/* * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information * regarding copyright ownership. The ASF licenses this file * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. */ #include "common-ssh/key.h" #include "common-ssh/ssh.h" #include "common-ssh/user.h" #include #include #ifdef LIBSSH2_USES_GCRYPT #include #endif #include #include #include #include #include #include #include #include #include #include #include #include #ifdef LIBSSH2_USES_GCRYPT GCRY_THREAD_OPTION_PTHREAD_IMPL; #endif #ifdef OPENSSL_REQUIRES_THREADING_CALLBACKS /** * Array of mutexes, used by OpenSSL. */ static pthread_mutex_t* guac_common_ssh_openssl_locks = NULL; /** * Called by OpenSSL when locking or unlocking the Nth mutex. * * @param mode * A bitmask denoting the action to be taken on the Nth lock, such as * CRYPTO_LOCK or CRYPTO_UNLOCK. * * @param n * The index of the lock to lock or unlock. * * @param file * The filename of the function setting the lock, for debugging purposes. * * @param line * The line number of the function setting the lock, for debugging * purposes. */ static void guac_common_ssh_openssl_locking_callback(int mode, int n, const char* file, int line){ /* Lock given mutex upon request */ if (mode & CRYPTO_LOCK) pthread_mutex_lock(&(guac_common_ssh_openssl_locks[n])); /* Unlock given mutex upon request */ else if (mode & CRYPTO_UNLOCK) pthread_mutex_unlock(&(guac_common_ssh_openssl_locks[n])); } /** * Called by OpenSSL when determining the current thread ID. * * @return * An ID which uniquely identifies the current thread. */ static unsigned long guac_common_ssh_openssl_id_callback() { return (unsigned long) pthread_self(); } /** * Creates the given number of mutexes, such that OpenSSL will have at least * this number of mutexes at its disposal. * * @param count * The number of mutexes (locks) to create. */ static void guac_common_ssh_openssl_init_locks(int count) { int i; /* Allocate required number of locks */ guac_common_ssh_openssl_locks = malloc(sizeof(pthread_mutex_t) * count); /* Initialize each lock */ for (i=0; i < count; i++) pthread_mutex_init(&(guac_common_ssh_openssl_locks[i]), NULL); } /** * Frees the given number of mutexes. * * @param count * The number of mutexes (locks) to free. */ static void guac_common_ssh_openssl_free_locks(int count) { int i; /* SSL lock array was not initialized */ if (guac_common_ssh_openssl_locks == NULL) return; /* Free all locks */ for (i=0; i < count; i++) pthread_mutex_destroy(&(guac_common_ssh_openssl_locks[i])); /* Free lock array */ free(guac_common_ssh_openssl_locks); } #endif int guac_common_ssh_init(guac_client* client) { #ifdef LIBSSH2_USES_GCRYPT /* Init threadsafety in libgcrypt */ gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread); if (!gcry_check_version(GCRYPT_VERSION)) { guac_client_log(client, GUAC_LOG_ERROR, "libgcrypt version mismatch."); return 1; } #endif #ifdef OPENSSL_REQUIRES_THREADING_CALLBACKS /* Init threadsafety in OpenSSL */ guac_common_ssh_openssl_init_locks(CRYPTO_num_locks()); CRYPTO_set_id_callback(guac_common_ssh_openssl_id_callback); CRYPTO_set_locking_callback(guac_common_ssh_openssl_locking_callback); #endif /* Init OpenSSL */ SSL_library_init(); ERR_load_crypto_strings(); /* Init libssh2 */ libssh2_init(0); /* Success */ return 0; } void guac_common_ssh_uninit() { #ifdef OPENSSL_REQUIRES_THREADING_CALLBACKS guac_common_ssh_openssl_free_locks(CRYPTO_num_locks()); #endif } /** * Callback invoked by libssh2 when libssh2_userauth_publickkey() is invoked. * This callback must sign the given data, returning the signature as newly- * allocated buffer space. * * @param session * The SSH session for which the signature is being generated. * * @param sig * A pointer to the buffer space containing the signature. This callback * MUST allocate and assign this space. * * @param sig_len * The length of the signature within the allocated buffer space, in bytes. * This value must be set to the size of the signature after the signing * operation completes. * * @param data * The