Prompt for passphrase if needed.

This commit is contained in:
Michael Jumper 2013-10-30 23:19:11 -07:00
parent 678ec69ebe
commit 1af28eb820
3 changed files with 75 additions and 28 deletions

View File

@ -150,26 +150,10 @@ int guac_client_init(guac_client* client, int argc, char** argv) {
strcpy(client_data->password, argv[IDX_PASSWORD]);
#ifdef ENABLE_SSH_PUBLIC_KEY
/* Init public key auth information */
client_data->key = NULL;
/* Read private key, if given */
if (argv[IDX_PRIVATE_KEY][0] != 0) {
/* Pull parameters */
const char* private_key = argv[IDX_PRIVATE_KEY];
const char* passphrase = argv[IDX_PASSPHRASE];
if (passphrase[0] == 0)
passphrase = NULL;
/* Read key */
if (ssh_pki_import_privkey_base64(private_key, passphrase,
NULL, NULL, &client_data->key) == SSH_OK)
guac_client_log_info(client, "Auth key successfully imported.");
else
guac_client_log_error(client, "Auth key import failed.");
}
strcpy(client_data->key_base64, argv[IDX_PRIVATE_KEY]);
strcpy(client_data->key_passphrase, argv[IDX_PASSPHRASE]);
#endif
/* Read font name */

View File

@ -73,6 +73,16 @@ typedef struct ssh_guac_client_data {
char password[1024];
#ifdef ENABLE_SSH_PUBLIC_KEY
/**
* The private key, encoded as base64.
*/
char key_base64[4096];
/**
* The password to use to decrypt the given private key.
*/
char key_passphrase[1024];
/**
* The private key to use for authentication, if any.
*/

View File

@ -153,16 +153,32 @@ static ssh_session __guac_ssh_create_session(guac_client* client) {
return NULL;
}
/* Authenticate */
#ifdef ENABLE_SSH_PUBLIC_KEY
/* Authenticate with key if available */
if (client_data->key != NULL) {
if (ssh_userauth_publickey(session, NULL, client_data->key)
== SSH_AUTH_SUCCESS)
return session;
else {
guac_client_log_error(client,
"Public key authentication failed: %s",
ssh_get_error(session));
return NULL;
}
}
#endif
/* Authenticate with password */
if (ssh_userauth_password(session, NULL, client_data->password)
!= SSH_AUTH_SUCCESS) {
guac_client_log_error(client, "Authentication failed: %s",
== SSH_AUTH_SUCCESS)
return session;
else {
guac_client_log_error(client,
"Password authentication failed: %s",
ssh_get_error(session));
return NULL;
}
return session;
}
void* ssh_client_thread(void* data) {
@ -189,11 +205,48 @@ void* ssh_client_thread(void* data) {
snprintf(name, sizeof(name)-1, "%s@%s", client_data->username, client_data->hostname);
guac_protocol_send_name(socket, name);
/* Get password */
if (client_data->password[0] == 0 &&
prompt(client, "Password: ", client_data->password, sizeof(client_data->password), false) == NULL)
return NULL;
#ifdef ENABLE_SSH_PUBLIC_KEY
/* If key specified, import */
if (client_data->key_base64[0] != 0) {
/* Attempt to read key without passphrase */
if (ssh_pki_import_privkey_base64(client_data->key_base64, NULL,
NULL, NULL, &client_data->key) == SSH_OK)
guac_client_log_info(client, "Auth key successfully imported.");
/* On failure, attempt with passphrase */
else {
/* Prompt for passphrase if missing */
if (client_data->key_passphrase[0] == 0) {
if (prompt(client, "Key passphrase: ",
client_data->key_passphrase,
sizeof(client_data->key_passphrase), false) == NULL)
return NULL;
}
/* Import key with passphrase */
if (ssh_pki_import_privkey_base64(client_data->key_base64,
client_data->key_passphrase,
NULL, NULL, &client_data->key) != SSH_OK) {
guac_client_log_error(client, "Auth key import failed.");
return NULL;
}
} /* end decrypt key with passphrase */
} /* end if key given */
/* Otherwise, get password if not provided */
else if (client_data->password[0] == 0) {
#else
/* Get password if not provided */
if (client_data->password[0] == 0) {
#endif
if (prompt(client, "Password: ", client_data->password,
sizeof(client_data->password), false) == NULL)
return NULL;
}
/* Clear screen */
guac_terminal_write_all(stdout_fd, "\x1B[H\x1B[J", 6);