You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@guacamole.apache.org by mj...@apache.org on 2018/02/05 03:09:23 UTC
[1/8] guacamole-client git commit: GUACAMOLE-197: Convert state to
Hex string to avoid encoding issues.
Repository: guacamole-client
Updated Branches:
refs/heads/master 6db253956 -> 1b262985b
GUACAMOLE-197: Convert state to Hex string to avoid encoding issues.
Project: http://git-wip-us.apache.org/repos/asf/guacamole-client/repo
Commit: http://git-wip-us.apache.org/repos/asf/guacamole-client/commit/769a34f5
Tree: http://git-wip-us.apache.org/repos/asf/guacamole-client/tree/769a34f5
Diff: http://git-wip-us.apache.org/repos/asf/guacamole-client/diff/769a34f5
Branch: refs/heads/master
Commit: 769a34f511d3d00d5a34f8f6816521fdd8f847c6
Parents: 6b0f310
Author: Nick Couchman <vn...@apache.org>
Authored: Sat Feb 3 15:45:38 2018 -0500
Committer: Nick Couchman <vn...@apache.org>
Committed: Sat Feb 3 17:22:36 2018 -0500
----------------------------------------------------------------------
.../guacamole/auth/radius/AuthenticationProviderService.java | 7 +++++--
.../guacamole/auth/radius/RadiusConnectionService.java | 8 ++++----
2 files changed, 9 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/769a34f5/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/AuthenticationProviderService.java
----------------------------------------------------------------------
diff --git a/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/AuthenticationProviderService.java b/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/AuthenticationProviderService.java
index ae9f6bf..d5005b2 100644
--- a/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/AuthenticationProviderService.java
+++ b/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/AuthenticationProviderService.java
@@ -21,8 +21,10 @@ package org.apache.guacamole.auth.radius;
import com.google.inject.Inject;
import com.google.inject.Provider;
+import java.nio.charset.Charset;
import java.util.Arrays;
import javax.servlet.http.HttpServletRequest;
+import javax.xml.bind.DatatypeConverter;
import org.apache.guacamole.auth.radius.user.AuthenticatedUser;
import org.apache.guacamole.auth.radius.form.RadiusChallengeResponseField;
import org.apache.guacamole.auth.radius.form.RadiusStateField;
@@ -97,7 +99,7 @@ public class AuthenticationProviderService {
// We have the required attributes - convert to strings and then generate the additional login box/field
String replyMsg = replyAttr.toString();
- String radiusState = new String(stateAttr.getValue().getBytes());
+ String radiusState = javax.xml.bind.DatatypeConverter.printHexBinary(stateAttr.getValue().getBytes());
Field radiusResponseField = new RadiusChallengeResponseField(replyMsg);
Field radiusStateField = new RadiusStateField(radiusState);
@@ -155,9 +157,10 @@ public class AuthenticationProviderService {
// This is a response to a previous challenge, authenticate with that.
else {
try {
+ byte[] stateBytes = javax.xml.bind.DatatypeConverter.parseHexBinary(request.getParameter(RadiusStateField.PARAMETER_NAME));
radPack = radiusService.sendChallengeResponse(credentials.getUsername(),
challengeResponse,
- request.getParameter(RadiusStateField.PARAMETER_NAME));
+ stateBytes);
}
catch (GuacamoleException e) {
logger.error("Cannot configure RADIUS server: {}", e.getMessage());
http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/769a34f5/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/RadiusConnectionService.java
----------------------------------------------------------------------
diff --git a/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/RadiusConnectionService.java b/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/RadiusConnectionService.java
index 43c0b2d..8355557 100644
--- a/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/RadiusConnectionService.java
+++ b/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/RadiusConnectionService.java
@@ -187,7 +187,7 @@ public class RadiusConnectionService {
* @throws GuacamoleException
* If an error occurs while talking to the server.
