GUACAMOLE-527: Order SSH handshake correctly, and remove unnecessary logging.

This commit is contained in:
Nick Couchman 2018-04-06 05:45:14 -04:00 committed by Nick Couchman
parent c080569cac
commit 5bb616832e

View File

@ -511,6 +511,15 @@ guac_common_ssh_session* guac_common_ssh_create_session(guac_client* client,
return NULL; return NULL;
} }
/* Perform handshake */
if (libssh2_session_handshake(session, fd)) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_UPSTREAM_ERROR,
"SSH handshake failed.");
free(common_session);
close(fd);
return NULL;
}
/* Check known_hosts */ /* Check known_hosts */
/* Get known hosts file from user running guacd */ /* Get known hosts file from user running guacd */
struct passwd *pw = getpwuid(getuid()); struct passwd *pw = getpwuid(getuid());
@ -527,6 +536,7 @@ guac_common_ssh_session* guac_common_ssh_create_session(guac_client* client,
host_key_type, NULL)) host_key_type, NULL))
guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR, guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR,
"Failed to add host key to known hosts store for %s", hostname); "Failed to add host key to known hosts store for %s", hostname);
} }
/* Get fingerprint of host we're connecting to */ /* Get fingerprint of host we're connecting to */
@ -534,6 +544,10 @@ guac_common_ssh_session* guac_common_ssh_create_session(guac_client* client,
int fp_type; int fp_type;
const char *fingerprint = libssh2_session_hostkey(session, &fp_len, &fp_type); const char *fingerprint = libssh2_session_hostkey(session, &fp_len, &fp_type);
if (!fingerprint)
guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR,
"Failed to get fingerprint for host %s", hostname);
/* Check fingerprint against known hosts */ /* Check fingerprint against known hosts */
struct libssh2_knownhost *host; struct libssh2_knownhost *host;
int kh_check = libssh2_knownhost_checkp(ssh_known_hosts, hostname, atoi(port), int kh_check = libssh2_knownhost_checkp(ssh_known_hosts, hostname, atoi(port),
@ -545,37 +559,21 @@ guac_common_ssh_session* guac_common_ssh_create_session(guac_client* client,
switch (kh_check) { switch (kh_check) {
case LIBSSH2_KNOWNHOST_CHECK_MATCH: case LIBSSH2_KNOWNHOST_CHECK_MATCH:
guac_client_log(client, GUAC_LOG_DEBUG, guac_client_log(client, GUAC_LOG_DEBUG,
"Host key match found."); "Host key match found for %s", hostname);
break; break;
case LIBSSH2_KNOWNHOST_CHECK_NOTFOUND: case LIBSSH2_KNOWNHOST_CHECK_NOTFOUND:
guac_client_log(client, GUAC_LOG_ERROR,
"Host key not found in known hosts entries for %s.", hostname);
guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR, guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR,
"Host key not found in known hosts entries."); "Host key not found for %s.", hostname);
break; break;
case LIBSSH2_KNOWNHOST_CHECK_MISMATCH: case LIBSSH2_KNOWNHOST_CHECK_MISMATCH:
guac_client_log(client, GUAC_LOG_ERROR,
"Host entry found, but host key does not match for %s",
hostname);
guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR, guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR,
"Host key does not match host entry."); "Host key does not match host entry for %s", hostname);
break; break;
case LIBSSH2_KNOWNHOST_CHECK_FAILURE: case LIBSSH2_KNOWNHOST_CHECK_FAILURE:
default: default:
guac_client_log(client, GUAC_LOG_ERROR,
"Error checking host key against known hosts for %s",
hostname);
guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR, guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR,
"Host could not be checked against known hosts."); "Host %s could not be checked against known hosts.",
} hostname);
/* Perform handshake */
if (libssh2_session_handshake(session, fd)) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_UPSTREAM_ERROR,
"SSH handshake failed.");
free(common_session);
close(fd);
return NULL;
} }
/* Store basic session data */ /* Store basic session data */