Re: Authentication mechanism.. Was: New user questions...

[Mike Jumper]

On Sun, Mar 4, 2018 at 10:53 PM, Joachim Lindenberg 
wrote:

> Hello Mike,
>
> thanks for the pointer to Connectable interface. However I also don´t want
> to re-implement a lot that is already working, and connections work. And in
> fact I did that experiment with abusing a property getter and it works –
> quick and dirty.
>

I strongly caution against starting a new project by intentionally
following bad practice.

After doing that my biggest issue is, that I cannot detect disconnects of
> specific connections which lets me really consider better approaches.
>

Detecting disconnect is normally implemented by overriding the close()
function of the returned GuacamoleTunnel or its underlying GuacamoleSocket.
This is how the more complex authentication extensions track connection
status, like the database auth extensions.

(I would probably not suspend immediately on tunnel close on the server
> part but give a grace period for reconnections).
>
> Now I am wondering whether Connectable is the right pointer or whether
> http://guacamole.apache.org/doc/guacamole-ext/org/apache/
> guacamole/net/event/listener/Listener.html (listening for
> http://guacamole.apache.org/doc/guacamole-ext/org/apache/
> guacamole/net/event/TunnelEvent.html) would be a better alternative.
>

Event listeners are indeed an alternative, and may be simpler in your case.


> There is a getTunnel() method, but class 
> org.apache.guacamole.net.GuacamoleTunnel
> is not in the Javadocs
>

Everything is in the JavaDocs:

http://guacamole.apache.org/doc/guacamole-common/org/apache/guacamole/net/GuacamoleTunnel.html

and in fact I would need the configuration or at least the connection name.
>

Only through implementing the necessary interfaces at higher levels can you
ensure that any necessary data specific to your implementation is made
available at lower levels. If you need to take distinct action specific to
a connection when that connection is (1) established and (2) disconnected,
the best route really would be implementing a Connection which does exactly
that.

I assume the same extension can implement authentication and listener?
>

Yes.

- Mike

Re: Authentication mechanism.. Was: New user questions...

[Nick Couchman]

On Sat, Mar 3, 2018 at 6:46 PM, Mike Jumper 
wrote:

> On Sat, Mar 3, 2018 at 1:51 PM, Joachim Lindenberg  > wrote:
>>
>> (3)It is still unclear to me what configuration changes I can/should
>> support, and how to best trigger restore of VMs. One approach I am
>> experimenting with is to subclass GuacamoleConfiguration and “monitor”
>> whether parameters are accessed and then as a side effect trigger restore.
>> However the unpleasant aspect is that I´d also have to cache credentials of
>> the user then. Any better approach?
>>
>
> Can you clarify what you mean here? What do you mean by "restore" in the
> context of VMs, and why are you trying to trigger this as a side effect?
> Can you describe what you're trying to achieve at a high level - based on
> the overall goal, rather than the specifics of your current implementation?
>
> - Mike
>

IIRC from earlier conversations, "restore" in this context means to bring
them out of a suspended/sleep mode.  So, Joachim is trying to implement an
extension that will resume a VM from a suspended state when the user tries
to (or is about to) connect.  This was discussed recently in the
Wake-on-LAN conversation, where you mentioned the challenge of somehow
delaying the connection until the machine is in an operational state.

In my mind, this would involve code to do the following things:
- Determining when the VM needs to be resumed (when a user logs in, when a
connection is initiated).
- Storing/retrieving some information about each connection that determines
how/where to resume the VM, if that isn't readily obvious.  This can be
done with the newly-added code for allowing extensions to store arbitrary
code.
- Code to actually trigger the VM resume/restore.  This could involving
calling a REST API for the hypervisor manager, executing a string of
command line commands, or connecting to a TCP socket, etc.
- Somehow checking the state of the VM to see if it is up and running
before actually connecting.

-Nick

Re: Authentication mechanism.. Was: New user questions...

[Mike Jumper]

On Sat, Mar 3, 2018 at 1:51 PM, Joachim Lindenberg 
wrote:

> Hi all,
>
> I made a proof of concept and implemented my own authentication extension.
> I am however struggling with
>
> (1)Changes of guacamole.properties (where I put some settings using a
> prefix hyperv.*) are not picked up until I restart tomcat. I´d appreciate
> if changes would be monitored or picked up at login like is for
> user-mapping.xml. Or am I mislead?
>

guacamole.properties is cached after the first time it is read.
Extension-specific files, like user-mapping.xml (which is used by a
built-in extension), are governed only by how the extension was written.
The reason that user-mapping.xml is automatically reread upon modification
is because the underlying built-in extension is written to do so. You can
do this for your extension, too, of course - define your own configuration
file which is read from within GUACAMOLE_HOME, and re-read if changed.

(2)I need a json parser. Looks like there is none exposed by tomcat8 or
> guacamole. I had to copy a json implemention into my jar, which does not
> look like a good solution to me. Is there a way to refer to a standard json
> implementation?
>

I believe Guacamole bundles Jackson, so you might be able to use that,
however you are indeed expected to bundle your own dependencies. Extensions
are loaded within their own child classloaders with this in mind.

(3)It is still unclear to me what configuration changes I can/should
> support, and how to best trigger restore of VMs. One approach I am
> experimenting with is to subclass GuacamoleConfiguration and “monitor”
> whether parameters are accessed and then as a side effect trigger restore.
> However the unpleasant aspect is that I´d also have to cache credentials of
> the user then. Any better approach?
>

Can you clarify what you mean here? What do you mean by "restore" in the
context of VMs, and why are you trying to trigger this as a side effect?
Can you describe what you're trying to achieve at a high level - based on
the overall goal, rather than the specifics of your current implementation?

- Mike