You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@guacamole.apache.org by GitBox <gi...@apache.org> on 2019/08/03 18:25:27 UTC

[GitHub] [guacamole-server] necouchman commented on a change in pull request #232: GUACAMOLE-514: Implement additional VNC authentication support

necouchman commented on a change in pull request #232: GUACAMOLE-514: Implement additional VNC authentication support
URL: https://github.com/apache/guacamole-server/pull/232#discussion_r310359365
 
 

 ##########
 File path: src/protocols/vnc/auth.c
 ##########
 @@ -31,3 +31,25 @@ char* guac_vnc_get_password(rfbClient* client) {
     return ((guac_vnc_client*) gc->data)->settings->password;
 }
 
+rfbCredential* guac_vnc_get_credentials(rfbClient* client, int credentialType) {
+    guac_client* gc = rfbClientGetClientData(client, GUAC_VNC_CLIENT_KEY);
+    rfbCredential *creds = malloc(sizeof(rfbCredential));
+    
+    if (credentialType == rfbCredentialTypeUser) {
+        creds->userCredential.username = ((guac_vnc_client*) gc->data)->settings->username;
+        creds->userCredential.password = ((guac_vnc_client*) gc->data)->settings->password;
+        return creds;
+    }
+    
+    else if (credentialType == rfbCredentialTypeX509) {
+        creds->x509Credential.x509ClientCertFile = ((guac_vnc_client*) gc->data)->settings->client_cert;
 
 Review comment:
   I'm not sure.  The way I've implemented it, between the Client and Server parameters, is assuming that the contents of the file will be passed through, not the location of the file, but I'm not sure one way or the other.
   
   Unfortunately, if those values represent the locations of a file, rather than the contents, I'm not sure there's much to do about it within the libVNCclient implementation, since that's internal to that implementation.
   
   I can think of one way to work around it - we could have guacd write out the contents of the file to a location on-disk, have libvncclient read it in, then immediately delete the file.  This is a little risky, as it has the potential to expose the contents of the private key to locations where it could be read by others on the system.
   
   I'm open to suggestions, even if it's "let's not implement this right now."

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services