GUACAMOLE-527: Do not call a remote host key a fingerprint.
Project: http://git-wip-us.apache.org/repos/asf/guacamole-server/repo Commit: http://git-wip-us.apache.org/repos/asf/guacamole-server/commit/7bc6a623 Tree: http://git-wip-us.apache.org/repos/asf/guacamole-server/tree/7bc6a623 Diff: http://git-wip-us.apache.org/repos/asf/guacamole-server/diff/7bc6a623 Branch: refs/heads/staging/1.0.0 Commit: 7bc6a623650b8b0d3c2e24d6b78cf288a81923a6 Parents: ba68496 Author: Nick Couchman <nick_couch...@cotyinc.com> Authored: Mon Jun 25 13:57:01 2018 -0400 Committer: Nick Couchman <nick_couch...@cotyinc.com> Committed: Mon Jun 25 13:57:01 2018 -0400 ---------------------------------------------------------------------- src/common-ssh/common-ssh/key.h | 16 ++++++++-------- src/common-ssh/key.c | 8 ++++---- src/common-ssh/ssh.c | 19 +++++++++---------- 3 files changed, 21 insertions(+), 22 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/guacamole-server/blob/7bc6a623/src/common-ssh/common-ssh/key.h ---------------------------------------------------------------------- diff --git a/src/common-ssh/common-ssh/key.h b/src/common-ssh/common-ssh/key.h index 576ba1b..897555a 100644 --- a/src/common-ssh/common-ssh/key.h +++ b/src/common-ssh/common-ssh/key.h @@ -170,7 +170,7 @@ int guac_common_ssh_key_sign(guac_common_ssh_key* key, const char* data, int length, unsigned char* sig); /** - * Verifies the fingerprint for the given hostname/port combination against + * Verifies the host key for the given hostname/port combination against * one or more known_hosts entries. The known_host entries can either be a * single host_key, provided by the client, or a set of known_hosts entries * provided in the /etc/guacamole/ssh_known_hosts file. Failure to correctly @@ -178,7 +178,7 @@ int guac_common_ssh_key_sign(guac_common_ssh_key* key, const char* data, * error code. A return code of zero indiciates that either no known_hosts entries * were provided, or that the verification succeeded (match). Negative values * indicate internal libssh2 error codes; positive values indicate a failure - * during verification of the fingerprint against the known hosts. + * during verification of the host key against the known hosts. * * @param session * A pointer to the LIBSSH2_SESSION structure of the SSH connection already @@ -200,11 +200,11 @@ int guac_common_ssh_key_sign(guac_common_ssh_key* key, const char* data, * @param port * The port number of the server being verified. * - * @param fingerprint - * The fingering of the server being verified. + * @param remote_hostkey + * The host key of the remote system being verified. * - * @param fp_len - * The length of the fingerprint being verified + * @param remote_hostkey_len + * The length of the remote host key being verified * * @return * The status of the known_hosts check. This will be zero if no entries @@ -213,8 +213,8 @@ int guac_common_ssh_key_sign(guac_common_ssh_key* key, const char* data, * checking. */ int guac_common_ssh_verify_host_key(LIBSSH2_SESSION* session, guac_client* client, - const char* host_key, const char* hostname, int port, const char* fingerprint, - const size_t fp_len); + const char* host_key, const char* hostname, int port, const char* remote_hostkey, + const size_t remote_hostkey_len); #endif http://git-wip-us.apache.org/repos/asf/guacamole-server/blob/7bc6a623/src/common-ssh/key.c ---------------------------------------------------------------------- diff --git a/src/common-ssh/key.c b/src/common-ssh/key.c index 4d569db..f835e4c 100644 --- a/src/common-ssh/key.c +++ b/src/common-ssh/key.c @@ -247,8 +247,8 @@ int guac_common_ssh_key_sign(guac_common_ssh_key* key, const char* data, } int guac_common_ssh_verify_host_key(LIBSSH2_SESSION* session, guac_client* client, - const char* host_key, const char* hostname, int port, const char* fingerprint, - const size_t fp_len) { + const char* host_key, const char* hostname, int port, const char* remote_hostkey, + const size_t remote_hostkey_len) { LIBSSH2_KNOWNHOSTS* ssh_known_hosts = libssh2_knownhost_init(session); int known_hosts = 0; @@ -296,9 +296,9 @@ int guac_common_ssh_verify_host_key(LIBSSH2_SESSION* session, guac_client* clien } - /* Check fingerprint against known hosts */ + /* Check remote host key against known hosts */ int kh_check = libssh2_knownhost_checkp(ssh_known_hosts, hostname, port, - fingerprint, fp_len, + remote_hostkey, remote_hostkey_len, LIBSSH2_KNOWNHOST_TYPE_PLAIN| LIBSSH2_KNOWNHOST_KEYENC_RAW, NULL); http://git-wip-us.apache.org/repos/asf/guacamole-server/blob/7bc6a623/src/common-ssh/ssh.c ---------------------------------------------------------------------- diff --git a/src/common-ssh/ssh.c b/src/common-ssh/ssh.c index 1b13520..831245d 100644 --- a/src/common-ssh/ssh.c +++ b/src/common-ssh/ssh.c @@ -520,15 +520,14 @@ guac_common_ssh_session* guac_common_ssh_create_session(guac_client* client, return NULL; } - /* Get fingerprint of host we're connecting to */ - size_t fp_len; - int fp_type; - const char *fingerprint = libssh2_session_hostkey(session, &fp_len, &fp_type); + /* Get host key of remote system we're connecting to */ + size_t remote_hostkey_len; + const char *remote_hostkey = libssh2_session_hostkey(session, &remote_hostkey_len, NULL); - /* Failure to generate a fingerprint means we should abort */ - if (!fingerprint) { + /* Failure to retrieve a host key means we should abort */ + if (!remote_hostkey) { guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR, - "Failed to get fingerprint for host %s", hostname); + "Failed to get host key for %s", hostname); free(common_session); close(fd); return NULL; @@ -536,8 +535,8 @@ guac_common_ssh_session* guac_common_ssh_create_session(guac_client* client, /* SSH known host key checking. */ int known_host_check = guac_common_ssh_verify_host_key(session, client, host_key, - hostname, atoi(port), fingerprint, - fp_len); + hostname, atoi(port), remote_hostkey, + remote_hostkey_len); /* Abort on any error codes */ if (known_host_check != 0) { @@ -551,7 +550,7 @@ guac_common_ssh_session* guac_common_ssh_create_session(guac_client* client, if (known_host_check > 0) guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR, - "Host fingerprint did not match any provided known host keys. %s", err_msg); + "Host key did not match any provided known host keys. %s", err_msg); free(common_session); close(fd);