Page History

#!/bin/bash

pass=replace_with_your_pass 

logfile=/home/vclguac/logs/addremoveconnections.log 

if [ "$#" -lt 3 ]; then
	echo "Usage:"
	echo ""
	echo "$0 <username> <IP> \"<image name>\""
	exit 1
fi

username=$1
IP=$2
image=$3
remoteIP=$4
conname="$image - $IP"

now=`date`
echo "================================================================================" >> $logfile
echo "$now - adding connection entry" >> $logfile
echo "user:   $username" >> $logfile
echo "IP:     $IP" >> $logfile
echo "userIP: $remoteIP" >> $logfile
echo "image:  $image" >> $logfile
echo "name:   $conname" >> $logfile

# check that user has account
cnt=$(mysql -s -u vclguacsql -p$pass guacamole_db -e "SELECT COUNT(user_id) FROM guacamole_user WHERE full_name = '$username';" | tail -n 1)
if [[ "$cnt" -ne 1 ]]; then
       cat /home/vclguac/createusertemplate.sql | sed "s/THENEWUSER/$username/g" | mysql -u vclguacsql -p$pass guacamole_db | tee -a $logfile
fi

mysql -u vclguacsql -p$pass guacamole_db -e "INSERT INTO guacamole_connection (connection_name, protocol) VALUES ('$conname', 'rdp');" | tee -a $logfile

mysql -u vclguacsql -p$pass guacamole_db -e "INSERT INTO guacamole_connection_permission (entity_id, connection_id, permission) VALUES ((SELECT entity_id FROM guacamole_entity WHERE name = '$usern
ame$username' AND \`type\` = 'USER'), (SELECT connection_id FROM guacamole_connection WHERE connection_name = '$conname' AND protocol = 'rdp'), 'READ');" | tee -a $logfile

mysql -u vclguacsql -p$pass guacamole_db -e "INSERT INTO guacamole_connection_parameter (connection_id, parameter_name, parameter_value) VALUES ((SELECT connection_id FROM guacamole_connection WHE
REWHERE connection_name = '$conname' AND protocol = 'rdp'), 'disable-auth', 'true'), ((SELECT connection_id FROM guacamole_connection WHERE connection_name = '$conname' AND protocol = 'rdp'), 'hostname
', '$IP'), ((SELECT connection_id FROM guacamole_connection WHERE connection_name = '$conname' AND protocol = 'rdp'), 'ignore-cert', 'true'), ((SELECT connection_id FROM guacamole_connection WHERE
 connection_name = '$conname' AND protocol = 'rdp'), 'port', '3389'), ((SELECT connection_id FROM guacamole_connection WHERE connection_name = '$conname' AND protocol = 'rdp'), 'resize-method', 'd
isplaydisplay-update'), ((SELECT connection_id FROM guacamole_connection WHERE connection_name = '$conname' AND protocol = 'rdp'), 'security', 'any');" | tee -a $logfile

if [[ $remoteIP != "" ]]; then
       sudo /usr/local/bin/add_iptables_client.sh $remoteIP $username $IP | tee -a $logfile
fi

-- Generate salt 
SET @salt = UNHEX(SHA2(UUID(), 256)); 

-- Create base entity entry for user 
INSERT INTO guacamole_entity (name, type) 
VALUES ('THENEWUSER', 'USER'); 

-- Create user and hash password with salt 
INSERT INTO guacamole_user ( 
   entity_id, 
   password_salt, 
   password_hash, 
   password_date, 
   full_name 
) 
SELECT 
   entity_id, 
   @salt, 
   UNHEX(SHA2(CONCAT(LEFT(MD5(RAND()), 20), HEX(@salt)), 256)), 
   CURRENT_TIMESTAMP, 
   'THENEWUSER' 
FROM guacamole_entity 
WHERE 
   name = 'THENEWUSER' 
   AND type = 'USER'; 


