From 551598e0a4fcea547fcd050b278e0c4e6114842f Mon Sep 17 00:00:00 2001 From: Nick Couchman Date: Tue, 22 May 2018 22:59:51 -0400 Subject: [PATCH] GUACAMOLE-527: Use libssh2_knownhost_readline and remove host key type. --- src/common-ssh/common-ssh/ssh.h | 2 +- src/common-ssh/ssh.c | 9 ++++----- src/protocols/rdp/rdp.c | 2 +- src/protocols/rdp/rdp_settings.c | 27 --------------------------- src/protocols/rdp/rdp_settings.h | 5 ----- src/protocols/ssh/settings.c | 23 ----------------------- src/protocols/ssh/settings.h | 5 ----- src/protocols/ssh/ssh.c | 4 ++-- src/protocols/vnc/settings.c | 26 -------------------------- src/protocols/vnc/settings.h | 5 ----- src/protocols/vnc/vnc.c | 2 +- 11 files changed, 9 insertions(+), 101 deletions(-) diff --git a/src/common-ssh/common-ssh/ssh.h b/src/common-ssh/common-ssh/ssh.h index 8f6f6893..672e7767 100644 --- a/src/common-ssh/common-ssh/ssh.h +++ b/src/common-ssh/common-ssh/ssh.h @@ -99,7 +99,7 @@ void guac_common_ssh_uninit(); */ guac_common_ssh_session* guac_common_ssh_create_session(guac_client* client, const char* hostname, const char* port, guac_common_ssh_user* user, int keepalive, - const int host_key_type, const char* host_key); + const char* host_key); /** * Disconnects and destroys the given SSH session, freeing all associated diff --git a/src/common-ssh/ssh.c b/src/common-ssh/ssh.c index 03c4d125..54eae3b0 100644 --- a/src/common-ssh/ssh.c +++ b/src/common-ssh/ssh.c @@ -416,7 +416,7 @@ static int guac_common_ssh_authenticate(guac_common_ssh_session* common_session) guac_common_ssh_session* guac_common_ssh_create_session(guac_client* client, const char* hostname, const char* port, guac_common_ssh_user* user, int keepalive, - const int host_key_type, const char* host_key) { + const char* host_key) { int retval; @@ -529,9 +529,8 @@ guac_common_ssh_session* guac_common_ssh_create_session(guac_client* client, /* Add host key provided from settings */ if (host_key && strcmp(host_key, "") > 0) { - int kh_add = libssh2_knownhost_addc(ssh_known_hosts, hostname, NULL, host_key, strlen(host_key), - NULL, 0, LIBSSH2_KNOWNHOST_TYPE_PLAIN|LIBSSH2_KNOWNHOST_KEYENC_BASE64| - host_key_type, NULL); + int kh_add = libssh2_knownhost_readline(ssh_known_hosts, host_key, strlen(host_key), + LIBSSH2_KNOWNHOST_FILE_OPENSSH); if (kh_add) guac_client_log(client, GUAC_LOG_WARNING, "Failed to add provided host key" @@ -564,7 +563,7 @@ guac_common_ssh_session* guac_common_ssh_create_session(guac_client* client, "Host key match found for %s", hostname); break; case LIBSSH2_KNOWNHOST_CHECK_NOTFOUND: - guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR, + guac_client_log(client, GUAC_LOG_WARNING, "Host key not found for %s.", hostname); break; case LIBSSH2_KNOWNHOST_CHECK_MISMATCH: diff --git a/src/protocols/rdp/rdp.c b/src/protocols/rdp/rdp.c index 30b19326..4d484320 100644 --- a/src/protocols/rdp/rdp.c +++ b/src/protocols/rdp/rdp.c @@ -975,7 +975,7 @@ void* guac_rdp_client_thread(void* data) { rdp_client->sftp_session = guac_common_ssh_create_session(client, settings->sftp_hostname, settings->sftp_port, rdp_client->sftp_user, settings->sftp_server_alive_interval, - settings->sftp_host_key_type, settings->sftp_host_key); + settings->sftp_host_key); /* Fail if SSH connection does not succeed */ if (rdp_client->sftp_session == NULL) { diff --git a/src/protocols/rdp/rdp_settings.c b/src/protocols/rdp/rdp_settings.c