You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@guacamole.apache.org by jm...@apache.org on 2016/07/22 02:51:00 UTC
[6/8] incubator-guacamole-client git commit: GUACAMOLE-5: Verify
sharing profile belongs to the requested connection.
GUACAMOLE-5: Verify sharing profile belongs to the requested connection.
Project: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/commit/43761ef4
Tree: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/tree/43761ef4
Diff: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/diff/43761ef4
Branch: refs/heads/master
Commit: 43761ef482e86bb2027b67d151f413716e333297
Parents: 19f80da
Author: Michael Jumper <mj...@apache.org>
Authored: Thu Jul 21 15:16:09 2016 -0700
Committer: Michael Jumper <mj...@apache.org>
Committed: Thu Jul 21 15:16:09 2016 -0700
----------------------------------------------------------------------
.../guacamole/auth/jdbc/sharing/ConnectionSharingService.java | 7 +++++++
1 file changed, 7 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/blob/43761ef4/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharing/ConnectionSharingService.java
----------------------------------------------------------------------
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharing/ConnectionSharingService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharing/ConnectionSharingService.java
index 8af3ac3..7b97f57 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharing/ConnectionSharingService.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharing/ConnectionSharingService.java
@@ -24,6 +24,7 @@ import java.util.Collections;
import javax.servlet.http.HttpServletRequest;
import org.apache.guacamole.auth.jdbc.user.AuthenticatedUser;
import org.apache.guacamole.GuacamoleException;
+import org.apache.guacamole.GuacamoleSecurityException;
import org.apache.guacamole.auth.jdbc.activeconnection.TrackedActiveConnection;
import org.apache.guacamole.auth.jdbc.sharingprofile.ModeledSharingProfile;
import org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileService;
@@ -105,6 +106,12 @@ public class ConnectionSharingService {
sharingProfileService.retrieveObject(user,
sharingProfileIdentifier);
+ // Verify that this profile is indeed a sharing profile for the
+ // requested connection
+ String connectionIdentifier = activeConnection.getConnectionIdentifier();
+ if (sharingProfile == null || !sharingProfile.getPrimaryConnectionIdentifier().equals(connectionIdentifier))
+ throw new GuacamoleSecurityException("Permission denied.");
+
// Generate a share key for the requested connection
String key = keyGenerator.getShareKey();
connectionMap.put(key, new SharedConnectionDefinition(activeConnection,