GUACAMOLE-527: Use libssh2_knownhost_readline and remove host key type.
This commit is contained in:
parent
42044e4279
commit
551598e0a4
@ -99,7 +99,7 @@ void guac_common_ssh_uninit();
|
|||||||
*/
|
*/
|
||||||
guac_common_ssh_session* guac_common_ssh_create_session(guac_client* client,
|
guac_common_ssh_session* guac_common_ssh_create_session(guac_client* client,
|
||||||
const char* hostname, const char* port, guac_common_ssh_user* user, int keepalive,
|
const char* hostname, const char* port, guac_common_ssh_user* user, int keepalive,
|
||||||
const int host_key_type, const char* host_key);
|
const char* host_key);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Disconnects and destroys the given SSH session, freeing all associated
|
* Disconnects and destroys the given SSH session, freeing all associated
|
||||||
|
@ -416,7 +416,7 @@ static int guac_common_ssh_authenticate(guac_common_ssh_session* common_session)
|
|||||||
|
|
||||||
guac_common_ssh_session* guac_common_ssh_create_session(guac_client* client,
|
guac_common_ssh_session* guac_common_ssh_create_session(guac_client* client,
|
||||||
const char* hostname, const char* port, guac_common_ssh_user* user, int keepalive,
|
const char* hostname, const char* port, guac_common_ssh_user* user, int keepalive,
|
||||||
const int host_key_type, const char* host_key) {
|
const char* host_key) {
|
||||||
|
|
||||||
int retval;
|
int retval;
|
||||||
|
|
||||||
@ -529,9 +529,8 @@ guac_common_ssh_session* guac_common_ssh_create_session(guac_client* client,
|
|||||||
/* Add host key provided from settings */
|
/* Add host key provided from settings */
|
||||||
if (host_key && strcmp(host_key, "") > 0) {
|
if (host_key && strcmp(host_key, "") > 0) {
|
||||||
|
|
||||||
int kh_add = libssh2_knownhost_addc(ssh_known_hosts, hostname, NULL, host_key, strlen(host_key),
|
int kh_add = libssh2_knownhost_readline(ssh_known_hosts, host_key, strlen(host_key),
|
||||||
NULL, 0, LIBSSH2_KNOWNHOST_TYPE_PLAIN|LIBSSH2_KNOWNHOST_KEYENC_BASE64|
|
LIBSSH2_KNOWNHOST_FILE_OPENSSH);
|
||||||
host_key_type, NULL);
|
|
||||||
|
|
||||||
if (kh_add)
|
if (kh_add)
|
||||||
guac_client_log(client, GUAC_LOG_WARNING, "Failed to add provided host key"
|
guac_client_log(client, GUAC_LOG_WARNING, "Failed to add provided host key"
|
||||||
@ -564,7 +563,7 @@ guac_common_ssh_session* guac_common_ssh_create_session(guac_client* client,
|
|||||||
"Host key match found for %s", hostname);
|
"Host key match found for %s", hostname);
|
||||||
break;
|
break;
|
||||||
case LIBSSH2_KNOWNHOST_CHECK_NOTFOUND:
|
case LIBSSH2_KNOWNHOST_CHECK_NOTFOUND:
|
||||||
guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR,
|
guac_client_log(client, GUAC_LOG_WARNING,
|
||||||
"Host key not found for %s.", hostname);
|
"Host key not found for %s.", hostname);
|
||||||
break;
|
break;
|
||||||
case LIBSSH2_KNOWNHOST_CHECK_MISMATCH:
|
case LIBSSH2_KNOWNHOST_CHECK_MISMATCH:
|
||||||
|
@ -975,7 +975,7 @@ void* guac_rdp_client_thread(void* data) {
|
|||||||
rdp_client->sftp_session =
|
rdp_client->sftp_session =
|
||||||
guac_common_ssh_create_session(client, settings->sftp_hostname,
|
guac_common_ssh_create_session(client, settings->sftp_hostname,
|
||||||
settings->sftp_port, rdp_client->sftp_user, settings->sftp_server_alive_interval,
|
settings->sftp_port, rdp_client->sftp_user, settings->sftp_server_alive_interval,
|
||||||
settings->sftp_host_key_type, settings->sftp_host_key);
|
settings->sftp_host_key);
|
||||||
|
|
||||||
/* Fail if SSH connection does not succeed */
|
/* Fail if SSH connection does not succeed */
|
||||||
if (rdp_client->sftp_session == NULL) {
|
if (rdp_client->sftp_session == NULL) {
|
||||||
|
@ -360,12 +360,6 @@ enum RDP_ARGS_IDX {
|
|||||||
*/
|
*/
|
||||||
IDX_SFTP_HOSTNAME,
|
IDX_SFTP_HOSTNAME,
|
||||||
|
|
||||||
/**
|
|
||||||
* The type of public SSH host key provided. If not specified, it defaults
|
|
||||||
* to SSH-RSA.
