maride/guacamole-spice-protocol
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

GUACAMOLE-527: Enable host key setting for SFTP connections.

Browse Source
This commit is contained in:
Nick Couchman 2018-04-05 08:52:16 -04:00 committed by Nick Couchman
parent 0d82cd1e6c
commit 9112c4f32f
11 changed files with 126 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/common-ssh/common-ssh/ssh.h
View File

@ -99,7 +99,7 @@ void guac_common_ssh_uninit();
*/ */
guac_common_ssh_session* guac_common_ssh_create_session(guac_client* client, guac_common_ssh_session* guac_common_ssh_create_session(guac_client* client,
const char* hostname, const char* port, guac_common_ssh_user* user, int keepalive, const char* hostname, const char* port, guac_common_ssh_user* user, int keepalive,
const char* host_key_type, const char* host_key); const int host_key_type, const char* host_key);
/** /**
* Disconnects and destroys the given SSH session, freeing all associated * Disconnects and destroys the given SSH session, freeing all associated

16
src/common-ssh/ssh.c
View File

@ -416,7 +416,7 @@ static int guac_common_ssh_authenticate(guac_common_ssh_session* common_session)
guac_common_ssh_session* guac_common_ssh_create_session(guac_client* client, guac_common_ssh_session* guac_common_ssh_create_session(guac_client* client,
const char* hostname, const char* port, guac_common_ssh_user* user, int keepalive, const char* hostname, const char* port, guac_common_ssh_user* user, int keepalive,
const char* host_key_type, const char* host_key) { const int host_key_type, const char* host_key) {
int retval; int retval;
@ -522,20 +522,9 @@ guac_common_ssh_session* guac_common_ssh_create_session(guac_client* client,
/* Add host key provided from settings */ /* Add host key provided from settings */
if (strcmp(host_key, "") > 0) { if (strcmp(host_key, "") > 0) {
int kh_key_type = 0;
if (strcmp(host_key_type, "ssh-rsa") == 0)
kh_key_type = LIBSSH2_KNOWNHOST_KEY_SSHRSA;
else if(strcmp(host_key_type, "ssh-dss") == 0)
kh_key_type = LIBSSH2_KNOWNHOST_KEY_SSHDSS;
else if(strcmp(host_key_type, "rsa1") == 0)
kh_key_type = LIBSSH2_KNOWNHOST_KEY_RSA1;
else
guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR,
"Invalid SSH host key type %s", host_key_type);
if (libssh2_knownhost_addc(ssh_known_hosts, hostname, NULL, host_key, strlen(host_key), if (libssh2_knownhost_addc(ssh_known_hosts, hostname, NULL, host_key, strlen(host_key),
NULL, 0, LIBSSH2_KNOWNHOST_TYPE_PLAIN|LIBSSH2_KNOWNHOST_KEYENC_BASE64| NULL, 0, LIBSSH2_KNOWNHOST_TYPE_PLAIN|LIBSSH2_KNOWNHOST_KEYENC_BASE64|
kh_key_type, NULL)) host_key_type, NULL))
guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR, guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR,
"Failed to add host key to known hosts store for %s", hostname); "Failed to add host key to known hosts store for %s", hostname);
} }
@ -627,4 +616,3 @@ void guac_common_ssh_destroy_session(guac_common_ssh_session* session) {
free(session); free(session);
} }

3
src/protocols/rdp/rdp.c
View File

@ -974,7 +974,8 @@ void* guac_rdp_client_thread(void* data) {
/* Attempt SSH connection */ /* Attempt SSH connection */
rdp_client->sftp_session = rdp_client->sftp_session =
guac_common_ssh_create_session(client, settings->sftp_hostname, guac_common_ssh_create_session(client, settings->sftp_hostname,
settings->sftp_port, rdp_client->sftp_user, settings->sftp_server_alive_interval); settings->sftp_port, rdp_client->sftp_user, settings->sftp_server_alive_interval,
settings->sftp_host_key_type, settings->sftp_host_key);
/* Fail if SSH connection does not succeed */ /* Fail if SSH connection does not succeed */
if (rdp_client->sftp_session == NULL) { if (rdp_client->sftp_session == NULL) {

