def clientEnabler(request, idService, idTransport):
# Maybe we could even protect this even more by limiting referer to own server /? (just a meditation..)
url = ''
error = _('Service not ready. Please, try again in a while.')
try:
res = getService(request, idService, idTransport, doTest=False)
if res is not None:
scrambler = cryptoManager().randomString(32)
password = cryptoManager().xor(webPassword(request), scrambler)
_x, ads, _x, trans, _x = res
data = {
'service': 'A' + ads.uuid,
'transport': trans.uuid,
'user': request.user.uuid,
'password': password
}
ticket = TicketStore.create(data)
error = ''
url = html.udsLink(request, ticket, scrambler)
except Exception as e:
error = six.text_type(e)
# Not ready, show message and return to this page in a while
return HttpResponse('{{ "url": "{}", "error": "{}" }}'.format(url, error), content_type='application/json')
def getLink(self, userService, transport, ip, os, user, password, request):
ci = self.processUserPassword(userService, user, password)
username, password, domain = ci['username'], ci['password'], ci['domain']
if domain != '':
username = domain + '\\' + username
# Build params dict
params = {
'protocol': 'rdp',
'hostname': ip,
'username': username,
'password': password,
'ignore-cert': 'true'
}
if self.enableAudio.isTrue() is False:
params['disable-audio'] = 'true'
if self.enablePrinting.isTrue() is True:
params['enable-printing'] = 'true'
logger.debug('RDP Params: {0}'.format(params))
ticket = TicketStore.create(params)
return HttpResponseRedirect("{}/transport/?{}&{}".format(self.guacamoleServer.value, ticket, request.build_absolute_uri(reverse('Index'))))
def clientEnabler(request, idService, idTransport):
# Maybe we could even protect this even more by limiting referer to own server /? (just a meditation..)
url = ''
error = _('Service not ready. Please, try again in a while.')
try:
res = getService(request, idService, idTransport, doTest=False)
if res is not None:
scrambler = cryptoManager().randomString(32)
password = cryptoManager().xor(webPassword(request), scrambler)
_x, ads, _x, trans, _x = res
data = {
'service': 'A' + ads.uuid,
'transport': trans.uuid,
'user': request.user.uuid,
'password': password
}
ticket = TicketStore.create(data)
error = ''
url = html.udsLink(request, ticket, scrambler)
except Exception as e:
error = six.text_type(e)
# Not ready, show message and return to this page in a while
return HttpResponse('{{ "url": "{}", "error": "{}" }}'.format(url, error),
content_type='application/json')
def authCallback(request: HttpRequest, authName: str) -> HttpResponse:
"""
This url is provided so external SSO authenticators can get an url for
redirecting back the users.
This will invoke authCallback of the requested idAuth and, if this represents
an authenticator that has an authCallback
"""
try:
authenticator = Authenticator.objects.get(name=authName)
params = request.GET.copy()
params.update(request.POST)
logger.debug('Auth callback for %s with params %s', authenticator,
params.keys())
ticket = TicketStore.create({
'params': params,
'auth': authenticator.uuid
})
return HttpResponseRedirect(
reverse('page.auth.callback_stage2', args=[ticket]))
except Exception as e:
# No authenticator found...
return errors.exceptionView(request, e)
def getUDSTransportScript(self, userService, transport, ip, os, user, password, request):
prefs = user.prefs('nx')
username = user.getUsernameForAuth()
proc = username.split('@')
username = proc[0]
if self._fixedName is not '':
username = self._fixedName
if self._fixedPassword is not '':
password = self._fixedPassword
if self._useEmptyCreds is True:
username, password = '', ''
tunpass = ''.join(random.choice(string.letters + string.digits) for _i in range(12))
tunuser = TicketStore.create(tunpass)
sshServer = self._tunnelServer
if ':' not in sshServer:
sshServer += ':443'
sshHost, sshPort = sshServer.split(':')
logger.debug('Username generated: {0}, password: {1}'.format(tunuser, tunpass))
width, height = CommonPrefs.getWidthHeight(prefs)
# Fix username/password acording to os manager
username, password = userService.processUserPassword(username, password)
m = {
'ip': ip,
'tunUser': tunuser,
'tunPass': tunpass,
'tunHost': sshHost,
'tunPort': sshPort,
'password': password,
'port': self._listenPort
}
r = NXFile(username=username, password=password, width=width, height=height)
r.host = '{address}'
r.port = '{port}'
r.connection = self._connection
r.desktop = self._session
r.cachedisk = self._cacheDisk
r.cachemem = self._cacheMem
os = {
OsDetector.Windows: 'windows',
OsDetector.Linux: 'linux',
OsDetector.Macintosh: 'macosx'
}.get(os['OS'])
if os is None:
return super(TSNXTransport, self).getUDSTransportScript(self, userService, transport, ip, os, user, password, request)
return self.getScript('scripts/{}/tunnel.py'.format(os)).format(
r=r,
m=DictAsObj(m),
)
def getUDSTransportScript(self, userService, transport, ip, os, user, password, request):
prefs = user.prefs('nx')
username = user.getUsernameForAuth()
proc = username.split('@')
username = proc[0]
if self._fixedName is not '':
username = self._fixedName
if self._fixedPassword is not '':
password = self._fixedPassword
if self._useEmptyCreds is True:
username, password = '', ''
tunpass = ''.join(random.choice(string.letters + string.digits) for _i in range(12))
tunuser = TicketStore.create(tunpass)
sshServer = self._tunnelServer
if ':' not in sshServer:
sshServer += ':443'
sshHost, sshPort = sshServer.split(':')
logger.debug('Username generated: {0}, password: {1}'.format(tunuser, tunpass))
width, height = CommonPrefs.getWidthHeight(prefs)
# Fix username/password acording to os manager
username, password = userService.processUserPassword(username, password)
m = {
'ip': ip,
'tunUser': tunuser,
'tunPass': tunpass,
'tunHost': sshHost,
'tunPort': sshPort,
'password': password,
'port': self._listenPort
}
r = NXFile(username=username, password=password, width=width, height=height)
r.host = '{address}'
r.port = '{port}'
r.connection = self._connection
r.desktop = self._session
r.cachedisk = self._cacheDisk
r.cachemem = self._cacheMem
os = {
OsDetector.Windows: 'windows',
OsDetector.Linux: 'linux',
OsDetector.Macintosh: 'macosx'
}.get(os['OS'])
if os is None:
return super(self.__class__, self).getUDSTransportScript(userService, transport, ip, os, user, password, request)
return self.getScript('scripts/{}/tunnel.py'.format(os)).format(
r=r,
m=DictAsObj(m),
)
def getLink(self, userService, transport, ip, os, user, password, request):
ci = self.processUserPassword(userService, user, password)
username, password, domain = ci['username'], ci['password'], ci[
'domain']
if domain != '':
username = domain + '\\' + username
# Build params dict
params = {
'protocol': 'rdp',
'hostname': ip,
'username': username,
'password': password,
'ignore-cert': 'true'
}
if self.enableAudio.isTrue() is False:
params['disable-audio'] = 'true'
if self.enablePrinting.isTrue() is True:
params['enable-printing'] = 'true'
logger.debug('RDP Params: {0}'.format(params))
ticket = TicketStore.create(params)
return HttpResponseRedirect("{}/transport/?{}&{}".format(
self.guacamoleServer.value, ticket,
request.build_absolute_uri(reverse('Index'))))
def enableService(request: 'ExtendedHttpRequestWithUser', idService: str,
idTransport: str) -> typing.Mapping[str, typing.Any]:
# Maybe we could even protect this even more by limiting referer to own server /? (just a meditation..)
logger.debug('idService: %s, idTransport: %s', idService, idTransport)
url = ''
error = ugettext('Service not ready. Please, try again in a while.')
# If meta service, process and rebuild idService & idTransport
try:
res = userServiceManager().getService(request.user,
request.os,
request.ip,
idService,
idTransport,
doTest=False)
scrambler = cryptoManager().randomString(32)
password = cryptoManager().symCrypt(webPassword(request), scrambler)
userService, trans = res[1], res[3]
typeTrans = trans.getType()
error = '' # No error
if typeTrans.ownLink:
url = reverse('TransportOwnLink',
args=('A' + userService.uuid, trans.uuid))
else:
data = {
'service': 'A' + userService.uuid,
'transport': trans.uuid,
'user': request.user.uuid,
'password': password
}
ticket = TicketStore.create(data)
url = html.udsLink(request, ticket, scrambler)
except ServiceNotReadyError as e:
logger.debug('Service not ready')
# Not ready, show message and return to this page in a while
# error += ' (code {0:04X})'.format(e.code)
error = ugettext(
'Your service is being created, please, wait for a few seconds while we complete it.)'
) + '({}%)'.format(int(e.code * 25))
except MaxServicesReachedError:
logger.info('Number of service reached MAX for service pool "%s"',
idService)
error = errors.errorString(errors.MAX_SERVICES_REACHED)
except ServiceAccessDeniedByCalendar:
logger.info('Access tried to a calendar limited access pool "%s"',
idService)
error = errors.errorString(errors.SERVICE_CALENDAR_DENIED)
except Exception as e:
logger.exception('Error')
error = str(e)
return {'url': str(url), 'error': str(error)}
def getUDSTransportScript( # pylint: disable=too-many-locals
self, userService: 'models.UserService', transport: 'models.Transport',
ip: str, os: typing.Dict[str, str], user: '******', password: str,
request: 'HttpRequest'
) -> typing.Tuple[str, str, typing.Dict[str, typing.Any]]:
userServiceInstance: typing.Any = userService.getInstance()
# Spice connection
con = userServiceInstance.getConsoleConnection()
port: str = con['port'] or '-1'
secure_port: str = con['secure_port'] or '-1'
# Ticket
tunpass = ''.join(random.SystemRandom().choice(string.letters +
string.digits)
for _i in range(12))
tunuser = TicketStore.create(tunpass)
sshHost, sshPort = self.tunnelServer.value.split(':')
r = RemoteViewerFile('127.0.0.1',
'{port}',
'{secure_port}',
con['ticket']['value'],
self.serverCertificate.value.strip(),
con['cert_subject'],
fullscreen=self.fullScreen.isTrue())
r.usb_auto_share = self.usbShare.isTrue()
r.new_usb_auto_share = self.autoNewUsbShare.isTrue()
r.smartcard = self.smartCardRedirect.isTrue()
osName = {
OsDetector.Windows: 'windows',
OsDetector.Linux: 'linux',
OsDetector.Macintosh: 'macosx'
}.get(os['OS'])
if osName is None:
return super().getUDSTransportScript(userService, transport, ip,
os, user, password, request)
# if sso: # If SSO requested, and when supported by platform
# userServiceInstance.desktopLogin(user, password, '')
sp = {
'as_file': r.as_file,
'as_file_ns': r.as_file_ns,
'tunUser': tunuser,
'tunPass': tunpass,
'tunHost': sshHost,
'tunPort': sshPort,
'ip': con['address'],
'port': port,
'secure_port': secure_port
}
return self.getScript('scripts/{}/tunnel.py', osName, sp)
def userServiceEnabler(request, idService, idTransport):
# Maybe we could even protect this even more by limiting referer to own server /? (just a meditation..)
logger.debug('idService: {}, idTransport: {}'.format(
idService, idTransport))
url = ''
error = _('Service not ready. Please, try again in a while.')
