define('UNAUTHORIZED_SESSION_MODE', 'unauthorized_session_mode'); define('USER_WITH_ACTIVE_SESSION', 'user_with_active_session'); function throw_response($response_code_) { Logger::error('main', '(client/start) throw_response(\'' . $response_code_ . '\')'); header('Content-Type: text/xml; charset=utf-8'); $dom = new DomDocument('1.0', 'utf-8'); $response_node = $dom->createElement('response'); $response_node->setAttribute('code', $response_code_); $dom->appendChild($response_node); echo $dom->saveXML(); die; } try { $sessionManagement = SessionManagement::getInstance(); } catch (Exception $err) { throw_response(INTERNAL_ERROR); } if (!$sessionManagement->initialize()) { Logger::error('main', '(client/auth) SessionManagement initialization failed'); throw_response(INTERNAL_ERROR); } if (!$sessionManagement->parseClientRequest(@file_get_contents('php://input'))) { Logger::error('main', '(client/auth) Client does not send a valid XML'); throw_response(INTERNAL_ERROR); } if (!$sessionManagement->authenticate()) { Logger::error('main', '(client/auth) Authentication failed'); throw_response(AUTH_FAILED); } $_SESSION['user_login'] = $sessionManagement->user->getAttribute('login');
public function prepareAPSAccess($session_) { $remote_desktop_settings = $this->user->getSessionSettings('remote_desktop_settings'); $default_settings = $this->user->getSessionSettings('session_settings_defaults'); $prepare_servers = array(); # No_desktop option management if (isset($this->no_desktop) && $this->no_desktop === true) { if ($authorize_no_desktop === true) { $no_desktop_process = 1; } else { Logger::warning('main', 'SessionManagement::prepareAPSAccess - Cannot apply no_desktop parameter because policy forbid it'); } } if ($default_settings['use_known_drives'] == 1) { $use_known_drives = 'true'; } $profile_mode = $default_settings['profile_mode']; $use_local_ime = $session_->settings['use_local_ime']; $desktop_icons = $remote_desktop_settings['desktop_icons']; $need_valid_profile = $default_settings['start_without_profile'] == 0; $user_login_aps = $session_->settings['aps_access_login']; $user_password_aps = $session_->settings['aps_access_password']; $user_login_fs = $session_->settings['fs_access_login']; $user_password_fs = $session_->settings['fs_access_password']; $remote_desktop_settings = $this->user->getSessionSettings('remote_desktop_settings'); $allow_external_applications = array_key_exists('allow_external_applications', $remote_desktop_settings) && $remote_desktop_settings['allow_external_applications'] == 1; if (isset($this->language)) { $locale = locale2unix($this->language); } else { $locale = $this->user->getLocale(); } if (isset($this->timezone) && $this->timezone != '') { $timezone = $this->timezone; } if ($session_->mode == Session::MODE_DESKTOP) { $have_external_apps = false; if (array_key_exists(Server::SERVER_ROLE_APS, $session_->servers)) { $have_external_apps |= count($session_->servers[Server::SERVER_ROLE_APS]) > 1; } if (array_key_exists(Server::SERVER_ROLE_WEBAPPS, $session_->servers)) { $have_external_apps |= count($session_->servers[Server::SERVER_ROLE_WEBAPPS]) > 0; } if ($session_->mode == Session::MODE_DESKTOP && $allow_external_applications && $have_external_apps) { $external_apps_token = new Token(gen_unique_string()); $external_apps_token->type = 'external_apps'; $external_apps_token->link_to = $session_->id; $external_apps_token->valid_until = 0; Abstract_Token::save($external_apps_token); } $prepare_servers[] = $session_->server; } if ($session_->mode == Session::MODE_APPLICATIONS || $session_->mode == Session::MODE_DESKTOP && $allow_external_applications) { foreach ($session_->servers[Server::SERVER_ROLE_APS] as $server_id => $data) { if ($session_->mode == Session::MODE_DESKTOP && $allow_external_applications && $server_id == $session_->server) { continue; } $prepare_servers[] = $server_id; } } $count_prepare_servers = 0; foreach ($prepare_servers as $prepare_server) { $count_prepare_servers++; $server = Abstract_Server::load($prepare_server); if (!