From d8c32b1e820e7e3fee84792caf37e493faf7d6cd Mon Sep 17 00:00:00 2001 From: Michael Jumper Date: Thu, 25 Jun 2020 14:02:43 -0700 Subject: [PATCH 1/4] GUACAMOLE-474: Enforce download disable option at low level, warning if not blocked at higher level as expected. --- src/common-ssh/sftp.c | 9 +++++++++ src/protocols/rdp/download.c | 9 +++++++++ 2 files changed, 18 insertions(+) diff --git a/src/common-ssh/sftp.c b/src/common-ssh/sftp.c index e12fbf55..eba7a7f7 100644 --- a/src/common-ssh/sftp.c +++ b/src/common-ssh/sftp.c @@ -516,6 +516,15 @@ guac_stream* guac_common_ssh_sftp_download_file( guac_stream* stream; LIBSSH2_SFTP_HANDLE* file; + /* Ignore download if downloads have been disabled */ + if (filesystem->disable_download) { + guac_user_log(user, GUAC_LOG_WARNING, "A download attempt has " + "been blocked due to downloads being disabled, however it " + "should have been blocked at a higher level. This is likely " + "a bug."); + return NULL; + } + /* Attempt to open file for reading */ file = libssh2_sftp_open(filesystem->sftp_session, filename, LIBSSH2_FXF_READ, 0); diff --git a/src/protocols/rdp/download.c b/src/protocols/rdp/download.c index 34a8c8a1..fad2932a 100644 --- a/src/protocols/rdp/download.c +++ b/src/protocols/rdp/download.c @@ -185,6 +185,15 @@ void* guac_rdp_download_to_user(guac_user* user, void* data) { if (filesystem == NULL) return NULL; + /* Ignore download if downloads have been disabled */ + if (filesystem->disable_download) { + guac_client_log(client, GUAC_LOG_WARNING, "A download attempt has " + "been blocked due to downloads being disabled, however it " + "should have been blocked at a higher level. This is likely " + "a bug."); + return NULL; + } + /* Attempt to open requested file */ char* path = (char*) data; int file_id = guac_rdp_fs_open(filesystem, path, From f4ff5f337ced0ecbc5e108bcfb08ed0fcd1ed6b8 Mon Sep 17 00:00:00 2001 From: Michael Jumper Date: Thu, 25 Jun 2020 14:29:26 -0700 Subject: [PATCH 2/4] GUACAMOLE-474: Enforce upload disable option at low level, warning if not blocked at higher level as expected. --- src/common-ssh/sftp.c | 24 ++++++++++++++++++++++++ src/protocols/rdp/upload.c | 24 ++++++++++++++++++++++++ 2 files changed, 48 insertions(+) diff --git a/src/common-ssh/sftp.c b/src/common-ssh/sftp.c index eba7a7f7..0100cc16 100644 --- a/src/common-ssh/sftp.c +++ b/src/common-ssh/sftp.c @@ -376,6 +376,18 @@ int guac_common_ssh_sftp_handle_file_stream( char fullpath[GUAC_COMMON_SSH_SFTP_MAX_PATH]; LIBSSH2_SFTP_HANDLE* file; + /* Ignore upload if uploads have been disabled */ + if (filesystem->disable_upload) { + guac_user_log(user, GUAC_LOG_WARNING, "A upload attempt has " + "been blocked due to uploads being disabled, however it " + "should have been blocked at a higher level. This is likely " + "a bug."); + guac_protocol_send_ack(user->socket, stream, "SFTP: Upload disabled", + GUAC_PROTOCOL_STATUS_CLIENT_FORBIDDEN); + guac_socket_flush(user->socket); + return 0; + } + /* Concatenate filename with path */ if (!guac_ssh_append_filename(fullpath, filesystem->upload_path, filename)) { @@ -859,6 +871,18 @@ static int guac_common_ssh_sftp_put_handler(guac_user* user, guac_common_ssh_sftp_filesystem* filesystem = (guac_common_ssh_sftp_filesystem*) object->data; + /* Ignore upload if uploads have been disabled */ + if (filesystem->disable_upload) { + guac_user_log(user, GUAC_LOG_WARNING, "A upload attempt has " + "been blocked due to uploads being disabled, however it " + "should have been blocked at a higher level. This is likely " + "a bug."); + guac_protocol_send_ack(user->socket, stream, "SFTP: Upload disabled", + GUAC_PROTOCOL_STATUS_CLIENT_FORBIDDEN); + guac_socket_flush(user->socket); + return 