*/
- public RadiusPacket authenticate(String username, String secret, String state)
+ public RadiusPacket authenticate(String username, String secret, byte[] state)
throws GuacamoleException {
// If a username wasn't passed, we quit
@@ -219,7 +219,7 @@ public class RadiusConnectionService {
try {
AttributeList radAttrs = new AttributeList();
radAttrs.add(new Attr_UserName(username));
- if (state != null && !state.isEmpty())
+ if (state != null && state.length > 0)
radAttrs.add(new Attr_State(state));
radAttrs.add(new Attr_UserPassword(secret));
radAttrs.add(new Attr_CleartextPassword(secret));
@@ -282,7 +282,7 @@ public class RadiusConnectionService {
* @throws GuacamoleException
* If an error is encountered trying to talk to the RADIUS server.
*/
- public RadiusPacket sendChallengeResponse(String username, String response, String state)
+ public RadiusPacket sendChallengeResponse(String username, String response, byte[] state)
throws GuacamoleException {
if (username == null || username.isEmpty()) {
@@ -290,7 +290,7 @@ public class RadiusConnectionService {
return null;
}
- if (state == null || state.isEmpty()) {
+ if (state == null || state.length < 1) {
logger.error("Challenge/response to RADIUS requires a prior state.");
return null;
}
[8/8] guacamole-client git commit: GUACAMOLE-197: Merge changes
ensuring RADIUS state is handled as opaque.
Posted by mj...@apache.org.
GUACAMOLE-197: Merge changes ensuring RADIUS state is handled as opaque.
Project: http://git-wip-us.apache.org/repos/asf/guacamole-client/repo
Commit: http://git-wip-us.apache.org/repos/asf/guacamole-client/commit/1b262985
Tree: http://git-wip-us.apache.org/repos/asf/guacamole-client/tree/1b262985
Diff: http://git-wip-us.apache.org/repos/asf/guacamole-client/diff/1b262985
Branch: refs/heads/master
Commit: 1b262985b2b4064b765ca72e93fe7f9acb3003fa
Parents: 6db2539 4195ac6
Author: Michael Jumper <mj...@apache.org>
Authored: Sun Feb 4 19:08:17 2018 -0800
Committer: Michael Jumper <mj...@apache.org>
Committed: Sun Feb 4 19:08:17 2018 -0800
----------------------------------------------------------------------
.../radius/AuthenticationProviderService.java | 21 +++++++++++++++++---
.../auth/radius/RadiusConnectionService.java | 8 ++++----
2 files changed, 22 insertions(+), 7 deletions(-)
----------------------------------------------------------------------
[6/8] guacamole-client git commit: GUACAMOLE-197: Brush up log
messages and change levels for invalid state information.
Posted by mj...@apache.org.
GUACAMOLE-197: Brush up log messages and change levels for invalid state information.
Project: http://git-wip-us.apache.org/repos/asf/guacamole-client/repo
Commit: http://git-wip-us.apache.org/repos/asf/guacamole-client/commit/b9a68804
Tree: http://git-wip-us.apache.org/repos/asf/guacamole-client/tree/b9a68804
Diff: http://git-wip-us.apache.org/repos/asf/guacamole-client/diff/b9a68804
Branch: refs/heads/master
Commit: b9a68804709bcb71d46b3ba8ee312821fbd705dd
Parents: ef6d0c6
Author: Nick Couchman <vn...@apache.org>
Authored: Sun Feb 4 09:31:47 2018 -0500
Committer: Nick Couchman <vn...@apache.org>
Committed: Sun Feb 4 09:31:47 2018 -0500
----------------------------------------------------------------------
.../guacamole/auth/radius/AuthenticationProviderService.java | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/b9a68804/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/AuthenticationProviderService.java
----------------------------------------------------------------------
diff --git a/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/AuthenticationProviderService.java b/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/AuthenticationProviderService.java
index 2418c8e..6301734 100644
--- a/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/AuthenticationProviderService.java
+++ b/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/AuthenticationProviderService.java
@@ -160,8 +160,7 @@ public class AuthenticationProviderService {
try {
String stateString = request.getParameter(RadiusStateField.PARAMETER_NAME);
if (stateString == null) {
- logger.error("Could not retrieve RADIUS state.");
- logger.debug("Received null value while retrieving RADIUS state parameter.");
+ logger.warn("Expected state parameter was not present in challenge/response.");
throw new GuacamoleInvalidCredentialsException("Authentication error.", CredentialsInfo.USERNAME_PASSWORD);
}
@@ -171,8 +170,8 @@ public class AuthenticationProviderService {
stateBytes);
}
catch (IllegalArgumentException e) {
- logger.error("Illegal argument while parsing RADIUS state string.", e.getMessage());
- logger.debug("Illegal argument found while parsing the RADIUS state string.", e);
+ logger.warn("Illegal hexadecimal value while parsing RADIUS state string.", e.getMessage());
+ logger.debug("Encountered exception while attepmting to perse the hexidecimanl state value.", e);
throw new GuacamoleInvalidCredentialsException("Authentication error.", CredentialsInfo.USERNAME_PASSWORD);
}
catch (GuacamoleException e) {
[4/8] guacamole-client git commit: GUACAMOLE-197: Handle
IllegalArgumentException when parsing state string.
