Support for Guacamole 1.1.0 Install/Upgrade + More (#97)

* Updated to handle Guacamole 1.1.0 and to include support for installed Duo. * Fixed missing no color code. * Added .gitattributes file and updated README.md. * Fixed package to use FreeRDP2 variant. * Prompt test. * Another prompt test. * Another prompt test. * Another prompt test. * Formatting. * -For the install output Duo configuration values no matter what. -Updated upgrade script to include missing packages. * Added additional package to the upgrade script that may be required. * Formatting and added missing websockets package. * Added logic for upgrading the TOTP and Duo extensions. * Update README.md Changed README.md links back.
2020-02-05 14:24:52 -06:00 · 2020-02-05 14:24:52 -06:00 · dfc6f05d85
parent 17e5793676
commit dfc6f05d85
6 changed files with 139 additions and 36 deletions
--- a/.gitattributes
+++ b/.gitattributes
@ -0,0 +1 @@
+*.sh eol=lf
--- a/README.md
+++ b/README.md
@ -1,6 +1,6 @@
 # guac-install

-Script for installing Guacamole 1.0.0 on Ubuntu 16.04 or newer with MySQL. It should also work on pure Debian 7, 8, and 9. **It seems Debian 10 is not working right now**
+Script for installing Guacamole 1.1.0 on Ubuntu 16.04 or newer with MySQL. It should also work on pure Debian 7, 8, and 9. **It seems Debian 10 is not working right now**

 Run script, enter MySQL Root Password and Guacamole User password. Guacamole User is used to connect to the Guacamole Database.

@ -10,7 +10,7 @@ If you're looking to also have NGINX / Let's Encrypt / HTTPS click [HERE](https:

 ## MFA/2FA

-By default the script will install with TOTP support (Google Authenticator), if you do not want TOTP support (which if installed is mandatory for every user) you need to specify the `-n` or `--nototp` flags on the command line. Or Modify the script variable `installTOTP=false`
+By default the script will not install MFA support (QR code for Google/Microsoft Authenticator, Duo Mobile, etc. or Duo Push), if you do want MFA support you need to specify the `-t` or `--totp` or for Duo `-o` or `--duo` flags on the command line. Or modify the script variable `installTOTP=true` or `installDuo=true`

 ## How to Run:

--- a/docker-install.sh
+++ b/docker-install.sh
@ -1,7 +1,7 @@
 #!/bin/bash

 # Version number of Guacamole to install
-GUACVERSION="1.0.0"
+GUACVERSION="1.1.0"

 # Get script arguments for non-interactive mode
 while [ "$1" != "" ]; do
--- a/guac-install-server.sh
+++ b/guac-install-server.sh
@ -1,7 +1,7 @@
 #!/bin/bash

 # Version number of Guacamole to install
-GUACVERSION="1.0.0"
+GUACVERSION="1.1.0"

 # Ubuntu and Debian have different names of the libjpeg-turbo library for some reason...
 source /etc/os-release
@ -31,8 +31,8 @@ fi
 # Install Server Features
 apt update
 apt -y install build-essential libcairo2-dev ${JPEGTURBO} ${LIBPNG} libossp-uuid-dev libavcodec-dev libavutil-dev \
-libswscale-dev libfreerdp-dev libpango1.0-dev libssh2-1-dev libtelnet-dev libvncserver-dev libpulse-dev libssl-dev \
-libvorbis-dev libwebp-dev jq curl wget
+libswscale-dev freerdp2-dev libpango1.0-dev libssh2-1-dev libtelnet-dev libvncserver-dev libpulse-dev libssl-dev \
+libvorbis-dev libwebp-dev jq curl wget libtool-bin

 # If apt fails to run completely the rest of this isn't going to work...
 if [ $? != 0 ]
--- a/guac-install.sh
+++ b/guac-install.sh
@ -4,20 +4,35 @@
 if ! [ $(id -u) = 0 ]; then echo "Please run this script as sudo or root"; exit 1 ; fi

