Bug#924319: marked as done (remmina: SSH plugin not working if public key is not supplied)

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Tue, 12 Mar 2019 20:47:35 +0000
with message-id <E1h3oJD-0005vp-8V@fasolo.debian.org>
and subject line Bug#924319: fixed in remmina 1.3.3+dfsg-2
has caused the Debian Bug report #924319,
regarding remmina: SSH plugin not working if public key is not supplied
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
924319: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924319
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: remmina: SSH plugin not working if public key is not supplied
• From: Antenore Gatta <antenore@simbiosi.org>
• Date: Mon, 11 Mar 2019 15:08:27 +0100
• Message-id: <[🔎] 20190311150827.0760a1f7@mom.ch.ibm.com>

Package: remmina
Version: 1.3.3+dfsg-1
Severity: important
Justification: Remmina SSH unusable when a public key is not provided.

Dear Maintainer,

Since remmina 1.3.3 we have introduced a quite important bug that makes
Remmina unusable when the user doesn't have a public key.

In the SSH plugin, when an SSH private key is used as the
authentication method, Remmina expect a public key with the same name
and a .pub extension.

The enclosed patch, applied and tested in the Remmina upstream master
branch, fix the issue.

Do you mind applying it as it's blocking for many users?

Thanks in advance

Antenore Gatta

diff --git a/src/remmina_sftp_client.c b/src/remmina_sftp_client.c
index 0f43f2b3..3540e1c1 100644
--- a/src/remmina_sftp_client.c
+++ b/src/remmina_sftp_client.c
@@ -507,7 +507,7 @@ remmina_sftp_client_thread_main(gpointer data)
 		if (!sftp) {
 			sftp = remmina_sftp_new_from_ssh(REMMINA_SSH(client->sftp));
 			if (!remmina_ssh_init_session(REMMINA_SSH(sftp)) ||
-			    remmina_ssh_auth(REMMINA_SSH(sftp), NULL) <= 0 ||
+			    remmina_ssh_auth(REMMINA_SSH(sftp), NULL, NULL, NULL) <= 0 ||
 			    !remmina_sftp_open(sftp)) {
 				remmina_sftp_client_thread_set_error(client, task, (REMMINA_SSH(sftp))->error);
 				remmina_ftp_task_free(task);
@@ -980,7 +980,7 @@ remmina_sftp_client_new_init(RemminaSFTP *sftp)
 	gdk_display_flush(display);
 
 	if (!remmina_ssh_init_session(REMMINA_SSH(sftp)) ||
-	    remmina_ssh_auth(REMMINA_SSH(sftp), NULL) <= 0 ||
+	    remmina_ssh_auth(REMMINA_SSH(sftp), NULL, NULL, NULL) <= 0 ||
 	    !remmina_sftp_open(sftp)) {
 		dialog = gtk_message_dialog_new(GTK_WINDOW(gtk_widget_get_toplevel(client)),
 			GTK_DIALOG_MODAL, GTK_MESSAGE_ERROR, GTK_BUTTONS_OK,
diff --git a/src/remmina_sftp_plugin.c b/src/remmina_sftp_plugin.c
index af55c4cf..08994ac1 100644
--- a/src/remmina_sftp_plugin.c
+++ b/src/remmina_sftp_plugin.c
@@ -135,7 +135,7 @@ remmina_plugin_sftp_main_thread(gpointer data)
 		/* Create SFTP connection based on existing SSH session */
 		sftp = remmina_sftp_new_from_ssh(ssh);
 		if (remmina_ssh_init_session(REMMINA_SSH(sftp)) &&
-		    remmina_ssh_auth(REMMINA_SSH(sftp), NULL) > 0 &&
+		    remmina_ssh_auth(REMMINA_SSH(sftp), NULL, gp, remminafile) > 0 &&
 		    remmina_sftp_open(sftp)) {
 			cont = TRUE;
 		}
diff --git a/src/remmina_ssh.c b/src/remmina_ssh.c
index 9e6ba2a8..851d4446 100644
--- a/src/remmina_ssh.c
+++ b/src/remmina_ssh.c
@@ -229,13 +229,16 @@ remmina_ssh_auth_pubkey(RemminaSSH *ssh)
 
 	g_snprintf (pubkey, sizeof(pubkey), "%s.pub", ssh->privkeyfile);
 
-	ret = ssh_pki_import_pubkey_file( pubkey, &key);
-	if (ret != SSH_OK) {
-		remmina_ssh_set_error(ssh, _("SSH public key cannot be imported: %s"));
-		return 0;
+	/*G_FILE_TEST_EXISTS*/
+	if (g_file_test(pubkey, G_FILE_TEST_EXISTS)) {
+		ret = ssh_pki_import_pubkey_file(pubkey, &key);
+		if (ret != SSH_OK) {
+			remmina_ssh_set_error(ssh, _("SSH public key cannot be imported: %s"));
+			return 0;
+		}
+		ssh_key_free(key);
 	}
 
