GUACAMOLE-514: Add guacd support for extended VNC credentials.
This commit is contained in:
parent
f962eab27a
commit
51ae8a41a1
@ -31,3 +31,32 @@ char* guac_vnc_get_password(rfbClient* client) {
|
|||||||
return ((guac_vnc_client*) gc->data)->settings->password;
|
return ((guac_vnc_client*) gc->data)->settings->password;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
rfbCredential* guac_vnc_get_credentials(rfbClient* client, int credentialType) {
|
||||||
|
guac_client* gc = rfbClientGetClientData(client, GUAC_VNC_CLIENT_KEY);
|
||||||
|
rfbCredential *creds = malloc(sizeof(rfbCredential));
|
||||||
|
|
||||||
|
if (credentialType == rfbCredentialTypeUser) {
|
||||||
|
creds->userCredential.username = ((guac_vnc_client*) gc->data)->settings->username;
|
||||||
|
creds->userCredential.password = ((guac_vnc_client*) gc->data)->settings->password;
|
||||||
|
return creds;
|
||||||
|
}
|
||||||
|
|
||||||
|
else if (credentialType == rfbCredentialTypeX509) {
|
||||||
|
creds->x509Credential.x509ClientCertFile = ((guac_vnc_client*) gc->data)->settings->client_cert;
|
||||||
|
creds->x509Credential.x509ClientKeyFile = ((guac_vnc_client*) gc->data)->settings->client_key;
|
||||||
|
creds->x509Credential.x509CACertFile = ((guac_vnc_client*) gc->data)->settings->ca_cert;
|
||||||
|
creds->x509Credential.x509CACRLFile = ((guac_vnc_client*) gc->data)->settings->ca_crl;
|
||||||
|
|
||||||
|
if (creds->x509Credential.x509CACRLFile != NULL)
|
||||||
|
creds->x509Credential.x509CrlVerifyMode = 2;
|
||||||
|
else
|
||||||
|
creds->x509Credential.x509CrlVerifyMode = 0;
|
||||||
|
|
||||||
|
return creds;
|
||||||
|
}
|
||||||
|
|
||||||
|
guac_client_log(client, GUAC_LOG_ERROR,
|
||||||
|
"Unknown credential type requested.");
|
||||||
|
return NULL;
|
||||||
|
|
||||||
|
}
|
||||||
|
@ -27,7 +27,7 @@
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* Callback which is invoked by libVNCServer when it needs to read the user's
|
* Callback which is invoked by libVNCServer when it needs to read the user's
|
||||||
* VNC password. As ths user's password, if any, will be stored in the
|
* VNC password. As this user's password, if any, will be stored in the
|
||||||
* connection settings, this function does nothing more than return that value.
|
* connection settings, this function does nothing more than return that value.
|
||||||
*
|
*
|
||||||
* @param client
|
* @param client
|
||||||
@ -38,5 +38,19 @@
|
|||||||
*/
|
*/
|
||||||
char* guac_vnc_get_password(rfbClient* client);
|
char* guac_vnc_get_password(rfbClient* client);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Callback which is invoked by libVNCServer when it needs to read the user's
|
||||||
|
* VNC credentials. The credentials are stored in the connection settings,
|
||||||
|
* so they will be retrieved from that.
|
||||||
|
*
|
||||||
|
* @param client
|
||||||
|
* The rfbClient associated with the VNC connection requiring the
|
||||||
|
* authentication.
|
||||||
|
*
|
||||||
|
* @return
|
||||||
|
* The rfbCredential object that contains the required credentials.
|
||||||
|
*/
|
||||||
|
rfbCredential* guac_vnc_get_credentials(rfbClient* client, int credentialType);
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
@ -35,7 +35,12 @@ const char* GUAC_VNC_CLIENT_ARGS[] = {
|
|||||||
"port",
|
"port",
|
||||||
"read-only",
|
"read-only",
|
||||||
"encodings",
|
"encodings",
|
||||||
|
"username",
|
||||||
"password",
|
"password",
|
||||||
|
"client-cert",
|
||||||
|
"client-key",
|
||||||
|
"ca-cert",
|
||||||
|
"ca-crl",
|
||||||
"swap-red-blue",
|
"swap-red-blue",
|
||||||
"color-depth",
|
"color-depth",
|
||||||
"cursor",
|
"cursor",
|
||||||
@ -108,11 +113,38 @@ enum VNC_ARGS_IDX {
|
|||||||
*/
|
*/
|
||||||
IDX_ENCODINGS,
|
IDX_ENCODINGS,
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The username to send to the VNC server if authentication is requested.
|
||||||
|
*/
|
||||||
|
IDX_USERNAME,
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* The password to send to the VNC server if authentication is requested.
|
* The password to send to the VNC server if authentication is requested.
|
||||||
*/
|
*/
|
||||||
IDX_PASSWORD,
|
IDX_PASSWORD,
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The client certificate to send to the VNC server if x509 authentication
|
||||||
|
* is being used.
|
||||||
|
*/
|
||||||
|
IDX_CLIENT_CERT,
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The client private key to send to the VNC server if x509 authentication
|
||||||
|
* is being used.
|
||||||
|
*/
|
||||||
|
IDX_CLIENT_KEY,
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The CA certificate to use when performing x509 authentication.