INSERT INTO guacamole_user_permission (entity_id, affected_user_id, permission) 
VALUES 
((SELECT entity_id FROM guacamole_entity WHERE name = 'THENEWUSER' AND `type` = 'USER'), (SELECT user_id FROM guacamole_user WHERE full_name = 'THENEWUSER'), 'READ'), 
(1, (SELECT user_id FROM guacamole_user WHERE full_name = 'THENEWUSER'), 'READ'), 
(1, (SELECT user_id FROM guacamole_user WHERE full_name = 'THENEWUSER'), 'UPDATE'), 
(1, (SELECT user_id FROM guacamole_user WHERE full_name = 'THENEWUSER'), 'ADMINISTER'), 
(1, (SELECT user_id FROM guacamole_user WHERE full_name = 'THENEWUSER'), 'DELETE')

#!/usr/bin/perl 
use strict; 
use warnings FATAL => 'all'; 

use JSON; 

my $guacServerIP=10.10.10.10;

my $datafile = $ARGV[0]; 

if(! (open(DATA, '<', "$datafile"))) { 
  exit 1; 
} 

my $jsondata = do { local $/; <DATA> }; 
close(DATA); 

my $data = decode_json($jsondata); 

my $image = $data->{image}{prettyname}; 
$image =~ s/[\[\]\(\)\!\@\#\$\%\^\&\*\+\=\<\>]//g; 

if($data->{OS}{type} eq 'windows') { 
   `ssh -q -i /etc/vcl/vcl.key vclguac\@
$guacServerIP@$guacServerIP ./delconnection.sh $data->{computer}{IPaddress} \\'$image\\' $data->{user}{unityid} $data->{reservation}{remoteIP}`; 
   `ssh -q $data->{computer}{privateIPaddress} c:/windows/sysnative/netsh.exe advfirewall firewall delete rule name=\\\\\\"VCL: allow TCP/3389 from Guacamole server\\\\\\"`; 
   `echo "\$(date) deleted firewall rule on $data->{computer}{IPaddress} for Guacamole server" >> /var/log/guacamole.log`; 
} 

#!/usr/bin/perl 
use strict; 
use warnings FATAL => 'all'; 

use JSON; 

my $guacServerIP=10.10.10.10;

my $datafile = $ARGV[0]; 

if(! (open(DATA, '<', "$datafile"))) { 
  exit 1; 
} 

my $jsondata = do { local $/; <DATA> }; 
close(DATA); 

my $data = decode_json($jsondata); 

my $image = $data->{image}{prettyname}; 
$image =~ s/[\[\]\(\)\!\@\#\$\%\^\&\*\+\=\<\>]//g; 

if($data->{OS}{type} eq 'windows') { 
   `ssh -q -i /etc/vcl/vcl.key vclguac\@$guacServerIP ./addconnection.sh $data->{user}{unityid} $data->{computer}{IPaddress} \\'$image\\' $data->{reservation}{remoteIP}`; 
   `ssh -q $data->{computer}{privateIPaddress} c:/windows/sysnative/netsh.exe advfirewall firewall add rule name=\\\\\\"VCL: allow TCP/3389 from Guacamole server\\\\\\" dir=in action=allow protocol=tcp localport=3389 remoteip=
$guacServerIP`; 
   `echo "\$(date) added firewall rule on $data->{computer}{IPaddress} for Guacamole server" >> /var/log/guacamole.log`; 
   `ssh -q $data->{computer}{privateIPaddress} \"echo vcld_tainted=user may have logged in >> currentimage.txt\"` 
} 

INSERT INTO connectmethod (name, description, connecttext, servicename, startupscript) VALUES 
('guacamole', 'Guacamole Web Connection', 'Use your web browser to connect to the following URL. If you only have one reservation, you will be connected to it after logging in to Guacamole. If you have multiple reservations, select the desired reservation after logging in to the Guacamole server. Use the following username and password when logging in to your reservation after logging in to the Guacamole server. <br>\r\n<ul>\r\n<li><b>URL</b>: <a href=\"https://10.10.10.10/\">https://10.10.10.10/</a></li>\r\n<li><b>User ID</b>: #userid#</li>\r\n<li><b>Password</b>: #password#</li>\r\n</ul>\r\n', '', NULL);
INSERT INTO connectmethodmap (connectmethodid, OStypeid, OSid, imagerevisionid, disabled, autoprovisioned) VALUES 
((SELECT id FROM connectmethod WHERE name = 'guacamole'), (SELECT id FROM OStype WHERE name = 'windows'), NULL, NULL, 0, 1);