Merge pull request #13 from glyptodon/fix-key-import
GUAC-974: Add logging and error reporting to avoid key confusion.
This commit is contained in:
commit
33bfbe53af
@ -36,6 +36,7 @@
|
|||||||
#include <guacamole/client.h>
|
#include <guacamole/client.h>
|
||||||
#include <guacamole/protocol.h>
|
#include <guacamole/protocol.h>
|
||||||
#include <guacamole/socket.h>
|
#include <guacamole/socket.h>
|
||||||
|
#include <openssl/err.h>
|
||||||
#include <openssl/ssl.h>
|
#include <openssl/ssl.h>
|
||||||
|
|
||||||
#ifdef LIBSSH2_USES_GCRYPT
|
#ifdef LIBSSH2_USES_GCRYPT
|
||||||
@ -351,7 +352,9 @@ void* ssh_client_thread(void* data) {
|
|||||||
CRYPTO_set_id_callback(__openssl_id_callback);
|
CRYPTO_set_id_callback(__openssl_id_callback);
|
||||||
CRYPTO_set_locking_callback(__openssl_locking_callback);
|
CRYPTO_set_locking_callback(__openssl_locking_callback);
|
||||||
|
|
||||||
|
/* Init OpenSSL */
|
||||||
SSL_library_init();
|
SSL_library_init();
|
||||||
|
ERR_load_crypto_strings();
|
||||||
libssh2_init(0);
|
libssh2_init(0);
|
||||||
|
|
||||||
/* Get username */
|
/* Get username */
|
||||||
@ -366,6 +369,9 @@ void* ssh_client_thread(void* data) {
|
|||||||
/* If key specified, import */
|
/* If key specified, import */
|
||||||
if (client_data->key_base64[0] != 0) {
|
if (client_data->key_base64[0] != 0) {
|
||||||
|
|
||||||
|
guac_client_log(client, GUAC_LOG_DEBUG,
|
||||||
|
"Attempting private key import (WITHOUT passphrase)");
|
||||||
|
|
||||||
/* Attempt to read key without passphrase */
|
/* Attempt to read key without passphrase */
|
||||||
client_data->key = ssh_key_alloc(client_data->key_base64,
|
client_data->key = ssh_key_alloc(client_data->key_base64,
|
||||||
strlen(client_data->key_base64), "");
|
strlen(client_data->key_base64), "");
|
||||||
@ -373,6 +379,13 @@ void* ssh_client_thread(void* data) {
|
|||||||
/* On failure, attempt with passphrase */
|
/* On failure, attempt with passphrase */
|
||||||
if (client_data->key == NULL) {
|
if (client_data->key == NULL) {
|
||||||
|
|
||||||
|
/* Log failure of initial attempt */
|
||||||
|
guac_client_log(client, GUAC_LOG_DEBUG,
|
||||||
|
"Initial import failed: %s", ssh_key_error());
|
||||||
|
|
||||||
|
guac_client_log(client, GUAC_LOG_DEBUG,
|
||||||
|
"Re-attempting private key import (WITH passphrase)");
|
||||||
|
|
||||||
/* Prompt for passphrase if missing */
|
/* Prompt for passphrase if missing */
|
||||||
if (client_data->key_passphrase[0] == 0)
|
if (client_data->key_passphrase[0] == 0)
|
||||||
guac_terminal_prompt(client_data->term, "Key passphrase: ",
|
guac_terminal_prompt(client_data->term, "Key passphrase: ",
|
||||||
@ -385,7 +398,9 @@ void* ssh_client_thread(void* data) {
|
|||||||
|
|
||||||
/* If still failing, give up */
|
/* If still failing, give up */
|
||||||
if (client_data->key == NULL) {
|
if (client_data->key == NULL) {
|
||||||
guac_client_log(client, GUAC_LOG_ERROR, "Auth key import failed.");
|
guac_client_abort(client,
|
||||||
|
GUAC_PROTOCOL_STATUS_CLIENT_UNAUTHORIZED,
|
||||||
|
"Auth key import failed: %s", ssh_key_error());
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -28,6 +28,7 @@
|
|||||||
#include <openssl/bio.h>
|
#include <openssl/bio.h>
|
||||||
#include <openssl/bn.h>
|
#include <openssl/bn.h>
|
||||||
#include <openssl/dsa.h>
|
#include <openssl/dsa.h>
|
||||||
|
#include <openssl/err.h>
|
||||||
#include <openssl/evp.h>
|
#include <openssl/evp.h>
|
||||||
#include <openssl/obj_mac.h>
|
#include <openssl/obj_mac.h>
|
||||||
#include <openssl/pem.h>
|
#include <openssl/pem.h>
|
||||||
@ -133,6 +134,13 @@ ssh_key* ssh_key_alloc(char* data, int length, char* passphrase) {
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
const char* ssh_key_error() {
|
||||||
|
|
||||||
|
/* Return static error string */
|
||||||
|
return ERR_reason_error_string(ERR_get_error());
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
void ssh_key_free(ssh_key* key) {
|
void ssh_key_free(ssh_key* key) {
|
||||||
|
|
||||||
/* Free key-specific data */
|
/* Free key-specific data */
|
||||||
|
@ -113,6 +113,15 @@ typedef struct ssh_key {
|
|||||||
*/
|
*/
|
||||||
ssh_key* ssh_key_alloc(char* data, int length, char* passphrase);
|
ssh_key* ssh_key_alloc(char* data, int length, char* passphrase);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns a statically-allocated string describing the most recent SSH key
|
||||||
|
* error.
|
||||||
|
*
|
||||||
|
* @return
|
||||||
|
* A statically-allocated string describing the most recent SSH key error.
|
||||||
|
*/
|
||||||
|
const char* ssh_key_error();
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Frees all memory associated with the given key.
|
* Frees all memory associated with the given key.
|
||||||
*/
|
*/
|
||||||
|
Loading…
Reference in New Issue
Block a user