extern/KasmVNC
1
0
Fork 0
mirror of https://github.com/kasmtech/KasmVNC.git synced 2025-01-11 16:38:12 +01:00
Code Issues Packages Projects Releases Wiki Activity

Resolve KASM-2194 "Feature/ bulk user mgmt"

Browse Source
This commit is contained in:
Matthew McClaskey 2022-01-24 16:42:29 +00:00
parent 93e89bd8be
commit 99680f23ff
12 changed files with 3753 additions and 77 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
common/network/CMakeLists.txt
View File

@ -5,6 +5,7 @@ set(NETWORK_SOURCES
Blacklist.cxx
Socket.cxx
TcpSocket.cxx
cJSON.c
jsonescape.c
websocket.c
websockify.c

9
common/network/GetAPI.h
View File

@ -53,11 +53,12 @@ namespace network {
uint8_t *netGetScreenshot(uint16_t w, uint16_t h,
const uint8_t q, const bool dedup,
uint32_t &len, uint8_t *staging);
uint8_t netAddUser(const char name[], const char pw[], const bool write);
uint8_t netAddUser(const char name[], const char pw[], const bool write, const bool owner);
uint8_t netRemoveUser(const char name[]);
uint8_t netUpdateUser(const char name[], const uint64_t mask, const bool write,
const bool owner);
uint8_t netGiveControlTo(const char name[]);
uint8_t netUpdateUser(const char name[], const uint64_t mask,
const char password[],
const bool write, const bool owner);
uint8_t netAddOrUpdateUser(const struct kasmpasswd_entry_t *entry);
void netGetUsers(const char **ptr);
void netGetBottleneckStats(char *buf, uint32_t len);
void netGetFrameStats(char *buf, uint32_t len);

1
common/network/GetAPIEnums.h
View File

@ -23,6 +23,7 @@
enum USER_UPDATE_MASK {
USER_UPDATE_WRITE_MASK = 1 << 0,
USER_UPDATE_OWNER_MASK = 1 << 1,
USER_UPDATE_PASSWORD_MASK = 1 << 2,
};
#endif

69
common/network/GetAPIMessager.cxx
View File

@ -264,10 +264,8 @@ uint8_t *GetAPIMessager::netGetScreenshot(uint16_t w, uint16_t h,
return ret;
}
#define USERNAME_LEN sizeof(((struct kasmpasswd_entry_t *)0)->user)
#define PASSWORD_LEN sizeof(((struct kasmpasswd_entry_t *)0)->password)
uint8_t GetAPIMessager::netAddUser(const char name[], const char pw[], const bool write) {
uint8_t GetAPIMessager::netAddUser(const char name[], const char pw[], const bool write,
const bool owner) {
if (strlen(name) >= USERNAME_LEN) {
vlog.error("Username too long");
return 0;
@ -281,13 +279,15 @@ uint8_t GetAPIMessager::netAddUser(const char name[], const char pw[], const boo
if (!passwdfile)
return 0;
uint8_t ret = 1;
action_data act;
memcpy(act.data.user, name, USERNAME_LEN);
act.data.user[USERNAME_LEN - 1] = '\0';
memcpy(act.data.password, pw, PASSWORD_LEN);
act.data.password[PASSWORD_LEN - 1] = '\0';
act.data.owner = 0;
act.data.owner = owner;
act.data.write = write;
if (pthread_mutex_lock(&userMutex))
@ -302,6 +302,7 @@ uint8_t GetAPIMessager::netAddUser(const char name[], const char pw[], const boo
for (s = 0; s < set->num; s++) {
if (!strcmp(set->entries[s].user, name)) {
vlog.error("Can't create user %s, already exists", name);
ret = 0;
goto out;
}
}
@ -319,7 +320,7 @@ out:
free(set->entries);
free(set);
return 1;
return ret;
}
uint8_t GetAPIMessager::netRemoveUser(const char name[]) {
@ -365,12 +366,18 @@ uint8_t GetAPIMessager::netRemoveUser(const char name[]) {
}
uint8_t GetAPIMessager::netUpdateUser(const char name[], const uint64_t mask,
const char password[],
const bool write, const bool owner) {
if (strlen(name) >= USERNAME_LEN) {
vlog.error("Username too long");
return 0;
}
if (strlen(password) >= PASSWORD_LEN) {
vlog.error("Password too long");
return 0;
}
if (!mask) {
vlog.error("Update_user without any updates?");
return 0;
@ -388,6 +395,9 @@ uint8_t GetAPIMessager::netUpdateUser(const char name[], const uint64_t mask,
set->entries[s].write = write;
if (mask & USER_UPDATE_OWNER_MASK)
set->entries[s].owner = owner;
if (mask & USER_UPDATE_PASSWORD_MASK)
strcpy(set->entries[s].password, password);
found = true;
break;
}
@ -415,40 +425,32 @@ uint8_t GetAPIMessager::netUpdateUser(const char name[], const uint64_t mask,
return 1;
}
uint8_t GetAPIMessager::netGiveControlTo(const char name[]) {
if (strlen(name) >= USERNAME_LEN) {
vlog.error("Username too long");
return 0;
}
uint8_t GetAPIMessager::netAddOrUpdateUser(const struct kasmpasswd_entry_t *entry) {
if (pthread_mutex_lock(&userMutex))
return 0;
struct kasmpasswd_t *set = readkasmpasswd(passwdfile);
bool found = false;
unsigned s;
for (s = 0; s < set->num; s++) {
if (!strcmp(set->entries[s].user, name)) {
set->entries[s].write = 1;
found = true;
} else {
set->entries[s].write = 0;
struct kasmpasswd_t *set = readkasmpasswd(passwdfile);
unsigned s;
bool updated = false;
for (s = 0; s < set->num; s++) {
if (!strcmp(set->entries[s].user, entry->user)) {
set->entries[s] = *entry;
updated = true;
vlog.info("User %s updated", entry->user);
break;
}
}
}
if (found) {
writekasmpasswd(passwdfile, set);
vlog.info("User %s given control", name);
} else {
vlog.error("Tried to give control to nonexistent user %s", name);
if (!updated) {
s = set->num++;
set->entries = (struct kasmpasswd_entry_t *) realloc(set->entries,
set->num * sizeof(struct kasmpasswd_entry_t));
set->entries[s] = *entry;
vlog.info("User %s created", entry->user);
}
pthread_mutex_unlock(&userMutex);
free(set->entries);
free(set);
return 0;
}
writekasmpasswd(passwdfile, set);
pthread_mutex_unlock(&userMutex);
@ -456,6 +458,7 @@ uint8_t GetAPIMessager::netGiveControlTo(const char name[]) {
free(set);
return 1;
}
void GetAPIMessager::netGetUsers(const char **outptr) {