|
|
||||||
*/
|
|
||||||
IDX_SFTP_HOST_KEY_TYPE,
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* The public SSH host key of the SFTP server. Optional.
|
* The public SSH host key of the SFTP server. Optional.
|
||||||
*/
|
*/
|
||||||
@ -843,27 +837,6 @@ guac_rdp_settings* guac_rdp_parse_args(guac_user* user,
|
|||||||
guac_user_parse_args_string(user, GUAC_RDP_CLIENT_ARGS, argv,
|
guac_user_parse_args_string(user, GUAC_RDP_CLIENT_ARGS, argv,
|
||||||
IDX_SFTP_HOST_KEY, NULL);
|
IDX_SFTP_HOST_KEY, NULL);
|
||||||
|
|
||||||
if(settings->sftp_host_key) {
|
|
||||||
/* Type of public SSH host key. */
|
|
||||||
char* str_host_key_type = guac_user_parse_args_string(user, GUAC_RDP_CLIENT_ARGS, argv,
|
|
||||||
IDX_SFTP_HOST_KEY_TYPE, "ssh-rsa");
|
|
||||||
|
|
||||||
if (strcmp(str_host_key_type, "ssh-rsa") == 0)
|
|
||||||
settings->sftp_host_key_type = LIBSSH2_KNOWNHOST_KEY_SSHRSA;
|
|
||||||
else if (strcmp(str_host_key_type, "ssh-dss") == 0)
|
|
||||||
settings->sftp_host_key_type = LIBSSH2_KNOWNHOST_KEY_SSHDSS;
|
|
||||||
else if (strcmp(str_host_key_type, "rsa1") == 0)
|
|
||||||
settings->sftp_host_key_type = LIBSSH2_KNOWNHOST_KEY_RSA1;
|
|
||||||
else {
|
|
||||||
guac_user_log(user, GUAC_LOG_WARNING, "Invalid host key type specified %s. "
|
|
||||||
"Ignoring host key.", str_host_key_type);
|
|
||||||
settings->sftp_host_key = NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
free(str_host_key_type);
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Port for SFTP connection */
|
/* Port for SFTP connection */
|
||||||
settings->sftp_port =
|
settings->sftp_port =
|
||||||
guac_user_parse_args_string(user, GUAC_RDP_CLIENT_ARGS, argv,
|
guac_user_parse_args_string(user, GUAC_RDP_CLIENT_ARGS, argv,
|
||||||
|
@ -342,11 +342,6 @@ typedef struct guac_rdp_settings {
|
|||||||
*/
|
*/
|
||||||
char* sftp_hostname;
|
char* sftp_hostname;
|
||||||
|
|
||||||
/**
|
|
||||||
* The type of the public SSH hos key.
|
|
||||||
*/
|
|
||||||
int sftp_host_key_type;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* The public SSH host key.
|
* The public SSH host key.
|
||||||
*/
|
*/
|
||||||
|
@ -71,11 +71,6 @@ enum SSH_ARGS_IDX {
|
|||||||
*/
|
*/
|
||||||
IDX_HOSTNAME,
|
IDX_HOSTNAME,
|
||||||
|
|
||||||
/**
|
|
||||||
* The type of public SSH host key provided. Optional.
|
|
||||||
*/
|
|
||||||
IDX_HOST_KEY_TYPE,
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* The Base64-encoded public SSH host key. Optional.
|
* The Base64-encoded public SSH host key. Optional.