# If meta service, process and rebuild idService & idTransport
try:
res = userServiceManager().getService(request.user,
request.os,
request.ip,
idService,
idTransport,
doTest=False)
scrambler = cryptoManager().randomString(32)
password = cryptoManager().symCrypt(webPassword(request), scrambler)
_x, userService, _x, trans, _x = res
data = {
'service': 'A' + userService.uuid,
'transport': trans.uuid,
'user': request.user.uuid,
'password': password
}
ticket = TicketStore.create(data)
error = ''
url = html.udsLink(request, ticket, scrambler)
except ServiceNotReadyError as e:
logger.debug('Service not ready')
# Not ready, show message and return to this page in a while
error += ' (code {0:04X})'.format(e.code)
except MaxServicesReachedError:
logger.info(
'Number of service reached MAX for service pool "{}"'.format(
idService))
error = errors.errorString(errors.MAX_SERVICES_REACHED)
except ServiceAccessDeniedByCalendar:
logger.info(
'Access tried to a calendar limited access pool "{}"'.format(
idService))
error = errors.errorString(errors.SERVICE_CALENDAR_DENIED)
except Exception as e:
logger.exception('Error')
error = str(e)
return HttpResponse(json.dumps({
'url': str(url),
'error': str(error)
}),
content_type='application/json')
def getUDSTransportScript(self, userService, transport, ip, os, user,
password, request):
userServiceInstance = userService.getInstance()
# Spice connection
con = userServiceInstance.getConsoleConnection()
port, secure_port = con['port'], con['secure_port']
port = -1 if port is None else port
secure_port = -1 if secure_port is None else secure_port
# Ticket
tunpass = ''.join(random.SystemRandom().choice(string.letters +
string.digits)
for _i in range(12))
tunuser = TicketStore.create(tunpass)
sshHost, sshPort = self.tunnelServer.value.split(':')
r = RemoteViewerFile('127.0.0.1',
'{port}',
'{secure_port}',
con['ticket']['value'],
self.serverCertificate.value,
con['cert_subject'],
fullscreen=self.fullScreen.isTrue())
r.usb_auto_share = self.usbShare.isTrue()
r.new_usb_auto_share = self.autoNewUsbShare.isTrue()
r.smartcard = self.smartCardRedirect.isTrue()
m = tools.DictAsObj({
'r': r,
'tunUser': tunuser,
'tunPass': tunpass,
'tunHost': sshHost,
'tunPort': sshPort,
'ip': con['address'],
'port': port,
'secure_port': secure_port
})
os = {
OsDetector.Windows: 'windows',
OsDetector.Linux: 'linux',
OsDetector.Macintosh: 'macosx'
}.get(os.OS)
if os is None:
return super(self.__class__,
self).getUDSTransportScript(userService, transport,
ip, os, user, password,
request)
return self.getScript('scripts/{}/tunnel.py'.format(os)).format(m=m)
def getLink(self, userService, transport, ip, os, user, password, request):
ci = self.processUserPassword(userService, user, password)
username, password, domain = ci['username'], ci['password'], ci[
'domain']
if domain != '':
username = domain + '\\' + username
scrambler = cryptoManager().randomString(32)
passwordCrypted = cryptoManager().symCrypt(password, scrambler)
# Build params dict
params = {
'protocol': 'rdp',
'hostname': ip,
'username': username,
'password': passwordCrypted,
'ignore-cert': 'true',
'security': self.security.value,
'drive-path': '/share/{}'.format(user.uuid),
'create-drive-path': 'true'
}
if self.enableFileSharing.isTrue():
params['enable-drive'] = 'true'
if self.serverLayout.value != '-':
params['server-layout'] = self.serverLayout.value
if self.enableAudio.isTrue() is False:
params['disable-audio'] = 'true'
if self.enablePrinting.isTrue() is True:
params['enable-printing'] = 'true'
if self.wallpaper.isTrue() is True:
params['enable-wallpaper'] = 'true'
if self.desktopComp.isTrue() is True:
params['enable-desktop-composition'] = 'true'
if self.smooth.isTrue() is True:
params['enable-font-smoothing'] = 'true'
logger.debug('RDP Params: {0}'.format(params))
ticket = TicketStore.create(params, validity=self.ticketValidity.num())
return HttpResponseRedirect("{}/transport/?{}.{}&{}".format(
self.guacamoleServer.value, ticket, scrambler,
request.build_absolute_uri(reverse('Index'))))
def getLink(self, userService, transport, ip, os, user, password, request):
ci = self.processUserPassword(userService, user, password)
username, password, domain = ci['username'], ci['password'], ci['domain']
if domain != '':
username = domain + '\\' + username
scrambler = cryptoManager().randomString(32)
passwordCrypted = cryptoManager().symCrypt(password, scrambler)
# Build params dict
params = {
'protocol': 'rdp',
'hostname': ip,
'username': username,
'password': passwordCrypted,
'ignore-cert': 'true',
'security': self.security.value,
'drive-path': '/share/{}'.format(user.uuid),
'create-drive-path': 'true'
}
if self.enableFileSharing.isTrue():
params['enable-drive'] = 'true'
if self.serverLayout.value != '-':
params['server-layout'] = self.serverLayout.value
if self.enableAudio.isTrue() is False:
params['disable-audio'] = 'true'
if self.enablePrinting.isTrue() is True:
params['enable-printing'] = 'true'
if self.wallpaper.isTrue() is True:
params['enable-wallpaper'] = 'true'
if self.desktopComp.isTrue() is True:
params['enable-desktop-composition'] = 'true'
if self.smooth.isTrue() is True:
params['enable-font-smoothing'] = 'true'
logger.debug('RDP Params: {0}'.format(params))
ticket = TicketStore.create(params, validity=self.ticketValidity.num())
return HttpResponseRedirect("{}/transport/?{}.{}&{}".format(self.guacamoleServer.value, ticket, scrambler, request.build_absolute_uri(reverse('utility.closer'))))
def userServiceEnabler(request, idService, idTransport):
# Maybe we could even protect this even more by limiting referer to own server /? (just a meditation..)
logger.debug('idService: {}, idTransport: {}'.format(idService, idTransport))
url = ''
error = _('Service not ready. Please, try again in a while.')
