safebox/guacamole-client
4
0
Fork 0
mirror of https://github.com/gyurix1968/guacamole-client.git synced 2025-09-06 05:07:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

GUACAMOLE-1391 Add support for hashing passwords with SHA-256 in user-mapping.xml

Browse Source
This commit is contained in:
Bitson
2021-07-29 17:14:31 -05:00
parent 806b50e3cd
commit b4f75abdb7
3 changed files with 41 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
guacamole/doc/example/user-mapping.xml
View File

@@ -35,7 +35,7 @@
encoding="md5"> encoding="md5">
<!-- First authorized connection --> <!-- First authorized connection -->
<connection name="localhost"> <connection name="localhost">
<protocol>vnc</protocol> <protocol>vnc</protocol>
<param name="hostname">localhost</param> <param name="hostname">localhost</param>
<param name="port">5901</param> <param name="port">5901</param>
@@ -43,13 +43,28 @@
</connection> </connection>
<!-- Second authorized connection --> <!-- Second authorized connection -->
<connection name="otherhost"> <connection name="otherhost">
<protocol>vnc</protocol> <protocol>vnc</protocol>
<param name="hostname">otherhost</param> <param name="hostname">otherhost</param>
<param name="port">5900</param> <param name="port">5900</param>
<param name="password">VNCPASS</param> <param name="password">VNCPASS</param>
</connection> </connection>
</authorize> </authorize>
<!-- Another user, but using SHA-256 to hash the password -->
<authorize
username="USERNAME3"
password="5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8"
encoding="sha256">
<connection name="localhost">
<protocol>vnc</protocol>
<param name="hostname">localhost</param>
<param name="port">5900</param>
<param name="password">VNCPASS</param>
</connection>
</authorize>
</user-mapping> </user-mapping>

20
guacamole/src/main/java/org/apache/guacamole/auth/file/Authorization.java
View File

@@ -46,7 +46,12 @@ public class Authorization {
/** /**
* Password hashed with MD5. * Password hashed with MD5.
*/ */
MD5 MD5,
/**
* Passwords hashed with SHA256.
*/
SHA_256
} }
@@ -205,6 +210,19 @@ public class Authorization {
throw new UnsupportedOperationException("Unexpected lack of MD5 support.", e); throw new UnsupportedOperationException("Unexpected lack of MD5 support.", e);
} }
case SHA_256:
try {
MessageDigest digest = MessageDigest.getInstance("SHA-256");
String hashedPassword = getHexString(digest.digest(password.getBytes("UTF-8")));
return hashedPassword.equals(this.password.toUpperCase());
}
catch (UnsupportedEncodingException e) {
throw new UnsupportedOperationException("Unexpected lack of UTF-8 support.", e);
}
catch (NoSuchAlgorithmException e) {
throw new UnsupportedOperationException("Unexpected lack of SHA-256 support.", e);
}
} }
} // end validation check } // end validation check

4
guacamole/src/main/java/org/apache/guacamole/auth/file/AuthorizeTagHandler.java
View File

@@ -73,6 +73,10 @@ public class AuthorizeTagHandler implements TagHandler {
if (encoding.equals("md5")) if (encoding.equals("md5"))
authorization.setEncoding(Authorization.Encoding.MD5); authorization.setEncoding(Authorization.Encoding.MD5);
// If "sha256" use SHA-256 hash
else if (encoding.equals("sha256"))
authorization.setEncoding(Authorization.Encoding.SHA_S56);
// If "plain", use plain text // If "plain", use plain text
else if (encoding.equals("plain")) else if (encoding.equals("plain"))
authorization.setEncoding(Authorization.Encoding.PLAIN_TEXT); authorization.setEncoding(Authorization.Encoding.PLAIN_TEXT);