Github user necouchman commented on a diff in the pull request:

    https://github.com/apache/guacamole-server/pull/164#discussion_r179728475
  
    --- Diff: src/common-ssh/ssh.c ---
    @@ -518,6 +520,64 @@ guac_common_ssh_session* 
guac_common_ssh_create_session(guac_client* client,
             return NULL;
         }
     
    +    /* Check known_hosts, start by getting known_hosts file of user 
running guacd */
    +    struct passwd *pw = getpwuid(getuid());
    +    const char *known_hosts = strcat(pw->pw_dir, "/.ssh/known_hosts");
    +    LIBSSH2_KNOWNHOSTS *ssh_known_hosts = libssh2_knownhost_init(session);
    +    libssh2_knownhost_readfile(ssh_known_hosts, known_hosts, 
LIBSSH2_KNOWNHOST_FILE_OPENSSH);
    +
    +    /* Add host key provided from settings */
    +    if (host_key && strcmp(host_key, "") > 0) {
    +
    +        int kh_add = libssh2_knownhost_addc(ssh_known_hosts, hostname, 
NULL, host_key, strlen(host_key),
    +                NULL, 0, 
LIBSSH2_KNOWNHOST_TYPE_PLAIN|LIBSSH2_KNOWNHOST_KEYENC_BASE64|
    +                         host_key_type, NULL);
    +
    +        if (kh_add)
    +            guac_client_log(client, GUAC_LOG_WARNING, "Failed to add 
provided host key"
    +                    " to known hosts store for %s.  Error was %d", 
hostname, kh_add);
    +
    +    }
    +
    +    /* Get fingerprint of host we're connecting to */
    +    size_t fp_len;
    +    int fp_type;
    +    const char *fingerprint = libssh2_session_hostkey(session, &fp_len, 
&fp_type);
    +
    +    if (!fingerprint)
    +        guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR,
    +                "Failed to get fingerprint for host %s", hostname);
    +
    +    /* Check fingerprint against known hosts */
    +    struct libssh2_knownhost *host;
    +    int kh_check = libssh2_knownhost_checkp(ssh_known_hosts, hostname, 
atoi(port),
    +                                         fingerprint, fp_len,
    +                                         LIBSSH2_KNOWNHOST_TYPE_PLAIN|
    +                                         LIBSSH2_KNOWNHOST_KEYENC_RAW,
    +                                         &host);
    +
    +    libssh2_knownhost_free(ssh_known_hosts);
    +
    +    switch (kh_check) {
    +        case LIBSSH2_KNOWNHOST_CHECK_MATCH:
    +            guac_client_log(client, GUAC_LOG_DEBUG,
    +                "Host key match found for %s", hostname);
    +            break;
    +        case LIBSSH2_KNOWNHOST_CHECK_NOTFOUND:
    +            guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR,
    --- End diff --
    
    Do I need to pass a more specific error back to the client to indicate this 
failure, or is that one of the things that falls under the category of "leave 
it in the log files for the admin to deal with, but don't bother the user with 
the details?"


---

Reply via email to