13
common/network/TcpSocket.cxx
View File

@ -443,10 +443,10 @@ static uint8_t *screenshotCb(void *messager, uint16_t w, uint16_t h, const uint8
}
static uint8_t adduserCb(void *messager, const char name[], const char pw[],
const uint8_t write)
const uint8_t write, const uint8_t owner)
{
GetAPIMessager *msgr = (GetAPIMessager *) messager;
return msgr->netAddUser(name, pw, write);
return msgr->netAddUser(name, pw, write, owner);
}
static uint8_t removeCb(void *messager, const char name[])
@ -456,16 +456,17 @@ static uint8_t removeCb(void *messager, const char name[])
}
static uint8_t updateUserCb(void *messager, const char name[], const uint64_t mask,
const char password[],
const uint8_t write, const uint8_t owner)
{
GetAPIMessager *msgr = (GetAPIMessager *) messager;
return msgr->netUpdateUser(name, mask, write, owner);
return msgr->netUpdateUser(name, mask, password, write, owner);
}
static uint8_t givecontrolCb(void *messager, const char name[])
static uint8_t addOrUpdateUserCb(void *messager, const struct kasmpasswd_entry_t *entry)
{
GetAPIMessager *msgr = (GetAPIMessager *) messager;
return msgr->netGiveControlTo(name);
return msgr->netAddOrUpdateUser(entry);
}
static void getUsersCb(void *messager, const char **ptr)
@ -627,7 +628,7 @@ WebsocketListener::WebsocketListener(const struct sockaddr *listenaddr,
settings.adduserCb = adduserCb;
settings.removeCb = removeCb;
settings.updateUserCb = updateUserCb;
settings.givecontrolCb = givecontrolCb;
settings.addOrUpdateUserCb = addOrUpdateUserCb;
settings.getUsersCb = getUsersCb;
settings.bottleneckStatsCb = bottleneckStatsCb;
settings.frameStatsCb = frameStatsCb;

