GUACAMOLE-1239: Merge support for configuring username case-insensiti…

…vity.
apache · Oct 2, 2024 · 02138fb · 02138fb
2 parents 5d44ae4 + 116f709
commit 02138fb
Show file tree

Hide file tree

Showing 70 changed files with 1,977 additions and 167 deletions.
diff --git a/...mole-auth-header/src/main/java/org/apache/guacamole/auth/header/ConfigurationService.java b/...mole-auth-header/src/main/java/org/apache/guacamole/auth/header/ConfigurationService.java
@@ -53,5 +53,26 @@ public String getHttpAuthHeader() throws GuacamoleException {
             "REMOTE_USER"
         );
     }
+
+    /**
+     * Returns true if the usernames provided to the header authentication
+     * module should be treated as case-sensitive, or false if usernames
+     * should be treated as case-insensitive. This will default to the global
+     * Guacamole configuration for case-sensitivity, which defaults to true, but
+     * can be overridden for this extension, if desired.
+     * 
+     * @return
+     *     true if usernames should be treated as case-sensitive, otherwise
+     *     false.
+     * 
+     * @throws GuacamoleException 
+     *     If guacamole.properties cannot be parsed.
+     */
+    public boolean getCaseSensitiveUsernames() throws GuacamoleException {
+        return environment.getProperty(
+            HTTPHeaderGuacamoleProperties.HTTP_AUTH_CASE_SENSITIVE_USERNAMES,
+            environment.getCaseSensitiveUsernames()
+        );
+    }
 
 }
diff --git a/...-header/src/main/java/org/apache/guacamole/auth/header/HTTPHeaderGuacamoleProperties.java b/...-header/src/main/java/org/apache/guacamole/auth/header/HTTPHeaderGuacamoleProperties.java
@@ -19,7 +19,7 @@
 
 package org.apache.guacamole.auth.header;
 
-import org.apache.guacamole.properties.IntegerGuacamoleProperty;
+import org.apache.guacamole.properties.BooleanGuacamoleProperty;
 import org.apache.guacamole.properties.StringGuacamoleProperty;
 
 
@@ -36,13 +36,25 @@ public class HTTPHeaderGuacamoleProperties {
     private HTTPHeaderGuacamoleProperties() {}
 
     /**
-     * The header used for HTTP header authentication.
+     * A property used to configure the header used for HTTP header authentication.
      */
     public static final StringGuacamoleProperty HTTP_AUTH_HEADER = new StringGuacamoleProperty() {
 
         @Override
         public String getName() { return "http-auth-header"; }
 
     };
+
+    /**
+     * A property used to configure whether or not usernames within the header
+     * module should be treated as case-sensitive.
+     */
+    public static final BooleanGuacamoleProperty HTTP_AUTH_CASE_SENSITIVE_USERNAMES =
+            new BooleanGuacamoleProperty() {
+
+        @Override
+        public String getName() { return "http-auth-case-sensitive-usernames"; }
+
+    };
 
 }
diff --git a/...le-auth-header/src/main/java/org/apache/guacamole/auth/header/user/AuthenticatedUser.java b/...le-auth-header/src/main/java/org/apache/guacamole/auth/header/user/AuthenticatedUser.java
@@ -20,9 +20,13 @@
 package org.apache.guacamole.auth.header.user;
 
 import com.google.inject.Inject;
+import org.apache.guacamole.GuacamoleException;
+import org.apache.guacamole.auth.header.ConfigurationService;
 import org.apache.guacamole.net.auth.AbstractAuthenticatedUser;
 import org.apache.guacamole.net.auth.AuthenticationProvider;
 import org.apache.guacamole.net.auth.Credentials;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 /**
  * An HTTP header implementation of AuthenticatedUser, associating a
@@ -31,12 +35,23 @@
  */
 public class AuthenticatedUser extends AbstractAuthenticatedUser {
 