# If meta service, process and rebuild idService & idTransport
try:
res = userServiceManager().getService(request.user, request.os, request.ip, idService, idTransport, doTest=False)
scrambler = cryptoManager().randomString(32)
password = cryptoManager().symCrypt(webPassword(request), scrambler)
_x, userService, _x, trans, _x = res
data = {
'service': 'A' + userService.uuid,
'transport': trans.uuid,
'user': request.user.uuid,
'password': password
}
ticket = TicketStore.create(data)
error = ''
url = html.udsLink(request, ticket, scrambler)
except ServiceNotReadyError as e:
logger.debug('Service not ready')
# Not ready, show message and return to this page in a while
error += ' (code {0:04X})'.format(e.code)
except MaxServicesReachedError:
logger.info('Number of service reached MAX for service pool "{}"'.format(idService))
error = errors.errorString(errors.MAX_SERVICES_REACHED)
except ServiceAccessDeniedByCalendar:
logger.info('Access tried to a calendar limited access pool "{}"'.format(idService))
error = errors.errorString(errors.SERVICE_CALENDAR_DENIED)
except Exception as e:
logger.exception('Error')
error = str(e)
return HttpResponse(
json.dumps({
'url': str(url),
'error': str(error)
}),
content_type='application/json'
)
def processUserPassword(self, service, username, password):
if service.getProperty('sso_available') == '1':
# Generate a ticket, store it and return username with no password
domain = ''
if '@' in username:
username, domain = username.split('@')
elif '\\' in username:
username, domain = username.split('\\')
creds = {
'username': username,
'password': password,
'domain': domain
}
ticket = TicketStore.create(creds, validator=None, validity=300) # , owner=SECURE_OWNER, secure=True)
return ticket, ''
else:
return osmanagers.OSManager.processUserPassword(self, service, username, password)
def processUserPassword(self, service, username, password):
if service.getProperty('sso_available') == '1':
# Generate a ticket, store it and return username with no password
domain = ''
if '@' in username:
username, domain = username.split('@')
elif '\\' in username:
username, domain = username.split('\\')
creds = {
'username': username,
'password': password,
'domain': domain
}
ticket = TicketStore.create(creds, validator=None, validity=300) # , owner=SECURE_OWNER, secure=True)
return ticket, ''
else:
return osmanagers.OSManager.processUserPassword(self, service, username, password)
def getUDSTransportScript(self, userService, transport, ip, os, user, password, request):
userServiceInstance = userService.getInstance()
# Spice connection
con = userServiceInstance.getConsoleConnection()
port, secure_port = con['port'], con['secure_port']
port = -1 if port is None else port
secure_port = -1 if secure_port is None else secure_port
# Ticket
tunpass = ''.join(random.choice(string.letters + string.digits) for _i in range(12))
tunuser = TicketStore.create(tunpass)
sshHost, sshPort = self.tunnelServer.value.split(':')
r = RemoteViewerFile('127.0.0.1', '{port}', '{secure_port}', con['ticket']['value'], self.serverCertificate.value, con['cert_subject'], fullscreen=self.fullScreen.isTrue())
r.usb_auto_share = self.usbShare.isTrue()
r.new_usb_auto_share = self.autoNewUsbShare.isTrue()
r.smartcard = self.smartCardRedirect.isTrue()
m = tools.DictAsObj({
'r': r,
'tunUser': tunuser,
'tunPass': tunpass,
'tunHost': sshHost,
'tunPort': sshPort,
'ip': con['address'],
'port': port,
'secure_port': secure_port
})
os = {
OsDetector.Windows: 'windows',
OsDetector.Linux: 'linux',
OsDetector.Macintosh: 'macosx'
}.get(os.OS)
if os is None:
return super(self.__class__, self).getUDSTransportScript(userService, transport, ip, os, user, password, request)
return self.getScript('scripts/{}/tunnel.py'.format(os)).format(m=m)
def clientEnabler(request, idService, idTransport):
# Maybe we could even protect this even more by limiting referer to own server /? (just a meditation..)
logger.debug('idService: {}, idTransport: {}'.format(idService, idTransport))
url = ''
error = _('Service not ready. Please, try again in a while.')
try:
res = userServiceManager().getService(request.user, request.ip, idService, idTransport, doTest=False)
scrambler = cryptoManager().randomString(32)
password = cryptoManager().xor(webPassword(request), scrambler)
_x, userService, _x, trans, _x = res
data = {
'service': 'A' + userService.uuid,
'transport': trans.uuid,
'user': request.user.uuid,
'password': password
}
ticket = TicketStore.create(data)
error = ''
url = html.udsLink(request, ticket, scrambler)
except ServiceNotReadyError as e:
logger.debug('Service not ready')
# Not ready, show message and return to this page in a while
error += ' (code {0:04X})'.format(e.code)
except MaxServicesReachedError:
logger.info('Number of service reached MAX for service pool "{}"'.format(idService))
error = errors.errorString(errors.MAX_SERVICES_REACHED)
except Exception as e:
logger.exception('Error')
error = six.text_type(e)
return HttpResponse(
'{{ "url": "{}", "error": "{}" }}'.format(url, error),
content_type='application/json'
)
def put(self):
"""
Processes put requests, currently only under "create"
"""
logger.debug(self._args)
# Parameters can only be theese
for p in self._params:
if p not in VALID_PARAMS:
logger.debug('Parameter {} not in valid ticket parameters list'.format(p))
raise RequestError('Invalid parameters')
if len(self._args) != 1 or self._args[0] not in ('create',):
raise RequestError('Invalid method')
if 'username' not in self._params or 'groups' not in self._params:
