GUACAMOLE-527: Enable host key setting for SFTP connections.
Project: http://git-wip-us.apache.org/repos/asf/guacamole-server/repo Commit: http://git-wip-us.apache.org/repos/asf/guacamole-server/commit/9112c4f3 Tree: http://git-wip-us.apache.org/repos/asf/guacamole-server/tree/9112c4f3 Diff: http://git-wip-us.apache.org/repos/asf/guacamole-server/diff/9112c4f3 Branch: refs/heads/staging/1.0.0 Commit: 9112c4f32f719ca1b4ae5f301e36f96c6190ba9d Parents: 0d82cd1 Author: Nick Couchman <vn...@apache.org> Authored: Thu Apr 5 08:52:16 2018 -0400 Committer: Nick Couchman <nick_couch...@cotyinc.com> Committed: Mon Jun 25 08:31:37 2018 -0400 ---------------------------------------------------------------------- src/common-ssh/common-ssh/ssh.h | 2 +- src/common-ssh/ssh.c | 16 ++------------ src/protocols/rdp/rdp.c | 3 ++- src/protocols/rdp/rdp_settings.c | 40 +++++++++++++++++++++++++++++++++++ src/protocols/rdp/rdp_settings.h | 10 +++++++++ src/protocols/ssh/settings.c | 23 ++++++++++++++------ src/protocols/ssh/settings.h | 2 +- src/protocols/ssh/ssh.c | 6 ++++-- src/protocols/vnc/settings.c | 37 ++++++++++++++++++++++++++++++++ src/protocols/vnc/settings.h | 10 +++++++++ src/protocols/vnc/vnc.c | 3 ++- 11 files changed, 126 insertions(+), 26 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/guacamole-server/blob/9112c4f3/src/common-ssh/common-ssh/ssh.h ---------------------------------------------------------------------- diff --git a/src/common-ssh/common-ssh/ssh.h b/src/common-ssh/common-ssh/ssh.h index e25b626..8f6f689 100644 --- a/src/common-ssh/common-ssh/ssh.h +++ b/src/common-ssh/common-ssh/ssh.h @@ -99,7 +99,7 @@ void guac_common_ssh_uninit(); */ guac_common_ssh_session* guac_common_ssh_create_session(guac_client* client, const char* hostname, const char* port, guac_common_ssh_user* user, int keepalive, - const char* host_key_type, const char* host_key); + const int host_key_type, const char* host_key); /** * Disconnects and destroys the given SSH session, freeing all associated http://git-wip-us.apache.org/repos/asf/guacamole-server/blob/9112c4f3/src/common-ssh/ssh.c ---------------------------------------------------------------------- diff --git a/src/common-ssh/ssh.c b/src/common-ssh/ssh.c index a1a62f6..0eb9fa1 100644 --- a/src/common-ssh/ssh.c +++ b/src/common-ssh/ssh.c @@ -416,7 +416,7 @@ static int guac_common_ssh_authenticate(guac_common_ssh_session* common_session) guac_common_ssh_session* guac_common_ssh_create_session(guac_client* client, const char* hostname, const char* port, guac_common_ssh_user* user, int keepalive, - const char* host_key_type, const char* host_key) { + const int host_key_type, const char* host_key) { int retval; @@ -522,20 +522,9 @@ guac_common_ssh_session* guac_common_ssh_create_session(guac_client* client, /* Add host key provided from settings */ if (strcmp(host_key, "") > 0) { - int kh_key_type = 0; - if (strcmp(host_key_type, "ssh-rsa") == 0) - kh_key_type = LIBSSH2_KNOWNHOST_KEY_SSHRSA; - else if(strcmp(host_key_type, "ssh-dss") == 0) - kh_key_type = LIBSSH2_KNOWNHOST_KEY_SSHDSS; - else if(strcmp(host_key_type, "rsa1") == 0) - kh_key_type = LIBSSH2_KNOWNHOST_KEY_RSA1; - else - guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR, - "Invalid SSH host key type %s", host_key_type); - if (libssh2_knownhost_addc(ssh_known_hosts, hostname, NULL, host_key, strlen(host_key), NULL, 0, LIBSSH2_KNOWNHOST_TYPE_PLAIN|LIBSSH2_KNOWNHOST_KEYENC_BASE64| - kh_key_type, NULL)) + host_key_type, NULL)) guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR, "Failed to add host key to known hosts store for %s", hostname); } @@ -627,4 +616,3 @@ void