault.authentication.KeyVaultCredentials;
+import com.microsoft.azure.keyvault.models.SecretBundle;
+import com.microsoft.rest.ServiceCallback;
+import java.util.concurrent.CompletableFuture;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+import org.apache.guacamole.GuacamoleException;
+import 
org.apache.guacamole.auth.vault.azure.conf.AzureKeyVaultAuthenticationException;
+import 
org.apache.guacamole.auth.vault.azure.conf.AzureKeyVaultConfigurationService;
+import org.apache.guacamole.auth.vault.secret.CachedVaultSecretService;
+
+/**
+ * Service which retrieves secrets from Azure Key Vault.
+ */
+@Singleton
+public class AzureKeyVaultSecretService extends CachedVaultSecretService {
+
+/**
+ * Pattern which matches contiguous groups of characters which are not
+ * allowed within Azure Key Vault secret names.
+ */
+private static final Pattern DISALLOWED_CHARACTERS = 
Pattern.compile("[^a-zA-Z0-9-]+");
+
+/**
+ * Service for retrieving configuration information.
+ */
+@Inject
+private AzureKeyVaultConfigurationService confService;
+
+/**
+ * Provider for Azure Key Vault credentials.
+ */
+@Inject
+private Provider credentialProvider;
+
+/**
+ * {@inheritDoc}
+ *
+ * Azure Key Vault allows strictly a-z, A-Z, 0-9, and "-". This
--- End diff --

Yep, exactly right.


---

[GitHub] guacamole-client pull request #336: GUACAMOLE-641: Add support for populatin...

2018-12-13 Thread mike-jumper 
Github user mike-jumper commented on a diff in the pull request:

https://github.com/apache/guacamole-client/pull/336#discussion_r241525041
  
--- Diff: 
extensions/guacamole-auth-vault/modules/guacamole-auth-vault-azure/src/main/java/org/apache/guacamole/auth/vault/azure/conf/AzureKeyVaultAuthenticationException.java
 ---
@@ -0,0 +1,57 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.auth.vault.azure.conf;
+
+/**
+ * Unchecked exception thrown by AzureKeyVaultCredentials if an error 
occurs
+ * during the authentication process. Note that the base 
KeyVaultCredentials
+ * base class does not provide for checked exceptions within the 
authentication
+ * process.
+ *
+ * @see AzureKeyVaultCredentials#doAuthenticate(java.lang.String, 
java.lang.String, java.lang.String)
+ */
+public class AzureKeyVaultAuthenticationException extends RuntimeException 
{
--- End diff --

Yep. From the top of the class:


https://github.com/apache/guacamole-client/blob/4d90b34732d81efd1fbdeab8df9d9edb939f6266/extensions/guacamole-auth-vault/modules/guacamole-auth-vault-azure/src/main/java/org/apache/guacamole/auth/vault/azure/conf/AzureKeyVaultAuthenticationException.java#L22-L30

The API provided for Azure does not allow for checked exceptions like 
`GuacamoleException` to be thrown. Only unchecked exceptions can be used for 
things which must be thrown within callbacks, etc. in their API. We catch this 
specific exception and translate into a `GuacamoleException` before things make 
their way back out to Guacamole.


---

[GitHub] guacamole-client pull request #336: GUACAMOLE-641: Add support for populatin...

2018-12-13 Thread mike-jumper 
Github user mike-jumper commented on a diff in the pull request:

https://github.com/apache/guacamole-client/pull/336#discussion_r241524434
  
--- Diff: 
extensions/guacamole-auth-vault/modules/guacamole-auth-vault-azure/src/main/java/org/apache/guacamole/auth/vault/azure/AzureKeyVaultAuthenticationProviderModule.java
 ---
@@ -0,0 +1,61 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.auth.vault.azure;
+
+import com.microsoft.azure.keyvault.authentication.KeyVaultCredentials;
+import org.apache.guacamole.GuacamoleException;
+import org.apache.guacamole.auth.vault.VaultAuthenticationProviderModule;
+import 
org.apache.guacamole.auth.vault.azure.conf.AzureKeyVaultConfigurationService;
+import org.apache.guacamole.auth.vault.azure.conf.AzureKeyVaultCredentials;
+import 
org.apache.guacamole.auth.vault.azure.secret.AzureKeyVaultSecretService;
+import org.apache.guacamole.auth.vault.conf.VaultConfigurationService;
+import org.apache.guacamole.auth.vault.secret.VaultSecretService;
+
+/**
+ * Guice module which configures injections specific to Azure Key Vault
+ * support.
+ */
+public class AzureKeyVaultAuthenticationProviderModule
+extends VaultAuthenticationProviderModule {
+
+/**
+ * Creates a new AzureKeyVaultAuthenticationiProviderModule which
--- End diff --

OK - will fix.


---