raise RequestError('Invalid parameters')
found = None
for i in ('authId', 'authTag', 'auth', 'authSmallName'):
if i in self._params:
found = i
break
if found is None:
raise RequestError('Invalid parameters (no auth)')
force = self._params.get('force', '0') in ('1', 'true', 'True')
userIp = self._params.get('userIp', None)
try:
authId = self._params.get('authId', None)
authTag = self._params.get('authTag', self._params.get('authSmallName', None))
authName = self._params.get('auth', None)
# Will raise an exception if no auth found
if authId is not None:
auth = Authenticator.objects.get(uuid=processUuid(authId.lower()))
elif authName is not None:
auth = Authenticator.objects.get(name=authName)
else:
auth = Authenticator.objects.get(small_name=authTag)
username = self._params['username']
password = self._params.get('password', '') # Some machines needs password, depending on configuration
groups = self._params['groups']
if isinstance(groups, (six.text_type, six.binary_type)):
groups = (groups,)
grps = []
for g in groups:
try:
grps.append(auth.groups.get(name=g).uuid)
except Exception:
logger.info('Group {} from ticket does not exists on auth {}, forced creation: {}'.format(g, auth, force))
if force:
grps.append(auth.groups.create(name=g, comments='Autocreated form ticket by using force paratemeter').uuid)
if len(grps) == 0: # No valid group in groups names
raise Exception('Authenticator does not contain ANY of the requested groups')
groups = grps
time = int(self._params.get('time', 60))
time = 60 if time < 1 else time
realname = self._params.get('realname', self._params['username'])
servicePool = self._params.get('servicePool', None)
transport = self._params.get('transport', None)
if servicePool is not None:
servicePool = DeployedService.objects.get(uuid=processUuid(servicePool))
# If forced that servicePool must honor groups
if force:
for addGrp in set(groups) - set(servicePool.assignedGroups.values_list('uuid', flat=True)):
servicePool.assignedGroups.add(auth.groups.get(uuid=addGrp))
if transport is not None:
transport = Transport.objects.get(uuid=processUuid(transport))
try:
servicePool.validateTransport(transport)
except Exception:
logger.error('Transport {} is not valid for Service Pool {}'.format(transport.name, servicePool.name))
raise Exception('Invalid transport for Service Pool')
else:
if userIp is None:
transport = tools.DictAsObj({'uuid': None})
else:
transport = None
for v in servicePool.transports.order_by('priority'):
if v.validForIp(userIp):
transport = v
break
if transport is None:
logger.error('Service pool {} does not has valid transports for ip {}'.format(servicePool.name, userIp))
raise Exception('Service pool does not has any valid transports for ip {}'.format(userIp))
servicePool = servicePool.uuid
transport = transport.uuid # pylint: disable=maybe-no-member
except Authenticator.DoesNotExist:
return Tickets.result(error='Authenticator does not exists')
except DeployedService.DoesNotExist:
return Tickets.result(error='Service pool does not exists')
except Transport.DoesNotExist:
return Tickets.result(error='Transport does not exists')
except Exception as e:
return Tickets.result(error=six.text_type(e))
data = {
'username': username,
'password': cryptoManager().encrypt(password),
'realname': realname,
'groups': groups,
'auth': auth.uuid,
'servicePool': servicePool,
'transport': transport,
}
ticket = TicketStore.create(data)
return Tickets.result(ticket)
def getUDSTransportScript(self, userService, transport, ip, os, user, password, request):
# We use helper to keep this clean
# prefs = user.prefs('rdp')
ci = self.getConnectionInfo(userService, user, password)
username, password, domain = ci['username'], ci['password'], ci['domain']
# width, height = CommonPrefs.getWidthHeight(prefs)
# depth = CommonPrefs.getDepth(prefs)
width, height = self.screenSize.value.split('x')
depth = self.colorDepth.value
tunpass = ''.join(random.choice(string.letters + string.digits) for _i in range(12))
tunuser = TicketStore.create(tunpass)
sshHost, sshPort = self.tunnelServer.value.split(':')
logger.debug('Username generated: {0}, password: {1}'.format(tunuser, tunpass))
r = RDPFile(width == '-1' or height == '-1', width, height, depth, target=os['OS'])
r.enablecredsspsupport = ci.get('sso', self.credssp.isTrue())
r.address = '{address}'
r.username = username
r.password = password
r.domain = domain
r.redirectPrinters = self.allowPrinters.isTrue()
r.redirectSmartcards = self.allowSmartcards.isTrue()
r.redirectDrives = self.allowDrives.isTrue()
r.redirectHome = self.redirectHome.isTrue()
r.redirectSerials = self.allowSerials.isTrue()
r.enableClipboard = self.allowClipboard.isTrue()
r.redirectAudio = self.allowAudio.isTrue()
r.showWallpaper = self.wallpaper.isTrue()
r.multimon = self.multimon.isTrue()
r.desktopComposition = self.aero.isTrue()
r.smoothFonts = self.smooth.isTrue()
r.multimedia = self.multimedia.isTrue()
r.alsa = self.alsa.isTrue()
r.smartcardString = self.smartcardString.value
r.printerString = self.printerString.value
r.linuxCustomParameters = self.customParameters.value
# data
# data = {
# 'os': os['OS'],
# 'ip': ip,
# 'tunUser': tunuser,
# 'tunPass': tunpass,
# 'tunHost': sshHost,
# 'tunPort': sshPort,
# 'tunWait': self.tunnelWait.num(),
# 'username': username,
# 'password': password,
# 'hasCredentials': username != '' and password != '',
# 'domain': domain,
# 'width': width,
# 'height': height,
# 'depth': depth,
# 'printers': self.allowPrinters.isTrue(),
# 'smartcards': self.allowSmartcards.isTrue(),
# 'drives': self.allowDrives.isTrue(),
# 'serials': self.allowSerials.isTrue(),
# 'compression': True,
# 'wallpaper': self.wallpaper.isTrue(),
# 'multimon': self.multimon.isTrue(),
# 'fullScreen': width == -1 or height == -1,
# 'this_server': request.build_absolute_uri('/'),
# 'r': r,
# }
os = {