0; + } + LIBSSH2_SFTP* sftp = filesystem->sftp_session; /* Translate stream name into filesystem path */ diff --git a/src/protocols/rdp/upload.c b/src/protocols/rdp/upload.c index 5317edbc..2b08b2f7 100644 --- a/src/protocols/rdp/upload.c +++ b/src/protocols/rdp/upload.c @@ -87,6 +87,18 @@ int guac_rdp_upload_file_handler(guac_user* user, guac_stream* stream, return 0; } + /* Ignore upload if uploads have been disabled */ + if (fs->disable_upload) { + guac_client_log(client, GUAC_LOG_WARNING, "A upload attempt has " + "been blocked due to uploads being disabled, however it " + "should have been blocked at a higher level. This is likely " + "a bug."); + guac_protocol_send_ack(user->socket, stream, "FAIL (UPLOAD DISABLED)", + GUAC_PROTOCOL_STATUS_CLIENT_FORBIDDEN); + guac_socket_flush(user->socket); + return 0; + } + /* Translate name */ __generate_upload_path(filename, file_path); @@ -205,6 +217,18 @@ int guac_rdp_upload_put_handler(guac_user* user, guac_object* object, return 0; } + /* Ignore upload if uploads have been disabled */ + if (fs->disable_upload) { + guac_client_log(client, GUAC_LOG_WARNING, "A upload attempt has " + "been blocked due to uploads being disabled, however it " + "should have been blocked at a higher level. This is likely " + "a bug."); + guac_protocol_send_ack(user->socket, stream, "FAIL (UPLOAD DISABLED)", + GUAC_PROTOCOL_STATUS_CLIENT_FORBIDDEN); + guac_socket_flush(user->socket); + return 0; + } + /* Open file */ int file_id = guac_rdp_fs_open(fs, name, GENERIC_WRITE, 0, FILE_OVERWRITE_IF, 0); From 630798503cca22396185dd02cd433e4616bba3a1 Mon Sep 17 00:00:00 2001 From: Michael Jumper Date: Thu, 25 Jun 2020 14:05:15 -0700 Subject: [PATCH 3/4] GUACAMOLE-474: Ensure RDPDR "Download" folder behaves as a normal folder if downloads are disabled. --- src/protocols/rdp/channels/rdpdr/rdpdr-fs-messages-file-info.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/protocols/rdp/channels/rdpdr/rdpdr-fs-messages-file-info.c b/src/protocols/rdp/channels/rdpdr/rdpdr-fs-messages-file-info.c index 1ea67016..16a6cfb0 100644 --- a/src/protocols/rdp/channels/rdpdr/rdpdr-fs-messages-file-info.c +++ b/src/protocols/rdp/channels/rdpdr/rdpdr-fs-messages-file-info.c @@ -166,7 +166,8 @@ void guac_rdpdr_fs_process_set_rename_info(guac_rdp_common_svc* svc, destination_path); /* If file moving to \Download folder, start stream, do not move */ - if (strncmp(destination_path, "\\Download\\", 10) == 0) { + if (strncmp(destination_path, "\\Download\\", 10) == 0 + && !((guac_rdp_fs*) device->data)->disable_download) { guac_rdp_fs_file* file; From 7de6ba7ea9d4eac25d8db235401e62ece5b0f517 Mon Sep 17 00:00:00 2001 From: Michael Jumper Date: Thu, 25 Jun 2020 14:06:32 -0700 Subject: [PATCH 4/4] GUACAMOLE-474: Do not allow RDPDR file downloads via "get" instructions if downloads are disabled. --- src/protocols/rdp/download.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/protocols/rdp/download.c b/src/protocols/rdp/download.c index fad2932a..d70b8e1c 100644 --- a/src/protocols/rdp/download.c +++ b/src/protocols/rdp/download.c @@ -148,8 +148,8 @@ int guac_rdp_download_get_handler(guac_user* user, guac_object* object, } - /* Otherwise, send file contents */ - else { + /* Otherwise, send file contents if downloads are allowed */ + else if (!fs->disable_download) { /* Create stream data */ guac_rdp_download_status* download_status = malloc(sizeof(guac_rdp_download_status)); @@ -167,6 +167,10 @@ int guac_rdp_download_get_handler(guac_user* user, guac_object* object, } + else + guac_client_log(client, GUAC_LOG_INFO, "Unable to download file " + "\"%s\", file downloads have been disabled.", name); + guac_socket_flush(user->socket); return 0; }