GUACAMOLE-1290: Add public key parameter for SFTP connections in RDP …

…and VNC protocols.
apache · Aug 26, 2024 · b9da050 · b9da050
1 parent f50ccf6
commit b9da050
Show file tree

Hide file tree

Showing 6 changed files with 92 additions and 1 deletion.
diff --git a/src/protocols/rdp/rdp.c b/src/protocols/rdp/rdp.c
@@ -800,6 +800,33 @@ void* guac_rdp_client_thread(void* data) {
                 return NULL;
             }
 
+            /* Import the public key, if that is specified. */
+            if (settings->sftp_public_key != NULL) {
+
+                guac_client_log(client, GUAC_LOG_DEBUG,
+                        "Attempting public key import");
+
+                /* Attempt to read public key */
+                if (guac_common_ssh_user_import_public_key(rdp_client->sftp_user,
+                            settings->sftp_public_key)) {
+
+                     /* Public key import fails. */
+                         guac_client_abort(client,
+                                GUAC_PROTOCOL_STATUS_CLIENT_UNAUTHORIZED,
+                                "Failed to import public key: %s",
+                                 guac_common_ssh_key_error());
+
+                         guac_common_ssh_destroy_user(rdp_client->sftp_user);
+                         return NULL;
+
+                }
+
+                /* Success */
+                guac_client_log(client, GUAC_LOG_INFO,
+                        "Public key successfully imported.");
+
+            }
+
         }
 
         /* Otherwise, use specified password */

diff --git a/src/protocols/rdp/settings.c b/src/protocols/rdp/settings.c
@@ -111,6 +111,7 @@ const char* GUAC_RDP_CLIENT_ARGS[] = {
     "sftp-password",
     "sftp-private-key",
     "sftp-passphrase",
+    "sftp-public-key",
     "sftp-directory",
     "sftp-root-directory",
     "sftp-server-alive-interval",
@@ -492,6 +493,12 @@ enum RDP_ARGS_IDX {
      */
     IDX_SFTP_PASSPHRASE,
 
+    /**
+     * The base64-encoded public key to use when authenticating with the SSH
+     * server for SFTP.
+     */
+    IDX_SFTP_PUBLIC_KEY,
+
     /**
      * The default location for file uploads within the SSH server. This will
      * apply only to uploads which do not use the filesystem guac_object (where
@@ -1126,11 +1133,16 @@ guac_rdp_settings* guac_rdp_parse_args(guac_user* user,
         guac_user_parse_args_string(user, GUAC_RDP_CLIENT_ARGS, argv,
                 IDX_SFTP_PRIVATE_KEY, NULL);
 
-    /* Passphrase for decrypting the SFTP private key (if applicable */
+    /* Passphrase for decrypting the SFTP private key (if applicable) */
     settings->sftp_passphrase =
         guac_user_parse_args_string(user, GUAC_RDP_CLIENT_ARGS, argv,
                 IDX_SFTP_PASSPHRASE, "");
 
+    /* Public key for authenticating to SFTP server, if applicable. */
+    settings->sftp_public_key =
+        guac_user_parse_args_string(user, GUAC_RDP_CLIENT_ARGS, argv,
+                IDX_SFTP_PUBLIC_KEY, NULL);
+
     /* Default upload directory */
     settings->sftp_directory =
         guac_user_parse_args_string(user, GUAC_RDP_CLIENT_ARGS, argv,
@@ -1397,6 +1409,7 @@ void guac_rdp_settings_free(guac_rdp_settings* settings) {
     guac_mem_free(settings->sftp_password);
     guac_mem_free(settings->sftp_port);
     guac_mem_free(settings->sftp_private_key);
+    guac_mem_free(settings->sftp_public_key);
     guac_mem_free(settings->sftp_username);
 #endif
 

diff --git a/src/protocols/rdp/settings.h b/src/protocols/rdp/settings.h
@@ -497,6 +497,11 @@ typedef struct guac_rdp_settings {
      */
     char* sftp_passphrase;
 