OsDetector.Windows: 'windows',
OsDetector.Linux: 'linux',
OsDetector.Macintosh: 'macosx'
}.get(os['OS'])
if os is None:
return super(self.__class__, self).getUDSTransportScript(userService, transport, ip, os, user, password, request)
sp = {
'tunUser': tunuser,
'tunPass': tunpass,
'tunHost': sshHost,
'tunPort': sshPort,
'tunWait': self.tunnelWait.num(),
'ip': ip,
'password': password,
'this_server': request.build_absolute_uri('/'),
}
m = tools.DictAsObj(data)
return self.getScript('scripts/{}/tunnel.py', os, sp)
def getUDSTransportScript(self, userService, transport, ip, os, user, password, request):
# We use helper to keep this clean
# prefs = user.prefs('rdp')
ci = self.getConnectionInfo(userService, user, password)
username, password, domain = ci['username'], ci['password'], ci['domain']
# width, height = CommonPrefs.getWidthHeight(prefs)
# depth = CommonPrefs.getDepth(prefs)
width, height = self.screenSize.value.split('x')
depth = self.colorDepth.value
tunpass = ''.join(random.choice(string.letters + string.digits) for _i in range(12))
tunuser = TicketStore.create(tunpass)
sshHost, sshPort = self.tunnelServer.value.split(':')
logger.debug('Username generated: {0}, password: {1}'.format(tunuser, tunpass))
r = RDPFile(width == '-1' or height == '-1', width, height, depth, target=os['OS'])
r.enablecredsspsupport = ci.get('sso', self.credssp.isTrue())
r.address = '{address}'
r.username = username
r.password = password
r.domain = domain
r.redirectPrinters = self.allowPrinters.isTrue()
r.redirectSmartcards = self.allowSmartcards.isTrue()
r.redirectDrives = self.allowDrives.value
r.redirectHome = self.redirectHome.isTrue()
r.redirectSerials = self.allowSerials.isTrue()
r.enableClipboard = self.allowClipboard.isTrue()
r.redirectAudio = self.allowAudio.isTrue()
r.showWallpaper = self.wallpaper.isTrue()
r.multimon = self.multimon.isTrue()
r.desktopComposition = self.aero.isTrue()
r.smoothFonts = self.smooth.isTrue()
r.multimedia = self.multimedia.isTrue()
r.alsa = self.alsa.isTrue()
r.smartcardString = self.smartcardString.value
r.printerString = self.printerString.value
r.linuxCustomParameters = self.customParameters.value
# data
# data = {
# 'os': os['OS'],
# 'ip': ip,
# 'tunUser': tunuser,
# 'tunPass': tunpass,
# 'tunHost': sshHost,
# 'tunPort': sshPort,
# 'tunWait': self.tunnelWait.num(),
# 'username': username,
# 'password': password,
# 'hasCredentials': username != '' and password != '',
# 'domain': domain,
# 'width': width,
# 'height': height,
# 'depth': depth,
# 'printers': self.allowPrinters.isTrue(),
# 'smartcards': self.allowSmartcards.isTrue(),
# 'drives': self.allowDrives.isTrue(),
# 'serials': self.allowSerials.isTrue(),
# 'compression': True,
# 'wallpaper': self.wallpaper.isTrue(),
# 'multimon': self.multimon.isTrue(),
# 'fullScreen': width == -1 or height == -1,
# 'this_server': request.build_absolute_uri('/'),
# 'r': r,
# }
os = {
OsDetector.Windows: 'windows',
OsDetector.Linux: 'linux',
OsDetector.Macintosh: 'macosx'
}.get(os['OS'])
if os is None:
return super(self.__class__, self).getUDSTransportScript(userService, transport, ip, os, user, password, request)
sp = {
'tunUser': tunuser,
'tunPass': tunpass,
'tunHost': sshHost,
'tunPort': sshPort,
'tunWait': self.tunnelWait.num(),
'ip': ip,
'password': password,
'this_server': request.build_absolute_uri('/'),
}
m = tools.DictAsObj(data)
return self.getScript('scripts/{}/tunnel.py', os, sp)
def getUDSTransportScript(self, userService, transport, ip, os, user, password, request):
prefs = user.prefs('nx')
ci = self.getConnectionInfo(userService, user, password)
username = ci['username']
priv, pub = self.getAndPushKey(username, userService)
width, height = CommonPrefs.getWidthHeight(prefs)
logger.debug('')
xf = x2gofile.getTemplate(
speed=self.speed.value,
pack=self.pack.value,
quality=self.quality.value,
sound=self.sound.isTrue(),
soundSystem=self.sound.value,
windowManager=self.desktopType.value,
exports=self.exports.isTrue(),
width=width,
height=height,
user=username
)
tunpass = ''.join(random.choice(string.letters + string.digits) for _i in range(12))
tunuser = TicketStore.create(tunpass)
sshHost, sshPort = self.tunnelServer.value.split(':')
# data
data = {
'os': os['OS'],
'ip': ip,
'port': 22,
'tunUser': tunuser,
'tunPass': tunpass,
'tunHost': sshHost,
'tunPort': sshPort,
'username': username,
'key': priv,
'width': width,
'height': height,
'printers': True,
'drives': self.exports.isTrue(),
'fullScreen': width == -1 or height == -1,
'this_server': request.build_absolute_uri('/'),
'xf': xf
}
m = tools.DictAsObj(data)
os = {
OsDetector.Windows: 'windows',
OsDetector.Linux: 'linux',
# OsDetector.Macintosh: 'macosx'
}.get(m.os)
if os is None:
return super(self.__class__, self).getUDSTransportScript(userService, transport, ip, os, user, password, request)
return self.getScript('scripts/{}/tunnel.py'.format(os)).format(m=m)
def getUDSTransportScript( # pylint: disable=too-many-locals
self, userService: 'models.UserService', transport: 'models.Transport',
ip: str, os: typing.Dict[str, str], user: '******', password: str,
request: 'HttpRequest'
) -> typing.Tuple[str, str, typing.Dict[str, typing.Any]]:
# We use helper to keep this clean
# prefs = user.prefs('rdp')
ci = self.getConnectionInfo(userService, user, password)
