GUACAMOLE-5: Verify sharing profile belongs to the requested connection. Project: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/commit/43761ef4 Tree: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/tree/43761ef4 Diff: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/diff/43761ef4
Branch: refs/heads/master Commit: 43761ef482e86bb2027b67d151f413716e333297 Parents: 19f80da Author: Michael Jumper <[email protected]> Authored: Thu Jul 21 15:16:09 2016 -0700 Committer: Michael Jumper <[email protected]> Committed: Thu Jul 21 15:16:09 2016 -0700 ---------------------------------------------------------------------- .../guacamole/auth/jdbc/sharing/ConnectionSharingService.java | 7 +++++++ 1 file changed, 7 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/blob/43761ef4/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharing/ConnectionSharingService.java ---------------------------------------------------------------------- diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharing/ConnectionSharingService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharing/ConnectionSharingService.java index 8af3ac3..7b97f57 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharing/ConnectionSharingService.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharing/ConnectionSharingService.java @@ -24,6 +24,7 @@ import java.util.Collections; import javax.servlet.http.HttpServletRequest; import org.apache.guacamole.auth.jdbc.user.AuthenticatedUser; import org.apache.guacamole.GuacamoleException; +import org.apache.guacamole.GuacamoleSecurityException; import org.apache.guacamole.auth.jdbc.activeconnection.TrackedActiveConnection; import org.apache.guacamole.auth.jdbc.sharingprofile.ModeledSharingProfile; import org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileService; @@ -105,6 +106,12 @@ public class ConnectionSharingService { sharingProfileService.retrieveObject(user, sharingProfileIdentifier); + // Verify that this profile is indeed a sharing profile for the + // requested connection + String connectionIdentifier = activeConnection.getConnectionIdentifier(); + if (sharingProfile == null || !sharingProfile.getPrimaryConnectionIdentifier().equals(connectionIdentifier)) + throw new GuacamoleSecurityException("Permission denied."); + // Generate a share key for the requested connection String key = keyGenerator.getShareKey(); connectionMap.put(key, new SharedConnectionDefinition(activeConnection,
