Merge pull request #13 from glyptodon/fix-key-import

GUAC-974: Add logging and error reporting to avoid key confusion.
2015-01-04 19:59:43 -08:00 · 2015-01-04 19:59:43 -08:00 · 33bfbe53af
commit 33bfbe53af
parent b35d8dd8b2 5fe8917bdc
3 changed files with 33 additions and 1 deletions
--- a/src/protocols/ssh/ssh_client.c
+++ b/src/protocols/ssh/ssh_client.c
@ -36,6 +36,7 @@
 #include <guacamole/client.h>
 #include <guacamole/protocol.h>
 #include <guacamole/socket.h>
+#include <openssl/err.h>
 #include <openssl/ssl.h>

 #ifdef LIBSSH2_USES_GCRYPT
@ -351,7 +352,9 @@ void* ssh_client_thread(void* data) {
    CRYPTO_set_id_callback(__openssl_id_callback);
    CRYPTO_set_locking_callback(__openssl_locking_callback);

+    /* Init OpenSSL */
    SSL_library_init();
+    ERR_load_crypto_strings();
    libssh2_init(0);

    /* Get username */
@ -366,6 +369,9 @@ void* ssh_client_thread(void* data) {
    /* If key specified, import */
    if (client_data->key_base64[0] != 0) {

+        guac_client_log(client, GUAC_LOG_DEBUG,
+                "Attempting private key import (WITHOUT passphrase)");
+
        /* Attempt to read key without passphrase */
        client_data->key = ssh_key_alloc(client_data->key_base64,
                strlen(client_data->key_base64), "");
@ -373,6 +379,13 @@ void* ssh_client_thread(void* data) {
        /* On failure, attempt with passphrase */
        if (client_data->key == NULL) {

+            /* Log failure of initial attempt */
+            guac_client_log(client, GUAC_LOG_DEBUG,
+                    "Initial import failed: %s", ssh_key_error());
+
+            guac_client_log(client, GUAC_LOG_DEBUG,
+                    "Re-attempting private key import (WITH passphrase)");
+
            /* Prompt for passphrase if missing */
            if (client_data->key_passphrase[0] == 0)
                guac_terminal_prompt(client_data->term, "Key passphrase: ",
@ -385,7 +398,9 @@ void* ssh_client_thread(void* data) {

            /* If still failing, give up */
            if (client_data->key == NULL) {
-                guac_client_log(client, GUAC_LOG_ERROR, "Auth key import failed.");
+                guac_client_abort(client,
+                        GUAC_PROTOCOL_STATUS_CLIENT_UNAUTHORIZED,
+                        "Auth key import failed: %s", ssh_key_error());
                return NULL;
            }

--- a/src/protocols/ssh/ssh_key.c
+++ b/src/protocols/ssh/ssh_key.c
@ -28,6 +28,7 @@
 #include <openssl/bio.h>
 #include <openssl/bn.h>
 #include <openssl/dsa.h>
+#include <openssl/err.h>
 #include <openssl/evp.h>
 #include <openssl/obj_mac.h>
 #include <openssl/pem.h>
@ -133,6 +134,13 @@ ssh_key* ssh_key_alloc(char* data, int length, char* passphrase) {

 }

+const char* ssh_key_error() {
+
+    /* Return static error string */
+    return ERR_reason_error_string(ERR_get_error());
+
+}
+
 void ssh_key_free(ssh_key* key) {

    /* Free key-specific data */
--- a/src/protocols/ssh/ssh_key.h
+++ b/src/protocols/ssh/ssh_key.h
@ -113,6 +113,15 @@ typedef struct ssh_key {
 */
 ssh_key* ssh_key_alloc(char* data, int length, char* passphrase);

+/**
+ * Returns a statically-allocated string describing the most recent SSH key
+ * error.
+ *
+ * @return
+ *     A statically-allocated string describing the most recent SSH key error.
+ */
+const char* ssh_key_error();
+
 /**
 * Frees all memory associated with the given key.
 */