+    /**
+     * Logger for this class.
+     */
+    private static final Logger LOGGER = LoggerFactory.getLogger(AuthenticatedUser.class);
+
     /**
      * Reference to the authentication provider associated with this
      * authenticated user.
      */
     @Inject
     private AuthenticationProvider authProvider;
+
+    /**
+     * Service for retrieving header configuration information.
+     */
+    @Inject
+    private ConfigurationService confService;
 
     /**
      * The credentials provided when this user was authenticated.
@@ -58,6 +73,19 @@ public void init(String username, Credentials credentials) {
         setIdentifier(username.toLowerCase());
     }
 
+    @Override
+    public boolean isCaseSensitive() {
+        try {
+            return confService.getCaseSensitiveUsernames();
+        }
+        catch (GuacamoleException e) {
+            LOGGER.error("Error when trying to retrieve header configuration: {}."
+                    + " Usernames comparison will be case-sensitive.", e);
+            LOGGER.debug("Exception caught when retrieving header configuration.", e);
+            return true;
+        }
+    }
+
     @Override
     public AuthenticationProvider getAuthenticationProvider() {
         return authProvider;

diff --git a/...uth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/HistoryTrackingConnection.java b/...uth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/HistoryTrackingConnection.java
@@ -19,6 +19,7 @@
 
 package org.apache.guacamole.auth.jdbc;
 
+import com.google.inject.Inject;
 import java.util.Date;
 import java.util.HashMap;
 import java.util.Map;
@@ -55,6 +56,12 @@ public class HistoryTrackingConnection extends DelegatingConnection {
      * established connections.
      */
     private final ConnectionRecordMapper connectionRecordMapper;
+
+    /**
+     * The Guacamole server environment.
+     */
+    @Inject
+    private JDBCEnvironment environment;
 
     /**
      * Creates a new HistoryConnection that wraps the given connection,
@@ -98,7 +105,8 @@ public GuacamoleTunnel connect(GuacamoleClientInformation info,
         connectionRecordModel.setConnectionName(this.getDelegateConnection().getName());
 
         // Insert the connection history record to mark the start of this connection
-        connectionRecordMapper.insert(connectionRecordModel);
+        connectionRecordMapper.insert(connectionRecordModel,
+                environment.getCaseSensitiveUsernames());
 
         // Include history record UUID as token
         ModeledConnectionRecord modeledRecord = new ModeledConnectionRecord(connectionRecordModel);

diff --git a/...uth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/ActivityRecordMapper.java b/...uth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/ActivityRecordMapper.java
@@ -38,11 +38,16 @@ public interface ActivityRecordMapper<ModelType> {
      *
      * @param record
      *     The activity record to insert.
+     * 
+     * @param caseSensitive
+     *     Whether or not string comparisons should be done in a case-sensitive
+     *     manner.
      *
      * @return
      *     The number of rows inserted.
      */
-    int insert(@Param("record") ModelType record);
+    int insert(@Param("record") ModelType record,
+               @Param("caseSensitive") boolean caseSensitive);
 
     /**
      * Updates the given activity record in the database, assigning an end
@@ -85,6 +90,10 @@ public interface ActivityRecordMapper<ModelType> {
      *
      * @param limit
      *     The maximum number of records that should be returned.
+     * 
+     * @param caseSensitive
+     *     Whether or not string comparisons should be done in a case-sensitive
+     *     manner.
      *
      * @return
      *     The results of the search performed with the given parameters.
@@ -93,7 +102,8 @@ List<ModelType> search(@Param("identifier") String identifier,
             @Param("recordIdentifier") String recordIdentifier,
             @Param("terms") Collection<ActivityRecordSearchTerm> terms,
             @Param("sortPredicates") List<ActivityRecordSortPredicate> sortPredicates,
-            @Param("limit") int limit);
+            @Param("limit") int limit,
+            @Param("caseSensitive") boolean caseSensitive);
 