+    /**
+     * The public key to use when connecting to the SFTP server, if applicable.
+     */
+    char* sftp_public_key;
+
     /**
      * The default location for file uploads within the SSH server. This will
      * apply only to uploads which do not use the filesystem guac_object (where

diff --git a/src/protocols/vnc/settings.c b/src/protocols/vnc/settings.c
@@ -73,6 +73,7 @@ const char* GUAC_VNC_CLIENT_ARGS[] = {
     "sftp-password",
     "sftp-private-key",
     "sftp-passphrase",
+    "sftp-public-key",
     "sftp-directory",
     "sftp-root-directory",
     "sftp-server-alive-interval",
@@ -272,6 +273,12 @@ enum VNC_ARGS_IDX {
      */
     IDX_SFTP_PASSPHRASE,
 
+    /**
+     * The base64-encode public key to use when authentication with the SSH
+     * server for SFTP using key-based authentication.
+     */
+    IDX_SFTP_PUBLIC_KEY,
+
     /**
      * The default location for file uploads within the SSH server. This will
      * apply only to uploads which do not use the filesystem guac_object (where
@@ -608,6 +615,11 @@ guac_vnc_settings* guac_vnc_parse_args(guac_user* user,
         guac_user_parse_args_string(user, GUAC_VNC_CLIENT_ARGS, argv,
                 IDX_SFTP_PASSPHRASE, "");
 
+    /* Public key for SFTP using key-based authentication. */
+    settings->sftp_public_key =
+        guac_user_parse_args_string(user, GUAC_VNC_CLIENT_ARGS, argv,
+                IDX_SFTP_PUBLIC_KEY, NULL);
+
     /* Default upload directory */
     settings->sftp_directory =
         guac_user_parse_args_string(user, GUAC_VNC_CLIENT_ARGS, argv,
@@ -743,6 +755,7 @@ void guac_vnc_settings_free(guac_vnc_settings* settings) {
     guac_mem_free(settings->sftp_password);
     guac_mem_free(settings->sftp_port);
     guac_mem_free(settings->sftp_private_key);
+    guac_mem_free(settings->sftp_public_key);
     guac_mem_free(settings->sftp_username);
 #endif
 

diff --git a/src/protocols/vnc/settings.h b/src/protocols/vnc/settings.h
@@ -222,6 +222,12 @@ typedef struct guac_vnc_settings {
      */
     char* sftp_passphrase;
 
+    /**
+     * The base64-encoded public key to use when authenticating with the SSH
+     * server for SFTP using key-based authentication.
+     */
+    char* sftp_public_key;
+
     /**
      * The default location for file uploads within the SSH server. This will
      * apply only to uploads which do not use the filesystem guac_object (where

diff --git a/src/protocols/vnc/vnc.c b/src/protocols/vnc/vnc.c
@@ -397,6 +397,33 @@ void* guac_vnc_client_thread(void* data) {
                 return NULL;
             }
 
+            /* Import the public key, if that is specified. */
+            if (settings->sftp_public_key != NULL) {
+
+                guac_client_log(client, GUAC_LOG_DEBUG,
+                        "Attempting public key import");
+
+                /* Attempt to read public key */
+                if (guac_common_ssh_user_import_public_key(vnc_client->sftp_user,
+                            settings->sftp_public_key)) {
+
+                     /* Public key import fails. */
+                         guac_client_abort(client,
+                                GUAC_PROTOCOL_STATUS_CLIENT_UNAUTHORIZED,
+                                "Failed to import public key: %s",
+                                 guac_common_ssh_key_error());
+
+                         guac_common_ssh_destroy_user(vnc_client->sftp_user);
+                         return NULL;
+
+                }
+
+                /* Success */
+                guac_client_log(client, GUAC_LOG_INFO,
+                        "Public key successfully imported.");
+
+            }
+
         }
 
         /* Otherwise, use specified password */