Commit Graph

95 Commits

Author SHA1 Message Date
James Muehlner
b096e47f57 GUACAMOLE-1669: Include ext-info-c in preferred KEX algorithms to ensure RSA key upgrades can happen. 2022-09-13 21:39:38 +00:00
James Muehlner
1971a9dad2 GUACAMOLE-1669: Prefer FIPS compliant ciphers and algorithms when FIPS mode is enabled. 2022-08-24 22:23:46 +00:00
James Muehlner
cdee93ae25 GUACAMOLE-1652: Only call SSL init functions when the library version requires it. 2022-07-30 02:22:36 +00:00
Joshua Roys
f84db7d166 GUACAMOLE-745: Support OpenSSH private keys & ED25519
Let libssh2 parse PEM and ssh-native keys. Requires libssh2 1.9.0+
compiled against a crypto backend supporting ed25519.
2022-01-12 09:02:11 -05:00
Nick Couchman
46bed49a43 GUACAMOLE-1133: initialize GCrypt in VNC protocol prior to client start-up. 2021-01-21 21:14:18 -05:00
Michael Jumper
f4ff5f337c GUACAMOLE-474: Enforce upload disable option at low level, warning if not blocked at higher level as expected. 2020-06-25 14:43:37 -07:00
Michael Jumper
d8c32b1e82 GUACAMOLE-474: Enforce download disable option at low level, warning if not blocked at higher level as expected. 2020-06-25 14:41:39 -07:00
Mike Jumper
e526174009
GUACAMOLE-474: Merge support for selectively disabling file uploads and downloads. 2020-06-07 16:30:37 -07:00
Nick Couchman
ec093d3cea GUACAMOLE-474: Minor style and debug message tweaks. 2020-05-29 07:39:39 -04:00
Michael Jumper
8ea9b14a80 GUACAMOLE-818: Break SFTP directory JSON at blob boundaries. Do not skip entries.
The intent of the previous version of the SFTP directory listing code
was to break the JSON transfer at blob boundaries, waiting for an ack
before sending the next blob, however the ordering of the "blob_written"
and directory read checks could result in a directory entry being
skipped at the boundary of each blob.

