GUACAMOLE-1391 Add support for hashing passwords with SHA-256 in user-mapping.xml
diff --git a/guacamole/doc/example/user-mapping.xml b/guacamole/doc/example/user-mapping.xml
index 69ae6a1..2191c92 100644
--- a/guacamole/doc/example/user-mapping.xml
+++ b/guacamole/doc/example/user-mapping.xml
@@ -35,7 +35,7 @@
encoding="md5">
<!-- First authorized connection -->
- <connection name="localhost">
+ <connection name="localhost">
<protocol>vnc</protocol>
<param name="hostname">localhost</param>
<param name="port">5901</param>
@@ -43,13 +43,28 @@
</connection>
<!-- Second authorized connection -->
- <connection name="otherhost">
+ <connection name="otherhost">
<protocol>vnc</protocol>
<param name="hostname">otherhost</param>
<param name="port">5900</param>
<param name="password">VNCPASS</param>
</connection>
- </authorize>
+ </authorize>
+
+ <!-- Another user, but using SHA-256 to hash the password -->
+ <authorize
+ username="USERNAME3"
+ password="5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8"
+ encoding="sha256">
+
+ <connection name="localhost">
+ <protocol>vnc</protocol>
+ <param name="hostname">localhost</param>
+ <param name="port">5900</param>
+ <param name="password">VNCPASS</param>
+ </connection>
+
+ </authorize>
</user-mapping>
diff --git a/guacamole/src/main/java/org/apache/guacamole/auth/file/Authorization.java b/guacamole/src/main/java/org/apache/guacamole/auth/file/Authorization.java
index 6ebc9dc..0605b80 100644
--- a/guacamole/src/main/java/org/apache/guacamole/auth/file/Authorization.java
+++ b/guacamole/src/main/java/org/apache/guacamole/auth/file/Authorization.java
@@ -46,7 +46,12 @@
/**
* Password hashed with MD5.
*/
- MD5
+ MD5,
+
+ /**
+ * Passwords hashed with SHA256.
+ */
+ SHA_256
}
@@ -205,6 +210,19 @@
throw new UnsupportedOperationException("Unexpected lack of MD5 support.", e);
}
+ case SHA_256:
+
+ try {
+ MessageDigest digest = MessageDigest.getInstance("SHA-256");
+ String hashedPassword = getHexString(digest.digest(password.getBytes("UTF-8")));
+ return hashedPassword.equals(this.password.toUpperCase());
+ }
+ catch (UnsupportedEncodingException e) {
+ throw new UnsupportedOperationException("Unexpected lack of UTF-8 support.", e);
+ }
+ catch (NoSuchAlgorithmException e) {
+ throw new UnsupportedOperationException("Unexpected lack of SHA-256 support.", e);
+ }
}
} // end validation check
diff --git a/guacamole/src/main/java/org/apache/guacamole/auth/file/AuthorizeTagHandler.java b/guacamole/src/main/java/org/apache/guacamole/auth/file/AuthorizeTagHandler.java
index 524b9b1..2f4c972 100644
--- a/guacamole/src/main/java/org/apache/guacamole/auth/file/AuthorizeTagHandler.java
+++ b/guacamole/src/main/java/org/apache/guacamole/auth/file/AuthorizeTagHandler.java
@@ -73,6 +73,10 @@
if (encoding.equals("md5"))
authorization.setEncoding(Authorization.Encoding.MD5);
+ // If "sha256" use SHA-256 hash
+ else if (encoding.equals("sha256"))
+ authorization.setEncoding(Authorization.Encoding.SHA_S56);
+
// If "plain", use plain text
else if (encoding.equals("plain"))
authorization.setEncoding(Authorization.Encoding.PLAIN_TEXT);