From c4e620cc427106bdfa75fa2a36fbcd4c414932c1 Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Mon, 20 Jul 2020 10:50:35 +0200
Subject: Fix getUsername/getIdentifier in TunnelListener, make it thread safe

---
 .../de/bwlehrpool/bwlp_guac/AvailableClient.java   |  8 ++-
 .../bwlp_guac/BwlpAuthenticationProvider.java      |  8 +--
 .../de/bwlehrpool/bwlp_guac/BwlpUserContext.java   | 14 +---
 .../de/bwlehrpool/bwlp_guac/TunnelListener.java    | 79 ++++++++++++----------
 .../de/bwlehrpool/bwlp_guac/VncConnection.java     | 42 +-----------
 5 files changed, 55 insertions(+), 96 deletions(-)

diff --git a/src/main/java/de/bwlehrpool/bwlp_guac/AvailableClient.java b/src/main/java/de/bwlehrpool/bwlp_guac/AvailableClient.java
index aba868f..5371547 100644
--- a/src/main/java/de/bwlehrpool/bwlp_guac/AvailableClient.java
+++ b/src/main/java/de/bwlehrpool/bwlp_guac/AvailableClient.java
@@ -64,7 +64,9 @@ public class AvailableClient implements Cloneable {
 			LOGGER.info("Free client blocked by a disconnected user detected.");
 			LOGGER.info("Client " + this + " is available again");
 			this.inUseBy = null;
-			if (this.connection != null) this.connection.invalidate();
+			if (this.connection != null) {
+				this.connection.invalidate();
+			}
 		}
 
 		if (this.password == null || !this.password.equals(source.password)) {
@@ -211,13 +213,13 @@ public class AvailableClient implements Cloneable {
 		}
 		if (username == null) {
 			username = "";
+		} else {
+			LOGGER.info("Logging in user " + username + " on client " + this);
 		}
 		if (password == null) {
 			password = "";
 		}
 		try {
-			LOGGER.info("Logging in user " + username + " on client " + this);
-
 			Socket socket = new Socket(); // TODO Port?
 			socket.connect(new InetSocketAddress(this.clientip, 7551), 1100);
 			socket.setSoTimeout(1000);
diff --git a/src/main/java/de/bwlehrpool/bwlp_guac/BwlpAuthenticationProvider.java b/src/main/java/de/bwlehrpool/bwlp_guac/BwlpAuthenticationProvider.java
index 81434f4..524ce8d 100644
--- a/src/main/java/de/bwlehrpool/bwlp_guac/BwlpAuthenticationProvider.java
+++ b/src/main/java/de/bwlehrpool/bwlp_guac/BwlpAuthenticationProvider.java
@@ -58,13 +58,7 @@ public class BwlpAuthenticationProvider implements AuthenticationProvider {
 	public UserContext redecorate(UserContext decorated, UserContext context, AuthenticatedUser authenticatedUser,
 			Credentials credentials) throws GuacamoleException {
 
-		Credentials creds = authenticatedUser.getCredentials();
-		if (creds == null)
-			return context;
-		String username = creds.getUsername();
-		if (username == null) {
-			username = authenticatedUser.getIdentifier();
-		}
+		String username = Util.getUsername(authenticatedUser);
 		if (username == null) {
 			LOGGER.warn("redecorate: Ignoring user without name");
 			return context;
diff --git a/src/main/java/de/bwlehrpool/bwlp_guac/BwlpUserContext.java b/src/main/java/de/bwlehrpool/bwlp_guac/BwlpUserContext.java
index 93fda8d..a0531d0 100644
--- a/src/main/java/de/bwlehrpool/bwlp_guac/BwlpUserContext.java
+++ b/src/main/java/de/bwlehrpool/bwlp_guac/BwlpUserContext.java
@@ -45,12 +45,7 @@ public class BwlpUserContext extends AbstractUserContext {
 			throws GuacamoleCredentialsException {
 		authUser = authenticatedUser;
 		originalContext = context;
-		Credentials cred = authenticatedUser.getCredentials();
-		if (cred != null && cred.getUsername() != null) {
-			username = cred.getUsername();
-		} else {
-			username = authenticatedUser.getIdentifier();
-		}
+		username = Util.getUsername(authenticatedUser);
 		this.groupid = groupid;
 		this.resolution = resolution;
 		// OK
@@ -60,12 +55,7 @@ public class BwlpUserContext extends AbstractUserContext {
 	public BwlpUserContext(AuthenticatedUser authenticatedUser, UserContext context, WrappedConnection exConn) {
 		authUser = authenticatedUser;
 		originalContext = context;
-		Credentials cred = authenticatedUser.getCredentials();
-		if (cred != null && cred.getUsername() != null) {
-			username = cred.getUsername();
-		} else {
-			username = authenticatedUser.getIdentifier();
-		}
+		username = Util.getUsername(authenticatedUser);
 		this.groupid = -1;
 		this.resolution = "";
 		connectionDirectory = new SimpleDirectory<Connection>(exConn);
diff --git a/src/main/java/de/bwlehrpool/bwlp_guac/TunnelListener.java b/src/main/java/de/bwlehrpool/bwlp_guac/TunnelListener.java
index 265bfc7..ed3aaa3 100644
--- a/src/main/java/de/bwlehrpool/bwlp_guac/TunnelListener.java
+++ b/src/main/java/de/bwlehrpool/bwlp_guac/TunnelListener.java
@@ -14,39 +14,48 @@ import java.util.HashMap;
  */
 public class TunnelListener implements Listener {
 
