guacamole-spice-protocol/src/protocols/ssh/ssh_client.c

469 lines
14 KiB
C
Raw Normal View History

2013-05-18 03:47:05 +00:00
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is libguac-client-ssh.
*
* The Initial Developer of the Original Code is
* Michael Jumper.
* Portions created by the Initial Developer are Copyright (C) 2011
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* James Muehlner <dagger10k@users.sourceforge.net>
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
#include <stdio.h>
2013-05-18 05:53:13 +00:00
#include <string.h>
2013-05-20 08:23:21 +00:00
#include <pthread.h>
2013-05-18 03:47:05 +00:00
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
2013-12-02 00:26:41 +00:00
#include <netdb.h>
#include <errno.h>
#include <unistd.h>
2013-05-18 03:47:05 +00:00
#include <guacamole/client.h>
2013-05-20 08:23:21 +00:00
#include <guacamole/protocol.h>
#include <guacamole/socket.h>
2013-05-18 03:47:05 +00:00
2013-12-01 23:39:29 +00:00
#include <libssh2.h>
2013-05-26 06:05:58 +00:00
2013-05-18 03:47:05 +00:00
#include "client.h"
#include "common.h"
2013-10-19 01:20:46 +00:00
#include "guac_handlers.h"
#include "sftp.h"
2013-12-02 00:56:36 +00:00
#include "ssh_key.h"
#ifdef ENABLE_SSH_AGENT
#include "ssh_agent.h"
#endif
/**
* Reads a single line from STDIN.
2013-05-18 05:53:13 +00:00
*/
static char* prompt(guac_client* client, const char* title, char* str, int size, bool echo) {
ssh_guac_client_data* client_data = (ssh_guac_client_data*) client->data;
int pos;
char in_byte;
/* Get STDIN and STDOUT */
2013-05-22 05:02:11 +00:00
int stdin_fd = client_data->term->stdin_pipe_fd[0];
int stdout_fd = client_data->term->stdout_pipe_fd[1];
2013-05-18 03:47:05 +00:00
2013-05-18 05:53:13 +00:00
/* Print title */
guac_terminal_write_all(stdout_fd, title, strlen(title));
/* Make room for null terminator */
size--;
/* Read bytes until newline */
pos = 0;
while (pos < size && read(stdin_fd, &in_byte, 1) == 1) {
/* Backspace */
if (in_byte == 0x7F) {
2013-05-18 03:47:05 +00:00
if (pos > 0) {
guac_terminal_write_all(stdout_fd, "\b \b", 3);
pos--;
}
}
/* CR (end of input */
else if (in_byte == 0x0D) {
guac_terminal_write_all(stdout_fd, "\r\n", 2);
break;
}
else {
/* Store character, update buffers */
str[pos++] = in_byte;
/* Print character if echoing */
if (echo)
guac_terminal_write_all(stdout_fd, &in_byte, 1);
else
guac_terminal_write_all(stdout_fd, "*", 1);
}
2013-05-18 05:53:13 +00:00
}
str[pos] = 0;
2013-05-18 05:53:13 +00:00
return str;
}
2013-05-20 08:23:21 +00:00
void* ssh_input_thread(void* data) {
guac_client* client = (guac_client*) data;
ssh_guac_client_data* client_data = (ssh_guac_client_data*) client->data;
char buffer[8192];
int bytes_read;
2013-05-22 05:02:11 +00:00
int stdin_fd = client_data->term->stdin_pipe_fd[0];
2013-05-20 08:23:21 +00:00
/* Write all data read */
while ((bytes_read = read(stdin_fd, buffer, sizeof(buffer))) > 0)
libssh2_channel_write(client_data->term_channel, buffer, bytes_read);
2013-05-20 08:23:21 +00:00
return NULL;
}
2013-12-02 00:31:11 +00:00
static int __sign_callback(LIBSSH2_SESSION* session,
unsigned char** sig, size_t* sig_len,
const unsigned char* data, size_t data_len, void **abstract) {
ssh_key* key = (ssh_key*) abstract;
