Merge pull request #13 from glyptodon/fix-key-import

GUAC-974: Add logging and error reporting to avoid key confusion.
This commit is contained in:
James Muehlner 2015-01-04 19:59:43 -08:00
commit 33bfbe53af
3 changed files with 33 additions and 1 deletions

View File

@ -36,6 +36,7 @@
#include <guacamole/client.h> #include <guacamole/client.h>
#include <guacamole/protocol.h> #include <guacamole/protocol.h>
#include <guacamole/socket.h> #include <guacamole/socket.h>
#include <openssl/err.h>
#include <openssl/ssl.h> #include <openssl/ssl.h>
#ifdef LIBSSH2_USES_GCRYPT #ifdef LIBSSH2_USES_GCRYPT
@ -351,7 +352,9 @@ void* ssh_client_thread(void* data) {
CRYPTO_set_id_callback(__openssl_id_callback); CRYPTO_set_id_callback(__openssl_id_callback);
CRYPTO_set_locking_callback(__openssl_locking_callback); CRYPTO_set_locking_callback(__openssl_locking_callback);
/* Init OpenSSL */
SSL_library_init(); SSL_library_init();
ERR_load_crypto_strings();
libssh2_init(0); libssh2_init(0);
/* Get username */ /* Get username */
@ -366,6 +369,9 @@ void* ssh_client_thread(void* data) {
/* If key specified, import */ /* If key specified, import */
if (client_data->key_base64[0] != 0) { if (client_data->key_base64[0] != 0) {
guac_client_log(client, GUAC_LOG_DEBUG,
"Attempting private key import (WITHOUT passphrase)");
/* Attempt to read key without passphrase */ /* Attempt to read key without passphrase */
client_data->key = ssh_key_alloc(client_data->key_base64, client_data->key = ssh_key_alloc(client_data->key_base64,
strlen(client_data->key_base64), ""); strlen(client_data->key_base64), "");
@ -373,6 +379,13 @@ void* ssh_client_thread(void* data) {
/* On failure, attempt with passphrase */ /* On failure, attempt with passphrase */
if (client_data->key == NULL) { if (client_data->key == NULL) {
/* Log failure of initial attempt */
guac_client_log(client, GUAC_LOG_DEBUG,
"Initial import failed: %s", ssh_key_error());
guac_client_log(client, GUAC_LOG_DEBUG,
"Re-attempting private key import (WITH passphrase)");
/* Prompt for passphrase if missing */ /* Prompt for passphrase if missing */
if (client_data->key_passphrase[0] == 0) if (client_data->key_passphrase[0] == 0)
guac_terminal_prompt(client_data->term, "Key passphrase: ", guac_terminal_prompt(client_data->term, "Key passphrase: ",
@ -385,7 +398,9 @@ void* ssh_client_thread(void* data) {
/* If still failing, give up */ /* If still failing, give up */
if (client_data->key == NULL) { if (client_data->key == NULL) {
guac_client_log(client, GUAC_LOG_ERROR, "Auth key import failed."); guac_client_abort(client,
GUAC_PROTOCOL_STATUS_CLIENT_UNAUTHORIZED,
"Auth key import failed: %s", ssh_key_error());
return NULL; return NULL;
} }

View File

@ -28,6 +28,7 @@
#include <openssl/bio.h> #include <openssl/bio.h>
#include <openssl/bn.h> #include <openssl/bn.h>
#include <openssl/dsa.h> #include <openssl/dsa.h>
#include <openssl/err.h>
#include <openssl/evp.h> #include <openssl/evp.h>
#include <openssl/obj_mac.h> #include <openssl/obj_mac.h>
#include <openssl/pem.h> #include <openssl/pem.h>
@ -133,6 +134,13 @@ ssh_key* ssh_key_alloc(char* data, int length, char* passphrase) {
} }
const char* ssh_key_error() {
/* Return static error string */
return ERR_reason_error_string(ERR_get_error());
}
void ssh_key_free(ssh_key* key) { void ssh_key_free(ssh_key* key) {
/* Free key-specific data */ /* Free key-specific data */

View File

@ -113,6 +113,15 @@ typedef struct ssh_key {
*/ */
ssh_key* ssh_key_alloc(char* data, int length, char* passphrase); ssh_key* ssh_key_alloc(char* data, int length, char* passphrase);
/**
* Returns a statically-allocated string describing the most recent SSH key
* error.
*
* @return
* A statically-allocated string describing the most recent SSH key error.
*/
const char* ssh_key_error();
/** /**
* Frees all memory associated with the given key. * Frees all memory associated with the given key.
*/ */