maride/guacamole-spice-protocol
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

GUAC-1264: Validate provided credentials. Log if anything is missing.

Browse Source
This commit is contained in:
Michael Jumper 2015-07-23 16:28:12 -07:00
parent a9a267290e
commit f8f16c44a9
1 changed files with 36 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
src/common-ssh/guac_ssh.c
View File

@ -297,6 +297,13 @@ static int guac_common_ssh_authenticate(guac_common_ssh_session* common_session)
char* password = user->password; char* password = user->password;
guac_common_ssh_key* key = user->private_key; guac_common_ssh_key* key = user->private_key;
/* Validate username provided */
if (username == NULL) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_CLIENT_UNAUTHORIZED,
"SSH authentication requires a username.");
return 1;
}
/* Get list of supported authentication methods */ /* Get list of supported authentication methods */
char* user_authlist = libssh2_userauth_list(session, username, char* user_authlist = libssh2_userauth_list(session, username,
strlen(username)); strlen(username));
@ -309,7 +316,8 @@ static int guac_common_ssh_authenticate(guac_common_ssh_session* common_session)
/* Check if public key auth is supported on the server */ /* Check if public key auth is supported on the server */
if (strstr(user_authlist, "publickey") == NULL) { if (strstr(user_authlist, "publickey") == NULL) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_CLIENT_UNAUTHORIZED, guac_client_abort(client, GUAC_PROTOCOL_STATUS_CLIENT_UNAUTHORIZED,
"Public key authentication not supported"); "Public key authentication is not supported by "
"the SSH server");
return 1; return 1;
} }
@ -333,6 +341,9 @@ static int guac_common_ssh_authenticate(guac_common_ssh_session* common_session)
} }
/* Authenticate with password, if provided */
else if (password != NULL) {
/* Authenticate with password */ /* Authenticate with password */
if (strstr(user_authlist, "password") != NULL) { if (strstr(user_authlist, "password") != NULL) {
guac_client_log(client, GUAC_LOG_DEBUG, guac_client_log(client, GUAC_LOG_DEBUG,
@ -349,8 +360,16 @@ static int guac_common_ssh_authenticate(guac_common_ssh_session* common_session)
} }
/* No known authentication types available */ /* No known authentication types available */
guac_client_abort(client, GUAC_PROTOCOL_STATUS_CLIENT_BAD_TYPE, guac_client_abort(client, GUAC_PROTOCOL_STATUS_CLIENT_UNAUTHORIZED,
"No known authentication methods"); "Password and keyboard-interactive authentication are not "
"supported by the SSH server");
return 1;
}
/* No credentials provided */
guac_client_abort(client, GUAC_PROTOCOL_STATUS_CLIENT_UNAUTHORIZED,
"SSH authentication requires either a private key or a password.");
return 1; return 1;
} }