3114
common/network/cJSON.c Normal file
View File

File diff suppressed because it is too large Load Diff

295
common/network/cJSON.h Normal file
View File

@ -0,0 +1,295 @@
/*
Copyright (c) 2009-2017 Dave Gamble and cJSON contributors
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
*/
// 2fc55f6 from Jan 20, 2022
#ifndef cJSON__h
#define cJSON__h
#ifdef __cplusplus
extern "C"
{
#endif
#if !defined(__WINDOWS__) && (defined(WIN32) || defined(WIN64) || defined(_MSC_VER) || defined(_WIN32))
#define __WINDOWS__
#endif
#ifdef __WINDOWS__
/* When compiling for windows, we specify a specific calling convention to avoid issues where we are being called from a project with a different default calling convention. For windows you have 3 define options:
CJSON_HIDE_SYMBOLS - Define this in the case where you don't want to ever dllexport symbols
CJSON_EXPORT_SYMBOLS - Define this on library build when you want to dllexport symbols (default)
CJSON_IMPORT_SYMBOLS - Define this if you want to dllimport symbol
For *nix builds that support visibility attribute, you can define similar behavior by
setting default visibility to hidden by adding
-fvisibility=hidden (for gcc)
or
-xldscope=hidden (for sun cc)
to CFLAGS
then using the CJSON_API_VISIBILITY flag to "export" the same symbols the way CJSON_EXPORT_SYMBOLS does
*/
#define CJSON_CDECL __cdecl
#define CJSON_STDCALL __stdcall
/* export symbols by default, this is necessary for copy pasting the C and header file */
#if !defined(CJSON_HIDE_SYMBOLS) && !defined(CJSON_IMPORT_SYMBOLS) && !defined(CJSON_EXPORT_SYMBOLS)
#define CJSON_EXPORT_SYMBOLS
#endif
#if defined(CJSON_HIDE_SYMBOLS)
#define CJSON_PUBLIC(type) type CJSON_STDCALL
#elif defined(CJSON_EXPORT_SYMBOLS)
#define CJSON_PUBLIC(type) __declspec(dllexport) type CJSON_STDCALL
#elif defined(CJSON_IMPORT_SYMBOLS)
#define CJSON_PUBLIC(type) __declspec(dllimport) type CJSON_STDCALL
#endif
#else /* !__WINDOWS__ */
#define CJSON_CDECL
#define CJSON_STDCALL
#if (defined(__GNUC__) || defined(__SUNPRO_CC) || defined (__SUNPRO_C)) && defined(CJSON_API_VISIBILITY)
#define CJSON_PUBLIC(type) __attribute__((visibility("default"))) type
#else
#define CJSON_PUBLIC(type) type
#endif
#endif
/* project version */
#define CJSON_VERSION_MAJOR 1
#define CJSON_VERSION_MINOR 7
#define CJSON_VERSION_PATCH 15
#include <stddef.h>
/* cJSON Types: */
#define cJSON_Invalid (0)
#define cJSON_False (1 << 0)
#define cJSON_True (1 << 1)
#define cJSON_NULL (1 << 2)
#define cJSON_Number (1 << 3)
#define cJSON_String (1 << 4)
#define cJSON_Array (1 << 5)
#define cJSON_Object (1 << 6)
#define cJSON_Raw (1 << 7) /* raw json */
#define cJSON_IsReference 256
#define cJSON_StringIsConst 512
/* The cJSON structure: */
typedef struct cJSON
{
/* next/prev allow you to walk array/object chains. Alternatively, use GetArraySize/GetArrayItem/GetObjectItem */
struct cJSON *next;
struct cJSON *prev;
/* An array or object item will have a child pointer pointing to a chain of the items in the array/object. */
struct cJSON *child;
/* The type of the item, as above. */
int type;
/* The item's string, if type==cJSON_String and type == cJSON_Raw */
char *valuestring;
/* writing to valueint is DEPRECATED, use cJSON_SetNumberValue instead */
int valueint;
/* The item's number, if type==cJSON_Number */
double valuedouble;
/* The item's name string, if this item is the child of, or is in the list of subitems of an object. */
char *string;
} cJSON;
typedef struct cJSON_Hooks
{
/* malloc/free are CDECL on Windows regardless of the default calling convention of the compiler, so ensure the hooks allow passing those functions directly. */
void *(CJSON_CDECL *malloc_fn)(size_t sz);
void (CJSON_CDECL *free_fn)(void *ptr);
} cJSON_Hooks;
typedef int cJSON_bool;
/* Limits how deeply nested arrays/objects can be before cJSON rejects to parse them.
* This is to prevent stack overflows. */
#ifndef CJSON_NESTING_LIMIT
#define CJSON_NESTING_LIMIT 1000
#endif
/* returns the version of cJSON as a string */
CJSON_PUBLIC(const char*) cJSON_Version(void);
/* Supply malloc, realloc and free functions to cJSON */
CJSON_PUBLIC(void) cJSON_InitHooks(cJSON_Hooks* hooks);
/* Memory Management: the caller is always responsible to free the results from all variants of cJSON_Parse (with cJSON_Delete) and cJSON_Print (with stdlib free, cJSON_Hooks.free_fn, or cJSON_free as appropriate). The exception is cJSON_PrintPreallocated, where the caller has full responsibility of the buffer. */
/* Supply a block of JSON, and this returns a cJSON object you can interrogate. */
CJSON_PUBLIC(cJSON *) cJSON_Parse(const char *value);
CJSON_PUBLIC(cJSON *) cJSON_ParseWithLength(const char *value, size_t buffer_length);
/* ParseWithOpts allows you to require (and check) that the JSON is null terminated, and to retrieve the pointer to the final byte parsed. */
/* If you supply a ptr in return_parse_end and parsing fails, then return_parse_end will contain a pointer to the error so will match cJSON_GetErrorPtr(). */