 # Version number of Guacamole to install
-GUACVERSION="1.0.0"
+GUACVERSION="1.1.0"

 # Colors to use for output
 YELLOW='\033[1;33m'
 BLUE='\033[0;34m'
 RED='\033[0;31m'
 GREEN='\033[0;32m'
+CYAN='\033[0;36m'
 NC='\033[0m' # No Color

 # Log Location
 LOG="/tmp/guacamole_${GUACVERSION}_build.log"

-# Default : Install TOTP
-installTOTP=true
+# Default : Do not install TOTP/Duo
+installTOTP=false
+installDuo=false
+
+# Prompt the user if they would like to install MFA, default of no
+PROMPT=""
+echo -e -n "${CYAN}(!)${NC} Do you want to use TOTP? (y/N): "
+read PROMPT
+echo ""
+if [[ $PROMPT =~ ^[Yy]$ ]]; then installTOTP=true; fi
+
+echo -e -n "${CYAN}(!)${NC} Do you want to use Duo? (y/N): "
+read PROMPT
+echo ""
+if [[ $PROMPT =~ ^[Yy]$ ]]; then installDuo=true; fi
+
 # Get script arguments for non-interactive mode
 while [ "$1" != "" ]; do
    case $1 in
@ -37,8 +52,11 @@ while [ "$1" != "" ]; do
            shift
            DB="$1"
            ;;
-        -n | --nototp )
-            installTOTP=false
+        -t | --totp )
+            installTOTP=true
+            ;;
+        -o | --duo )
+            installDuo=true
    esac
    shift
 done
@ -55,8 +73,8 @@ fi

 # Get MySQL root password and Guacamole User password
 if [ -n "$mysqlpwd" ] && [ -n "$guacpwd" ]; then
-        mysqlrootpassword=$mysqlpwd
-        guacdbuserpassword=$guacpwd
+    mysqlrootpassword=$mysqlpwd
+    guacdbuserpassword=$guacpwd
 else
    echo
    while true
@ -90,24 +108,19 @@ debconf-set-selections <<< "mysql-server mysql-server/root_password_again passwo
 # Ubuntu and Debian versions have differnet package names for libpng-dev
 # Ubuntu 18.04 does not include universe repo by default
 source /etc/os-release
-if [[ "${NAME}" == "Ubuntu" ]]
-then
+if [[ "${NAME}" == "Ubuntu" ]]; then
    JPEGTURBO="libjpeg-turbo8-dev"
-    if [[ "${VERSION_ID}" == "18.04" ]]
-    then
+    if [[ "${VERSION_ID}" == "18.04" ]]; then
        sed -i 's/bionic main$/bionic main universe/' /etc/apt/sources.list
    fi
-    if [[ "${VERSION_ID}" == "16.04" ]]
-    then
+    if [[ "${VERSION_ID}" == "16.04" ]]; then
        LIBPNG="libpng12-dev"
    else
        LIBPNG="libpng-dev"
    fi
-elif [[ "${NAME}" == *"Debian"* ]] || [[ "${NAME}" == *"Raspbian GNU/Linux"* ]]
-then
+elif [[ "${NAME}" == *"Debian"* ]] || [[ "${NAME}" == *"Raspbian GNU/Linux"* ]]; then
    JPEGTURBO="libjpeg62-turbo-dev"
-    if [[ "${PRETTY_NAME}" == *"stretch"* ]]
-    then
+    if [[ "${PRETTY_NAME}" == *"stretch"* ]]; then
        LIBPNG="libpng-dev"
    else
        LIBPNG="libpng12-dev"
@ -123,15 +136,13 @@ apt-get -qq update
 # Tomcat 8.0.x is End of Life, however Tomcat 7.x is not...
 # If Tomcat 8.5.x or newer is available install it, otherwise install Tomcat 7
 # I have not testing with Tomcat9...
-if [[ $(apt-cache show tomcat8 | egrep "Version: 8.[5-9]" | wc -l) -gt 0 ]]
-then
+if [[ $(apt-cache show tomcat8 | egrep "Version: 8.[5-9]" | wc -l) -gt 0 ]]; then
    TOMCAT="tomcat8"
 else
    TOMCAT="tomcat7"
 fi