$server) { continue; } if (!array_key_exists(Server::SERVER_ROLE_APS, $server->getRoles())) { continue; } $server_applications = $server->getApplications(); if (!is_array($server_applications)) { $server_applications = array(); } $available_applications = array(); foreach ($server_applications as $server_application) { $available_applications[] = $server_application->getAttribute('id'); } $dom = new DomDocument('1.0', 'utf-8'); $session_node = $dom->createElement('session'); $session_node->setAttribute('id', $session_->id); $session_node->setAttribute('mode', $session_->mode == Session::MODE_DESKTOP && $count_prepare_servers == 1 ? Session::MODE_DESKTOP : Session::MODE_APPLICATIONS); // OvdShell Configuration $shell_node = $dom->createElement('shell'); $session_node->appendChild($shell_node); if (isset($external_apps_token)) { $setting_node = $dom->createElement('setting'); $setting_node->setAttribute('name', 'external_apps_token'); $setting_node->setAttribute('value', $external_apps_token->id); $shell_node->appendChild($setting_node); } if (isset($this->start_apps) && is_array($this->start_apps)) { $start_apps = $this->start_apps; $applicationDB = ApplicationDB::getInstance(); foreach ($start_apps as $start_app) { $app = $applicationDB->import($start_app['id']); if (!is_object($app)) { Logger::error('main', 'SessionManagement::prepareAPSAccess - No such application for id \'' . $start_app['id'] . '\''); throw_response(SERVICE_NOT_AVAILABLE); } $apps = $session_->getPublishedApplications(); $ok = false; foreach ($apps as $user_app) { if ($user_app->getAttribute('id') == $start_app['id']) { $ok = true; break; } } if ($ok === false) { Logger::error('main', 'SessionManagement::prepareAPSAccess - Application not available for user \'' . $user->getAttribute('login') . '\' id \'' . $start_app['id'] . '\''); return false; } } } foreach (array('no_desktop_process', 'use_known_drives', 'profile_mode', 'use_local_ime') as $parameter) { if (!isset(${$parameter})) { continue; } $setting_node = $dom->createElement('setting'); $setting_node->setAttribute('name', $parameter); $setting_node->setAttribute('value', ${$parameter}); $shell_node->appendChild($setting_node); } foreach (array('desktop_icons', 'locale', 'timezone', 'need_valid_profile') as $parameter) { if (!isset(${$parameter})) { continue; } $parameter_node = $dom->createElement('parameter'); $parameter_node->setAttribute('name', $parameter); $parameter_node->setAttribute('value', ${$parameter}); $session_node->appendChild($parameter_node); } $scripts = $this->user->scripts(); if (is_array($scripts)) { $scripts_node = $dom->createElement('scripts'); foreach ($scripts as $script) { $script_node = $dom->createElement('script'); $script_node->setAttribute('id', $script->getAttribute('id')); $script_node->setAttribute('type', $script->getAttribute('type')); $script_node->setAttribute('name', $script->getAttribute('name')); $scripts_node->appendChild($script_node); } $shell_node->appendChild($scripts_node); } $user_node = $dom->createElement('user'); $user_node->setAttribute('login', $user_login_aps); $user_node->setAttribute('password', $user_password_aps); $user_node->setAttribute('displayName', $this->user->getAttribute('displayname')); $session_node->appendChild($user_node); if (array_key_exists(Server::SERVER_ROLE_FS, $session_->servers)) { foreach ($session_->servers[Server::SERVER_ROLE_FS] as $server_id => $netfolders) { $fs_server = Abstract_Server::load($server_id); foreach ($netfolders as $netfolder) { $uri = 'cifs://' . $fs_server->getExternalName() . '/' . $netfolder['dir']; $netfolder_node = $dom->createElement($netfolder['type']); $netfolder_node->setAttribute('rid', $netfolder['rid']); $netfolder_node->setAttribute('uri', $uri); if ($netfolder['type'] == 