arbitrary data that must be signed. * * @param data_len * The length of the arbitrary data to be signed, in bytes. * * @param abstract * The value of the abstract parameter provided with the corresponding call * to libssh2_userauth_publickey(). * * @return * Zero on success, non-zero if the signing operation failed. */ static int guac_common_ssh_sign_callback(LIBSSH2_SESSION* session, unsigned char** sig, size_t* sig_len, const unsigned char* data, size_t data_len, void **abstract) { guac_common_ssh_key* key = (guac_common_ssh_key*) abstract; int length; /* Allocate space for signature */ *sig = malloc(4096); /* Sign with key */ length = guac_common_ssh_key_sign(key, (const char*) data, data_len, *sig); if (length < 0) return 1; *sig_len = length; return 0; } /** * Callback for the keyboard-interactive authentication method. Currently * supports just one prompt for the password. This callback is invoked as * needed to fullfill a call to libssh2_userauth_keyboard_interactive(). * * @param name * An arbitrary name which should be printed to the terminal for the * benefit of the user. This is currently ignored. * * @param name_len * The length of the name string, in bytes. * * @param instruction * Arbitrary instructions which should be printed to the terminal for the * benefit of the user. This is currently ignored. * * @param instruction_len * The length of the instruction string, in bytes. * * @param num_prompts * The number of keyboard-interactive prompts for which responses are * requested. This callback currently only supports one prompt, and assumes * that this prompt is requesting the password. * * @param prompts * An array of all keyboard-interactive prompts for which responses are * requested. * * @param responses * A parallel array into which all prompt responses should be stored. Each * entry within this array corresponds to the entry in the prompts array * with the same index. * * @param abstract * The value of the abstract parameter provided when the SSH session was * created with libssh2_session_init_ex(). */ static void guac_common_ssh_kbd_callback(const char *name, int name_len, const char *instruction, int instruction_len, int num_prompts, const LIBSSH2_USERAUTH_KBDINT_PROMPT *prompts, LIBSSH2_USERAUTH_KBDINT_RESPONSE *responses, void **abstract) { guac_common_ssh_session* common_session = (guac_common_ssh_session*) *abstract; guac_client* client = common_session->client; /* Send password if only one prompt */ if (num_prompts == 1) { char* password = common_session->user->password; responses[0].text = strdup(password); responses[0].length = strlen(password); } /* If more than one prompt, a single password is not enough */ else guac_client_log(client, GUAC_LOG_WARNING, "Unsupported number of keyboard-interactive prompts: %i", num_prompts); } /** * Authenticates the user associated with the given session over SSH. All * required credentials must already be present within the user object * associated with the given session. * * @param session * The session associated with the user to be authenticated. * * @return * Zero if authentication succeeds, or non-zero if authentication has * failed. */ static int guac_common_ssh_authenticate(guac_common_ssh_session* common_session) { guac_client* client = common_session->client; guac_common_ssh_user* user = common_session->user; LIBSSH2_SESSION* session = common_session->session; /* Get user credentials */ char* username = user->username; char* password = user->password; guac_common_ssh_key* key = user->private_key; /* Validate username provided */ if (username == NULL) { guac_client_abort(client, GUAC_PROTOCOL_STATUS_CLIENT_UNAUTHORIZED, "SSH authentication requires a username."); return 1; } /* Get list of supported authentication methods */ char* user_authlist = libssh2_userauth_list(session, username, strlen(username)); guac_client_log(client, GUAC_LOG_DEBUG, "Supported authentication methods: %s", user_authlist); /* Authenticate with private key, if provided */ if (key != NULL) { /* Check if public