|
||||||
*/
|
*/
|
||||||
@ -264,24 +259,6 @@ guac_ssh_settings* guac_ssh_parse_args(guac_user* user,
|
|||||||
guac_user_parse_args_string(user, GUAC_SSH_CLIENT_ARGS, argv,
|
guac_user_parse_args_string(user, GUAC_SSH_CLIENT_ARGS, argv,
|
||||||
IDX_HOST_KEY, NULL);
|
IDX_HOST_KEY, NULL);
|
||||||
|
|
||||||
if (settings->host_key) {
|
|
||||||
char* str_host_key_type = guac_user_parse_args_string(user, GUAC_SSH_CLIENT_ARGS, argv,
|
|
||||||
IDX_HOST_KEY_TYPE, "ssh-rsa");
|
|
||||||
if (strcmp(str_host_key_type, "ssh-rsa") == 0)
|
|
||||||
settings->host_key_type = LIBSSH2_KNOWNHOST_KEY_SSHRSA;
|
|
||||||
else if (strcmp(str_host_key_type, "ssh-dss") == 0)
|
|
||||||
settings->host_key_type = LIBSSH2_KNOWNHOST_KEY_SSHDSS;
|
|
||||||
else if (strcmp(str_host_key_type, "rsa1") == 0)
|
|
||||||
settings->host_key_type = LIBSSH2_KNOWNHOST_KEY_RSA1;
|
|
||||||
else {
|
|
||||||
guac_user_log(user, GUAC_LOG_WARNING, "Invalid host key type specified %s. "
|
|
||||||
"Ignoring host key.", str_host_key_type);
|
|
||||||
settings->host_key = NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
free(str_host_key_type);
|
|
||||||
}
|
|
||||||
|
|
||||||
settings->username =
|
settings->username =
|
||||||
guac_user_parse_args_string(user, GUAC_SSH_CLIENT_ARGS, argv,
|
guac_user_parse_args_string(user, GUAC_SSH_CLIENT_ARGS, argv,
|
||||||
IDX_USERNAME, NULL);
|
IDX_USERNAME, NULL);
|
||||||
|
@ -70,11 +70,6 @@ typedef struct guac_ssh_settings {
|
|||||||
*/
|
*/
|
||||||
char* hostname;
|
char* hostname;
|
||||||
|
|
||||||
/**
|
|
||||||
* The type of public SSH host key.
|
|
||||||
*/
|
|
||||||
int host_key_type;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* The public SSH host key.
|
* The public SSH host key.
|
||||||
*/
|
*/
|
||||||
|
@ -236,7 +236,7 @@ void* ssh_client_thread(void* data) {
|
|||||||
/* Open SSH session */
|
/* Open SSH session */
|
||||||
ssh_client->session = guac_common_ssh_create_session(client,
|
ssh_client->session = guac_common_ssh_create_session(client,
|
||||||
settings->hostname, settings->port, ssh_client->user, settings->server_alive_interval,
|
settings->hostname, settings->port, ssh_client->user, settings->server_alive_interval,
|
||||||
settings->host_key_type, settings->host_key);
|
settings->host_key);
|
||||||
if (ssh_client->session == NULL) {
|
if (ssh_client->session == NULL) {
|
||||||
/* Already aborted within guac_common_ssh_create_session() */
|
/* Already aborted within guac_common_ssh_create_session() */
|
||||||
return NULL;
|
return NULL;
|
||||||
@ -277,7 +277,7 @@ void* ssh_client_thread(void* data) {
|
|||||||
ssh_client->sftp_session =
|
ssh_client->sftp_session =
|
||||||
guac_common_ssh_create_session(client, settings->hostname,
|
guac_common_ssh_create_session(client, settings->hostname,
|
||||||
settings->port, ssh_client->user, settings->server_alive_interval,
|
settings->port, ssh_client->user, settings->server_alive_interval,
|
||||||
settings->host_key_type, settings->host_key);
|
settings->host_key);
|
||||||
if (ssh_client->sftp_session == NULL) {
|
if (ssh_client->sftp_session == NULL) {
|
||||||
/* Already aborted within guac_common_ssh_create_session() */
|
/* Already aborted within guac_common_ssh_create_session() */
|
||||||
return NULL;
|
return NULL;
|
||||||
|
@ -211,11 +211,6 @@ enum VNC_ARGS_IDX {
|
|||||||
*/
|
*/
|
||||||
IDX_SFTP_USERNAME,
|
IDX_SFTP_USERNAME,
|
||||||
|
|
||||||
/**
|
|
||||||
* The type of public SSH host key provided to identify the SFTP server.
