SSH: support checking of server public key

4 files changed, 124 insertions, 5 deletions

diff --git a/remmina/src/remminainitdialog.c b/remmina/src/remminainitdialog.c
index 26701ee78..2b2c8dbfa 100644
--- a/remmina/src/remminainitdialog.c
+++ b/remmina/src/remminainitdialog.c
@@ -1,6 +1,6 @@
 /*
  * Remmina - The GTK+ Remote Desktop Client
- * Copyright (C) 2009 - Vic Lee 
+ * Copyright (C) 2009-2011 Vic Lee
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -414,3 +414,66 @@ remmina_init_dialog_authx509 (RemminaInitDialog *dialog, const gchar *cacert, co
     return ret;
 }
 
+static gint
+remmina_init_dialog_serverkey_confirm (RemminaInitDialog *dialog, const gchar *serverkey,
+    const gchar *prompt)
+{
+    GtkWidget *vbox;
+    GtkWidget *widget;
+    gint ret;
+
+    gtk_label_set_text (GTK_LABEL (dialog->status_label), (dialog->status ? dialog->status : dialog->title));
+
+    /* Create vbox */
+    vbox = gtk_vbox_new (FALSE, 4);
+    gtk_widget_show (vbox);
+
+    /* Icon */
+    gtk_image_set_from_stock (GTK_IMAGE (dialog->image), GTK_STOCK_DIALOG_WARNING, GTK_ICON_SIZE_DIALOG);
+
+    /* Entries */
+    widget = gtk_label_new (prompt);
+    gtk_misc_set_alignment (GTK_MISC (widget), 0.0, 0.5);
+    gtk_widget_show (widget);
+    gtk_box_pack_start (GTK_BOX (vbox), widget, TRUE, TRUE, 4);
+
+    widget = gtk_label_new (serverkey);
+    gtk_misc_set_alignment (GTK_MISC (widget), 0.0, 0.5);
+    gtk_widget_show (widget);
+    gtk_box_pack_start (GTK_BOX (vbox), widget, TRUE, TRUE, 4);
+
+    widget = gtk_label_new (_("Do you trust the new public key?"));
+    gtk_misc_set_alignment (GTK_MISC (widget), 0.0, 0.5);
+    gtk_widget_show (widget);
+    gtk_box_pack_start (GTK_BOX (vbox), widget, TRUE, TRUE, 4);
+
+    /* Pack it into the dialog */
+    gtk_box_pack_start (GTK_BOX (dialog->content_vbox), vbox, TRUE, TRUE, 4);
+
+    gtk_dialog_set_response_sensitive (GTK_DIALOG (dialog), GTK_RESPONSE_OK, TRUE);
+
+    dialog->mode = REMMINA_INIT_MODE_SERVERKEY_CONFIRM;
+
+    /* Now run it */
+    ret = gtk_dialog_run (GTK_DIALOG (dialog));
+    gtk_container_remove (GTK_CONTAINER (dialog->content_vbox), vbox);
+    remmina_init_dialog_connecting (dialog);
+
+    return ret;
+}
+
+gint
+remmina_init_dialog_serverkey_unknown (RemminaInitDialog *dialog, const gchar *serverkey)
+{
+    return remmina_init_dialog_serverkey_confirm (dialog, serverkey,
+        _("The server is unknown. The public key fingerprint is:"));
+}
+
+gint
+remmina_init_dialog_serverkey_changed (RemminaInitDialog *dialog, const gchar *serverkey)
+{
+    return remmina_init_dialog_serverkey_confirm (dialog, serverkey,
+        _("WARNING: The server has changed its public key. This means either you are under attack,\n"
+        "or the administrator has changed the key. The new public key fingerprint is:"));
+}
+
diff --git a/remmina/src/remminainitdialog.h b/remmina/src/remminainitdialog.h
index 514b8b832..bdf933057 100644
--- a/remmina/src/remminainitdialog.h
+++ b/remmina/src/remminainitdialog.h
@@ -1,6 +1,6 @@
 /*
  * Remmina - The GTK+ Remote Desktop Client
- * Copyright (C) 2009 - Vic Lee 
+ * Copyright (C) 2009-2011 Vic Lee
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -36,7 +36,8 @@ enum
     REMMINA_INIT_MODE_CONNECTING,
     REMMINA_INIT_MODE_AUTHPWD,
     REMMINA_INIT_MODE_AUTHUSERPWD,
-    REMMINA_INIT_MODE_AUTHX509
+    REMMINA_INIT_MODE_AUTHX509,
+    REMMINA_INIT_MODE_SERVERKEY_CONFIRM
 };
 
