Repository: guacamole-client
Updated Branches:
  refs/heads/master 6db253956 -> 1b262985b


GUACAMOLE-197: Convert state to Hex string to avoid encoding issues.


Project: http://git-wip-us.apache.org/repos/asf/guacamole-client/repo
Commit: http://git-wip-us.apache.org/repos/asf/guacamole-client/commit/769a34f5
Tree: http://git-wip-us.apache.org/repos/asf/guacamole-client/tree/769a34f5
Diff: http://git-wip-us.apache.org/repos/asf/guacamole-client/diff/769a34f5

Branch: refs/heads/master
Commit: 769a34f511d3d00d5a34f8f6816521fdd8f847c6
Parents: 6b0f310
Author: Nick Couchman <vn...@apache.org>
Authored: Sat Feb 3 15:45:38 2018 -0500
Committer: Nick Couchman <vn...@apache.org>
Committed: Sat Feb 3 17:22:36 2018 -0500

----------------------------------------------------------------------
 .../guacamole/auth/radius/AuthenticationProviderService.java | 7 +++++--
 .../guacamole/auth/radius/RadiusConnectionService.java       | 8 ++++----
 2 files changed, 9 insertions(+), 6 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/769a34f5/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/AuthenticationProviderService.java
----------------------------------------------------------------------
diff --git 
a/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/AuthenticationProviderService.java
 
b/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/AuthenticationProviderService.java
index ae9f6bf..d5005b2 100644
--- 
a/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/AuthenticationProviderService.java
+++ 
b/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/AuthenticationProviderService.java
@@ -21,8 +21,10 @@ package org.apache.guacamole.auth.radius;
 
 import com.google.inject.Inject;
 import com.google.inject.Provider;
+import java.nio.charset.Charset;
 import java.util.Arrays;
 import javax.servlet.http.HttpServletRequest;
+import javax.xml.bind.DatatypeConverter;
 import org.apache.guacamole.auth.radius.user.AuthenticatedUser;
 import org.apache.guacamole.auth.radius.form.RadiusChallengeResponseField;
 import org.apache.guacamole.auth.radius.form.RadiusStateField;
@@ -97,7 +99,7 @@ public class AuthenticationProviderService {
 
         // We have the required attributes - convert to strings and then 
generate the additional login box/field
         String replyMsg = replyAttr.toString();
-        String radiusState = new String(stateAttr.getValue().getBytes());
+        String radiusState = 
javax.xml.bind.DatatypeConverter.printHexBinary(stateAttr.getValue().getBytes());
         Field radiusResponseField = new RadiusChallengeResponseField(replyMsg);
         Field radiusStateField = new RadiusStateField(radiusState);
 
@@ -155,9 +157,10 @@ public class AuthenticationProviderService {
         // This is a response to a previous challenge, authenticate with that.
         else {
             try {
+                byte[] stateBytes = 
javax.xml.bind.DatatypeConverter.parseHexBinary(request.getParameter(RadiusStateField.PARAMETER_NAME));
                 radPack = 
radiusService.sendChallengeResponse(credentials.getUsername(),
                                                      challengeResponse,
-                                                     
request.getParameter(RadiusStateField.PARAMETER_NAME));
+                                                     stateBytes);
             }
             catch (GuacamoleException e) {
                 logger.error("Cannot configure RADIUS server: {}", 
e.getMessage());

http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/769a34f5/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/RadiusConnectionService.java
----------------------------------------------------------------------
diff --git 
a/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/RadiusConnectionService.java
 
b/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/RadiusConnectionService.java
index 43c0b2d..8355557 100644
--- 
a/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/RadiusConnectionService.java
+++ 
b/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/RadiusConnectionService.java
@@ -187,7 +187,7 @@ public class RadiusConnectionService {
      * @throws GuacamoleException
      *     If an error occurs while talking to the server.
      */
-    public RadiusPacket authenticate(String username, String secret, String 
state)
+    public RadiusPacket authenticate(String username, String secret, byte[] 
state)
             throws GuacamoleException {
 
         // If a username wasn't passed, we quit
@@ -219,7 +219,7 @@ public class RadiusConnectionService {
         try {
             AttributeList radAttrs = new AttributeList();
             radAttrs.add(new Attr_UserName(username));
-            if (state != null && !state.isEmpty())
+            if (state != null && state.length > 0)
                 radAttrs.add(new Attr_State(state));
             radAttrs.add(new Attr_UserPassword(secret));
             radAttrs.add(new Attr_CleartextPassword(secret));
@@ -282,7 +282,7 @@ public class RadiusConnectionService {
      * @throws GuacamoleException
      *     If an error is encountered trying to talk to the RADIUS server.
      */
-    public RadiusPacket sendChallengeResponse(String username, String 
response, String state)
+    public RadiusPacket sendChallengeResponse(String username, String 
response, byte[] state)
             throws GuacamoleException {
 
         if (username == null || username.isEmpty()) {
@@ -290,7 +290,7 @@ public class RadiusConnectionService {
             return null;
         }
 
-        if (state == null || state.isEmpty()) {
+        if (state == null || state.length < 1) {
             logger.error("Challenge/response to RADIUS requires a prior 
state.");
             return null;
         }

Reply via email to