key auth is supported on the server */ if (strstr(user_authlist, "publickey") == NULL) { guac_client_abort(client, GUAC_PROTOCOL_STATUS_CLIENT_UNAUTHORIZED, "Public key authentication is not supported by " "the SSH server"); return 1; } /* Attempt public key auth */ if (libssh2_userauth_publickey(session, username, (unsigned char*) key->public_key, key->public_key_length, guac_common_ssh_sign_callback, (void**) key)) { /* Abort on failure */ char* error_message; libssh2_session_last_error(session, &error_message, NULL, 0); guac_client_abort(client, GUAC_PROTOCOL_STATUS_CLIENT_UNAUTHORIZED, "Public key authentication failed: %s", error_message); return 1; } /* Private key authentication succeeded */ return 0; } /* Authenticate with password, if provided */ else if (password != NULL) { /* Check if password auth is supported on the server */ if (strstr(user_authlist, "password") != NULL) { /* Attempt password authentication */ if (libssh2_userauth_password(session, username, password)) { /* Abort on failure */ char* error_message; libssh2_session_last_error(session, &error_message, NULL, 0); guac_client_abort(client, GUAC_PROTOCOL_STATUS_CLIENT_UNAUTHORIZED, "Password authentication failed: %s", error_message); return 1; } /* Password authentication succeeded */ return 0; } /* Check if keyboard-interactive auth is supported on the server */ if (strstr(user_authlist, "keyboard-interactive") != NULL) { /* Attempt keyboard-interactive auth using provided password */ if (libssh2_userauth_keyboard_interactive(session, username, &guac_common_ssh_kbd_callback)) { /* Abort on failure */ char* error_message; libssh2_session_last_error(session, &error_message, NULL, 0); guac_client_abort(client, GUAC_PROTOCOL_STATUS_CLIENT_UNAUTHORIZED, "Keyboard-interactive authentication failed: %s", error_message); return 1; } /* Keyboard-interactive authentication succeeded */ return 0; } /* No known authentication types available */ guac_client_abort(client, GUAC_PROTOCOL_STATUS_CLIENT_UNAUTHORIZED, "Password and keyboard-interactive authentication are not " "supported by the SSH server"); return 1; } /* No credentials provided */ guac_client_abort(client, GUAC_PROTOCOL_STATUS_CLIENT_UNAUTHORIZED, "SSH authentication requires either a private key or a password."); return 1; } guac_common_ssh_session* guac_common_ssh_create_session(guac_client* client, const char* hostname, const char* port, guac_common_ssh_user* user, int keepalive, const int host_key_type, const char* host_key) { int retval; int fd; struct addrinfo* addresses; struct addrinfo* current_address; char connected_address[1024]; char connected_port[64]; struct addrinfo hints = { .ai_family = AF_UNSPEC, .ai_socktype = SOCK_STREAM, .ai_protocol = IPPROTO_TCP }; /* Get addresses connection */ if ((retval = getaddrinfo(hostname, port, &hints, &addresses))) { guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR, "Error parsing given address or port: %s", gai_strerror(retval)); return NULL; } /* Attempt connection to each address until success */ current_address = addresses; while (current_address != NULL) { /* Resolve hostname */ if ((retval = getnameinfo(current_address->ai_addr, current_address->ai_addrlen, connected_address, sizeof(connected_address), connected_port, sizeof(connected_port), NI_NUMERICHOST | NI_NUMERICSERV))) guac_client_log(client, GUAC_LOG_DEBUG, "Unable to resolve host: %s", gai_strerror(retval)); /* Get socket */ fd = socket(current_address->ai_family, SOCK_STREAM, 0); if (fd < 0) { guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR, "Unable to create socket: %s", strerror(errno)); freeaddrinfo(addresses); return NULL; } /* Connect */ if (connect(fd, current_address->ai_addr, current_address->ai_addrlen) == 0) { guac_client_log(client, GUAC_LOG_DEBUG, "Successfully connected to host %s, port %s", connected_address, connected_port); /* Done if successful connect */ break; } /* Otherwise log information regarding bind failure */ guac_client_log(client, GUAC_LOG_DEBUG, "Unable to connect to " "host %s, port %s: %s", connected_address, connected_port, strerror(errno)); close(fd); current_address = current_address->ai_next; } /* Free addrinfo */ freeaddrinfo(addresses); /* If unable to connect to anything, fail */ if (current_address == NULL) { guac_client_abort(client, GUAC_PROTOCOL_STATUS_UPSTREAM_NOT_FOUND, "Unable to connect to any addresses."); return NULL; } /* Allocate new session */ guac_common_ssh_session* common_session = malloc(sizeof(guac_common_ssh_session)); /* Open SSH session */ LIBSSH2_SESSION* session = libssh2_session_init_ex(NULL, NULL, NULL, common_session); if (session == NULL) { guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR, "Session allocation failed."); free(common_session); close(fd); return NULL; } /* Check known_hosts */ /* Get known hosts file from user running guacd */ struct passwd *pw = getpwuid(getuid()); char *homedir = pw->pw_dir; char *known_hosts = strcat(homedir, "/.ssh/known_hosts"); LIBSSH2_KNOWNHOSTS *ssh_known_hosts = libssh2_knownhost_init(session); libssh2_knownhost_readfile(ssh_known_hosts, known_hosts, LIBSSH2_KNOWNHOST_FILE_OPENSSH); /* Add host key provided from settings */ if (host_key && strcmp(host_key, "") > 0) { if (libssh2_knownhost_addc(ssh_known_hosts, hostname, NULL, host_key, strlen(host_key), NULL, 0, LIBSSH2_KNOWNHOST_TYPE_PLAIN|LIBSSH2_KNOWNHOST_KEYENC_BASE64| host_key_type, NULL)) guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR, "Failed to add host key to known hosts store for %s", hostname); } /* Get fingerprint of host we're connecting to */ size_t fp_len; int fp_type; const char *fingerprint = libssh2_session_hostkey(session, &fp_len, &fp_type); /* Check fingerprint against known hosts */ struct libssh2_knownhost *host; int kh_check = libssh2_knownhost_checkp(ssh_known_hosts, hostname, atoi(port), fingerprint, fp_len, LIBSSH2_KNOWNHOST_TYPE_PLAIN| LIBSSH2_KNOWNHOST_KEYENC_RAW, &host); switch (kh_check) { case LIBSSH2_KNOWNHOST_CHECK_MATCH: guac_client_log(client, GUAC_LOG_DEBUG, "Host key match found."); break; case LIBSSH2_KNOWNHOST_CHECK_NOTFOUND: guac_client_log(client, GUAC_LOG_ERROR, "Host key not found in known hosts entries for %s.", hostname); guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR, "Host key not found in known hosts entries."); break; case LIBSSH2_KNOWNHOST_CHECK_MISMATCH: guac_client_log(client, GUAC_LOG_ERROR, "Host entry found, but host key does not match for %s", hostname); guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR, "Host key does not match host entry."); break; case LIBSSH2_KNOWNHOST_CHECK_FAILURE: default: guac_client_log(client, GUAC_LOG_ERROR, "Error checking host key against known hosts for %s", hostname); guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR, "Host could not be checked against known hosts."); } /* Perform handshake */ if (libssh2_session_handshake(session, fd)) { guac_client_abort(client, GUAC_PROTOCOL_STATUS_UPSTREAM_ERROR, "SSH handshake failed."); free(common_session); close(fd); return NULL; } /* Store basic session data */ common_session->client = client; common_session->user = user; common_session->session = session; common_session->fd = fd; /* Attempt authentication */ if (guac_common_ssh_authenticate(common_session)) { free(common_session); close(fd); return NULL; } /* Warn if keepalive below minimum value */ if (keepalive < 0) { keepalive = 0; guac_client_log(client, GUAC_LOG_WARNING, "negative keepalive intervals " "are converted to 0, disabling keepalive."); } else if (keepalive == 1) { guac_client_log(client, GUAC_LOG_WARNING, "keepalive interval will " "be rounded up to minimum value of 2."); } /* Configure session keepalive */ libssh2_keepalive_config(common_session->session, 1, keepalive); /* Return created session */ return common_session; } void guac_common_ssh_destroy_session(guac_common_ssh_session* session) { /* Disconnect and clean up libssh2 */ libssh2_session_disconnect(session->session, "Bye"); libssh2_session_free(session->session); /* Free all other data */ free(session); }