 typedef struct _RemminaInitDialog
@@ -75,6 +76,8 @@ gint remmina_init_dialog_authpwd (RemminaInitDialog *dialog, const gchar *label,
 gint remmina_init_dialog_authuserpwd (RemminaInitDialog *dialog, const gchar *default_username, gboolean allow_save);
 gint remmina_init_dialog_authx509 (RemminaInitDialog *dialog, const gchar *cacert, const gchar *cacrl,
     const gchar *clientcert, const gchar *clientkey);
+gint remmina_init_dialog_serverkey_unknown (RemminaInitDialog *dialog, const gchar *serverkey);
+gint remmina_init_dialog_serverkey_changed (RemminaInitDialog *dialog, const gchar *serverkey);
 
 G_END_DECLS
 
diff --git a/remmina/src/remminassh.c b/remmina/src/remminassh.c
index a9b1a5230..c30c77e62 100644
--- a/remmina/src/remminassh.c
+++ b/remmina/src/remminassh.c
@@ -1,6 +1,6 @@
 /*
  * Remmina - The GTK+ Remote Desktop Client
- * Copyright (C) 2009-2010 Vic Lee 
+ * Copyright (C) 2009-2011 Vic Lee
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -202,6 +202,14 @@ remmina_ssh_auth_auto_pubkey (RemminaSSH* ssh)
 gint
 remmina_ssh_auth (RemminaSSH *ssh, const gchar *password)
 {
+    /* Check known host again to ensure it's still the original server when user forks
+       a new session from existing one */
+    if (ssh_is_server_known (ssh->session) != SSH_SERVER_KNOWN_OK)
+    {
+        remmina_ssh_set_application_error (ssh, "SSH public key has changed!");
+        return 0;
+    }
+
     if (password)
     {
         g_free (ssh->password);
@@ -231,6 +239,51 @@ remmina_ssh_auth_gui (RemminaSSH *ssh, RemminaInitDialog *dialog, gboolean threa
     gchar *tips;
     gchar *keyname;
     gint ret;
+    gint len;
+    guchar *pubkey;
+
+    /* Check if the server's public key is known */
+    ret = ssh_is_server_known (ssh->session);
+    switch (ret)
+    {
+    case SSH_SERVER_KNOWN_OK:
+        break;
+
+    case SSH_SERVER_NOT_KNOWN:
+    case SSH_SERVER_FILE_NOT_FOUND:
+    case SSH_SERVER_KNOWN_CHANGED:
+    case SSH_SERVER_FOUND_OTHER:
+        len = ssh_get_pubkey_hash (ssh->session, &pubkey);
+        if (len < 0)
+        {
+            remmina_ssh_set_error (ssh, "SSH pubkey hash failed: %s");
+            return 0;
+        }
+        keyname = ssh_get_hexa (pubkey, len);
+
+        if (threaded) gdk_threads_enter();
+        if (ret == SSH_SERVER_NOT_KNOWN || ret == SSH_SERVER_FILE_NOT_FOUND)
+        {
+            ret = remmina_init_dialog_serverkey_unknown (dialog, keyname);
+        }
+        else
+        {
+            ret = remmina_init_dialog_serverkey_changed (dialog, keyname);
+        }
+        if (threaded) {gdk_flush();gdk_threads_leave();}
+
+        free (keyname);
+        ssh_clean_pubkey_hash (&pubkey);
+
+        if (ret != GTK_RESPONSE_OK) return -1;
+        ssh_write_knownhost (ssh->session);
+        break;
+
+    case SSH_SERVER_ERROR:
+    default:
+        remmina_ssh_set_error (ssh, "SSH known host checking failed: %s");
+        return 0;
+    }
 
     /* Try empty password or existing password first */
     ret = remmina_ssh_auth (ssh, NULL);
diff --git a/remmina/src/remminassh.h b/remmina/src/remminassh.h
index bcc51b8ab..a4e0ed94a 100644
--- a/remmina/src/remminassh.h
+++ b/remmina/src/remminassh.h
@@ -1,6 +1,6 @@
 /*
  * Remmina - The GTK+ Remote Desktop Client
- * Copyright (C) 2009-2010 Vic Lee 
+ * Copyright (C) 2009-2011 Vic Lee
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by