GUACAMOLE-527: Do not call a remote host key a fingerprint.

2018-06-25 13:57:01 -04:00 · 2018-06-25 13:57:01 -04:00 · 7bc6a62365
commit 7bc6a62365
parent ba684962b6
3 changed files with 21 additions and 22 deletions
--- a/src/common-ssh/common-ssh/key.h
+++ b/src/common-ssh/common-ssh/key.h
@ -170,7 +170,7 @@ int guac_common_ssh_key_sign(guac_common_ssh_key* key, const char* data,
        int length, unsigned char* sig);

 /**
- * Verifies the fingerprint for the given hostname/port combination against
+ * Verifies the host key for the given hostname/port combination against
 * one or more known_hosts entries.  The known_host entries can either be a
 * single host_key, provided by the client, or a set of known_hosts entries
 * provided in the /etc/guacamole/ssh_known_hosts file.  Failure to correctly
@ -178,7 +178,7 @@ int guac_common_ssh_key_sign(guac_common_ssh_key* key, const char* data,
 * error code.  A return code of zero indiciates that either no known_hosts entries
 * were provided, or that the verification succeeded (match).  Negative values
 * indicate internal libssh2 error codes; positive values indicate a failure
- * during verification of the fingerprint against the known hosts.
+ * during verification of the host key against the known hosts.
 *
 * @param session
 *     A pointer to the LIBSSH2_SESSION structure of the SSH connection already
@ -200,11 +200,11 @@ int guac_common_ssh_key_sign(guac_common_ssh_key* key, const char* data,
 * @param port
 *     The port number of the server being verified.
 *
- * @param fingerprint
- *     The fingering of the server being verified.
+ * @param remote_hostkey
+ *     The host key of the remote system being verified.
 *
- * @param fp_len
- *     The length of the fingerprint being verified
+ * @param remote_hostkey_len
+ *     The length of the remote host key being verified
 *
 * @return
 *     The status of the known_hosts check.  This will be zero if no entries
@ -213,8 +213,8 @@ int guac_common_ssh_key_sign(guac_common_ssh_key* key, const char* data,
 *     checking.
 */
 int guac_common_ssh_verify_host_key(LIBSSH2_SESSION* session, guac_client* client,
-        const char* host_key, const char* hostname, int port, const char* fingerprint,
-        const size_t fp_len);
+        const char* host_key, const char* hostname, int port, const char* remote_hostkey,
+        const size_t remote_hostkey_len);

 #endif

--- a/src/common-ssh/key.c
+++ b/src/common-ssh/key.c
@ -247,8 +247,8 @@ int guac_common_ssh_key_sign(guac_common_ssh_key* key, const char* data,
 }

 int guac_common_ssh_verify_host_key(LIBSSH2_SESSION* session, guac_client* client,
-        const char* host_key, const char* hostname, int port, const char* fingerprint,
-        const size_t fp_len) {
+        const char* host_key, const char* hostname, int port, const char* remote_hostkey,
+        const size_t remote_hostkey_len) {

    LIBSSH2_KNOWNHOSTS* ssh_known_hosts = libssh2_knownhost_init(session);
    int known_hosts = 0;
@ -296,9 +296,9 @@ int guac_common_ssh_verify_host_key(LIBSSH2_SESSION* session, guac_client* clien
    }


-    /* Check fingerprint against known hosts */
+    /* Check remote host key against known hosts */
    int kh_check = libssh2_knownhost_checkp(ssh_known_hosts, hostname, port,
-                                            fingerprint, fp_len,
+                                            remote_hostkey, remote_hostkey_len,
                                            LIBSSH2_KNOWNHOST_TYPE_PLAIN|
                                            LIBSSH2_KNOWNHOST_KEYENC_RAW,
                                            NULL);
--- a/src/common-ssh/ssh.c
+++ b/src/common-ssh/ssh.c
@ -520,15 +520,14 @@ guac_common_ssh_session* guac_common_ssh_create_session(guac_client* client,
        return NULL;
    }

-    /* Get fingerprint of host we're connecting to */
-    size_t fp_len;
-    int fp_type;
-    const char *fingerprint = libssh2_session_hostkey(session, &fp_len, &fp_type);
+    /* Get host key of remote system we're connecting to */
+    size_t remote_hostkey_len;
+    const char *remote_hostkey = libssh2_session_hostkey(session, &remote_hostkey_len, NULL);

-    /* Failure to generate a fingerprint means we should abort */
-    if (!fingerprint) {
+    /* Failure to retrieve a host key means we should abort */
+    if (!remote_hostkey) {
        guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR,
-            "Failed to get fingerprint for host %s", hostname);
+            "Failed to get host key for %s", hostname);
        free(common_session);
        close(fd);
        return NULL;
@ -536,8 +535,8 @@ guac_common_ssh_session* guac_common_ssh_create_session(guac_client* client,

    /* SSH known host key checking. */
    int known_host_check = guac_common_ssh_verify_host_key(session, client, host_key,
-                                                           hostname, atoi(port), fingerprint,
-                                                           fp_len);
+                                                           hostname, atoi(port), remote_hostkey,
+                                                           remote_hostkey_len);

    /* Abort on any error codes */
    if (known_host_check != 0) {
@ -551,7 +550,7 @@ guac_common_ssh_session* guac_common_ssh_create_session(guac_client* client,

        if (known_host_check > 0)
            guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR,
-                "Host fingerprint did not match any provided known host keys. %s", err_msg);
+                "Host key did not match any provided known host keys. %s", err_msg);

        free(common_session);
        close(fd);