GUAC-1264: Validate provided credentials. Log if anything is missing.
This commit is contained in:
parent
a9a267290e
commit
f8f16c44a9
@ -297,6 +297,13 @@ static int guac_common_ssh_authenticate(guac_common_ssh_session* common_session)
|
|||||||
char* password = user->password;
|
char* password = user->password;
|
||||||
guac_common_ssh_key* key = user->private_key;
|
guac_common_ssh_key* key = user->private_key;
|
||||||
|
|
||||||
|
/* Validate username provided */
|
||||||
|
if (username == NULL) {
|
||||||
|
guac_client_abort(client, GUAC_PROTOCOL_STATUS_CLIENT_UNAUTHORIZED,
|
||||||
|
"SSH authentication requires a username.");
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
/* Get list of supported authentication methods */
|
/* Get list of supported authentication methods */
|
||||||
char* user_authlist = libssh2_userauth_list(session, username,
|
char* user_authlist = libssh2_userauth_list(session, username,
|
||||||
strlen(username));
|
strlen(username));
|
||||||
@ -309,7 +316,8 @@ static int guac_common_ssh_authenticate(guac_common_ssh_session* common_session)
|
|||||||
/* Check if public key auth is supported on the server */
|
/* Check if public key auth is supported on the server */
|
||||||
if (strstr(user_authlist, "publickey") == NULL) {
|
if (strstr(user_authlist, "publickey") == NULL) {
|
||||||
guac_client_abort(client, GUAC_PROTOCOL_STATUS_CLIENT_UNAUTHORIZED,
|
guac_client_abort(client, GUAC_PROTOCOL_STATUS_CLIENT_UNAUTHORIZED,
|
||||||
"Public key authentication not supported");
|
"Public key authentication is not supported by "
|
||||||
|
"the SSH server");
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -333,24 +341,35 @@ static int guac_common_ssh_authenticate(guac_common_ssh_session* common_session)
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Authenticate with password */
|
/* Authenticate with password, if provided */
|
||||||
if (strstr(user_authlist, "password") != NULL) {
|
else if (password != NULL) {
|
||||||
guac_client_log(client, GUAC_LOG_DEBUG,
|
|
||||||
"Using password authentication method");
|
/* Authenticate with password */
|
||||||
return libssh2_userauth_password(session, username, password);
|
if (strstr(user_authlist, "password") != NULL) {
|
||||||
|
guac_client_log(client, GUAC_LOG_DEBUG,
|
||||||
|
"Using password authentication method");
|
||||||
|
return libssh2_userauth_password(session, username, password);
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Authenticate with password via keyboard-interactive auth */
|
||||||
|
if (strstr(user_authlist, "keyboard-interactive") != NULL) {
|
||||||
|
guac_client_log(client, GUAC_LOG_DEBUG,
|
||||||
|
"Using keyboard-interactive authentication method");
|
||||||
|
return libssh2_userauth_keyboard_interactive(session, username,
|
||||||
|
&guac_common_ssh_kbd_callback);
|
||||||
|
}
|
||||||
|
|
||||||
|
/* No known authentication types available */
|
||||||
|
guac_client_abort(client, GUAC_PROTOCOL_STATUS_CLIENT_UNAUTHORIZED,
|
||||||
|
"Password and keyboard-interactive authentication are not "
|
||||||
|
"supported by the SSH server");
|
||||||
|
return 1;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Authenticate with password via keyboard-interactive auth */
|
/* No credentials provided */
|
||||||
if (strstr(user_authlist, "keyboard-interactive") != NULL) {
|
guac_client_abort(client, GUAC_PROTOCOL_STATUS_CLIENT_UNAUTHORIZED,
|
||||||
guac_client_log(client, GUAC_LOG_DEBUG,
|
"SSH authentication requires either a private key or a password.");
|
||||||
"Using keyboard-interactive authentication method");
|
|
||||||
return libssh2_userauth_keyboard_interactive(session, username,
|
|
||||||
&guac_common_ssh_kbd_callback);
|
|
||||||
}
|
|
||||||
|
|
||||||
/* No known authentication types available */
|
|
||||||
guac_client_abort(client, GUAC_PROTOCOL_STATUS_CLIENT_BAD_TYPE,
|
|
||||||
"No known authentication methods");
|
|
||||||
return 1;
|
return 1;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user