username, password, domain = ci['username'], ci['password'], ci[
'domain']
# width, height = CommonPrefs.getWidthHeight(prefs)
# depth = CommonPrefs.getDepth(prefs)
width, height = self.screenSize.value.split('x')
depth = self.colorDepth.value
tunpass = ''.join(random.SystemRandom().choice(string.ascii_letters +
string.digits)
for _i in range(12))
tunuser = TicketStore.create(tunpass)
sshHost, sshPort = self.tunnelServer.value.split(':')
logger.debug('Username generated: %s, password: %s', tunuser, tunpass)
r = RDPFile(width == '-1' or height == '-1',
width,
height,
depth,
target=os['OS'])
r.enablecredsspsupport = ci.get(
'sso') == 'True' or self.credssp.isTrue()
r.address = '{address}'
r.username = username
r.password = password
r.domain = domain
r.redirectPrinters = self.allowPrinters.isTrue()
r.redirectSmartcards = self.allowSmartcards.isTrue()
r.redirectDrives = self.allowDrives.value
r.redirectHome = self.redirectHome.isTrue()
r.redirectSerials = self.allowSerials.isTrue()
r.enableClipboard = self.allowClipboard.isTrue()
r.redirectAudio = self.allowAudio.isTrue()
r.showWallpaper = self.wallpaper.isTrue()
r.multimon = self.multimon.isTrue()
r.desktopComposition = self.aero.isTrue()
r.smoothFonts = self.smooth.isTrue()
r.enablecredsspsupport = self.credssp.isTrue()
r.multimedia = self.multimedia.isTrue()
r.alsa = self.alsa.isTrue()
r.smartcardString = self.smartcardString.value
r.printerString = self.printerString.value
r.linuxCustomParameters = self.customParameters.value
r.enforcedShares = self.enforceDrives.value
osName = {
OsDetector.Windows: 'windows',
OsDetector.Linux: 'linux',
OsDetector.Macintosh: 'macosx'
}.get(os['OS'])
if osName is None:
return super().getUDSTransportScript(userService, transport, ip,
os, user, password, request)
sp = {
'tunUser': tunuser,
'tunPass': tunpass,
'tunHost': sshHost,
'tunPort': sshPort,
'tunWait': self.tunnelWait.num(),
'ip': ip,
'password': password,
'this_server': request.build_absolute_uri('/'),
}
if osName == 'windows':
if password != '':
r.password = '******'
sp.update({
'as_file': r.as_file,
})
elif osName == 'linux':
sp.update({
'as_new_xfreerdp_params': r.as_new_xfreerdp_params,
'as_rdesktop_params': r.as_rdesktop_params,
})
else: # Mac
sp.update({
'as_file': r.as_file,
'as_cord_url': r.as_cord_url,
'as_new_xfreerdp_params': r.as_new_xfreerdp_params,
})
if domain != '':
sp['usernameWithDomain'] = '{}\\\\{}'.format(domain, username)
else:
sp['usernameWithDomain'] = username
return self.getScript('scripts/{}/tunnel.py', osName, sp)
def getUDSTransportScript( # pylint: disable=too-many-locals
self, userService: 'models.UserService', transport: 'models.Transport',
ip: str, os: typing.Dict[str, str], user: '******', password: str,
request: 'HttpRequest'
) -> typing.Tuple[str, str, typing.Dict[str, typing.Any]]:
ci = self.getConnectionInfo(userService, user, password)
username = ci['username']
priv, pub = self.getAndPushKey(username, userService)
width, height = self.getScreenSize()
rootless = False
desktop = self.desktopType.value
if desktop == "UDSVAPP":
desktop = "/usr/bin/udsvapp " + self.customCmd.value
rootless = True
xf = x2go_file.getTemplate(speed=self.speed.value,
pack=self.pack.value,
quality=self.quality.value,
sound=self.sound.isTrue(),
soundSystem=self.sound.value,
windowManager=desktop,
exports=self.exports.isTrue(),
rootless=rootless,
width=width,
height=height,
user=username)
tunpass = ''.join(random.SystemRandom().choice(string.ascii_letters +
string.digits)
for _i in range(12))
tunuser = TicketStore.create(tunpass)
sshHost, sshPort = self.tunnelServer.value.split(':')
# data
data = {
'os': os['OS'],
'ip': ip,
'port': 22,
'key': priv,
'width': width,
'height': height,
'printers': True,
'drives': self.exports.isTrue(),
'fullScreen': width == -1 or height == -1,
'this_server': request.build_absolute_uri('/'),
'xf': xf
}
m = tools.DictAsObj(data)
osName = {
OsDetector.Windows: 'windows',
OsDetector.Linux: 'linux',
# OsDetector.Macintosh: 'macosx'
}.get(os['OS'])
if osName is None:
return super().getUDSTransportScript(userService, transport, ip,
os, user, password, request)
sp = {
'tunUser': tunuser,
'tunPass': tunpass,
'tunHost': sshHost,
'tunPort': sshPort,
'ip': ip,
'port': '22',
'key': priv,
'xf': xf
}
return self.getScript('scripts/{}/direct.py', osName, sp)
def getUDSTransportScript(self, userService, transport, ip, os, user, password, request):
# We use helper to keep this clean
# prefs = user.prefs('rdp')
ci = self.getConnectionInfo(userService, user, password)
username, password, domain = ci['username'], ci['password'], ci['domain']
# width, height = CommonPrefs.getWidthHeight(prefs)
# depth = CommonPrefs.getDepth(prefs)
width, height = self.screenSize.value.split('x')
depth = self.colorDepth.value
tunpass = ''.join(random.SystemRandom().choice(string.ascii_letters + string.digits) for _i in range(12))
tunuser = TicketStore.create(tunpass)
sshHost, sshPort = self.tunnelServer.value.split(':')
logger.debug('Username generated: {0}, password: {1}'.format(tunuser, tunpass))
r = RDPFile(width == '-1' or height == '-1', width, height, depth, target=os['OS'])
r.enablecredsspsupport = ci.get('sso', self.credssp.isTrue())
r.address = '{address}'
r.username = username
r.password = password
r.domain = domain
r.redirectPrinters = self.allowPrinters.isTrue()
r.redirectSmartcards = self.allowSmartcards.isTrue()
r.redirectDrives = self.allowDrives.value
r.redirectHome = self.redirectHome.isTrue()
