From ec595b9cff135d314fc2cb8f1c0531797576b3cf Mon Sep 17 00:00:00 2001 From: Michael Jumper Date: Fri, 24 Jul 2015 13:41:20 -0700 Subject: [PATCH] GUAC-1264: Explicitly free users and sessions within VNC and RDP. --- src/protocols/rdp/client.c | 26 ++++++++++++++++---------- src/protocols/rdp/client.h | 12 ++++++++++++ src/protocols/rdp/guac_handlers.c | 9 +++++++++ src/protocols/vnc/client.c | 25 +++++++++++++++---------- src/protocols/vnc/client.h | 12 ++++++++++++ src/protocols/vnc/guac_handlers.c | 9 +++++++++ 6 files changed, 73 insertions(+), 20 deletions(-) diff --git a/src/protocols/rdp/client.c b/src/protocols/rdp/client.c index 8e2945c5..63fffd71 100644 --- a/src/protocols/rdp/client.c +++ b/src/protocols/rdp/client.c @@ -831,7 +831,8 @@ int guac_client_init(guac_client* client, int argc, char** argv) { if (sftp_username[0] == '\0' && settings->username != NULL) sftp_username = settings->username; - guac_common_ssh_user* user = guac_common_ssh_create_user(sftp_username); + guac_client_data->sftp_user = + guac_common_ssh_create_user(sftp_username); /* Import private key, if given */ if (argv[IDX_SFTP_PRIVATE_KEY][0] != '\0') { @@ -840,10 +841,10 @@ int guac_client_init(guac_client* client, int argc, char** argv) { "Authenticating with private key."); /* Abort if private key cannot be read */ - if (guac_common_ssh_user_import_key(user, + if (guac_common_ssh_user_import_key(guac_client_data->sftp_user, argv[IDX_SFTP_PRIVATE_KEY], argv[IDX_SFTP_PASSPHRASE])) { - guac_common_ssh_destroy_user(user); + guac_common_ssh_destroy_user(guac_client_data->sftp_user); return 1; } @@ -860,7 +861,8 @@ int guac_client_init(guac_client* client, int argc, char** argv) { if (sftp_password[0] == '\0' && settings->password != NULL) sftp_password = settings->password; - guac_common_ssh_user_set_password(user, sftp_password); + guac_common_ssh_user_set_password(guac_client_data->sftp_user, + sftp_password); } @@ -875,24 +877,28 @@ int guac_client_init(guac_client* client, int argc, char** argv) { sftp_port = "22"; /* Attempt SSH connection */ - guac_common_ssh_session* session = + guac_client_data->sftp_session = guac_common_ssh_create_session(client, sftp_hostname, sftp_port, - user); + guac_client_data->sftp_user); /* Fail if SSH connection does not succeed */ - if (session == NULL) { + if (guac_client_data->sftp_session == NULL) { /* Already aborted within guac_common_ssh_create_session() */ - guac_common_ssh_destroy_user(user); + guac_common_ssh_destroy_user(guac_client_data->sftp_user); return 1; } /* Load and expose filesystem */ guac_client_data->sftp_filesystem = - guac_common_ssh_create_sftp_filesystem(session, "/"); + guac_common_ssh_create_sftp_filesystem( + guac_client_data->sftp_session, "/"); /* Abort if SFTP connection fails */ - if (guac_client_data->sftp_filesystem == NULL) + if (guac_client_data->sftp_filesystem == NULL) { + guac_common_ssh_destroy_session(guac_client_data->sftp_session); + guac_common_ssh_destroy_user(guac_client_data->sftp_user); return 1; + } /* Use SFTP for basic uploads, if drive not enabled */ if (!settings->drive_enabled) diff --git a/src/protocols/rdp/client.h b/src/protocols/rdp/client.h index b23f8e79..7bcefe4a 100644 --- a/src/protocols/rdp/client.h +++ b/src/protocols/rdp/client.h @@ -35,6 +35,8 @@ #ifdef ENABLE_COMMON_SSH #include "guac_sftp.h" +#include "guac_ssh.h" +#include "guac_ssh_user.h" #endif #ifdef HAVE_FREERDP_DISPLAY_UPDATE_SUPPORT @@ -162,6 +164,16 @@ typedef struct rdp_guac_client_data { guac_rdp_fs* filesystem; #ifdef ENABLE_COMMON_SSH + /** + * The user and credentials used to authenticate for SFTP. + */ + guac_common_ssh_user* sftp_user; + + /** + * The SSH session used for SFTP. + */ + guac_common_ssh_session* sftp_session; + /** * The exposed filesystem object, implemented with SFTP. */ diff --git a/src/protocols/rdp/guac_handlers.c b/src/protocols/rdp/guac_handlers.c index a660f34e..86eec9c4 100644 --- a/src/protocols/rdp/guac_handlers.c +++ b/src/protocols/rdp/guac_handlers.c @@ -36,6 +36,7 @@ #ifdef ENABLE_COMMON_SSH #include #include +#include #endif #include @@ -99,6 +100,14 @@ int rdp_guac_client_free_handler(guac_client* client) { if (guac_client_data->sftp_filesystem) guac_common_ssh_destroy_sftp_filesystem(guac_client_data->sftp_filesystem); + /* Free