/* Allocate space for signature */
*sig = malloc(4096);
/* Sign with key */
*sig_len = ssh_key_sign(key, (const char*) data, data_len, *sig);
if (*sig_len < 0)
return 1;
return 0;
}
static LIBSSH2_SESSION* __guac_ssh_create_session(guac_client* client) {
2013-12-02 00:26:41 +00:00
int retval;
int fd;
2013-12-02 00:26:41 +00:00
struct addrinfo* addresses;
struct addrinfo* current_address;
char connected_address[1024];
char connected_port[64];
ssh_guac_client_data* client_data = (ssh_guac_client_data*) client->data;
2013-12-02 00:26:41 +00:00
struct addrinfo hints = {
.ai_family = AF_UNSPEC,
.ai_socktype = SOCK_STREAM,
.ai_protocol = IPPROTO_TCP
};
/* Get socket */
fd = socket(AF_INET, SOCK_STREAM, 0);
2013-12-02 00:26:41 +00:00
/* Get addresses connection */
if ((retval = getaddrinfo(client_data->hostname, client_data->port,
&hints, &addresses))) {
guac_client_log_error(client,
"Error parsing given address or port: %s",
gai_strerror(retval));
return NULL;
}
/* Attempt connection to each address until success */
current_address = addresses;
while (current_address != NULL) {
int retval;
/* Resolve hostname */
if ((retval = getnameinfo(current_address->ai_addr,
current_address->ai_addrlen,
connected_address, sizeof(connected_address),
connected_port, sizeof(connected_port),
NI_NUMERICHOST | NI_NUMERICSERV)))
guac_client_log_error(client, "Unable to resolve host: %s",
gai_strerror(retval));
/* Connect */
if (connect(fd, current_address->ai_addr,
current_address->ai_addrlen) == 0) {
guac_client_log_info(client, "Successfully connected to "
"host %s, port %s", connected_address, connected_port);
/* Done if successful connect */
break;
}
/* Otherwise log information regarding bind failure */
else
guac_client_log_info(client, "Unable to connect to "
"host %s, port %s: %s",
connected_address, connected_port, strerror(errno));
current_address = current_address->ai_next;
}
2013-12-02 00:26:41 +00:00
/* If unable to connect to anything, fail */
if (current_address == NULL) {
guac_client_log_error(client, "Unable to connect to any addresses.");
return NULL;
}
2013-12-02 17:23:31 +00:00
/* Free addrinfo */
freeaddrinfo(addresses);
/* Open SSH session */
2013-12-02 01:05:55 +00:00
LIBSSH2_SESSION* session = libssh2_session_init_ex(NULL, NULL,
NULL, client);
if (session == NULL) {
guac_client_log_error(client, "Session allocation failed");
return NULL;
}
/* Perform handshake */
if (libssh2_session_handshake(session, fd)) {
guac_client_log_error(client, "SSH handshake failed");
return NULL;
}
2013-10-31 06:19:11 +00:00
/* Authenticate with key if available */
if (client_data->key != NULL) {
2013-12-02 00:31:11 +00:00
if (!libssh2_userauth_publickey(session, client_data->username,
(unsigned char*) client_data->key->public_key,
client_data->key->public_key_length,
__sign_callback, (void**) client_data->key))
2013-10-31 06:19:11 +00:00
return session;
else {
2013-12-02 00:31:11 +00:00
char* error_message;
libssh2_session_last_error(session, &error_message, NULL, 0);
2013-10-31 06:19:11 +00:00
guac_client_log_error(client,
2013-12-02 00:31:11 +00:00
"Public key authentication failed: %s", error_message);
2013-10-31 06:19:11 +00:00
return NULL;
}
}
/* Authenticate with password */
if (!libssh2_userauth_password(session, client_data->username,