The proper order would be to check the "blob_written" flag first,
however the "blob_written" flag is unnecessary. It's simpler and more
correct to just break out of the loop once the desired blob has been
flushed.
2020-02-24 17:58:29 -08:00
Nick Couchman
1a699686b9 GUACAMOLE-474: Implement logic to disable file transfers in each protocol. 2020-01-26 03:33:08 -05:00
Nick Couchman
1baa91f852 GUACAMOLE-547: Minor changes to function documentation. 2019-06-19 12:38:05 -04:00
Nick Couchman
22874e2388 GUACAMOLE-547: Document return value of credential handler. 2019-06-18 17:59:33 -04:00
Nick Couchman
3511991e2f GUACAMOLE-547: Fixes for style and documentation. 2019-06-18 07:52:05 -04:00
Nick Couchman
3d15454097 GUACAMOLE-547: Use a call-back function for getting the password. 2019-06-18 07:37:02 -04:00
Nick Couchman
4641da06ac GUACAMOLE-547: Relocate NULL check and log when NONE succeeds. 2019-06-18 07:37:02 -04:00
Nick Couchman
b7dca0ed16 GUACAMOLE-547: Add support for SSH NONE authentication method. 2019-06-18 07:37:02 -04:00
Michael Jumper
0c25782036 GUACAMOLE-637: Add missing libguac include path to RDP and common-ssh tests. 2019-04-09 23:36:03 -07:00
Michael Jumper
f8ec709e33 GUACAMOLE-637: Correct naming of SFTP unit tests. 2019-04-07 16:51:53 -07:00
Michael Jumper
cda7bca126 GUACAMOLE-637: Add RDP filesystem and SFTP unit tests for path depth. 2019-04-07 16:51:33 -07:00
Michael Jumper
6e2be38ae2 GUACAMOLE-637: Add path depth limits to generated paths in unit tests. 2019-04-07 16:36:16 -07:00
Michael Jumper
1591980579 GUACAMOLE-637: Simplify SFTP path normalization logic. Correct behavior to match documentation. 2019-04-07 16:14:00 -07:00
Michael Jumper
f19754cfa6 GUACAMOLE-637: Add unit tests for SFTP path normalization. 2019-04-07 13:50:53 -07:00
Michael Jumper
fdd3292f09 GUACAMOLE-637: Simplify path translation logic. Update to use guac_strl*(). Fix return values. 2019-01-23 18:44:45 -08:00
Michael Jumper
e5c1147cf6 GUACAMOLE-637: Replace usages of strncpy() with guac_strlcpy(). 2019-01-23 18:44:45 -08:00
Michael Jumper
d851f10a48 GUACAMOLE-353: Clarify applicability of ASF header when transcluded into generated build files. 2018-10-02 20:37:49 -07:00
Nick Couchman
fe44fd7c3b GUACAMOLE-527: Remove unused error message length variable. 2018-06-25 20:04:26 -04:00
Nick Couchman
7bc6a62365 GUACAMOLE-527: Do not call a remote host key a fingerprint. 2018-06-25 13:57:01 -04:00
Nick Couchman
ba684962b6 GUACAMOLE-527: Plug some memory leaks before returning NULL. 2018-06-25 13:50:19 -04:00
Nick Couchman
f9379dc6bb GUACAMOLE-527: Get full error message when key verification fails. 2018-06-25 08:37:34 -04:00
Nick Couchman
7e254955e8 GUACAMOLE-527: Slight tweak to error message. 2018-06-25 08:31:37 -04:00
Nick Couchman
ebbb7492e7 GUACAMOLE-527: Add warning if no known host keys are provided. 2018-06-25 08:31:37 -04:00
Nick Couchman
27c977adb2 GUACAMOLE-527: Make sure ssh_known_hosts exists before trying to load. 2018-06-25 08:31:37 -04:00
Nick Couchman
428243bb78 GUACAMOLE-527: Move host key checking to a separate function. 2018-06-25 08:31:37 -04:00
Nick Couchman
ac2b4f8d12 GUACAMOLE-527: Check either provided key or key file, if it exists. 2018-06-25 08:31:37 -04:00
Nick Couchman
551598e0a4 GUACAMOLE-527: Use libssh2_knownhost_readline and remove host key type. 2018-06-25 08:31:37 -04:00
Nick Couchman
42044e4279 GUACAMOLE-527: Clean up memory and logging. 2018-06-25 08:31:37 -04:00
Nick Couchman
5bb616832e GUACAMOLE-527: Order SSH handshake correctly, and remove unnecessary logging. 2018-06-25 08:31:37 -04:00
Nick Couchman
c080569cac GUACAMOLE-527: Fix issue with null host_key variable. 2018-06-25 08:31:37 -04:00
Nick Couchman
2f0c6dcfa3 GUACAMOLE-527: Add error logging for known host checks. 2018-06-25 08:31:37 -04:00
Nick Couchman
9112c4f32f GUACAMOLE-527: Enable host key setting for SFTP connections. 2018-06-25 08:31:37 -04:00
Nick Couchman
0d82cd1e6c GUACAMOLE-527: Add host key and type settings. 2018-06-25 08:31:37 -04:00
Nick Couchman
171bae1f5c GUACAMOLE-527: Add basic check for known hosts file for SSH connections. 2018-06-25 08:31:37 -04:00
Nick Couchman
9200bc789f GUACAMOLE-398: Use freeaddrinfo() instead of free() on the linked list. 2017-09-27 13:24:58 -04:00
Nick Couchman
e4dd8de4f1 GUACAMOLE-398: Fix memory leak identified by Coverity in common ssh code. 2017-09-27 13:02:41 -04:00
James
f559701645 GUACAMOLE-396: Fixing ssh socket for IPv6 address
Root Cause:
In the ssh library of guacd, the TCP socket for connecting to ssh server is created with AF_INET. So it does not support IPv6 address.

Solution:
When guacd creates the socket for ssh in guac_common_ssh_create_session(), stop using hard coded AF_INET for socket() call, use the address family which is returned from getaddrinfo().

Test:
- Connected successfully via ssh connections with IPv4 and IPv6 hosts.
- No connection error in guacd logs.
- Simulated a connection failure with specifying a ssh server which does not exist. guacd worked well in this case.
2017-09-26 17:19:18 -07:00
Michael Jumper
7857dd0a9a GUACAMOLE-303: Ensure there is always space for the null terminator when normalizing. 2017-07-04 12:00:43 -07:00
Michael Jumper
0474f86c46 GUACAMOLE-303: Extend common SFTP filesystem such that arbitrary directories can be used as the root of the filesystem. 2017-06-29 15:36:10 -07:00
Nick Couchman
a5efbb5933 GUACAMOLE-203: Fix function prototype to remove const. 2017-06-25 14:56:50 -04:00
Nick Couchman
650f7a0a32 GUACAMOLE-203: if is not a function... 2017-06-25 14:10:42 -04:00