SFTP session */ + if (guac_client_data->sftp_session) + guac_common_ssh_destroy_session(guac_client_data->sftp_session); + + /* Free SFTP user */ + if (guac_client_data->sftp_user) + guac_common_ssh_destroy_user(guac_client_data->sftp_user); + guac_common_ssh_uninit(); #endif diff --git a/src/protocols/vnc/client.c b/src/protocols/vnc/client.c index 426b6ced..874f8579 100644 --- a/src/protocols/vnc/client.c +++ b/src/protocols/vnc/client.c @@ -372,7 +372,7 @@ int guac_client_init(guac_client* client, int argc, char** argv) { guac_client_log(client, GUAC_LOG_DEBUG, "Connecting via SSH for SFTP filesystem access."); - guac_common_ssh_user* user = + guac_client_data->sftp_user = guac_common_ssh_create_user(argv[IDX_SFTP_USERNAME]); /* Import private key, if given */ @@ -382,10 +382,10 @@ int guac_client_init(guac_client* client, int argc, char** argv) { "Authenticating with private key."); /* Abort if private key cannot be read */ - if (guac_common_ssh_user_import_key(user, + if (guac_common_ssh_user_import_key(guac_client_data->sftp_user, argv[IDX_SFTP_PRIVATE_KEY], argv[IDX_SFTP_PASSPHRASE])) { - guac_common_ssh_destroy_user(user); + guac_common_ssh_destroy_user(guac_client_data->sftp_user); return 1; } @@ -395,7 +395,8 @@ int guac_client_init(guac_client* client, int argc, char** argv) { else { guac_client_log(client, GUAC_LOG_DEBUG, "Authenticating with password."); - guac_common_ssh_user_set_password(user, argv[IDX_SFTP_PASSWORD]); + guac_common_ssh_user_set_password(guac_client_data->sftp_user, + argv[IDX_SFTP_PASSWORD]); } /* Parse hostname - use VNC hostname by default */ @@ -409,24 +410,28 @@ int guac_client_init(guac_client* client, int argc, char** argv) { sftp_port = "22"; /* Attempt SSH connection */ - guac_common_ssh_session* session = + guac_client_data->sftp_session = guac_common_ssh_create_session(client, sftp_hostname, sftp_port, - user); + guac_client_data->sftp_user); /* Fail if SSH connection does not succeed */ - if (session == NULL) { + if (guac_client_data->sftp_session == NULL) { /* Already aborted within guac_common_ssh_create_session() */ - guac_common_ssh_destroy_user(user); + guac_common_ssh_destroy_user(guac_client_data->sftp_user); return 1; } /* Load and expose filesystem */ guac_client_data->sftp_filesystem = - guac_common_ssh_create_sftp_filesystem(session, "/"); + guac_common_ssh_create_sftp_filesystem( + guac_client_data->sftp_session, "/"); /* Abort if SFTP connection fails */ - if (guac_client_data->sftp_filesystem == NULL) + if (guac_client_data->sftp_filesystem == NULL) { + guac_common_ssh_destroy_session(guac_client_data->sftp_session); + guac_common_ssh_destroy_user(guac_client_data->sftp_user); return 1; + } /* Set file handler for basic uploads */ client->file_handler = guac_vnc_sftp_file_handler; diff --git a/src/protocols/vnc/client.h b/src/protocols/vnc/client.h index 7ad322dd..5827f7f9 100644 --- a/src/protocols/vnc/client.h +++ b/src/protocols/vnc/client.h @@ -38,6 +38,8 @@ #ifdef ENABLE_COMMON_SSH #include "guac_sftp.h" +#include "guac_ssh.h" +#include "guac_ssh_user.h" #endif /** @@ -191,6 +193,16 @@ typedef struct vnc_guac_client_data { guac_common_surface* default_surface; #ifdef ENABLE_COMMON_SSH + /** + * The user and credentials used to authenticate for SFTP. + */ + guac_common_ssh_user* sftp_user; + + /** + * The SSH session used for SFTP. + */ + guac_common_ssh_session* sftp_session; + /** * The exposed filesystem object, implemented with SFTP. */ diff --git a/src/protocols/vnc/guac_handlers.c b/src/protocols/vnc/guac_handlers.c index 92667628..be380df0 100644 --- a/src/protocols/vnc/guac_handlers.c +++ b/src/protocols/vnc/guac_handlers.c @@ -34,6 +34,7 @@ #ifdef ENABLE_COMMON_SSH #include #include +#include #endif #ifdef ENABLE_PULSE @@ -145,6 +146,14 @@ int vnc_guac_client_free_handler(guac_client* client) { if (guac_client_data->sftp_filesystem) guac_common_ssh_destroy_sftp_filesystem(guac_client_data->sftp_filesystem); + /* Free SFTP session */ + if (guac_client_data->sftp_session) + guac_common_ssh_destroy_session(guac_client_data->sftp_session); + + /* Free SFTP user */ + if (guac_client_data->sftp_user) + guac_common_ssh_destroy_user(guac_client_data->sftp_user); + guac_common_ssh_uninit(); #endif