guac_common_ssh_destroy_session(guac_common_ssh_session* session) { free(session); } - http://git-wip-us.apache.org/repos/asf/guacamole-server/blob/9112c4f3/src/protocols/rdp/rdp.c ---------------------------------------------------------------------- diff --git a/src/protocols/rdp/rdp.c b/src/protocols/rdp/rdp.c index 45082bb..30b1932 100644 --- a/src/protocols/rdp/rdp.c +++ b/src/protocols/rdp/rdp.c @@ -974,7 +974,8 @@ void* guac_rdp_client_thread(void* data) { /* Attempt SSH connection */ rdp_client->sftp_session = guac_common_ssh_create_session(client, settings->sftp_hostname, - settings->sftp_port, rdp_client->sftp_user, settings->sftp_server_alive_interval); + settings->sftp_port, rdp_client->sftp_user, settings->sftp_server_alive_interval, + settings->sftp_host_key_type, settings->sftp_host_key); /* Fail if SSH connection does not succeed */ if (rdp_client->sftp_session == NULL) { http://git-wip-us.apache.org/repos/asf/guacamole-server/blob/9112c4f3/src/protocols/rdp/rdp_settings.c ---------------------------------------------------------------------- diff --git a/src/protocols/rdp/rdp_settings.c b/src/protocols/rdp/rdp_settings.c index 35f7f20..78afe37 100644 --- a/src/protocols/rdp/rdp_settings.c +++ b/src/protocols/rdp/rdp_settings.c @@ -35,6 +35,9 @@ #include "compat/winpr-wtypes.h" #endif +#ifdef ENABLE_COMMON_SSH +#include <libssh2.h> +#endif #include <stddef.h> #include <string.h> @@ -81,6 +84,8 @@ const char* GUAC_RDP_CLIENT_ARGS[] = { #ifdef ENABLE_COMMON_SSH "enable-sftp", "sftp-hostname", + "sftp-host-key-type", + "sftp-host-key", "sftp-port", "sftp-username", "sftp-password", @@ -356,6 +361,17 @@ enum RDP_ARGS_IDX { IDX_SFTP_HOSTNAME, /** + * The type of public SSH host key provided. If not specified, it defaults + * to SSH-RSA. + */ + IDX_SFTP_HOST_KEY_TYPE, + + /** + * The public SSH host key of the SFTP server. Optional. + */ + IDX_SFTP_HOST_KEY, + + /** * The port of the SSH server to connect to for SFTP. If blank, the default * SSH port of "22" will be used. */ @@ -822,6 +838,30 @@ guac_rdp_settings* guac_rdp_parse_args(guac_user* user, guac_user_parse_args_string(user, GUAC_RDP_CLIENT_ARGS, argv, IDX_SFTP_HOSTNAME, settings->hostname); + /* The public SSH host key. */ + settings->sftp_host_key = + guac_user_parse_args_string(user, GUAC_RDP_CLIENT_ARGS, argv, + IDX_SFTP_HOST_KEY, NULL); + + if(settings->sftp_host_key) { + /* Type of public SSH host key. */ + char* str_host_key_type = guac_user_parse_args_string(user, GUAC_RDP_CLIENT_ARGS, argv, + IDX_SFTP_HOST_KEY_TYPE, "ssh-rsa"); + + if (strcmp(str_host_key_type, "ssh-rsa") == 0) + settings->sftp_host_key_type = LIBSSH2_KNOWNHOST_KEY_SSHRSA; + else if (strcmp(str_host_key_type, "ssh-dss") == 0) + settings->sftp_host_key_type = LIBSSH2_KNOWNHOST_KEY_SSHDSS; + else if (strcmp(str_host_key_type, "rsa1") == 0) + settings->sftp_host_key_type = LIBSSH2_KNOWNHOST_KEY_RSA1; + else { + guac_user_log(user, GUAC_LOG_WARNING, "Invalid host key type specified %s. " + "Ignoring host key.", str_host_key_type); + settings->sftp_host_key = NULL; + } + + } + /* Port for SFTP connection */ settings->sftp_port = guac_user_parse_args_string(user, GUAC_RDP_CLIENT_ARGS, argv, http://git-wip-us.apache.org/repos/asf/guacamole-server/blob/9112c4f3/src/protocols/rdp/rdp_settings.h ---------------------------------------------------------------------- diff --git a/src/protocols/rdp/rdp_settings.h b/src/protocols/rdp/rdp_settings.h index ad71ca0..0a44279 100644 --- a/src/protocols/rdp/rdp_settings.h +++ b/src/protocols/rdp/rdp_settings.h @@ -343,6 +343,16 @@ typedef struct guac_rdp_settings { char* sftp_hostname; /** + * The type of the public SSH hos key. + */ + int sftp_host_key_type; + + /** + * The public SSH host key. + */ + char* sftp_host_key; + + /** * The port of the SSH server to connect to for SFTP. */ char* sftp_port; http://git-wip-us.apache.org/repos/asf/guacamole-server/blob/9112c4f3/src/protocols/ssh/settings.c ---------------------------------------------------------------------- diff --git a/src/protocols/ssh/settings.c b/src/protocols/ssh/settings.c index bc650e9..4653e96 100644 --- a/src/protocols/ssh/settings.c +++ b/src/protocols/ssh/settings.c @@ -24,6 +24,7 @@ #include <guacamole/user.h> +#include <libssh2.h> #include <stdlib.h> #include <string.h> #include <time.h> @@ -259,14 +260,26 @@ guac_ssh_settings* guac_ssh_parse_args(guac_user* user, guac_user_parse_args_string(user, GUAC_SSH_CLIENT_ARGS, argv, IDX_HOSTNAME, ""); - settings->host_key_type = - guac_user_parse_args_string(user, GUAC_SSH_CLIENT_ARGS, argv, - IDX_HOST_KEY_TYPE, "ssh-rsa"); - settings->host_key = guac_user_parse_args_string(user, GUAC_SSH_CLIENT_ARGS, argv, IDX_HOST_KEY, NULL); + if (settings->host_key) { + char* str_host_key_type = guac_user_parse_args_string(user, GUAC_SSH_CLIENT_ARGS, argv, + IDX_HOST_KEY_TYPE, "ssh-rsa"); + if (strcmp(str_host_key_type, "ssh-rsa") == 0) + settings->host_key_type = LIBSSH2_KNOWNHOST_KEY_SSHRSA; + else if (strcmp(str_host_key_type, "ssh-dss") == 0) + settings->host_key_type = LIBSSH2_KNOWNHOST_KEY_SSHDSS; + else if (strcmp(str_host_key_type, "rsa1") == 0) + settings->host_key_type = LIBSSH2_KNOWNHOST_KEY_RSA1; + else { + guac_user_log(user, GUAC_LOG_WARNING, "Invalid host key type specified %s. " + "Ignoring host key.", str_host_key_type); + settings->host_key = NULL; + } + } + settings->username = guac_user_parse_args_string(user, GUAC_SSH_CLIENT_ARGS, argv, IDX_USERNAME, NULL); @@ -404,7 +417,6 @@ void guac_ssh_settings_free(guac_ssh_settings* settings) { /* Free network connection information */ free(settings->hostname); - free(settings->host_key_type); free(settings->host_key); free(settings->port); @@ -439,4 +451,3 @@ void guac_ssh_settings_free(guac_ssh_settings* settings) { free(settings); } - http://git-wip-us.apache.org/repos/asf/guacamole-server/blob/9112c4f3/src/protocols/ssh/settings.h ---------------------------------------------------------------------- diff --git a/src/protocols/ssh/settings.h b/src/protocols/ssh/settings.h index ac8400e..e47a816 100644 --- a/src/protocols/ssh/settings.h +++ b/src/protocols/ssh/settings.h @@ -73,7 +73,7 @@ typedef struct guac_ssh_settings { /** * The type of public SSH host key. */ - char* host_key_type; + int host_key_type; /** * The public SSH host key. http://git-wip-us.apache.org/repos/asf/guacamole-server/blob/9112c4f3/src/protocols/ssh/ssh.c ---------------------------------------------------------------------- diff --git a/src/protocols/ssh/ssh.c b/src/protocols/ssh/ssh.c index a614f81..6376555 100644 --- a/src/protocols/ssh/ssh.c +++ b/src/protocols/ssh/ssh.c @@ -235,7 +235,8 @@ void* ssh_client_thread(void* data) { /* Open SSH session */ ssh_client->session = guac_common_ssh_create_session(client, - settings->hostname, settings->port, ssh_client->user, settings->server_alive_interval); + settings->hostname, settings->port, ssh_client->user, settings->server_alive_interval, + settings->host_key_type, settings->host_key); if (ssh_client->session == NULL) { /* Already aborted within guac_common_ssh_create_session() */ return NULL; @@ -275,7 +276,8 @@ void* ssh_client_thread(void* data) { guac_client_log(client, GUAC_LOG_DEBUG, "Reconnecting for SFTP..."); ssh_client->sftp_session = guac_common_ssh_create_session(client, settings->hostname, - settings->port, ssh_client->user, settings->server_alive_interval); + settings->port, ssh_client->user, settings->server_alive_interval, + settings->host_key_type, settings->host_key); if (ssh_client->sftp_session == NULL) { /* Already aborted within guac_common_ssh_create_session() */ return NULL; http://git-wip-us.apache.org/repos/asf/guacamole-server/blob/9112c4f3/src/protocols/vnc/settings.c ---------------------------------------------------------------------- diff --git a/src/protocols/vnc/settings.c b/src/protocols/vnc/settings.c index 509921a..509a067 100644 --- a/src/protocols/vnc/settings.c +++ b/src/protocols/vnc/settings.c @@ -24,6 +24,9 @@ #include <guacamole/user.h> +#ifdef ENABLE_COMMON_SSH +#include <libssh2.h> +#endif #include <stdbool.h> #include <stdlib.h> #include <string.h> @@ -209,6 +212,16 @@ enum VNC_ARGS_IDX { IDX_SFTP_USERNAME, /** + * The type of public SSH host key provided to identify the SFTP server. + */ + IDX_SFTP_HOST_KEY_TYPE, + + /** + * The public SSH host key to identify the SFTP server. + */ + IDX_SFTP_HOST_KEY, + + /** * The password to provide when authenticating with the SSH server for * SFTP (if not using a private key). */ @@ -411,6 +424,30 @@ guac_vnc_settings* guac_vnc_parse_args(guac_user* user, guac_user_parse_args_string(user, GUAC_VNC_CLIENT_ARGS, argv, IDX_SFTP_HOSTNAME, settings->hostname); + /* The public SSH host key. */ + settings->sftp_host_key = + guac_user_parse_args_string(user, GUAC_VNC_CLIENT_ARGS, argv, + IDX_SFTP_HOST_KEY, NULL); + + if(settings->sftp_host_key) { + /* Type of public SSH host key. */ + char* str_host_key_type = guac_user_parse_args_string(user, GUAC_VNC_CLIENT_ARGS, argv, + IDX_SFTP_HOST_KEY_TYPE, "ssh-rsa"); + + if (strcmp(str_host_key_type, "ssh-rsa") == 0) + settings->sftp_host_key_type = LIBSSH2_KNOWNHOST_KEY_SSHRSA; + else if (strcmp(str_host_key_type, "ssh-dss") == 0) + settings->sftp_host_key_type = LIBSSH2_KNOWNHOST_KEY_SSHDSS; + else if (strcmp(str_host_key_type, "rsa1") == 0) + settings->sftp_host_key_type = LIBSSH2_KNOWNHOST_KEY_RSA1; + else { + guac_user_log(user, GUAC_LOG_WARNING, "Invalid host key type specified %s. " + "Ignoring host key.", str_host_key_type); + settings->sftp_host_key = NULL; + } + + } + /* Port for SFTP connection */ settings->sftp_port = guac_user_parse_args_string(user, GUAC_VNC_CLIENT_ARGS, argv, http://git-wip-us.apache.org/repos/asf/guacamole-server/blob/9112c4f3/src/protocols/vnc/settings.h ---------------------------------------------------------------------- diff --git a/src/protocols/vnc/settings.h b/src/protocols/vnc/settings.h index 85e6478..35809f8 100644 --- a/src/protocols/vnc/settings.h +++ b/src/protocols/vnc/settings.h @@ -139,6 +139,16 @@ typedef struct guac_vnc_settings { char* sftp_hostname; /** + * The type of public SSH host key provided. + */ + int sftp_host_key_type; + + /** + * The public SSH host key. + */ + char* sftp_host_key; + + /** * The port of the SSH server to connect to for SFTP. */ char* sftp_port; http://git-wip-us.apache.org/repos/asf/guacamole-server/blob/9112c4f3/src/protocols/vnc/vnc.c ---------------------------------------------------------------------- diff --git a/src/protocols/vnc/vnc.c b/src/protocols/vnc/vnc.c index db1e218..1146ad4 100644 --- a/src/protocols/vnc/vnc.c +++ b/src/protocols/vnc/vnc.c @@ -261,7 +261,8 @@ void* guac_vnc_client_thread(void* data) { /* Attempt SSH connection */ vnc_client->sftp_session = guac_common_ssh_create_session(client, settings->sftp_hostname, - settings->sftp_port, vnc_client->sftp_user, settings->sftp_server_alive_interval); + settings->sftp_port, vnc_client->sftp_user, settings->sftp_server_alive_interval, + settings->sftp_host_key_type, settings->sftp_host_key); /* Fail if SSH connection does not succeed */ if (vnc_client->sftp_session == NULL) {