|
||||||
|
*/
|
||||||
|
IDX_CA_CERT,
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The location of the CA CRL to use when performing x509 authentication.
|
||||||
|
*/
|
||||||
|
IDX_CA_CRL,
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* "true" if the red and blue components of each color should be swapped,
|
* "true" if the red and blue components of each color should be swapped,
|
||||||
* "false" or blank otherwise. This is mainly used for VNC servers that do
|
* "false" or blank otherwise. This is mainly used for VNC servers that do
|
||||||
@ -337,10 +369,30 @@ guac_vnc_settings* guac_vnc_parse_args(guac_user* user,
|
|||||||
guac_user_parse_args_int(user, GUAC_VNC_CLIENT_ARGS, argv,
|
guac_user_parse_args_int(user, GUAC_VNC_CLIENT_ARGS, argv,
|
||||||
IDX_PORT, 0);
|
IDX_PORT, 0);
|
||||||
|
|
||||||
|
settings->username =
|
||||||
|
guac_user_parse_args_string(user, GUAC_VNC_CLIENT_ARGS, argv,
|
||||||
|
IDX_USERNAME, ""); /* NOTE: freed by libvncclient */
|
||||||
|
|
||||||
settings->password =
|
settings->password =
|
||||||
guac_user_parse_args_string(user, GUAC_VNC_CLIENT_ARGS, argv,
|
guac_user_parse_args_string(user, GUAC_VNC_CLIENT_ARGS, argv,
|
||||||
IDX_PASSWORD, ""); /* NOTE: freed by libvncclient */
|
IDX_PASSWORD, ""); /* NOTE: freed by libvncclient */
|
||||||
|
|
||||||
|
settings->client_cert =
|
||||||
|
guac_user_parse_args_string(user, GUAC_VNC_CLIENT_ARGS, argv,
|
||||||
|
IDX_CLIENT_CERT, NULL);
|
||||||
|
|
||||||
|
settings->client_key =
|
||||||
|
guac_user_parse_args_string(user, GUAC_VNC_CLIENT_ARGS, argv,
|
||||||
|
IDX_CLIENT_KEY, NULL);
|
||||||
|
|
||||||
|
settings->ca_cert =
|
||||||
|
guac_user_parse_args_string(user, GUAC_VNC_CLIENT_ARGS, argv,
|
||||||
|
IDX_CA_CERT, NULL);
|
||||||
|
|
||||||
|
settings->ca_crl =
|
||||||
|
guac_user_parse_args_string(user, GUAC_VNC_CLIENT_ARGS, argv,
|
||||||
|
IDX_CA_CRL, NULL);
|
||||||
|
|
||||||
/* Remote cursor */
|
/* Remote cursor */
|
||||||
if (strcmp(argv[IDX_CURSOR], "remote") == 0) {
|
if (strcmp(argv[IDX_CURSOR], "remote") == 0) {
|
||||||
guac_user_log(user, GUAC_LOG_INFO, "Cursor rendering: remote");
|
guac_user_log(user, GUAC_LOG_INFO, "Cursor rendering: remote");
|
||||||
@ -530,6 +582,10 @@ void guac_vnc_settings_free(guac_vnc_settings* settings) {
|
|||||||
free(settings->hostname);
|
free(settings->hostname);
|
||||||
free(settings->recording_name);
|
free(settings->recording_name);
|
||||||
free(settings->recording_path);
|
free(settings->recording_path);
|
||||||
|
free(settings->client_cert);
|
||||||
|
free(settings->client_key);
|
||||||
|
free(settings->ca_cert);
|
||||||
|
free(settings->ca_crl);
|
||||||
|
|
||||||
#ifdef ENABLE_VNC_REPEATER
|
#ifdef ENABLE_VNC_REPEATER
|
||||||
/* Free VNC repeater settings */
|
/* Free VNC repeater settings */
|
||||||
|
@ -45,11 +45,37 @@ typedef struct guac_vnc_settings {
|
|||||||
*/
|
*/
|
||||||
int port;
|
int port;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The username given in the arguments.
|
||||||
|
*/
|
||||||
|
char* username;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* The password given in the arguments.
|
* The password given in the arguments.
|
||||||
*/
|
*/
|
||||||
char* password;
|
char* password;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The client certificate to use for authentication.
|
||||||
|
*/
|
||||||
|
char* client_cert;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The client private key to use for authentication.
|
||||||
|
*/
|
||||||
|
char* client_key;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The CA certificate file to use for authentication.
|
||||||
|
*/
|
||||||
|
char* ca_cert;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The CA CRL location to use for checking for revoked certificates during
|
||||||
|
* authentication.
|
||||||
|
*/
|
||||||
|
char* ca_crl;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Space-separated list of encodings to use within the VNC session.
|
* Space-separated list of encodings to use within the VNC session.
|
||||||
*/
|
*/
|
||||||
|
@ -153,6 +153,9 @@ rfbClient* guac_vnc_get_client(guac_client* client) {
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Authentication */
|
||||||
|
rfb_client->GetCredential = guac_vnc_get_credentials;
|
||||||
|
|
||||||
/* Password */
|
/* Password */
|
||||||
rfb_client->GetPassword = guac_vnc_get_password;
|
rfb_client->GetPassword = guac_vnc_get_password;
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user