-if [ -z $(command -v mysql) ]
-then
+if [ -z $(command -v mysql) ]; then
    MYSQL="mysql-server mysql-client mysql-common mysql-utilities"
 else
    MYSQL=""
@ -146,8 +157,8 @@ echo -e "${BLUE}Installing dependencies. This might take a few minutes...${NC}"
 export DEBIAN_FRONTEND=noninteractive

 apt-get -y install build-essential libcairo2-dev ${JPEGTURBO} ${LIBPNG} libossp-uuid-dev libavcodec-dev libavutil-dev \
-libswscale-dev libfreerdp-dev libpango1.0-dev libssh2-1-dev libtelnet-dev libvncserver-dev libpulse-dev libssl-dev \
-libvorbis-dev libwebp-dev ${MYSQL} libmysql-java ${TOMCAT} freerdp-x11 \
+libswscale-dev freerdp2-dev libpango1.0-dev libssh2-1-dev libtelnet-dev libvncserver-dev libpulse-dev libssl-dev \
+libvorbis-dev libwebp-dev ${MYSQL} libmysql-java ${TOMCAT} freerdp2-x11 libtool-bin libwebsockets-dev \
 ghostscript wget dpkg-dev &>> ${LOG}

 if [ $? -ne 0 ]; then
@ -187,8 +198,9 @@ if [ $? -ne 0 ]; then
    exit 1
 fi
 echo -e "${GREEN}Downloaded guacamole-auth-jdbc-${GUACVERSION}.tar.gz${NC}"
-if [ "$installTOTP" = true ] ; then
-	# Download Guacamole authentication extensions (TOTP)
+# Download Guacamole authentication extensions
+if [ "$installTOTP" = true ]; then
+    # TOTP
 	wget -q --show-progress -O guacamole-auth-totp-${GUACVERSION}.tar.gz ${SERVER}/binary/guacamole-auth-totp-${GUACVERSION}.tar.gz
 	if [ $? -ne 0 ]; then
    	echo -e "${RED}Failed to download guacamole-auth-totp-${GUACVERSION}.tar.gz"
@ -200,6 +212,19 @@ if [ "$installTOTP" = true ] ; then
 	echo -e "${GREEN}Downloading complete.${NC}"
 	tar -xzf guacamole-auth-totp-${GUACVERSION}.tar.gz
 fi
+if [ "$installDuo" = true ]; then
+    # Duo
+	wget -q --show-progress -O guacamole-auth-duo-${GUACVERSION}.tar.gz ${SERVER}/binary/guacamole-auth-duo-${GUACVERSION}.tar.gz
+	if [ $? -ne 0 ]; then
+    	echo -e "${RED}Failed to download guacamole-auth-duo-${GUACVERSION}.tar.gz"
+    	echo -e "${SERVER}/binary/guacamole-auth-duo-${GUACVERSION}.tar.gz"
+    	exit 1
+	fi
+	echo -e "${GREEN}Downloaded guacamole-auth-duo-${GUACVERSION}.tar.gz${NC}"
+
+	echo -e "${GREEN}Downloading complete.${NC}"
+	tar -xzf guacamole-auth-duo-${GUACVERSION}.tar.gz
+fi
 # Extract Guacamole files
 tar -xzf guacamole-server-${GUACVERSION}.tar.gz
 tar -xzf guacamole-auth-jdbc-${GUACVERSION}.tar.gz
@ -254,9 +279,13 @@ ln -s /usr/local/lib/freerdp/guac*.so /usr/lib/${BUILD_FOLDER}/freerdp/
 ln -s /usr/share/java/mysql-connector-java.jar /etc/guacamole/lib/
 cp guacamole-auth-jdbc-${GUACVERSION}/mysql/guacamole-auth-jdbc-mysql-${GUACVERSION}.jar /etc/guacamole/extensions/