|
|
||||||
*/
|
|
||||||
IDX_SFTP_HOST_KEY_TYPE,
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* The public SSH host key to identify the SFTP server.
|
* The public SSH host key to identify the SFTP server.
|
||||||
*/
|
*/
|
||||||
@ -429,27 +424,6 @@ guac_vnc_settings* guac_vnc_parse_args(guac_user* user,
|
|||||||
guac_user_parse_args_string(user, GUAC_VNC_CLIENT_ARGS, argv,
|
guac_user_parse_args_string(user, GUAC_VNC_CLIENT_ARGS, argv,
|
||||||
IDX_SFTP_HOST_KEY, NULL);
|
IDX_SFTP_HOST_KEY, NULL);
|
||||||
|
|
||||||
if(settings->sftp_host_key) {
|
|
||||||
/* Type of public SSH host key. */
|
|
||||||
char* str_host_key_type = guac_user_parse_args_string(user, GUAC_VNC_CLIENT_ARGS, argv,
|
|
||||||
IDX_SFTP_HOST_KEY_TYPE, "ssh-rsa");
|
|
||||||
|
|
||||||
if (strcmp(str_host_key_type, "ssh-rsa") == 0)
|
|
||||||
settings->sftp_host_key_type = LIBSSH2_KNOWNHOST_KEY_SSHRSA;
|
|
||||||
else if (strcmp(str_host_key_type, "ssh-dss") == 0)
|
|
||||||
settings->sftp_host_key_type = LIBSSH2_KNOWNHOST_KEY_SSHDSS;
|
|
||||||
else if (strcmp(str_host_key_type, "rsa1") == 0)
|
|
||||||
settings->sftp_host_key_type = LIBSSH2_KNOWNHOST_KEY_RSA1;
|
|
||||||
else {
|
|
||||||
guac_user_log(user, GUAC_LOG_WARNING, "Invalid host key type specified %s. "
|
|
||||||
"Ignoring host key.", str_host_key_type);
|
|
||||||
settings->sftp_host_key = NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
free(str_host_key_type);
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Port for SFTP connection */
|
/* Port for SFTP connection */
|
||||||
settings->sftp_port =
|
settings->sftp_port =
|
||||||
guac_user_parse_args_string(user, GUAC_VNC_CLIENT_ARGS, argv,
|
guac_user_parse_args_string(user, GUAC_VNC_CLIENT_ARGS, argv,
|
||||||
|
@ -138,11 +138,6 @@ typedef struct guac_vnc_settings {
|
|||||||
*/
|
*/
|
||||||
char* sftp_hostname;
|
char* sftp_hostname;
|
||||||
|
|
||||||
/**
|
|
||||||
* The type of public SSH host key provided.
|
|
||||||
*/
|
|
||||||
int sftp_host_key_type;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* The public SSH host key.
|
* The public SSH host key.
|
||||||
*/
|
*/
|
||||||
|
@ -262,7 +262,7 @@ void* guac_vnc_client_thread(void* data) {
|
|||||||
vnc_client->sftp_session =
|
vnc_client->sftp_session =
|
||||||
guac_common_ssh_create_session(client, settings->sftp_hostname,
|
guac_common_ssh_create_session(client, settings->sftp_hostname,
|
||||||
settings->sftp_port, vnc_client->sftp_user, settings->sftp_server_alive_interval,
|
settings->sftp_port, vnc_client->sftp_user, settings->sftp_server_alive_interval,
|
||||||
settings->sftp_host_key_type, settings->sftp_host_key);
|
settings->sftp_host_key);
|
||||||
|
|
||||||
/* Fail if SSH connection does not succeed */
|
/* Fail if SSH connection does not succeed */
|
||||||
if (vnc_client->sftp_session == NULL) {
|
if (vnc_client->sftp_session == NULL) {
|
||||||
|
Loading…
Reference in New Issue
Block a user