r.redirectSerials = self.allowSerials.isTrue()
r.enableClipboard = self.allowClipboard.isTrue()
r.redirectAudio = self.allowAudio.isTrue()
r.showWallpaper = self.wallpaper.isTrue()
r.multimon = self.multimon.isTrue()
r.desktopComposition = self.aero.isTrue()
r.smoothFonts = self.smooth.isTrue()
r.enablecredsspsupport = self.credssp.isTrue()
r.multimedia = self.multimedia.isTrue()
r.alsa = self.alsa.isTrue()
r.smartcardString = self.smartcardString.value
r.printerString = self.printerString.value
r.linuxCustomParameters = self.customParameters.value
os = {
OsDetector.Windows: 'windows',
OsDetector.Linux: 'linux',
OsDetector.Macintosh: 'macosx'
}.get(os['OS'])
if os is None:
return super(self.__class__, self).getUDSTransportScript(userService, transport, ip, os, user, password, request)
sp = {
'tunUser': tunuser,
'tunPass': tunpass,
'tunHost': sshHost,
'tunPort': sshPort,
'tunWait': self.tunnelWait.num(),
'ip': ip,
'password': password,
'this_server': request.build_absolute_uri('/'),
}
if os == 'windows':
if password != '':
r.password = '******'
sp.update({
'as_file': r.as_file,
})
elif os == 'linux':
sp.update({
'as_new_xfreerdp_params': r.as_new_xfreerdp_params,
'as_rdesktop_params': r.as_rdesktop_params,
})
else: # Mac
sp.update({
'as_file': r.as_file,
'as_cord_url': r.as_cord_url,
'as_new_xfreerdp_params': r.as_new_xfreerdp_params,
})
if domain != '':
sp['usernameWithDomain'] = '{}\\\\{}'.format(domain, username)
else:
sp['usernameWithDomain'] = username
return self.getScript('scripts/{}/tunnel.py', os, sp)
def getUDSTransportScript( # pylint: disable=too-many-locals
self, userService: 'models.UserService', transport: 'models.Transport',
ip: str, os: typing.Dict[str, str], user: '******', password: str,
request: 'HttpRequest'
) -> typing.Tuple[str, str, typing.Dict[str, typing.Any]]:
prefs = self.screenSize.value
username = user.getUsernameForAuth()
proc = username.split('@')
username = proc[0]
if self._fixedName is not '':
username = self._fixedName
if self._fixedPassword is not '':
password = self._fixedPassword
if self._useEmptyCreds is True:
usernamsizerd = '', ''
tunpass = ''.join(random.SystemRandom().choice(string.ascii_letters +
string.digits)
for _i in range(12))
tunuser = TicketStore.create(tunpass)
sshServer = self._tunnelServer
if ':' not in sshServer:
sshServer += ':443'
sshHost, sshPort = sshServer.split(':')
logger.debug('Username generated: %s, password: %s', tunuser, tunpass)
width, height = CommonPrefs.getWidthHeight(prefs)
# Fix username/password acording to os manager
username, password = userService.processUserPassword(
username, password)
r = NXFile(username=username,
password=password,
width=width,
height=height)
r.host = '{address}'
r.port = '{port}'
r.linkSpeed = self._connection
r.desktop = self._session
r.cachedisk = self._cacheDisk
r.cachemem = self._cacheMem
osName = {
OsDetector.Windows: 'windows',
OsDetector.Linux: 'linux',
OsDetector.Macintosh: 'macosx'
}.get(os['OS'])
if osName is None:
return super().getUDSTransportScript(userService, transport, ip,
os, user, password, request)
sp = {
'ip': ip,
'tunUser': tunuser,
'tunPass': tunpass,
'tunHost': sshHost,
'tunPort': sshPort,
'port': self._listenPort,
'as_file_for_format': r.as_file_for_format
}
return self.getScript('scripts/{}/direct.py', osName, sp)
def getUDSTransportScript(self, userService, transport, ip, os, user, password, request):
# We use helper to keep this clean
prefs = user.prefs('rdp')
ci = self.getConnectionInfo(userService, user, password)
username, password, domain = ci['username'], ci['password'], ci['domain']
width, height = CommonPrefs.getWidthHeight(prefs)
depth = CommonPrefs.getDepth(prefs)
tunpass = ''.join(random.choice(string.letters + string.digits) for _i in range(12))
tunuser = TicketStore.create(tunpass)
sshHost, sshPort = self.tunnelServer.value.split(':')
logger.debug('Username generated: {0}, password: {1}'.format(tunuser, tunpass))
r = RDPFile(width == -1 or height == -1, width, height, depth, target=os['OS'])
r.address = '{address}'
r.username = username
r.password = password
r.domain = domain
r.redirectPrinters = self.allowPrinters.isTrue()
r.redirectSmartcards = self.allowSmartcards.isTrue()
r.redirectDrives = self.allowDrives.isTrue()
r.redirectSerials = self.allowSerials.isTrue()
r.showWallpaper = self.wallpaper.isTrue()
r.multimon = self.multimon.isTrue()
# data
data = {
'os': os['OS'],
'ip': ip,
'tunUser': tunuser,
'tunPass': tunpass,
'tunHost': sshHost,
'tunPort': sshPort,
'username': username,
'password': password,
'hasCredentials': username != '' and password != '',
'domain': domain,
'width': width,
'height': height,
'depth': depth,
'printers': self.allowPrinters.isTrue(),
'smartcards': self.allowSmartcards.isTrue(),
'drives': self.allowDrives.isTrue(),
'serials': self.allowSerials.isTrue(),
'compression': True,
'wallpaper': self.wallpaper.isTrue(),
'multimon': self.multimon.isTrue(),
'fullScreen': width == -1 or height == -1,
'this_server': request.build_absolute_uri('/'),
'r': r,
}
m = tools.DictAsObj(data)
if m.domain != '':
m.usernameWithDomain = '{}\\\\{}'.format(m.domain, m.username)
else:
m.usernameWithDomain = m.username
if m.os == OsDetector.Windows:
r.password = '******'
os = {
OsDetector.Windows: 'windows',
OsDetector.Linux: 'linux',
OsDetector.Macintosh: 'macosx'
}.get(m.os)
if os is None:
return super(TSRDPTransport, self).getUDSTransportScript(self, userService, transport, ip, os, user, password, request)
return self.getScript('scripts/{}/tunnel.py'.format(os)).format(m=m)