index 65e79e6b..2fe261ce 100644 --- a/src/protocols/rdp/rdp_settings.c +++ b/src/protocols/rdp/rdp_settings.c @@ -360,12 +360,6 @@ enum RDP_ARGS_IDX { */ IDX_SFTP_HOSTNAME, - /** - * The type of public SSH host key provided. If not specified, it defaults - * to SSH-RSA. - */ - IDX_SFTP_HOST_KEY_TYPE, - /** * The public SSH host key of the SFTP server. Optional. */ @@ -843,27 +837,6 @@ guac_rdp_settings* guac_rdp_parse_args(guac_user* user, guac_user_parse_args_string(user, GUAC_RDP_CLIENT_ARGS, argv, IDX_SFTP_HOST_KEY, NULL); - if(settings->sftp_host_key) { - /* Type of public SSH host key. */ - char* str_host_key_type = guac_user_parse_args_string(user, GUAC_RDP_CLIENT_ARGS, argv, - IDX_SFTP_HOST_KEY_TYPE, "ssh-rsa"); - - if (strcmp(str_host_key_type, "ssh-rsa") == 0) - settings->sftp_host_key_type = LIBSSH2_KNOWNHOST_KEY_SSHRSA; - else if (strcmp(str_host_key_type, "ssh-dss") == 0) - settings->sftp_host_key_type = LIBSSH2_KNOWNHOST_KEY_SSHDSS; - else if (strcmp(str_host_key_type, "rsa1") == 0) - settings->sftp_host_key_type = LIBSSH2_KNOWNHOST_KEY_RSA1; - else { - guac_user_log(user, GUAC_LOG_WARNING, "Invalid host key type specified %s. " - "Ignoring host key.", str_host_key_type); - settings->sftp_host_key = NULL; - } - - free(str_host_key_type); - - } - /* Port for SFTP connection */ settings->sftp_port = guac_user_parse_args_string(user, GUAC_RDP_CLIENT_ARGS, argv, diff --git a/src/protocols/rdp/rdp_settings.h b/src/protocols/rdp/rdp_settings.h index 0a442799..4f3839e6 100644 --- a/src/protocols/rdp/rdp_settings.h +++ b/src/protocols/rdp/rdp_settings.h @@ -342,11 +342,6 @@ typedef struct guac_rdp_settings { */ char* sftp_hostname; - /** - * The type of the public SSH hos key. - */ - int sftp_host_key_type; - /** * The public SSH host key. */ diff --git a/src/protocols/ssh/settings.c b/src/protocols/ssh/settings.c index 119d725d..4a1c3710 100644 --- a/src/protocols/ssh/settings.c +++ b/src/protocols/ssh/settings.c @@ -71,11 +71,6 @@ enum SSH_ARGS_IDX { */ IDX_HOSTNAME, - /** - * The type of public SSH host key provided. Optional. - */ - IDX_HOST_KEY_TYPE, - /** * The Base64-encoded public SSH host key. Optional. */ @@ -264,24 +259,6 @@ guac_ssh_settings* guac_ssh_parse_args(guac_user* user, guac_user_parse_args_string(user, GUAC_SSH_CLIENT_ARGS, argv, IDX_HOST_KEY, NULL); - if (settings->host_key) { - char* str_host_key_type = guac_user_parse_args_string(user, GUAC_SSH_CLIENT_ARGS, argv, - IDX_HOST_KEY_TYPE, "ssh-rsa"); - if (strcmp(str_host_key_type, "ssh-rsa") == 0) - settings->host_key_type = LIBSSH2_KNOWNHOST_KEY_SSHRSA; - else if (strcmp(str_host_key_type, "ssh-dss") == 0) - settings->host_key_type = LIBSSH2_KNOWNHOST_KEY_SSHDSS; - else if (strcmp(str_host_key_type, "rsa1") == 0) - settings->host_key_type = LIBSSH2_KNOWNHOST_KEY_RSA1; - else { - guac_user_log(user, GUAC_LOG_WARNING, "Invalid host key type specified %s. " - "Ignoring host key.", str_host_key_type); - settings->host_key = NULL; - } - - free(str_host_key_type); - } - settings->username = guac_user_parse_args_string(user, GUAC_SSH_CLIENT_ARGS, argv, IDX_USERNAME, NULL); diff --git a/src/protocols/ssh/settings.h b/src/protocols/ssh/settings.h index e47a8161..761239c7 100644 --- a/src/protocols/ssh/settings.h +++ b/src/protocols/ssh/settings.h @@ -70,11 +70,6 @@ typedef struct guac_ssh_settings { */ char* hostname; - /** - * The type of public SSH host key. - */ - int host_key_type; - /** * The public SSH host key. */ diff --git a/src/protocols/ssh/ssh.c b/src/protocols/ssh/ssh.c index 63765559..f98f2228 100644 --- a/src/protocols/ssh/ssh.c +++ b/src/protocols/ssh/ssh.c @@ -236,7 +236,7 @@ void* ssh_client_thread(void* data) { /* Open SSH session */ ssh_client->session = guac_common_ssh_create_session(client, settings->hostname, settings->port, ssh_client->user, settings->server_alive_interval, - settings->host_key_type, settings->host_key); + settings->host_key); if (ssh_client->session == NULL) { /* Already aborted within guac_common_ssh_create_session() */ return NULL; @@ -277,7 +277,7 @@ void* ssh_client_thread(void* data) { ssh_client->sftp_session = guac_common_ssh_create_session(client, settings->hostname, settings->port, ssh_client->user, settings->server_alive_interval, - settings->host_key_type, settings->host_key); + settings->host_key); if (ssh_client->sftp_session == NULL) { /* Already aborted within guac_common_ssh_create_session() */ return NULL; diff --git a/src/protocols/vnc/settings.c b/src/protocols/vnc/settings.c index 5f82b39b..130c97d5 100644 --- a/src/protocols/vnc/settings.c +++ b/src/protocols/vnc/settings.c @@ -211,11 +211,6 @@ enum VNC_ARGS_IDX { */ IDX_SFTP_USERNAME, - /** - * The type of public SSH host key provided to identify the SFTP server. - */ - IDX_SFTP_HOST_KEY_TYPE, - /** * The public SSH host key to identify the SFTP server. */ @@ -429,27 +424,6 @@ guac_vnc_settings* guac_vnc_parse_args(guac_user* user, guac_user_parse_args_string(user, GUAC_VNC_CLIENT_ARGS, argv, IDX_SFTP_HOST_KEY, NULL); - if(settings->sftp_host_key) { - /* Type of public SSH host key. */ - char* str_host_key_type = guac_user_parse_args_string(user, GUAC_VNC_CLIENT_ARGS, argv, - IDX_SFTP_HOST_KEY_TYPE, "ssh-rsa"); - - if (strcmp(str_host_key_type, "ssh-rsa") == 0) - settings->sftp_host_key_type = LIBSSH2_KNOWNHOST_KEY_SSHRSA; - else if (strcmp(str_host_key_type, "ssh-dss") == 0) - settings->sftp_host_key_type = LIBSSH2_KNOWNHOST_KEY_SSHDSS; - else if (strcmp(str_host_key_type, "rsa1") == 0) - settings->sftp_host_key_type = LIBSSH2_KNOWNHOST_KEY_RSA1; - else { - guac_user_log(user, GUAC_LOG_WARNING, "Invalid host key type specified %s. " - "Ignoring host key.", str_host_key_type); - settings->sftp_host_key = NULL; - } - - free(str_host_key_type); - - } - /* Port for SFTP connection */ settings->sftp_port = guac_user_parse_args_string(user, GUAC_VNC_CLIENT_ARGS, argv, diff --git a/src/protocols/vnc/settings.h b/src/protocols/vnc/settings.h index 35809f83..3e2ebd5e 100644 --- a/src/protocols/vnc/settings.h +++ b/src/protocols/vnc/settings.h @@ -138,11 +138,6 @@ typedef struct guac_vnc_settings { */ char* sftp_hostname; - /** - * The type of public SSH host key provided. - */ - int sftp_host_key_type; - /** * The public SSH host key. */ diff --git a/src/protocols/vnc/vnc.c b/src/protocols/vnc/vnc.c index 1146ad43..d9f9dbbb 100644 --- a/src/protocols/vnc/vnc.c +++ b/src/protocols/vnc/vnc.c @@ -262,7 +262,7 @@ void* guac_vnc_client_thread(void* data) { vnc_client->sftp_session = guac_common_ssh_create_session(client, settings->sftp_hostname, settings->sftp_port, vnc_client->sftp_user, settings->sftp_server_alive_interval, - settings->sftp_host_key_type, settings->sftp_host_key); + settings->sftp_host_key); /* Fail if SSH connection does not succeed */ if (vnc_client->sftp_session == NULL) {