40
src/protocols/rdp/rdp_settings.c
View File

@ -35,6 +35,9 @@
#include "compat/winpr-wtypes.h" #include "compat/winpr-wtypes.h"
#endif #endif
#ifdef ENABLE_COMMON_SSH
#include <libssh2.h>
#endif
#include <stddef.h> #include <stddef.h>
#include <string.h> #include <string.h>
@ -81,6 +84,8 @@ const char* GUAC_RDP_CLIENT_ARGS[] = {
#ifdef ENABLE_COMMON_SSH #ifdef ENABLE_COMMON_SSH
"enable-sftp", "enable-sftp",
"sftp-hostname", "sftp-hostname",
"sftp-host-key-type",
"sftp-host-key",
"sftp-port", "sftp-port",
"sftp-username", "sftp-username",
"sftp-password", "sftp-password",
@ -355,6 +360,17 @@ enum RDP_ARGS_IDX {
*/ */
IDX_SFTP_HOSTNAME, IDX_SFTP_HOSTNAME,
/**
* The type of public SSH host key provided. If not specified, it defaults
* to SSH-RSA.
*/
IDX_SFTP_HOST_KEY_TYPE,
/**
* The public SSH host key of the SFTP server. Optional.
*/
IDX_SFTP_HOST_KEY,
/** /**
* The port of the SSH server to connect to for SFTP. If blank, the default * The port of the SSH server to connect to for SFTP. If blank, the default
* SSH port of "22" will be used. * SSH port of "22" will be used.
@ -822,6 +838,30 @@ guac_rdp_settings* guac_rdp_parse_args(guac_user* user,
guac_user_parse_args_string(user, GUAC_RDP_CLIENT_ARGS, argv, guac_user_parse_args_string(user, GUAC_RDP_CLIENT_ARGS, argv,
IDX_SFTP_HOSTNAME, settings->hostname); IDX_SFTP_HOSTNAME, settings->hostname);
/* The public SSH host key. */
settings->sftp_host_key =
guac_user_parse_args_string(user, GUAC_RDP_CLIENT_ARGS, argv,
IDX_SFTP_HOST_KEY, NULL);
if(settings->sftp_host_key) {
/* Type of public SSH host key. */
char* str_host_key_type = guac_user_parse_args_string(user, GUAC_RDP_CLIENT_ARGS, argv,
IDX_SFTP_HOST_KEY_TYPE, "ssh-rsa");
if (strcmp(str_host_key_type, "ssh-rsa") == 0)
settings->sftp_host_key_type = LIBSSH2_KNOWNHOST_KEY_SSHRSA;
else if (strcmp(str_host_key_type, "ssh-dss") == 0)
settings->sftp_host_key_type = LIBSSH2_KNOWNHOST_KEY_SSHDSS;
else if (strcmp(str_host_key_type, "rsa1") == 0)
settings->sftp_host_key_type = LIBSSH2_KNOWNHOST_KEY_RSA1;
else {
guac_user_log(user, GUAC_LOG_WARNING, "Invalid host key type specified %s. "
"Ignoring host key.", str_host_key_type);
settings->sftp_host_key = NULL;
}
}
/* Port for SFTP connection */ /* Port for SFTP connection */
settings->sftp_port = settings->sftp_port =
guac_user_parse_args_string(user, GUAC_RDP_CLIENT_ARGS, argv, guac_user_parse_args_string(user, GUAC_RDP_CLIENT_ARGS, argv,

10
src/protocols/rdp/rdp_settings.h
View File

@ -342,6 +342,16 @@ typedef struct guac_rdp_settings {
*/ */
char* sftp_hostname; char* sftp_hostname;
/**
* The type of the public SSH hos key.
*/
int sftp_host_key_type;
/**
* The public SSH host key.
*/
char* sftp_host_key;
/** /**
* The port of the SSH server to connect to for SFTP. * The port of the SSH server to connect to for SFTP.
*/ */

