You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
GUACAMOLE-2281: Add auth-challenge and auth-response instructions to libguac.
Adds two new protocol instructions for authentication exchanges:
- auth-challenge: opens a stream carrying the body of a challenge for
a pending authentication exchange. The wire form is
"auth-challenge,<stream_idx>,<mimetype>,<challenge_id>". The mimetype
identifies the auth flavor; the challenge_id is an opaque identifier
the peer references in its matching auth-response.
- auth-response: opens a stream carrying the response body for a
previously-issued auth-challenge identified by the same
challenge_id. Same wire shape as auth-challenge.
Each instruction's body rides as blobs on the announced stream,
terminated by end. No paired pipe, no single-slot per-user buffering;
per-stream blob and end handlers do the work.
Also adds a destructor callback to guac_stream, called from
guac_user_free_stream / guac_client_free_stream and from
guac_user_free / guac_client_free for streams still open at disconnect,
so consumers can attach per-stream state that needs cleanup if the peer
drops mid-stream.
The first consumer is WebAuthn passthrough (companion PR on
guacamole-client) using application/x-webauthn-create+json and
application/x-webauthn-get+json mimetypes.
0 commit comments