CJSON_PUBLIC(cJSON *) cJSON_ParseWithOpts(const char *value, const char **return_parse_end, cJSON_bool require_null_terminated);
CJSON_PUBLIC(cJSON *) cJSON_ParseWithLengthOpts(const char *value, size_t buffer_length, const char **return_parse_end, cJSON_bool require_null_terminated);
/* Render a cJSON entity to text for transfer/storage. */
CJSON_PUBLIC(char *) cJSON_Print(const cJSON *item);
/* Render a cJSON entity to text for transfer/storage without any formatting. */
CJSON_PUBLIC(char *) cJSON_PrintUnformatted(const cJSON *item);
/* Render a cJSON entity to text using a buffered strategy. prebuffer is a guess at the final size. guessing well reduces reallocation. fmt=0 gives unformatted, =1 gives formatted */
CJSON_PUBLIC(char *) cJSON_PrintBuffered(const cJSON *item, int prebuffer, cJSON_bool fmt);
/* Render a cJSON entity to text using a buffer already allocated in memory with given length. Returns 1 on success and 0 on failure. */
/* NOTE: cJSON is not always 100% accurate in estimating how much memory it will use, so to be safe allocate 5 bytes more than you actually need */
CJSON_PUBLIC(cJSON_bool) cJSON_PrintPreallocated(cJSON *item, char *buffer, const int length, const cJSON_bool format);
/* Delete a cJSON entity and all subentities. */
CJSON_PUBLIC(void) cJSON_Delete(cJSON *item);
/* Returns the number of items in an array (or object). */
CJSON_PUBLIC(int) cJSON_GetArraySize(const cJSON *array);
/* Retrieve item number "index" from array "array". Returns NULL if unsuccessful. */
CJSON_PUBLIC(cJSON *) cJSON_GetArrayItem(const cJSON *array, int index);
/* Get item "string" from object. Case insensitive. */
CJSON_PUBLIC(cJSON *) cJSON_GetObjectItem(const cJSON * const object, const char * const string);
CJSON_PUBLIC(cJSON *) cJSON_GetObjectItemCaseSensitive(const cJSON * const object, const char * const string);
CJSON_PUBLIC(cJSON_bool) cJSON_HasObjectItem(const cJSON *object, const char *string);
/* For analysing failed parses. This returns a pointer to the parse error. You'll probably need to look a few chars back to make sense of it. Defined when cJSON_Parse() returns 0. 0 when cJSON_Parse() succeeds. */
CJSON_PUBLIC(const char *) cJSON_GetErrorPtr(void);
/* Check item type and return its value */
CJSON_PUBLIC(char *) cJSON_GetStringValue(const cJSON * const item);
CJSON_PUBLIC(double) cJSON_GetNumberValue(const cJSON * const item);
/* These functions check the type of an item */
CJSON_PUBLIC(cJSON_bool) cJSON_IsInvalid(const cJSON * const item);
CJSON_PUBLIC(cJSON_bool) cJSON_IsFalse(const cJSON * const item);
CJSON_PUBLIC(cJSON_bool) cJSON_IsTrue(const cJSON * const item);
CJSON_PUBLIC(cJSON_bool) cJSON_IsBool(const cJSON * const item);
CJSON_PUBLIC(cJSON_bool) cJSON_IsNull(const cJSON * const item);
CJSON_PUBLIC(cJSON_bool) cJSON_IsNumber(const cJSON * const item);
CJSON_PUBLIC(cJSON_bool) cJSON_IsString(const cJSON * const item);
CJSON_PUBLIC(cJSON_bool) cJSON_IsArray(const cJSON * const item);
CJSON_PUBLIC(cJSON_bool) cJSON_IsObject(const cJSON * const item);
CJSON_PUBLIC(cJSON_bool) cJSON_IsRaw(const cJSON * const item);
/* These calls create a cJSON item of the appropriate type. */
CJSON_PUBLIC(cJSON *) cJSON_CreateNull(void);
CJSON_PUBLIC(cJSON *) cJSON_CreateTrue(void);
CJSON_PUBLIC(cJSON *) cJSON_CreateFalse(void);
CJSON_PUBLIC(cJSON *) cJSON_CreateBool(cJSON_bool boolean);
CJSON_PUBLIC(cJSON *) cJSON_CreateNumber(double num);
CJSON_PUBLIC(cJSON *) cJSON_CreateString(const char *string);
/* raw json */
CJSON_PUBLIC(cJSON *) cJSON_CreateRaw(const char *raw);
CJSON_PUBLIC(cJSON *) cJSON_CreateArray(void);
CJSON_PUBLIC(cJSON *) cJSON_CreateObject(void);
/* Create a string where valuestring references a string so
* it will not be freed by cJSON_Delete */
CJSON_PUBLIC(cJSON *) cJSON_CreateStringReference(const char *string);
/* Create an object/array that only references it's elements so
* they will not be freed by cJSON_Delete */
CJSON_PUBLIC(cJSON *) cJSON_CreateObjectReference(const cJSON *child);
CJSON_PUBLIC(cJSON *) cJSON_CreateArrayReference(const cJSON *child);
/* These utilities create an Array of count items.
* The parameter count cannot be greater than the number of elements in the number array, otherwise array access will be out of bounds.*/
CJSON_PUBLIC(cJSON *) cJSON_CreateIntArray(const int *numbers, int count);
CJSON_PUBLIC(cJSON *) cJSON_CreateFloatArray(const float *numbers, int count);
CJSON_PUBLIC(cJSON *) cJSON_CreateDoubleArray(const double *numbers, int count);
CJSON_PUBLIC(cJSON *) cJSON_CreateStringArray(const char *const *strings, int count);
/* Append item to the specified array/object. */
CJSON_PUBLIC(cJSON_bool) cJSON_AddItemToArray(cJSON *array, cJSON *item);
CJSON_PUBLIC(cJSON_bool) cJSON_AddItemToObject(cJSON *object, const char *string, cJSON *item);
/* Use this when string is definitely const (i.e. a literal, or as good as), and will definitely survive the cJSON object.