23
src/protocols/ssh/settings.c
View File

@ -24,6 +24,7 @@
#include <guacamole/user.h> #include <guacamole/user.h>
#include <libssh2.h>
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
#include <time.h> #include <time.h>
@ -259,14 +260,26 @@ guac_ssh_settings* guac_ssh_parse_args(guac_user* user,
guac_user_parse_args_string(user, GUAC_SSH_CLIENT_ARGS, argv, guac_user_parse_args_string(user, GUAC_SSH_CLIENT_ARGS, argv,
IDX_HOSTNAME, ""); IDX_HOSTNAME, "");
settings->host_key_type =
guac_user_parse_args_string(user, GUAC_SSH_CLIENT_ARGS, argv,
IDX_HOST_KEY_TYPE, "ssh-rsa");
settings->host_key = settings->host_key =
guac_user_parse_args_string(user, GUAC_SSH_CLIENT_ARGS, argv, guac_user_parse_args_string(user, GUAC_SSH_CLIENT_ARGS, argv,
IDX_HOST_KEY, NULL); IDX_HOST_KEY, NULL);
if (settings->host_key) {
char* str_host_key_type = guac_user_parse_args_string(user, GUAC_SSH_CLIENT_ARGS, argv,
IDX_HOST_KEY_TYPE, "ssh-rsa");
if (strcmp(str_host_key_type, "ssh-rsa") == 0)
settings->host_key_type = LIBSSH2_KNOWNHOST_KEY_SSHRSA;
else if (strcmp(str_host_key_type, "ssh-dss") == 0)
settings->host_key_type = LIBSSH2_KNOWNHOST_KEY_SSHDSS;
else if (strcmp(str_host_key_type, "rsa1") == 0)
settings->host_key_type = LIBSSH2_KNOWNHOST_KEY_RSA1;
else {
guac_user_log(user, GUAC_LOG_WARNING, "Invalid host key type specified %s. "
"Ignoring host key.", str_host_key_type);
settings->host_key = NULL;
}
}
settings->username = settings->username =
guac_user_parse_args_string(user, GUAC_SSH_CLIENT_ARGS, argv, guac_user_parse_args_string(user, GUAC_SSH_CLIENT_ARGS, argv,
IDX_USERNAME, NULL); IDX_USERNAME, NULL);
@ -404,7 +417,6 @@ void guac_ssh_settings_free(guac_ssh_settings* settings) {
/* Free network connection information */ /* Free network connection information */
free(settings->hostname); free(settings->hostname);
free(settings->host_key_type);
free(settings->host_key); free(settings->host_key);
free(settings->port); free(settings->port);
@ -439,4 +451,3 @@ void guac_ssh_settings_free(guac_ssh_settings* settings) {
free(settings); free(settings);
} }

2
src/protocols/ssh/settings.h
View File

@ -73,7 +73,7 @@ typedef struct guac_ssh_settings {
/** /**
* The type of public SSH host key. * The type of public SSH host key.
*/ */
char* host_key_type; int host_key_type;
/** /**
* The public SSH host key. * The public SSH host key.

6
src/protocols/ssh/ssh.c
View File

@ -235,7 +235,8 @@ void* ssh_client_thread(void* data) {
/* Open SSH session */ /* Open SSH session */
ssh_client->session = guac_common_ssh_create_session(client, ssh_client->session = guac_common_ssh_create_session(client,
settings->hostname, settings->port, ssh_client->user, settings->server_alive_interval); settings->hostname, settings->port, ssh_client->user, settings->server_alive_interval,
settings->host_key_type, settings->host_key);
if (ssh_client->session == NULL) { if (ssh_client->session == NULL) {
/* Already aborted within guac_common_ssh_create_session() */ /* Already aborted within guac_common_ssh_create_session() */
return NULL; return NULL;
@ -275,7 +276,8 @@ void* ssh_client_thread(void* data) {
guac_client_log(client, GUAC_LOG_DEBUG, "Reconnecting for SFTP..."); guac_client_log(client, GUAC_LOG_DEBUG, "Reconnecting for SFTP...");
ssh_client->sftp_session = ssh_client->sftp_session =
guac_common_ssh_create_session(client, settings->hostname, guac_common_ssh_create_session(client, settings->hostname,
settings->port, ssh_client->user, settings->server_alive_interval); settings->port, ssh_client->user, settings->server_alive_interval,
settings->host_key_type, settings->host_key);
if (ssh_client->sftp_session == NULL) { if (ssh_client->sftp_session == NULL) {
/* Already aborted within guac_common_ssh_create_session() */ /* Already aborted within guac_common_ssh_create_session() */
return NULL; return NULL;

