[GitHub] [guacamole-server] necouchman commented on a change in pull request #232: GUACAMOLE-514: Implement additional VNC authentication support

Sat, 03 Aug 2019 11:25:45 -0700 

necouchman commented on a change in pull request #232: GUACAMOLE-514: Implement 
additional VNC authentication support
URL: https://github.com/apache/guacamole-server/pull/232#discussion_r310359365
 
 

 ##########
 File path: src/protocols/vnc/auth.c
 ##########
 @@ -31,3 +31,25 @@ char* guac_vnc_get_password(rfbClient* client) {
     return ((guac_vnc_client*) gc->data)->settings->password;
 }
 
+rfbCredential* guac_vnc_get_credentials(rfbClient* client, int credentialType) 
{
+    guac_client* gc = rfbClientGetClientData(client, GUAC_VNC_CLIENT_KEY);
+    rfbCredential *creds = malloc(sizeof(rfbCredential));
+    
+    if (credentialType == rfbCredentialTypeUser) {
+        creds->userCredential.username = ((guac_vnc_client*) 
gc->data)->settings->username;
+        creds->userCredential.password = ((guac_vnc_client*) 
gc->data)->settings->password;
+        return creds;
+    }
+    
+    else if (credentialType == rfbCredentialTypeX509) {
+        creds->x509Credential.x509ClientCertFile = ((guac_vnc_client*) 
gc->data)->settings->client_cert;
 
 Review comment:
   I'm not sure.  The way I've implemented it, between the Client and Server 
parameters, is assuming that the contents of the file will be passed through, 
not the location of the file, but I'm not sure one way or the other.
   
   Unfortunately, if those values represent the locations of a file, rather 
than the contents, I'm not sure there's much to do about it within the 
libVNCclient implementation, since that's internal to that implementation.
   
   I can think of one way to work around it - we could have guacd write out the 
contents of the file to a location on-disk, have libvncclient read it in, then 
immediately delete the file.  This is a little risky, as it has the potential 
to expose the contents of the private key to locations where it could be read 
by others on the system.
   
   I'm open to suggestions, even if it's "let's not implement this right now."

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
[email protected]


With regards,
Apache Git Services

Reply via email to