GUACAMOLE-527: Do not call a remote host key a fingerprint.

src/common-ssh/common-ssh/key.h

@@ -170,7 +170,7 @@ int guac_common_ssh_key_sign(guac_common_ssh_key* key, const char* data,
         int length, unsigned char* sig);
 
 /**
- * Verifies the fingerprint for the given hostname/port combination against
+ * Verifies the host key for the given hostname/port combination against
  * one or more known_hosts entries.  The known_host entries can either be a
  * single host_key, provided by the client, or a set of known_hosts entries
  * provided in the /etc/guacamole/ssh_known_hosts file.  Failure to correctly
@@ -178,7 +178,7 @@ int guac_common_ssh_key_sign(guac_common_ssh_key* key, const char* data,
  * error code.  A return code of zero indiciates that either no known_hosts entries
  * were provided, or that the verification succeeded (match).  Negative values
  * indicate internal libssh2 error codes; positive values indicate a failure
- * during verification of the fingerprint against the known hosts.
+ * during verification of the host key against the known hosts.
  *
  * @param session
  *     A pointer to the LIBSSH2_SESSION structure of the SSH connection already
@@ -200,11 +200,11 @@ int guac_common_ssh_key_sign(guac_common_ssh_key* key, const char* data,
  * @param port
  *     The port number of the server being verified.
  *
- * @param fingerprint
+ * @param remote_hostkey
- *     The fingering of the server being verified.
+ *     The host key of the remote system being verified.
  *
- * @param fp_len
+ * @param remote_hostkey_len
- *     The length of the fingerprint being verified
+ *     The length of the remote host key being verified
  *
  * @return
  *     The status of the known_hosts check.  This will be zero if no entries
@@ -213,8 +213,8 @@ int guac_common_ssh_key_sign(guac_common_ssh_key* key, const char* data,
  *     checking.
  */
 int guac_common_ssh_verify_host_key(LIBSSH2_SESSION* session, guac_client* client,
-        const char* host_key, const char* hostname, int port, const char* fingerprint,
+        const char* host_key, const char* hostname, int port, const char* remote_hostkey,
-        const size_t fp_len);
+        const size_t remote_hostkey_len);
 
 #endif
 

src/common-ssh/key.c

@@ -247,8 +247,8 @@ int guac_common_ssh_key_sign(guac_common_ssh_key* key, const char* data,
 }
 
 int guac_common_ssh_verify_host_key(LIBSSH2_SESSION* session, guac_client* client,
-        const char* host_key, const char* hostname, int port, const char* fingerprint,
+        const char* host_key, const char* hostname, int port, const char* remote_hostkey,
-        const size_t fp_len) {
+        const size_t remote_hostkey_len) {
 
     LIBSSH2_KNOWNHOSTS* ssh_known_hosts = libssh2_knownhost_init(session);
     int known_hosts = 0;
@@ -296,9 +296,9 @@ int guac_common_ssh_verify_host_key(LIBSSH2_SESSION* session, guac_client* clien
     }
 
 
-    /* Check fingerprint against known hosts */
+    /* Check remote host key against known hosts */
     int kh_check = libssh2_knownhost_checkp(ssh_known_hosts, hostname, port,
-                                            fingerprint, fp_len,
+                                            remote_hostkey, remote_hostkey_len,
                                             LIBSSH2_KNOWNHOST_TYPE_PLAIN|
                                             LIBSSH2_KNOWNHOST_KEYENC_RAW,
                                             NULL);

src/common-ssh/ssh.c

@@ -520,15 +520,14 @@ guac_common_ssh_session* guac_common_ssh_create_session(guac_client* client,
         return NULL;
     }
 
-    /* Get fingerprint of host we're connecting to */
+    /* Get host key of remote system we're connecting to */
-    size_t fp_len;
+    size_t remote_hostkey_len;
-    int fp_type;
+    const char *remote_hostkey = libssh2_session_hostkey(session, &remote_hostkey_len, NULL);
-    const char *fingerprint = libssh2_session_hostkey(session, &fp_len, &fp_type);
 
-    /* Failure to generate a fingerprint means we should abort */
+    /* Failure to retrieve a host key means we should abort */
-    if (!fingerprint) {
+    if (!remote_hostkey) {
         guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR,
-            "Failed to get fingerprint for host %s", hostname);
+            "Failed to get host key for %s", hostname);
         free(common_session);
         close(fd);
         return NULL;
@@ -536,8 +535,8 @@ guac_common_ssh_session* guac_common_ssh_create_session(guac_client* client,
 
     /* SSH known host key checking. */
     int known_host_check = guac_common_ssh_verify_host_key(session, client, host_key,
-                                                           hostname, atoi(port), fingerprint,
+                                                           hostname, atoi(port), remote_hostkey,
-                                                           fp_len);
+                                                           remote_hostkey_len);
 
     /* Abort on any error codes */
     if (known_host_check != 0) {
@@ -551,7 +550,7 @@ guac_common_ssh_session* guac_common_ssh_create_session(guac_client* client,
 
         if (known_host_check > 0)
             guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR,
-                "Host fingerprint did not match any provided known host keys. %s", err_msg);
+                "Host key did not match any provided known host keys. %s", err_msg);
 
         free(common_session);
         close(fd);