Posted by mj...@apache.org.
GUACAMOLE-197: Handle IllegalArgumentException when parsing state string.
Project: http://git-wip-us.apache.org/repos/asf/guacamole-client/repo
Commit: http://git-wip-us.apache.org/repos/asf/guacamole-client/commit/0729fa09
Tree: http://git-wip-us.apache.org/repos/asf/guacamole-client/tree/0729fa09
Diff: http://git-wip-us.apache.org/repos/asf/guacamole-client/diff/0729fa09
Branch: refs/heads/master
Commit: 0729fa09cdd41eb497bb4542bce0be40b11442c6
Parents: 41dd9fc
Author: Nick Couchman <vn...@apache.org>
Authored: Sat Feb 3 23:23:27 2018 -0500
Committer: Nick Couchman <vn...@apache.org>
Committed: Sat Feb 3 23:23:27 2018 -0500
----------------------------------------------------------------------
.../guacamole/auth/radius/AuthenticationProviderService.java | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/0729fa09/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/AuthenticationProviderService.java
----------------------------------------------------------------------
diff --git a/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/AuthenticationProviderService.java b/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/AuthenticationProviderService.java
index bee0433..2418c8e 100644
--- a/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/AuthenticationProviderService.java
+++ b/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/AuthenticationProviderService.java
@@ -21,6 +21,7 @@ package org.apache.guacamole.auth.radius;
import com.google.inject.Inject;
import com.google.inject.Provider;
+import java.lang.IllegalArgumentException;
import java.nio.charset.Charset;
import java.util.Arrays;
import javax.servlet.http.HttpServletRequest;
@@ -161,7 +162,7 @@ public class AuthenticationProviderService {
if (stateString == null) {
logger.error("Could not retrieve RADIUS state.");
logger.debug("Received null value while retrieving RADIUS state parameter.");
- throws new GuacamoleInvalidCredentialsException("Authentication error.", CredentialsInfo.USERNAME_PASSWORD);
+ throw new GuacamoleInvalidCredentialsException("Authentication error.", CredentialsInfo.USERNAME_PASSWORD);
}
byte[] stateBytes = DatatypeConverter.parseHexBinary(stateString);
@@ -169,6 +170,11 @@ public class AuthenticationProviderService {
challengeResponse,
stateBytes);
}
+ catch (IllegalArgumentException e) {
+ logger.error("Illegal argument while parsing RADIUS state string.", e.getMessage());
+ logger.debug("Illegal argument found while parsing the RADIUS state string.", e);
+ throw new GuacamoleInvalidCredentialsException("Authentication error.", CredentialsInfo.USERNAME_PASSWORD);
+ }
catch (GuacamoleException e) {
logger.error("Cannot configure RADIUS server: {}", e.getMessage());
logger.debug("Error configuring RADIUS server.", e);
[7/8] guacamole-client git commit: GUACAMOLE-197: Fix errors that
happen when you try to code before coffee.
Posted by mj...@apache.org.
GUACAMOLE-197: Fix errors that happen when you try to code before coffee.