-if [ "$installTOTP" = true ] ; then 
+if [ "$installTOTP" = true ]; then
 	cp guacamole-auth-totp-${GUACVERSION}/guacamole-auth-totp-${GUACVERSION}.jar /etc/guacamole/extensions/
 fi
+if [ "$installDuo" = true ]; then
+	cp guacamole-auth-duo-${GUACVERSION}/guacamole-auth-duo-${GUACVERSION}.jar /etc/guacamole/extensions/
+fi
+
 # Configure guacamole.properties
 rm -f /etc/guacamole/guacamole.properties
 touch /etc/guacamole/guacamole.properties
@ -266,6 +295,20 @@ echo "mysql-database: ${DB}" >> /etc/guacamole/guacamole.properties
 echo "mysql-username: ${mysqluser}" >> /etc/guacamole/guacamole.properties
 echo "mysql-password: ${guacdbuserpassword}" >> /etc/guacamole/guacamole.properties

+if [ "$installDuo" = true ]; then
+    echo "duo-api-hostname: <value>" >> /etc/guacamole/guacamole.properties
+    echo "duo-integration-key: <value>" >> /etc/guacamole/guacamole.properties
+    echo "duo-secret-key: <value>" >> /etc/guacamole/guacamole.properties
+    echo "duo-application-key: <value>" >> /etc/guacamole/guacamole.properties
+    echo -e "${BLUE}Duo is installed, it will need to be configured via guacamole.properties!${NC}"
+else
+    # Still output the values, but comment them out
+    echo "# duo-api-hostname: <value>" >> /etc/guacamole/guacamole.properties
+    echo "# duo-integration-key: <value>" >> /etc/guacamole/guacamole.properties
+    echo "# duo-secret-key: <value>" >> /etc/guacamole/guacamole.properties
+    echo "# duo-application-key: <value>" >> /etc/guacamole/guacamole.properties
+fi
+
 # restart tomcat
 echo -e "${BLUE}Restarting tomcat...${NC}"

--- a/guac-upgrade.sh
+++ b/guac-upgrade.sh
@ -4,7 +4,15 @@
 if ! [ $(id -u) = 0 ]; then echo "Please run this script as sudo or root"; exit 1 ; fi

 # Version number of Guacamole to install
-GUACVERSION="1.0.0"
+GUACVERSION="1.1.0"
+
+# Colors to use for output
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+CYAN='\033[0;36m'
+NC='\033[0m' # No Color

 # Try to get database from /etc/guacamole/guacamole.properties
 DATABASE=$(grep -oP 'mysql-database:\K.*' /etc/guacamole/guacamole.properties | awk '{print $1}')
@ -48,8 +56,15 @@ OLDVERSION=$(grep -oP 'Guacamole.API_VERSION = "\K[0-9\.]+' /var/lib/${TOMCAT}/w
 # Set SERVER to be the preferred download server from the Apache CDN
 SERVER="http://apache.org/dyn/closer.cgi?action=download&filename=guacamole/${GUACVERSION}"

-# Stop tomcat
+# Stop tomcat and guac
 service ${TOMCAT} stop
+service guacd stop
+
+# Update apt so we can search apt-cache
+apt-get -qq update
+
+# Install additional packages if they do not exist yet
+apt-get -y install freerdp2-dev freerdp2-x11 libtool-bin libwebsockets-dev