* WARNING: When this function was used, make sure to always check that (item->type & cJSON_StringIsConst) is zero before
* writing to `item->string` */
CJSON_PUBLIC(cJSON_bool) cJSON_AddItemToObjectCS(cJSON *object, const char *string, cJSON *item);
/* Append reference to item to the specified array/object. Use this when you want to add an existing cJSON to a new cJSON, but don't want to corrupt your existing cJSON. */
CJSON_PUBLIC(cJSON_bool) cJSON_AddItemReferenceToArray(cJSON *array, cJSON *item);
CJSON_PUBLIC(cJSON_bool) cJSON_AddItemReferenceToObject(cJSON *object, const char *string, cJSON *item);
/* Remove/Detach items from Arrays/Objects. */
CJSON_PUBLIC(cJSON *) cJSON_DetachItemViaPointer(cJSON *parent, cJSON * const item);
CJSON_PUBLIC(cJSON *) cJSON_DetachItemFromArray(cJSON *array, int which);
CJSON_PUBLIC(void) cJSON_DeleteItemFromArray(cJSON *array, int which);
CJSON_PUBLIC(cJSON *) cJSON_DetachItemFromObject(cJSON *object, const char *string);
CJSON_PUBLIC(cJSON *) cJSON_DetachItemFromObjectCaseSensitive(cJSON *object, const char *string);
CJSON_PUBLIC(void) cJSON_DeleteItemFromObject(cJSON *object, const char *string);
CJSON_PUBLIC(void) cJSON_DeleteItemFromObjectCaseSensitive(cJSON *object, const char *string);
/* Update array items. */
CJSON_PUBLIC(cJSON_bool) cJSON_InsertItemInArray(cJSON *array, int which, cJSON *newitem); /* Shifts pre-existing items to the right. */
CJSON_PUBLIC(cJSON_bool) cJSON_ReplaceItemViaPointer(cJSON * const parent, cJSON * const item, cJSON * replacement);
CJSON_PUBLIC(cJSON_bool) cJSON_ReplaceItemInArray(cJSON *array, int which, cJSON *newitem);
CJSON_PUBLIC(cJSON_bool) cJSON_ReplaceItemInObject(cJSON *object,const char *string,cJSON *newitem);
CJSON_PUBLIC(cJSON_bool) cJSON_ReplaceItemInObjectCaseSensitive(cJSON *object,const char *string,cJSON *newitem);
/* Duplicate a cJSON item */
CJSON_PUBLIC(cJSON *) cJSON_Duplicate(const cJSON *item, cJSON_bool recurse);
/* Duplicate will create a new, identical cJSON item to the one you pass, in new memory that will
* need to be released. With recurse!=0, it will duplicate any children connected to the item.
* The item->next and ->prev pointers are always zero on return from Duplicate. */
/* Recursively compare two cJSON items for equality. If either a or b is NULL or invalid, they will be considered unequal.
* case_sensitive determines if object keys are treated case sensitive (1) or case insensitive (0) */
CJSON_PUBLIC(cJSON_bool) cJSON_Compare(const cJSON * const a, const cJSON * const b, const cJSON_bool case_sensitive);
/* Minify a strings, remove blank characters(such as ' ', '\t', '\r', '\n') from strings.
* The input pointer json cannot point to a read-only address area, such as a string constant,
* but should point to a readable and writable address area. */
CJSON_PUBLIC(void) cJSON_Minify(char *json);
/* Helper functions for creating and adding items to an object at the same time.
* They return the added item or NULL on failure. */
CJSON_PUBLIC(cJSON*) cJSON_AddNullToObject(cJSON * const object, const char * const name);
CJSON_PUBLIC(cJSON*) cJSON_AddTrueToObject(cJSON * const object, const char * const name);
CJSON_PUBLIC(cJSON*) cJSON_AddFalseToObject(cJSON * const object, const char * const name);
CJSON_PUBLIC(cJSON*) cJSON_AddBoolToObject(cJSON * const object, const char * const name, const cJSON_bool boolean);
CJSON_PUBLIC(cJSON*) cJSON_AddNumberToObject(cJSON * const object, const char * const name, const double number);
CJSON_PUBLIC(cJSON*) cJSON_AddStringToObject(cJSON * const object, const char * const name, const char * const string);
CJSON_PUBLIC(cJSON*) cJSON_AddRawToObject(cJSON * const object, const char * const name, const char * const raw);
CJSON_PUBLIC(cJSON*) cJSON_AddObjectToObject(cJSON * const object, const char * const name);
CJSON_PUBLIC(cJSON*) cJSON_AddArrayToObject(cJSON * const object, const char * const name);
/* When assigning an integer value, it needs to be propagated to valuedouble too. */
#define cJSON_SetIntValue(object, number) ((object) ? (object)->valueint = (object)->valuedouble = (number) : (number))
/* helper for the cJSON_SetNumberValue macro */
CJSON_PUBLIC(double) cJSON_SetNumberHelper(cJSON *object, double number);
#define cJSON_SetNumberValue(object, number) ((object != NULL) ? cJSON_SetNumberHelper(object, (double)number) : (number))
/* Change the valuestring of a cJSON_String object, only takes effect when type of object is cJSON_String */
CJSON_PUBLIC(char*) cJSON_SetValuestring(cJSON *object, const char *valuestring);
/* Macro for iterating over an array or object */
#define cJSON_ArrayForEach(element, array) for(element = (array != NULL) ? (array)->child : NULL; element != NULL; element = element->next)
/* malloc/free objects using the malloc/free functions that have been set with cJSON_InitHooks */
CJSON_PUBLIC(void *) cJSON_malloc(size_t size);
CJSON_PUBLIC(void) cJSON_free(void *object);
#ifdef __cplusplus
}
#endif
#endif