Project: http://git-wip-us.apache.org/repos/asf/guacamole-client/repo
Commit: http://git-wip-us.apache.org/repos/asf/guacamole-client/commit/4195ac6d
Tree: http://git-wip-us.apache.org/repos/asf/guacamole-client/tree/4195ac6d
Diff: http://git-wip-us.apache.org/repos/asf/guacamole-client/diff/4195ac6d
Branch: refs/heads/master
Commit: 4195ac6d19c42e25137b26cf81f09af7344beada
Parents: b9a6880
Author: Nick Couchman <vn...@apache.org>
Authored: Sun Feb 4 15:56:59 2018 -0500
Committer: Nick Couchman <vn...@apache.org>
Committed: Sun Feb 4 15:56:59 2018 -0500
----------------------------------------------------------------------
.../guacamole/auth/radius/AuthenticationProviderService.java | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/4195ac6d/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/AuthenticationProviderService.java
----------------------------------------------------------------------
diff --git a/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/AuthenticationProviderService.java b/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/AuthenticationProviderService.java
index 6301734..852eb72 100644
--- a/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/AuthenticationProviderService.java
+++ b/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/AuthenticationProviderService.java
@@ -170,8 +170,8 @@ public class AuthenticationProviderService {
stateBytes);
}
catch (IllegalArgumentException e) {
- logger.warn("Illegal hexadecimal value while parsing RADIUS state string.", e.getMessage());
- logger.debug("Encountered exception while attepmting to perse the hexidecimanl state value.", e);
+ logger.warn("Illegal hexadecimal value while parsing RADIUS state string: {}", e.getMessage());
+ logger.debug("Encountered exception while attempting to parse the hexidecimal state value.", e);
throw new GuacamoleInvalidCredentialsException("Authentication error.", CredentialsInfo.USERNAME_PASSWORD);
}
catch (GuacamoleException e) {
[5/8] guacamole-client git commit: GUACAMOLE-197: Check for empty
byte array in more sane manner.
Posted by mj...@apache.org.
GUACAMOLE-197: Check for empty byte array in more sane manner.
Project: http://git-wip-us.apache.org/repos/asf/guacamole-client/repo
Commit: http://git-wip-us.apache.org/repos/asf/guacamole-client/commit/ef6d0c6a
Tree: http://git-wip-us.apache.org/repos/asf/guacamole-client/tree/ef6d0c6a
Diff: http://git-wip-us.apache.org/repos/asf/guacamole-client/diff/ef6d0c6a
Branch: refs/heads/master
Commit: ef6d0c6a5386e70cbca242886d17953eeaa2591c
Parents: 0729fa0
Author: Nick Couchman <vn...@apache.org>
Authored: Sat Feb 3 23:24:25 2018 -0500
Committer: Nick Couchman <vn...@apache.org>
Committed: Sat Feb 3 23:24:25 2018 -0500
----------------------------------------------------------------------
.../org/apache/guacamole/auth/radius/RadiusConnectionService.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/ef6d0c6a/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/RadiusConnectionService.java
----------------------------------------------------------------------
diff --git a/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/RadiusConnectionService.java b/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/RadiusConnectionService.java
index 8355557..ec82a63 100644
--- a/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/RadiusConnectionService.java
+++ b/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/RadiusConnectionService.java
@@ -290,7 +290,7 @@ public class RadiusConnectionService {
return null;
}
- if (state == null || state.length < 1) {
+ if (state == null || state.length == 0) {
logger.error("Challenge/response to RADIUS requires a prior state.");
return null;
}
[3/8] guacamole-client git commit: GUACAMOLE-197: Deal with null
state field..
Posted by mj...@apache.org.
GUACAMOLE-197: Deal with null state field..