 # Download Guacamole server
 wget -O guacamole-server-${GUACVERSION}.tar.gz ${SERVER}/source/guacamole-server-${GUACVERSION}.tar.gz
@ -100,13 +115,57 @@ UPGRADEFILES=($(ls -1 guacamole-auth-jdbc-${GUACVERSION}/mysql/schema/upgrade/ |
 for FILE in ${UPGRADEFILES[@]}
 do
    FILEVERSION=$(echo ${FILE} | grep -oP 'upgrade-pre-\K[0-9\.]+(?=\.)')
-    if [[ $(echo -e "${FILEVERSION}\n${OLDVERSION}" | sort -V | head -n1) == ${OLDVERSION} && ${FILEVERSION} != ${OLDVERSION} ]]
-    then
+    if [[ $(echo -e "${FILEVERSION}\n${OLDVERSION}" | sort -V | head -n1) == ${OLDVERSION} && ${FILEVERSION} != ${OLDVERSION} ]]; then
        echo "Patching ${DATABASE} with ${FILE}"
        mysql -u root -h ${MYSQL_SERVER} ${DATABASE} < guacamole-auth-jdbc-${GUACVERSION}/mysql/schema/upgrade/${FILE}
    fi
 done

+# Check for either TOTP or Duo extensions and ugprade if found
+for file in /etc/guacamole/extensions/guacamole-auth-totp*.jar; do
+    if [[ -f $file ]]; then
+        # Upgrade TOTP
+        echo -e "${BLUE}TOTP extension was found, upgrading...${NC}"
+        rm /etc/guacamole/extensions/guacamole-auth-totp*.jar
+        wget -q --show-progress -O guacamole-auth-totp-${GUACVERSION}.tar.gz ${SERVER}/binary/guacamole-auth-totp-${GUACVERSION}.tar.gz
+        if [ $? -ne 0 ]; then
+            echo -e "${RED}Failed to download guacamole-auth-totp-${GUACVERSION}.tar.gz"
+            echo -e "${SERVER}/binary/guacamole-auth-totp-${GUACVERSION}.tar.gz"
+            exit 1
+        fi
+        echo -e "${GREEN}Downloaded guacamole-auth-totp-${GUACVERSION}.tar.gz${NC}"
+
+        echo -e "${GREEN}Downloading complete.${NC}"
+        tar -xzf guacamole-auth-totp-${GUACVERSION}.tar.gz
+        cp guacamole-auth-totp-${GUACVERSION}/guacamole-auth-totp-${GUACVERSION}.jar /etc/guacamole/extensions/
+        echo -e "${GREEN}TOTP copied to extensions.${NC}"
+
+        break
+    fi
+done
+
+for file in /etc/guacamole/extensions/guacamole-auth-duo*.jar; do
+    if [[ -f $file ]]; then
+        # Upgrade Duo
+        echo -e "${BLUE}Duo extension was found, upgrading...${NC}"
+        rm /etc/guacamole/extensions/guacamole-auth-duo*.jar
+        wget -q --show-progress -O guacamole-auth-duo-${GUACVERSION}.tar.gz ${SERVER}/binary/guacamole-auth-duo-${GUACVERSION}.tar.gz
+        if [ $? -ne 0 ]; then
+            echo -e "${RED}Failed to download guacamole-auth-duo-${GUACVERSION}.tar.gz"
+            echo -e "${SERVER}/binary/guacamole-auth-duo-${GUACVERSION}.tar.gz"
+            exit 1
+        fi
+        echo -e "${GREEN}Downloaded guacamole-auth-duo-${GUACVERSION}.tar.gz${NC}"
+
+        echo -e "${GREEN}Downloading complete.${NC}"
+        tar -xzf guacamole-auth-duo-${GUACVERSION}.tar.gz
+        cp guacamole-auth-duo-${GUACVERSION}/guacamole-auth-duo-${GUACVERSION}.jar /etc/guacamole/extensions/
+        echo -e "${GREEN}Duo copied to extensions.${NC}"
+
+        break
+    fi
+done
+
 # Start tomcat
 service ${TOMCAT} start
 service guacd start