client_data->password))
2013-10-31 06:19:11 +00:00
return session;
2013-10-31 06:19:11 +00:00
else {
char* error_message;
libssh2_session_last_error(session, &error_message, NULL, 0);
2013-10-31 06:19:11 +00:00
guac_client_log_error(client,
"Password authentication failed: %s", error_message);
return NULL;
}
}
2013-05-18 05:53:13 +00:00
void* ssh_client_thread(void* data) {
guac_client* client = (guac_client*) data;
2013-05-20 08:23:21 +00:00
ssh_guac_client_data* client_data = (ssh_guac_client_data*) client->data;
char name[1024];
2013-05-20 08:23:21 +00:00
guac_socket* socket = client->socket;
char buffer[8192];
int bytes_read = -1234;
2013-05-20 08:23:21 +00:00
2013-05-22 05:02:11 +00:00
int stdout_fd = client_data->term->stdout_pipe_fd[1];
2013-05-20 08:23:21 +00:00
pthread_t input_thread;
2013-05-18 05:53:13 +00:00
2013-12-02 00:56:36 +00:00
libssh2_init(0);
2013-05-18 05:53:13 +00:00
/* Get username */
2013-05-20 08:23:21 +00:00
if (client_data->username[0] == 0 &&
prompt(client, "Login as: ", client_data->username, sizeof(client_data->username), true) == NULL)
2013-05-18 05:53:13 +00:00
return NULL;
/* Send new name */
snprintf(name, sizeof(name)-1, "%s@%s", client_data->username, client_data->hostname);
guac_protocol_send_name(socket, name);
2013-10-31 06:19:11 +00:00
/* If key specified, import */
if (client_data->key_base64[0] != 0) {
/* Attempt to read key without passphrase */
2013-12-02 00:56:36 +00:00
client_data->key = ssh_key_alloc(client_data->key_base64,
strlen(client_data->key_base64), "");
2013-10-31 06:19:11 +00:00
/* On failure, attempt with passphrase */
2013-12-02 00:56:36 +00:00
if (client_data->key == NULL) {
2013-10-31 06:19:11 +00:00
/* Prompt for passphrase if missing */
if (client_data->key_passphrase[0] == 0) {
if (prompt(client, "Key passphrase: ",
client_data->key_passphrase,
sizeof(client_data->key_passphrase), false) == NULL)
return NULL;
}
/* Import key with passphrase */
2013-12-02 00:56:36 +00:00
client_data->key = ssh_key_alloc(client_data->key_base64,
strlen(client_data->key_base64),
client_data->key_passphrase);
/* If still failing, give up */
if (client_data->key == NULL) {
2013-10-31 06:19:11 +00:00
guac_client_log_error(client, "Auth key import failed.");
return NULL;
}
} /* end decrypt key with passphrase */
2013-05-20 08:23:21 +00:00
2013-12-02 00:56:36 +00:00
/* Success */
guac_client_log_info(client, "Auth key successfully imported.");
2013-10-31 06:19:11 +00:00
} /* end if key given */
/* Otherwise, get password if not provided */
else if (client_data->password[0] == 0) {
if (prompt(client, "Password: ", client_data->password,
sizeof(client_data->password), false) == NULL)
return NULL;
}
2013-05-22 18:54:28 +00:00
/* Clear screen */
guac_terminal_write_all(stdout_fd, "\x1B[H\x1B[J", 6);
2013-05-20 08:23:21 +00:00
/* Open SSH session */
client_data->session = __guac_ssh_create_session(client);
2013-05-20 08:23:21 +00:00
if (client_data->session == NULL) {
guac_protocol_send_error(socket, "Unable to create SSH session.",
GUAC_PROTOCOL_STATUS_INTERNAL_ERROR);
2013-05-20 08:23:21 +00:00
guac_socket_flush(socket);
return NULL;
}
/* Open channel for terminal */
client_data->term_channel =
libssh2_channel_open_session(client_data->session);