'profile') { $netfolder_node->setAttribute('profile_mode', $profile_mode); } if ($netfolder['type'] == 'sharedfolder') { $netfolder_node->setAttribute('name', $netfolder['name']); $netfolder_node->setAttribute('mode', $netfolder['mode']); } $netfolder_node->setAttribute('login', $user_login_fs); $netfolder_node->setAttribute('password', $user_password_fs); $session_node->appendChild($netfolder_node); } } } foreach ($this->forced_sharedfolders as $share) { $sharedfolder_node = $dom->createElement('sharedfolder'); $sharedfolder_node->setAttribute('rid', $share['rid']); $sharedfolder_node->setAttribute('uri', $share['uri']); $sharedfolder_node->setAttribute('name', $share['name']); if (array_key_exists('login', $share) && array_key_exists('password', $share)) { $sharedfolder_node->setAttribute('login', $share['login']); $sharedfolder_node->setAttribute('password', $share['password']); } $session_node->appendChild($sharedfolder_node); } // Pass custom shared folders to the server foreach (Plugin::dispatch('getSharedFolders', $server) as $plugin => $results) { foreach ($results as $sharedfolder) { $sharedfolder_ok = true; $sharedfolder_node = $dom->createElement('sharedfolder'); foreach (array('uri', 'name', 'rid') as $key) { if (array_key_exists($key, $sharedfolder)) { $sharedfolder_node->setAttribute($key, $sharedfolder[$key]); } else { Logger::error('main', 'SharedFolder is missing ' . $key . ' parameter in ' . $plugin); $sharedfolder_ok = false; } } foreach (array('login', 'password') as $key) { if (array_key_exists($key, $sharedfolder)) { $sharedfolder_node->setAttribute($key, $sharedfolder[$key]); } } if (($have_login = array_key_exists('login', $sharedfolder)) != array_key_exists('password', $sharedfolder) && $have_login) { Logger::error('main', 'SharedFolder login and password are both required if one is present in ' . $plugin); $sharedfolder_ok = false; } if ($sharedfolder_ok) { $session_node->appendChild($sharedfolder_node); } } } foreach ($session_->getPublishedApplications() as $application) { if ($application->getAttribute('type') != $server->getAttribute('type')) { continue; } if (!in_array($application->getAttribute('id'), $available_applications)) { continue; } $application_node = $dom->createElement('application'); $application_node->setAttribute('id', $application->getAttribute('id')); $application_node->setAttribute('name', $application->getAttribute('name')); if (!$application->getAttribute('static')) { $application_node->setAttribute('mode', 'local'); } else { $application_node->setAttribute('mode', 'static'); } $session_node->appendChild($application_node); } if (isset($start_apps) && is_array($start_apps)) { $start_node = $dom->createElement('start'); foreach ($start_apps as $start_app) { $application_node = $dom->createElement('application'); $application_node->setAttribute('app_id', $start_app['id']); if (array_key_exists('arg', $start_app) && !is_null($start_app['arg'])) { $application_node->setAttribute('arg', $start_app['arg']); } if (array_key_exists('file', $start_app)) { $file_node = $dom->createElement('file'); $file_node->setAttribute('type', $start_app['file']['type']); $file_node->setAttribute('location', $start_app['file']['location']); $file_node->setAttribute('path', $start_app['file']['path']); $application_node->appendChild($file_node); } $start_node->appendChild($application_node); } $session_node->appendChild($start_node); } $dom->appendChild($session_node); $this->appendToSessionCreateXML($dom); $xml = $dom->saveXML(); $session_create_xml = query_url_post_xml($server->getBaseURL() . '/aps/session/create', $xml); $ret = $this->parseSessionCreate($session_create_xml); if (!$ret) { Logger::critical('main', 'SessionManagement::prepareAPSAccess - Unable to create Session \'' . $session->id . '\' for User \'' . $session->user_login . '\' on Server \'' . $server->fqdn . '\', aborting'); $session->orderDeletion(true, Session::SESSION_END_STATUS_ERROR); return false; } } return true; }