99
common/network/jsonescape.c
View File

@ -16,7 +16,12 @@
* USA.
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "jsonescape.h"
#include "cJSON.h"
void JSON_escape(const char *in, char *out) {
for (; *in; in++) {
@ -79,3 +84,97 @@ void JSON_unescape(const char *in, char *out) {
*out = '\0';
}
struct kasmpasswd_t *parseJsonUsers(const char *data) {
cJSON *json = cJSON_Parse(data);
if (!json)
return NULL;
if (!(json->type & cJSON_Array))
return NULL;
struct kasmpasswd_t *set = calloc(sizeof(struct kasmpasswd_t), 1);
set->num = cJSON_GetArraySize(json);
set->entries = calloc(sizeof(struct kasmpasswd_entry_t), set->num);
cJSON *cur;
unsigned s, len;
for (cur = json->child, s = 0; cur; cur = cur->next, s++) {
if (!(cur->type & cJSON_Object))
goto fail;
cJSON *e;
struct kasmpasswd_entry_t * const entry = &set->entries[s];
entry->user[0] = '\0';
entry->password[0] = '\0';
entry->write = entry->owner = 0;
for (e = cur->child; e; e = e->next) {
#define field(x) if (!strcmp(x, e->string))
field("user") {
if (!(e->type & cJSON_String))
goto fail;
len = strlen(e->valuestring);
//printf("Val '%.*s'\n", len, start);
if (len >= USERNAME_LEN)
goto fail;
memcpy(entry->user, e->valuestring, len);
entry->user[len] = '\0';
} else field("password") {
if (!(e->type & cJSON_String))
goto fail;
len = strlen(e->valuestring);
//printf("Val '%.*s'\n", len, start);
if (len >= PASSWORD_LEN)
goto fail;
memcpy(entry->password, e->valuestring, len);
entry->password[len] = '\0';
} else field("write") {
if (!(e->type & (cJSON_False | cJSON_True)))
goto fail;
if (e->type & cJSON_True)
entry->write = 1;
} else field("owner") {
if (!(e->type & (cJSON_False | cJSON_True)))
goto fail;
if (e->type & cJSON_True)
entry->owner = 1;
/* } else field("read") {
start = end + 3;
if (!(e->type & (cJSON_False | cJSON_True)))
goto fail;
if (e->type & cJSON_True)
entry->read = 1;
*/
} else {
//printf("Unknown field '%.*s'\n", len, start);
goto fail;
}
#undef field
}
}
cJSON_Delete(json);
return set;
fail:
free(set->entries);
free(set);
cJSON_Delete(json);
return NULL;
}