Project: http://git-wip-us.apache.org/repos/asf/guacamole-client/repo
Commit: http://git-wip-us.apache.org/repos/asf/guacamole-client/commit/41dd9fc6
Tree: http://git-wip-us.apache.org/repos/asf/guacamole-client/tree/41dd9fc6
Diff: http://git-wip-us.apache.org/repos/asf/guacamole-client/diff/41dd9fc6
Branch: refs/heads/master
Commit: 41dd9fc60dfe27c8e067abb9c2c797c2af49f965
Parents: 77b4665
Author: Nick Couchman <vn...@apache.org>
Authored: Sat Feb 3 23:17:30 2018 -0500
Committer: Nick Couchman <vn...@apache.org>
Committed: Sat Feb 3 23:17:30 2018 -0500
----------------------------------------------------------------------
.../auth/radius/AuthenticationProviderService.java | 13 ++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/41dd9fc6/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/AuthenticationProviderService.java
----------------------------------------------------------------------
diff --git a/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/AuthenticationProviderService.java b/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/AuthenticationProviderService.java
index 1ff84c9..bee0433 100644
--- a/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/AuthenticationProviderService.java
+++ b/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/AuthenticationProviderService.java
@@ -157,10 +157,17 @@ public class AuthenticationProviderService {
// This is a response to a previous challenge, authenticate with that.
else {
try {
- byte[] stateBytes = DatatypeConverter.parseHexBinary(request.getParameter(RadiusStateField.PARAMETER_NAME));
+ String stateString = request.getParameter(RadiusStateField.PARAMETER_NAME);
+ if (stateString == null) {
+ logger.error("Could not retrieve RADIUS state.");
+ logger.debug("Received null value while retrieving RADIUS state parameter.");
+ throws new GuacamoleInvalidCredentialsException("Authentication error.", CredentialsInfo.USERNAME_PASSWORD);
+ }
+
+ byte[] stateBytes = DatatypeConverter.parseHexBinary(stateString);
radPack = radiusService.sendChallengeResponse(credentials.getUsername(),
- challengeResponse,
- stateBytes);
+ challengeResponse,
+ stateBytes);
}
catch (GuacamoleException e) {
logger.error("Cannot configure RADIUS server: {}", e.getMessage());
[2/8] guacamole-client git commit: GUACAMOLE-197: Remove
unnecessarily precise method calls.
Posted by mj...@apache.org.
GUACAMOLE-197: Remove unnecessarily precise method calls.
Project: http://git-wip-us.apache.org/repos/asf/guacamole-client/repo
Commit: http://git-wip-us.apache.org/repos/asf/guacamole-client/commit/77b4665c
Tree: http://git-wip-us.apache.org/repos/asf/guacamole-client/tree/77b4665c
Diff: http://git-wip-us.apache.org/repos/asf/guacamole-client/diff/77b4665c
Branch: refs/heads/master
Commit: 77b4665c5cbed27c0d6e590cc58fc7080bb3dfca
Parents: 769a34f
Author: Nick Couchman <vn...@apache.org>
Authored: Sat Feb 3 23:11:22 2018 -0500
Committer: Nick Couchman <vn...@apache.org>
Committed: Sat Feb 3 23:11:22 2018 -0500
----------------------------------------------------------------------
.../guacamole/auth/radius/AuthenticationProviderService.java | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/77b4665c/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/AuthenticationProviderService.java
----------------------------------------------------------------------
diff --git a/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/AuthenticationProviderService.java b/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/AuthenticationProviderService.java
index d5005b2..1ff84c9 100644
--- a/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/AuthenticationProviderService.java
+++ b/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/AuthenticationProviderService.java
@@ -99,7 +99,7 @@ public class AuthenticationProviderService {
// We have the required attributes - convert to strings and then generate the additional login box/field
String replyMsg = replyAttr.toString();
- String radiusState = javax.xml.bind.DatatypeConverter.printHexBinary(stateAttr.getValue().getBytes());
+ String radiusState = DatatypeConverter.printHexBinary(stateAttr.getValue().getBytes());
Field radiusResponseField = new RadiusChallengeResponseField(replyMsg);
Field radiusStateField = new RadiusStateField(radiusState);
@@ -157,7 +157,7 @@ public class AuthenticationProviderService {
// This is a response to a previous challenge, authenticate with that.
else {
try {
- byte[] stateBytes = javax.xml.bind.DatatypeConverter.parseHexBinary(request.getParameter(RadiusStateField.PARAMETER_NAME));
+ byte[] stateBytes = DatatypeConverter.parseHexBinary(request.getParameter(RadiusStateField.PARAMETER_NAME));
radPack = radiusService.sendChallengeResponse(credentials.getUsername(),
challengeResponse,
stateBytes);