$mimetype_node->setAttribute('type', $mimetype); $application_node->appendChild($mimetype_node); } $server_node->appendChild($application_node); } $session_node->appendChild($server_node); } } if (array_key_exists(Server::SERVER_ROLE_WEBAPPS, $session->servers)) { foreach ($session->servers[Server::SERVER_ROLE_WEBAPPS] as $server_id => $data) { $server = Abstract_Server::load($server_id); if (!$server) { throw_response(INTERNAL_ERROR); } if (!array_key_exists(Server::SERVER_ROLE_WEBAPPS, $server->getRoles())) { throw_response(INTERNAL_ERROR); } $server_node = $dom->createElement('webapp-server'); $server_node->setAttribute('type', 'webapps'); $server_node->setAttribute('base-url', $server->getBaseURL()); $server_node->setAttribute('webapps-url', $session->settings['webapps-url']); $server_node->setAttribute('login', $user_login_webapps); $server_node->setAttribute('password', $user_password_webapps); foreach ($session->getPublishedApplications() as $application) { if ($application->getAttribute('type') != 'webapp') { continue; } $application_node = $dom->createElement('application'); $application_node->setAttribute('id', $application->getAttribute('id')); $application_node->setAttribute('type', 'webapp'); $application_node->setAttribute('name', $application->getAttribute('name'));
public function getDesktopServer($type_ = 'any') { if (!$this->user) { Logger::error('main', 'SessionManagement::getDesktopServer("' . $type_ . '") - User is not authenticated, aborting'); throw_response(AUTH_FAILED); } $allowed_servers = array(); $remote_desktop_settings = $this->user->getSessionSettings('remote_desktop_settings'); if (array_key_exists('allowed_desktop_servers', $remote_desktop_settings)) { $allowed_servers = $remote_desktop_settings['allowed_desktop_servers']; } $this->desktop_server = false; switch ($type_) { case Server::SERVER_TYPE_LINUX: case Server::SERVER_TYPE_WINDOWS: $user_applications = $this->user->applications($type_, true); $usable_servers = array(); foreach ($this->servers[Server::SERVER_ROLE_APS] as $fqdn => $data) { $server = Abstract_Server::load($fqdn); if (!$server) { continue; } if (count($allowed_servers) > 0) { if (!in_array($fqdn, $allowed_servers)) { Logger::info('main', 'SessionManagement::getDesktopServer("' . $type_ . '") - can\'t used server "' . $fqdn . '" as desktop server because not in allowed desktop servers list'); continue; } } if ($server->getAttribute('type') == $type_) { $usable_servers[$server->fqdn] = 0; $server_applications = $server->getApplications(); foreach ($server_applications as $server_application) { if (in_array($server_application, $user_applications)) { $usable_servers[$server->fqdn] += 1; } } } } break; case 'any': default: $user_applications = $this->user->applications(NULL, true); $usable_servers = array(); foreach ($this->servers[Server::SERVER_ROLE_APS] as $fqdn => $data) { $server = Abstract_Server::load($fqdn); if (!$server) { continue; } if (count($allowed_servers) > 0) { if (!in_array($fqdn, $allowed_servers)) { Logger::info('main', 'SessionManagement::getDesktopServer("' . $type_ . '") - can\'t used server "' . $fqdn . '" as desktop server because not in allowed desktop servers list'); continue; } } $usable_servers[$server->fqdn] = 0; $server_applications = $server->getApplications(); foreach ($server_applications as $server_application) { if (in_array($server_application, $user_applications)) { $usable_servers[$server->fqdn] += 1; } } } break; } arsort($usable_servers); if (count($usable_servers) > 0) { $this->desktop_server = array_shift(array_keys($usable_servers)); } if (!$this->desktop_server) { Logger::error('main', 'SessionManagement::getDesktopServer("' . $type_ . '") - No desktop server found for User "' . $this->user->getAttribute('login') . '", aborting'); return false; } return $this->desktop_server; }