5
common/network/jsonescape.h
View File

@ -19,6 +19,9 @@
#ifndef __NETWORK_JSON_ESCAPE_H__
#define __NETWORK_JSON_ESCAPE_H__
#include <kasmpasswd.h>
#include <stdint.h>
#ifdef __cplusplus
extern "C" {
#endif
@ -26,6 +29,8 @@ extern "C" {
void JSON_escape(const char *in, char *out);
void JSON_unescape(const char *in, char *out);
struct kasmpasswd_t *parseJsonUsers(const char *data);
#ifdef __cplusplus
} // extern C
#endif

214
common/network/websocket.c
View File

@ -31,6 +31,7 @@
#include <openssl/md5.h> /* md5 hash */
#include <openssl/sha.h> /* sha1 hash */
#include "websocket.h"
#include "jsonescape.h"
#include "kasmpasswd.h"
#include <network/Blacklist.h>
@ -901,12 +902,183 @@ nope:
ws_send(ws_ctx, buf, strlen(buf));
}
static uint8_t ownerapi_post(ws_ctx_t *ws_ctx, const char *in) {
char buf[4096], path[4096];
uint8_t ret = 0; // 0 = continue checking
in += 5;
const char *end = strchr(in, ' ');
unsigned len = end - in;
if (len < 1 || len > 1024 || strstr(in, "../")) {
wserr("Request too long (%u) or attempted dir traversal attack, rejecting\n", len);
return 0;
}
end = memchr(in, '?', len);
if (end) {
wserr("Attempted GET params in a POST request, rejecting\n");
return 0;
}
memcpy(path, in, len);
path[len] = '\0';
wserr("Requested owner POST api '%s'\n", path);
in = strstr(in, "\r\n\r\n");
if (!in) {
wserr("No content\n");
return 0;
}
in += 4;
#define entry(x) if (!strcmp(path, x))
struct kasmpasswd_t *set = NULL;
unsigned s;
entry("/api/create_user") {
set = parseJsonUsers(in);
if (!set) {
wserr("JSON parse error\n");
goto nope;
}
for (s = 0; s < set->num; s++) {
if (!set->entries[s].user[0] || !set->entries[s].password[0]) {
wserr("Username or password missing\n");
goto nope;
}
struct crypt_data cdata;
cdata.initialized = 0;
const char *encrypted = crypt_r(set->entries[s].password, "$5$kasm$", &cdata);
strcpy(set->entries[s].password, encrypted);
if (!settings.addOrUpdateUserCb(settings.messager, &set->entries[s])) {
wserr("Couldn't add or update user\n");
goto nope;
}
}
free(set->entries);
free(set);
sprintf(buf, "HTTP/1.1 200 OK\r\n"
"Server: KasmVNC/4.0\r\n"
"Connection: close\r\n"
"Content-type: text/plain\r\n"
"Content-length: 6\r\n"
"\r\n"
"200 OK");
ws_send(ws_ctx, buf, strlen(buf));
ret = 1;
} else entry("/api/remove_user") {
set = parseJsonUsers(in);
if (!set) {
wserr("JSON parse error\n");
goto nope;
}
for (s = 0; s < set->num; s++) {
if (!set->entries[s].user[0]) {
wserr("Username missing\n");
goto nope;
}
if (!settings.removeCb(settings.messager, set->entries[s].user)) {
wserr("Invalid params to remove_user\n");
goto nope;
}
}
free(set->entries);
free(set);
sprintf(buf, "HTTP/1.1 200 OK\r\n"
"Server: KasmVNC/4.0\r\n"
"Connection: close\r\n"
"Content-type: text/plain\r\n"
"Content-length: 6\r\n"
"\r\n"
"200 OK");
ws_send(ws_ctx, buf, strlen(buf));
ret = 1;
} else entry("/api/update_user") {
set = parseJsonUsers(in);
if (!set) {
wserr("JSON parse error\n");
goto nope;
}
for (s = 0; s < set->num; s++) {
if (!set->entries[s].user[0]) {
wserr("Username missing\n");
goto nope;
}
uint64_t mask = USER_UPDATE_WRITE_MASK | USER_UPDATE_OWNER_MASK;
if (set->entries[s].password[0]) {
struct crypt_data cdata;
cdata.initialized = 0;
const char *encrypted = crypt_r(set->entries[s].password, "$5$kasm$", &cdata);
strcpy(set->entries[s].password, encrypted);
mask |= USER_UPDATE_PASSWORD_MASK;
}
if (!settings.updateUserCb(settings.messager, set->entries[s].user, mask,
set->entries[s].password,
set->entries[s].write, set->entries[s].owner)) {
wserr("Invalid params to update_user\n");
goto nope;
}
}
free(set->entries);
free(set);
sprintf(buf, "HTTP/1.1 200 OK\r\n"
"Server: KasmVNC/4.0\r\n"
"Connection: close\r\n"
"Content-type: text/plain\r\n"
"Content-length: 6\r\n"
"\r\n"
"200 OK");
ws_send(ws_ctx, buf, strlen(buf));
ret = 1;
}
#undef entry
return ret;
nope:
sprintf(buf, "HTTP/1.1 400 Bad Request\r\n"
"Server: KasmVNC/4.0\r\n"
"Connection: close\r\n"
"Content-type: text/plain\r\n"
"\r\n"
"400 Bad Request");
ws_send(ws_ctx, buf, strlen(buf));
return 1;
}
static uint8_t ownerapi(ws_ctx_t *ws_ctx, const char *in) {
char buf[4096], path[4096], args[4096] = "";
uint8_t ret = 0; // 0 = continue checking
if (strncmp(in, "GET ", 4)) {
wserr("non-GET request, rejecting\n");
if (!strncmp(in, "POST ", 5))
return ownerapi_post(ws_ctx, in);
wserr("non-GET, non-POST request, rejecting\n");
return 0;
}
in += 4;
@ -1001,7 +1173,7 @@ static uint8_t ownerapi(ws_ctx_t *ws_ctx, const char *in) {
}
} else entry("/api/create_user") {
char decname[1024] = "", decpw[1024] = "";
uint8_t write = 0;
uint8_t write = 0, owner = 0;
param = parse_get(args, "name", &len);
if (len) {
@ -1029,10 +1201,16 @@ static uint8_t ownerapi(ws_ctx_t *ws_ctx, const char *in) {
write = 1;
}
param = parse_get(args, "owner", &len);
if (len && isalpha(param[0])) {
if (!strncmp(param, "true", len))
owner = 1;
}
if (!decname[0] || !decpw[0])
goto nope;
if (!settings.adduserCb(settings.messager, decname, decpw, write)) {
if (!settings.adduserCb(settings.messager, decname, decpw, write, owner)) {
wserr("Invalid params to create_user\n");
goto nope;
}
@ -1105,7 +1283,7 @@ static uint8_t ownerapi(ws_ctx_t *ws_ctx, const char *in) {
myowner = 1;
}
if (!settings.updateUserCb(settings.messager, decname, mask, mywrite, myowner)) {
if (!settings.updateUserCb(settings.messager, decname, mask, "", mywrite, myowner)) {
wserr("Invalid params to update_user\n");
goto nope;
}
@ -1119,34 +1297,6 @@ static uint8_t ownerapi(ws_ctx_t *ws_ctx, const char *in) {
"200 OK");
ws_send(ws_ctx, buf, strlen(buf));
ret = 1;
} else entry("/api/give_control") {
char decname[1024] = "";
param = parse_get(args, "name", &len);
if (len) {
memcpy(buf, param, len);
buf[len] = '\0';
percent_decode(buf, decname, 0);
}
if (!decname[0])
goto nope;
if (!settings.givecontrolCb(settings.messager, decname)) {
wserr("Invalid params to give_control\n");
goto nope;
}
sprintf(buf, "HTTP/1.1 200 OK\r\n"
"Server: KasmVNC/4.0\r\n"
"Connection: close\r\n"
"Content-type: text/plain\r\n"
"Content-length: 6\r\n"
"\r\n"
"200 OK");
ws_send(ws_ctx, buf, strlen(buf));
ret = 1;
} else entry("/api/get_bottleneck_stats") {
char statbuf[4096];

