On Wed, May 15, 2024 at 8:03 AM Stefan Müller <[email protected]> wrote:
> Hi all > > i want to enable the selection of the guacd based on connection > parameters, as is already done with some auth extensions (eg . jdbc) > according to the tutorial, the auth extension simply returns a map with > the connection parameters: > Map<String, GuacamoleConfiguration> > https://guacamole.apache.org/doc/gug/custom-auth.html > so far so fine. > > Just to be clear, the proxy configuration options are not considered connection "parameters" - in Guacamole, we distinguish between "parameters", which are entirely focused on the remote protocol being used (RDP, VNC, etc.), and are passed all the way through to guacd. For values that are consumed entirely on the client side, including those used to make the connection to guacd (like, say, proxy configuration), we call those "attributes." So, what you're looking for is considered an attribute, not a parameter. > then I saw that there is a simple connection class and a corresponding > (old) pull request (#353) > > https://github.com/apache/guacamole-client/pull/353/commits/bbe957d0e8bb80d3aa6ee67b692d769ca6e152d0 > which extends the simpleconnection class with the proxy parameters. > (thanks nick) > > the idea now is to use this simpleconnection class from this pull request. > can someone explain to me how i have to use this class then. or how / or > what i have to return so that the proxy configuration is used by guacamole? > > There are two basic things that you need to do to be able to use the proxy configuration options on a per-connection basis: * Implement the logic for getting/setting them per-connection, from some sort of back-end (LDAP, JSON, etc.). * Implement the logic within a Connection for using those values to override the global/system-provided values. In the pull request that you linked, the changes in the SimpleConnection class are really the second of those items - SimpleConnection does not deal at all with how and where connections are stored, and how to retrieve that data- it just takes the data from a calling class and uses it. So, the SimpleConnection class changes are just designed to make it such that SimpleConnection can be used with GuacamoleProxyConfiguration data provided by a calling class rather than solely gathering that data from the environment. The changes in the LDAP extension, including the schema (extending the LDAP schema to support storage) and ConnectionService (retrieving information from LDAP and parsing it out) deal with the first item in my short list above, how those values are stored and retrieved. Once they are retrieved from the newly-implemented LDAP attributes, they are passed on to the SimpleConnection class, which will then use them. > on the other hand, wouldn't it be better if the guacamole main logic would > use these parameters (proxy-host, proxy-port) from the map directly, > instead of every auth plugin having to implement this? > > Partially, yes, and that's part of what the pull request you linked accomplishes - it makes changes to the SimpleConnection class that allows it to have the GuacamoleProxyConfiguration option passed in by whatever class or extension is making use of SimpleConnection objects. That said, the getting/setting of those particular proxy values is always, to some extent, going to be extension-dependent. The JDBC extension stores them in a tables (guacamole_connection_attributes), the LDAP module will (soon, hopefully) store them in LDAP attributes. Other extensions would need to be...extended...to allow them to support the storage and retrieval of those values - I would think the JSON module would be relatively easy, if it doesn't already support it. I'm not sure how much time and effort we want to put into making the base file storage (user-mapping.xml) extension support that - it's really just an extension to get you going, and we try to avoid loading it up with features. -Nick