-    private static final Logger LOGGER = LoggerFactory.getLogger(TunnelListener.class);
-
-    private static final HashMap<String, Integer> userTunnelCount = new HashMap<String, Integer>();
-
-    public static boolean hasTunnel(String username) {
-        return userTunnelCount.get(username) != null;
-    }
-
-    @Override
-    public void handleEvent(Object event) throws GuacamoleException {
-        if (event instanceof TunnelConnectEvent) {
-            String username = ((TunnelConnectEvent)event).getCredentials().getUsername();
-            LOGGER.info("User " + username + " connected to a tunnel.");
-
-            Integer count = userTunnelCount.get(username);
-            if (count == null) count = 1;
-            else count++;
-            userTunnelCount.put(username, count);
-
-            LOGGER.info("Tunnel count: " + count);
-        }
-        else if (event instanceof TunnelCloseEvent) {
-            String username = ((TunnelCloseEvent)event).getCredentials().getUsername();
-            LOGGER.info("User " + username + " closed a tunnel.");
-
-            Integer count = userTunnelCount.get(username);
-            if (count != null) {
-                if (count > 1) userTunnelCount.put(username, count - 1);
-                else userTunnelCount.remove(username);
-                LOGGER.info("Tunnel count: " + (count - 1));
-            }
-        }
-
-    }
-
+	private static final Logger LOGGER = LoggerFactory.getLogger(TunnelListener.class);
+
+	private static final HashMap<String, Integer> userTunnelCount = new HashMap<String, Integer>();
+
+	public static boolean hasTunnel(String username) {
+		synchronized (userTunnelCount) {
+			return userTunnelCount.get(username) != null;
+		}
+	}
+
+	@Override
+	public void handleEvent(Object event) throws GuacamoleException {
+		Integer count;
+		if (event instanceof TunnelConnectEvent) {
+			String username = Util.getUsername((TunnelConnectEvent)event);
+			synchronized (userTunnelCount) {
+				count = userTunnelCount.get(username);
+				if (count == null) {
+					count = 1;
+				} else {
+					count++;
+				}
+				userTunnelCount.put(username, count);
+			}
+			LOGGER.info("User " + username + " connected to a tunnel, count: " + count);
+		} else if (event instanceof TunnelCloseEvent) {
+			String username = Util.getUsername((TunnelCloseEvent)event);
+			synchronized (userTunnelCount) {
+				count = userTunnelCount.get(username);
+				if (count != null) {
+					if (count > 1) {
+						userTunnelCount.put(username, count - 1);
+					} else {
+						userTunnelCount.remove(username);
+					}
+				} else {
+					count = 0;
+				}
+			}
+			LOGGER.info("User " + username + " closed a tunnel, count: " + count);
+		}
+
+	}
+	
 }
diff --git a/src/main/java/de/bwlehrpool/bwlp_guac/VncConnection.java b/src/main/java/de/bwlehrpool/bwlp_guac/VncConnection.java
index 0afafd0..d1ac1ad 100644
--- a/src/main/java/de/bwlehrpool/bwlp_guac/VncConnection.java
+++ b/src/main/java/de/bwlehrpool/bwlp_guac/VncConnection.java
@@ -7,16 +7,8 @@ import java.io.IOException;
 import java.net.InetSocketAddress;
 import java.net.Socket;
 import java.nio.charset.StandardCharsets;
-import java.security.InvalidKeyException;
-import java.security.NoSuchAlgorithmException;
 import java.util.Arrays;
 
-import javax.crypto.BadPaddingException;
-import javax.crypto.Cipher;
-import javax.crypto.IllegalBlockSizeException;
-import javax.crypto.NoSuchPaddingException;
-import javax.crypto.spec.SecretKeySpec;
-
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -82,16 +74,7 @@ public class VncConnection implements Closeable {
 		byte[] pw_bytes = passwd.getBytes();
 		pw_bytes = Arrays.copyOf(pw_bytes, 8);
 		// Encrypt
-		Cipher des;
-		try {
-			des = Cipher.getInstance("DES/ECB/NoPadding");
-			des.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(reverseBits(pw_bytes), 0, pw_bytes.length, "DES"));
-			out.write(des.doFinal(challenge));
-		} catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchPaddingException | IllegalBlockSizeException
-				| BadPaddingException e) {
-			// TODO Auto-generated catch block
-			e.printStackTrace();
-		}
+		out.write(WeakCrypto.vncEncrypt(pw_bytes, challenge));
 		// check reply
 		int securityReply = in.readInt();
 		if (securityReply != 0) {
@@ -108,7 +91,8 @@ public class VncConnection implements Closeable {
 			in.readFully(msg);
 			LOGGER.info(new String(msg, StandardCharsets.ISO_8859_1));
 		} catch (IOException e) {
-			// Nothing, we're already kinda handling an error, so if we can't fetch the message, ignore
+			// Nothing, we're already kinda handling an error, so if we can't fetch the
+			// message, ignore
 		}
 	}
 
@@ -128,24 +112,4 @@ public class VncConnection implements Closeable {
 		}
 	}
 
-	/*
-	 * 
-	 */
-
-	private byte[] reverseBits(byte[] b) {
-		byte[] result = new byte[b.length];
-		for (int i = 0; i < b.length; i++) {
-			result[i] = reverseBits(b[i]);
-		}
-		return result;
-	}
-
-	private byte reverseBits(byte input) {
-		byte result = 0x00;
-		for (int i = 0; i < 8; i++) {
-			result |= ((byte) ((input & (0x01 << i)) >>> i) << 7 - i);
-		}
-		return result;
-	}
-	
 }
-- 
cgit v1.2.3-55-g7522