Handle the new, multi-user kasmpasswd format auth

common/network/CMakeLists.txt

@@ -1,10 +1,11 @@
-include_directories(${CMAKE_SOURCE_DIR}/common)
+include_directories(${CMAKE_SOURCE_DIR}/common ${CMAKE_SOURCE_DIR}/unix/kasmvncpasswd)
 
 set(NETWORK_SOURCES
   Socket.cxx
   TcpSocket.cxx
   websocket.c
-  websockify.c)
+  websockify.c
+  ${CMAKE_SOURCE_DIR}/unix/kasmvncpasswd/kasmpasswd.c)
 
 if(NOT WIN32)
   set(NETWORK_SOURCES ${NETWORK_SOURCES} UnixSocket.cxx)

common/network/websocket.c

@@ -29,6 +29,7 @@
 #include <openssl/md5.h> /* md5 hash */
 #include <openssl/sha.h> /* sha1 hash */
 #include "websocket.h"
+#include "kasmpasswd.h"
 
 /*
  * Global state
@@ -913,19 +914,35 @@ ws_ctx_t *do_handshake(int sock) {
         if (resppw && *resppw)
             resppw++;
         if (!colon[1] && settings.passwdfile) {
-            if (resppw && *resppw) {
+            if (resppw && *resppw && resppw - response < 32) {
                 char pwbuf[4096];
-                FILE *f = fopen(settings.passwdfile, "r");
+                struct kasmpasswd_t *set = readkasmpasswd(settings.passwdfile);
-                if (f) {
+                if (!set->num) {
-                    handler_emsg("BasicAuth reading password from %s\n", settings.passwdfile);
+                    fprintf(stderr, " websocket %d: Error: BasicAuth configured to read password from file %s, but the file doesn't exist or has no valid users\n",
-                    const unsigned len = fread(pwbuf, 1, 4096, f);
+                            wsthread_handler_id,
-                    fclose(f);
+                            settings.passwdfile);
-                    pwbuf[4095] = '\0';
+                } else {
-                    if (len < 4096)
+                    unsigned i;
-                        pwbuf[len] = '\0';
+                    char inuser[32];
-
+                    unsigned char found = 0;
-                    snprintf(authbuf, 4096, "%s%s", settings.basicauth, pwbuf);
+                    memcpy(inuser, response, resppw - response - 1);
+                    inuser[resppw - response - 1] = '\0';
+
+                    for (i = 0; i < set->num; i++) {
+                        if (!strcmp(set->entries[i].user, inuser)) {
+                            found = 1; // TODO write to wctx
+                            snprintf(authbuf, 4096, "%s:%s", set->entries[i].user,
+                                     set->entries[i].password);
                             authbuf[4095] = '\0';
+                            break;
+                        }
+                    }
+
+                    if (!found)
+                        handler_emsg("BasicAuth user %s not found\n", inuser);
+                }
+                free(set->entries);
+                free(set);
 
                 const char *encrypted = crypt(resppw, "$5$kasm$");
                 *resppw = '\0';
@@ -933,11 +950,6 @@ ws_ctx_t *do_handshake(int sock) {
                 snprintf(pwbuf, 4096, "%s%s", response, encrypted);
                 pwbuf[4095] = '\0';
                 strcpy(response, pwbuf);
-                } else {
-                    fprintf(stderr, " websocket %d: Error: BasicAuth configured to read password from file %s, but the file doesn't exist\n",
-                            wsthread_handler_id,
-                            settings.passwdfile);
-                }
             } else {
                 // Client tried an empty password, just fail them
                 response[0] = '\0';