publicWagsHome/KasmVNC
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Handle the new, multi-user kasmpasswd format auth

Browse Source
This commit is contained in:
Lauri Kasanen
2020-10-12 13:47:16 +03:00
parent 30b9a82c08
commit 9a5afc5a62
2 changed files with 36 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
common/network/CMakeLists.txt
View File

@@ -1,10 +1,11 @@
include_directories(${CMAKE_SOURCE_DIR}/common) include_directories(${CMAKE_SOURCE_DIR}/common ${CMAKE_SOURCE_DIR}/unix/kasmvncpasswd)
set(NETWORK_SOURCES set(NETWORK_SOURCES
Socket.cxx Socket.cxx
TcpSocket.cxx TcpSocket.cxx
websocket.c websocket.c
websockify.c) websockify.c
${CMAKE_SOURCE_DIR}/unix/kasmvncpasswd/kasmpasswd.c)
if(NOT WIN32) if(NOT WIN32)
set(NETWORK_SOURCES ${NETWORK_SOURCES} UnixSocket.cxx) set(NETWORK_SOURCES ${NETWORK_SOURCES} UnixSocket.cxx)

42
common/network/websocket.c
View File

@@ -29,6 +29,7 @@
#include <openssl/md5.h> /* md5 hash */ #include <openssl/md5.h> /* md5 hash */
#include <openssl/sha.h> /* sha1 hash */ #include <openssl/sha.h> /* sha1 hash */
#include "websocket.h" #include "websocket.h"
#include "kasmpasswd.h"
/* /*
* Global state * Global state
@@ -913,19 +914,35 @@ ws_ctx_t *do_handshake(int sock) {
if (resppw && *resppw) if (resppw && *resppw)
resppw++; resppw++;
if (!colon[1] && settings.passwdfile) { if (!colon[1] && settings.passwdfile) {
if (resppw && *resppw) { if (resppw && *resppw && resppw - response < 32) {
char pwbuf[4096]; char pwbuf[4096];
FILE *f = fopen(settings.passwdfile, "r"); struct kasmpasswd_t *set = readkasmpasswd(settings.passwdfile);
if (f) { if (!set->num) {
handler_emsg("BasicAuth reading password from %s\n", settings.passwdfile); fprintf(stderr, " websocket %d: Error: BasicAuth configured to read password from file %s, but the file doesn't exist or has no valid users\n",
const unsigned len = fread(pwbuf, 1, 4096, f); wsthread_handler_id,
fclose(f); settings.passwdfile);
pwbuf[4095] = '\0'; } else {
if (len < 4096) unsigned i;
pwbuf[len] = '\0'; char inuser[32];
unsigned char found = 0;
memcpy(inuser, response, resppw - response - 1);
inuser[resppw - response - 1] = '\0';
snprintf(authbuf, 4096, "%s%s", settings.basicauth, pwbuf); for (i = 0; i < set->num; i++) {
if (!strcmp(set->entries[i].user, inuser)) {
found = 1; // TODO write to wctx
snprintf(authbuf, 4096, "%s:%s", set->entries[i].user,
set->entries[i].password);
authbuf[4095] = '\0'; authbuf[4095] = '\0';
break;
}
}
if (!found)
handler_emsg("BasicAuth user %s not found\n", inuser);
}
free(set->entries);
free(set);
const char *encrypted = crypt(resppw, "$5$kasm$"); const char *encrypted = crypt(resppw, "$5$kasm$");
*resppw = '\0'; *resppw = '\0';
@@ -933,11 +950,6 @@ ws_ctx_t *do_handshake(int sock) {
snprintf(pwbuf, 4096, "%s%s", response, encrypted); snprintf(pwbuf, 4096, "%s%s", response, encrypted);
pwbuf[4095] = '\0'; pwbuf[4095] = '\0';
strcpy(response, pwbuf); strcpy(response, pwbuf);
} else {
fprintf(stderr, " websocket %d: Error: BasicAuth configured to read password from file %s, but the file doesn't exist\n",
wsthread_handler_id,
settings.passwdfile);
}
} else { } else {
// Client tried an empty password, just fail them // Client tried an empty password, just fail them
response[0] = '\0'; response[0] = '\0';