2013-05-20 08:23:21 +00:00
if (client_data->term_channel == NULL) {
guac_protocol_send_error(socket, "Unable to open channel.",
GUAC_PROTOCOL_STATUS_INTERNAL_ERROR);
2013-05-20 08:23:21 +00:00
guac_socket_flush(socket);
2013-05-18 05:53:13 +00:00
return NULL;
2013-05-20 08:23:21 +00:00
}
2013-05-18 05:53:13 +00:00
#ifdef ENABLE_SSH_AGENT
2013-12-02 10:07:17 +00:00
/* Start SSH agent forwarding, if enabled */
if (client_data->enable_agent) {
libssh2_session_callback_set(client_data->session,
LIBSSH2_CALLBACK_AUTH_AGENT, (void*) ssh_auth_agent_callback);
/* Request agent forwarding */
if (libssh2_channel_request_auth_agent(client_data->term_channel))
guac_client_log_error(client, "Agent forwarding request failed");
else
guac_client_log_info(client, "Agent forwarding enabled.");
}
#endif
/* Start SFTP session as well, if enabled */
if (client_data->enable_sftp) {
/* Create SSH session specific for SFTP */
client_data->sftp_ssh_session = __guac_ssh_create_session(client);
/* Request SFTP */
client_data->sftp_session =
libssh2_sftp_init(client_data->sftp_ssh_session);
if (client_data->sftp_session == NULL) {
guac_protocol_send_error(socket, "Unable to start SFTP session..",
GUAC_PROTOCOL_STATUS_INTERNAL_ERROR);
guac_socket_flush(socket);
return NULL;
}
2013-10-19 01:20:46 +00:00
/* Set file handlers */
client->ack_handler = guac_sftp_ack_handler;
client->file_handler = guac_sftp_file_handler;
client->blob_handler = guac_sftp_blob_handler;
client->end_handler = guac_sftp_end_handler;
2013-10-19 01:20:46 +00:00
guac_client_log_info(client, "SFTP session initialized");
}
2013-05-20 08:23:21 +00:00
/* Request PTY */
if (libssh2_channel_request_pty_ex(client_data->term_channel,
"linux", sizeof("linux")-1, NULL, 0,
client_data->term->term_width, client_data->term->term_height,
0, 0)) {
guac_protocol_send_error(socket, "Unable to allocate PTY for channel.",
GUAC_PROTOCOL_STATUS_INTERNAL_ERROR);
2013-05-20 08:23:21 +00:00
guac_socket_flush(socket);
return NULL;
}
/* Request shell */
if (libssh2_channel_shell(client_data->term_channel)) {
guac_protocol_send_error(socket, "Unable to associate shell with PTY.",
GUAC_PROTOCOL_STATUS_INTERNAL_ERROR);
2013-05-20 08:23:21 +00:00
guac_socket_flush(socket);
return NULL;
}
/* Logged in */
guac_client_log_info(client, "SSH connection successful.");
/* Start input thread */
if (pthread_create(&(input_thread), NULL, ssh_input_thread, (void*) client)) {
guac_client_log_error(client, "Unable to start SSH input thread");
return NULL;
}
/* While data available, write to terminal */
while (!libssh2_channel_eof(client_data->term_channel)) {
/* Repeat read if necessary */
if ((bytes_read = libssh2_channel_read(client_data->term_channel, buffer, sizeof(buffer))) == LIBSSH2_ERROR_EAGAIN)
continue;
2013-05-20 08:23:21 +00:00
2013-05-26 06:05:58 +00:00
/* Attempt to write data received. Exit on failure. */
if (bytes_read > 0) {
int written = guac_terminal_write_all(stdout_fd, buffer, bytes_read);
if (written < 0)
break;
}
2013-05-20 08:23:21 +00:00
}
2013-05-18 05:53:13 +00:00
/* Wait for input thread to die */
pthread_join(input_thread, NULL);
2013-05-20 08:23:21 +00:00
guac_client_log_info(client, "SSH connection ended.");
2013-05-18 03:47:05 +00:00
return NULL;
}