     /**
      * Searches for up to <code>limit</code> activity records that contain
@@ -132,6 +142,10 @@ List<ModelType> search(@Param("identifier") String identifier,
      *     when determining the permissions effectively granted to the user. If
      *     no groups are given, only permissions directly granted to the user
      *     will be used.
+     * 
+     * @param caseSensitive
+     *     Whether or not string comparisons should be done in a case-sensitive
+     *     manner.
      *
      * @return
      *     The results of the search performed with the given parameters.
@@ -142,6 +156,7 @@ List<ModelType> searchReadable(@Param("identifier") String identifier,
             @Param("terms") Collection<ActivityRecordSearchTerm> terms,
             @Param("sortPredicates") List<ActivityRecordSortPredicate> sortPredicates,
             @Param("limit") int limit,
-            @Param("effectiveGroups") Collection<String> effectiveGroups);
+            @Param("effectiveGroups") Collection<String> effectiveGroups,
+            @Param("caseSensitive") boolean caseSensitive);
 
 }
diff --git a/...-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connection/ConnectionService.java b/...-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connection/ConnectionService.java
@@ -28,19 +28,20 @@
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
-import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser;
-import org.apache.guacamole.language.TranslatableGuacamoleClientOverrunException;
-import org.apache.guacamole.language.TranslatableMessage;
-import org.apache.guacamole.auth.jdbc.base.ModeledDirectoryObjectMapper;
-import org.apache.guacamole.auth.jdbc.tunnel.GuacamoleTunnelService;
 import org.apache.guacamole.GuacamoleClientException;
 import org.apache.guacamole.GuacamoleException;
 import org.apache.guacamole.GuacamoleSecurityException;
+import org.apache.guacamole.auth.jdbc.JDBCEnvironment;
 import org.apache.guacamole.auth.jdbc.base.ActivityRecordSearchTerm;
 import org.apache.guacamole.auth.jdbc.base.ActivityRecordSortPredicate;
+import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser;
 import org.apache.guacamole.auth.jdbc.base.ModeledChildDirectoryObjectService;
+import org.apache.guacamole.auth.jdbc.base.ModeledDirectoryObjectMapper;
 import org.apache.guacamole.auth.jdbc.permission.ConnectionPermissionMapper;
 import org.apache.guacamole.auth.jdbc.permission.ObjectPermissionMapper;
+import org.apache.guacamole.auth.jdbc.tunnel.GuacamoleTunnelService;
+import org.apache.guacamole.language.TranslatableGuacamoleClientOverrunException;
+import org.apache.guacamole.language.TranslatableMessage;
 import org.apache.guacamole.net.GuacamoleTunnel;
 import org.apache.guacamole.net.auth.Connection;
 import org.apache.guacamole.net.auth.ConnectionRecord;
@@ -85,6 +86,12 @@ public class ConnectionService extends ModeledChildDirectoryObjectService<Modele
      */
     @Inject
     private Provider<ModeledConnection> connectionProvider;
+
+    /**
+     * The server environment for retrieving configuration.
+     */
+    @Inject
+    private JDBCEnvironment environment;
 
     /**
      * Service for creating and tracking tunnels.
@@ -486,14 +493,16 @@ public List<ConnectionRecord> retrieveHistory(String identifier,
         // Bypass permission checks if the user is privileged or has System-level audit permissions
         if (user.isPrivileged() || user.getUser().getEffectivePermissions().getSystemPermissions().hasPermission(SystemPermission.Type.AUDIT))
             searchResults = connectionRecordMapper.search(identifier,
-                    recordIdentifier, requiredContents, sortPredicates, limit);
+                    recordIdentifier, requiredContents, sortPredicates, limit,
+                    environment.getCaseSensitiveUsernames());
 
         // Otherwise only return explicitly readable history records
         else
             searchResults = connectionRecordMapper.searchReadable(identifier,
                     user.getUser().getModel(), recordIdentifier,
                     requiredContents, sortPredicates, limit,
-                    user.getEffectiveUserGroups());
+                    user.getEffectiveUserGroups(),
+                    environment.getCaseSensitiveUsernames());
 
         return getObjectInstances(searchResults);