7
common/network/websocket.h
View File

@ -66,6 +66,8 @@ struct wspass_t {
char ip[64];
};
struct kasmpasswd_entry_t;
typedef struct {
int verbose;
int listen_sock;
@ -82,11 +84,12 @@ typedef struct {
const uint8_t dedup,
uint32_t *len, uint8_t *staging);
uint8_t (*adduserCb)(void *messager, const char name[], const char pw[],
const uint8_t write);
const uint8_t write, const uint8_t owner);
uint8_t (*removeCb)(void *messager, const char name[]);
uint8_t (*updateUserCb)(void *messager, const char name[], const uint64_t mask,
const char password[],
const uint8_t write, const uint8_t owner);
uint8_t (*givecontrolCb)(void *messager, const char name[]);
uint8_t (*addOrUpdateUserCb)(void *messager, const struct kasmpasswd_entry_t *entry);
void (*bottleneckStatsCb)(void *messager, char *buf, uint32_t len);
void (*frameStatsCb)(void *messager, char *buf, uint32_t len);

3
unix/kasmvncpasswd/kasmpasswd.h
View File

@ -12,6 +12,9 @@ struct kasmpasswd_entry_t {
unsigned char owner : 1;
};
#define USERNAME_LEN sizeof(((struct kasmpasswd_entry_t *)0)->user)
#define PASSWORD_LEN sizeof(((struct kasmpasswd_entry_t *)0)->password)
struct kasmpasswd_t {
struct kasmpasswd_entry_t *entries;
unsigned num;