37
src/protocols/vnc/settings.c
View File

@ -24,6 +24,9 @@
#include <guacamole/user.h> #include <guacamole/user.h>
#ifdef ENABLE_COMMON_SSH
#include <libssh2.h>
#endif
#include <stdbool.h> #include <stdbool.h>
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
@ -208,6 +211,16 @@ enum VNC_ARGS_IDX {
*/ */
IDX_SFTP_USERNAME, IDX_SFTP_USERNAME,
/**
* The type of public SSH host key provided to identify the SFTP server.
*/
IDX_SFTP_HOST_KEY_TYPE,
/**
* The public SSH host key to identify the SFTP server.
*/
IDX_SFTP_HOST_KEY,
/** /**
* The password to provide when authenticating with the SSH server for * The password to provide when authenticating with the SSH server for
* SFTP (if not using a private key). * SFTP (if not using a private key).
@ -411,6 +424,30 @@ guac_vnc_settings* guac_vnc_parse_args(guac_user* user,
guac_user_parse_args_string(user, GUAC_VNC_CLIENT_ARGS, argv, guac_user_parse_args_string(user, GUAC_VNC_CLIENT_ARGS, argv,
IDX_SFTP_HOSTNAME, settings->hostname); IDX_SFTP_HOSTNAME, settings->hostname);
/* The public SSH host key. */
settings->sftp_host_key =
guac_user_parse_args_string(user, GUAC_VNC_CLIENT_ARGS, argv,
IDX_SFTP_HOST_KEY, NULL);
if(settings->sftp_host_key) {
/* Type of public SSH host key. */
char* str_host_key_type = guac_user_parse_args_string(user, GUAC_VNC_CLIENT_ARGS, argv,
IDX_SFTP_HOST_KEY_TYPE, "ssh-rsa");
if (strcmp(str_host_key_type, "ssh-rsa") == 0)
settings->sftp_host_key_type = LIBSSH2_KNOWNHOST_KEY_SSHRSA;
else if (strcmp(str_host_key_type, "ssh-dss") == 0)
settings->sftp_host_key_type = LIBSSH2_KNOWNHOST_KEY_SSHDSS;
else if (strcmp(str_host_key_type, "rsa1") == 0)
settings->sftp_host_key_type = LIBSSH2_KNOWNHOST_KEY_RSA1;
else {
guac_user_log(user, GUAC_LOG_WARNING, "Invalid host key type specified %s. "
"Ignoring host key.", str_host_key_type);
settings->sftp_host_key = NULL;
}
}
/* Port for SFTP connection */ /* Port for SFTP connection */
settings->sftp_port = settings->sftp_port =
guac_user_parse_args_string(user, GUAC_VNC_CLIENT_ARGS, argv, guac_user_parse_args_string(user, GUAC_VNC_CLIENT_ARGS, argv,

10
src/protocols/vnc/settings.h
View File

@ -138,6 +138,16 @@ typedef struct guac_vnc_settings {
*/ */
char* sftp_hostname; char* sftp_hostname;
/**
* The type of public SSH host key provided.
*/
int sftp_host_key_type;
/**
* The public SSH host key.
*/
char* sftp_host_key;
/** /**
* The port of the SSH server to connect to for SFTP. * The port of the SSH server to connect to for SFTP.
*/ */

3
src/protocols/vnc/vnc.c
View File

@ -261,7 +261,8 @@ void* guac_vnc_client_thread(void* data) {
/* Attempt SSH connection */ /* Attempt SSH connection */
vnc_client->sftp_session = vnc_client->sftp_session =
guac_common_ssh_create_session(client, settings->sftp_hostname, guac_common_ssh_create_session(client, settings->sftp_hostname,
settings->sftp_port, vnc_client->sftp_user, settings->sftp_server_alive_interval); settings->sftp_port, vnc_client->sftp_user, settings->sftp_server_alive_interval,
settings->sftp_host_key_type, settings->sftp_host_key);
/* Fail if SSH connection does not succeed */ /* Fail if SSH connection does not succeed */
if (vnc_client->sftp_session == NULL) { if (vnc_client->sftp_session == NULL) {