-	ssh_key_free(key);
 
 	if ( ssh_pki_import_privkey_file( ssh->privkeyfile, (ssh->passphrase ? ssh->passphrase : ""),
 		NULL, NULL, &key ) != SSH_OK ) {
@@ -258,10 +261,33 @@ remmina_ssh_auth_pubkey(RemminaSSH *ssh)
 }
 
 static gint
-remmina_ssh_auth_auto_pubkey(RemminaSSH* ssh)
+remmina_ssh_auth_auto_pubkey(RemminaSSH *ssh, RemminaProtocolWidget *gp, RemminaFile *remminafile)
 {
 	TRACE_CALL(__func__);
-	gint ret = ssh_userauth_publickey_auto(ssh->session, NULL, ssh->passphrase);
+
+	gboolean disablepasswordstoring;
+	gboolean save_password;
+	gchar *pwd;
+	gchar *pwdtype = "ssh_passphrase";
+	gint ret;
+
+	if (!ssh->passphrase) {
+		disablepasswordstoring = remmina_file_get_int(remminafile, "disablepasswordstoring", FALSE);
+		ret = remmina_protocol_widget_panel_authpwd(gp, REMMINA_AUTHPWD_TYPE_SSH_PRIVKEY, !disablepasswordstoring);
+		save_password = remmina_protocol_widget_get_savepassword(gp);
+
+		if (ret == GTK_RESPONSE_OK) {
+			if (save_password) {
+				pwd = remmina_protocol_widget_get_password(gp);
+				remmina_file_set_string(remminafile, pwdtype, pwd);
+				g_free(pwd);
+			}
+		} else {
+			return -1;
+		}
+		ssh->passphrase = remmina_protocol_widget_get_password(gp);
+	}
+	ret = ssh_userauth_publickey_auto(ssh->session, NULL, ssh->passphrase);
 
 	if (ret != SSH_AUTH_SUCCESS) {
 		remmina_ssh_set_error(ssh, _("SSH automatic public key authentication failed: %s"));
@@ -308,7 +334,7 @@ remmina_ssh_auth_gssapi(RemminaSSH *ssh)
 }
 
 gint
-remmina_ssh_auth(RemminaSSH *ssh, const gchar *password)
+remmina_ssh_auth(RemminaSSH *ssh, const gchar *password, RemminaProtocolWidget *gp, RemminaFile *remminafile)
 {
 	TRACE_CALL(__func__);
 	gint method;
@@ -359,7 +385,7 @@ remmina_ssh_auth(RemminaSSH *ssh, const gchar *password)
 
 	case SSH_AUTH_AUTO_PUBLICKEY:
 		/* ssh_agent or none */
-		return remmina_ssh_auth_auto_pubkey(ssh);
+		return remmina_ssh_auth_auto_pubkey(ssh, gp, remminafile);
 
 #if 0
 	/* Not yet supported by libssh */
@@ -472,7 +498,7 @@ remmina_ssh_auth_gui(RemminaSSH *ssh, RemminaProtocolWidget *gp, RemminaFile *re
 		return FALSE;
 	}
 	/* Try empty password or existing password/passphrase first */
-	ret = remmina_ssh_auth(ssh, remmina_file_get_string(remminafile, pwdtype));
+	ret = remmina_ssh_auth(ssh, remmina_file_get_string(remminafile, pwdtype), gp, remminafile);
 	if (ret > 0) return 1;
 
 	/* Requested for a non-empty password */
@@ -499,7 +525,7 @@ remmina_ssh_auth_gui(RemminaSSH *ssh, RemminaProtocolWidget *gp, RemminaFile *re
 			return -1;
 		}
 		pwd = remmina_protocol_widget_get_password(gp);
-		ret = remmina_ssh_auth(ssh, pwd);
+		ret = remmina_ssh_auth(ssh, pwd, gp, remminafile);
 		g_free(pwd);
 	}
 
diff --git a/src/remmina_ssh.h b/src/remmina_ssh.h
index ec97bd43..29d7e930 100644
--- a/src/remmina_ssh.h
+++ b/src/remmina_ssh.h
@@ -96,7 +96,7 @@ gboolean remmina_ssh_init_session(RemminaSSH *ssh);
 
 /* Authenticate SSH session */
 /* -1: Require password; 0: Failed; 1: Succeeded */
-gint remmina_ssh_auth(RemminaSSH *ssh, const gchar *password);
+gint remmina_ssh_auth(RemminaSSH *ssh, const gchar *password, RemminaProtocolWidget *gp, RemminaFile *remminafile);
 
 /* -1: Cancelled; 0: Failed; 1: Succeeded */
 gint remmina_ssh_auth_gui(RemminaSSH *ssh, RemminaProtocolWidget *gp, RemminaFile *remminafile);
diff --git a/src/remmina_ssh_plugin.c b/src/remmina_ssh_plugin.c
index 3bdfef22..8f9bc4ba 100644
--- a/src/remmina_ssh_plugin.c
+++ b/src/remmina_ssh_plugin.c
@@ -289,7 +289,7 @@ remmina_plugin_ssh_main_thread(gpointer data)
 		/* Create SSH Shell connection based on existing SSH session */
 		shell = remmina_ssh_shell_new_from_ssh(ssh);
 		if (remmina_ssh_init_session(REMMINA_SSH(shell)) &&
-		    remmina_ssh_auth(REMMINA_SSH(shell), NULL) > 0 &&
+		    remmina_ssh_auth(REMMINA_SSH(shell), NULL, gp, remminafile) > 0 &&
 		    remmina_ssh_shell_open(shell, (RemminaSSHExitFunc)
 			    remmina_plugin_service->protocol_plugin_close_connection, gp)) {
 			cont = TRUE;

--- End Message ---

--- Begin Message ---

• To: 924319-close@bugs.debian.org
• Subject: Bug#924319: fixed in remmina 1.3.3+dfsg-2
• From: mfv@debian.org (Matteo F. Vescovi)
• Date: Tue, 12 Mar 2019 20:47:35 +0000
• Message-id: <E1h3oJD-0005vp-8V@fasolo.debian.org>

Source: remmina
Source-Version: 1.3.3+dfsg-2

We believe that the bug you reported is fixed in the latest version of
remmina, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 924319@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Matteo F. Vescovi <mfv@debian.org> (supplier of updated remmina package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 12 Mar 2019 20:51:31 +0100
Source: remmina
Architecture: source
Version: 1.3.3+dfsg-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Remote Maintainers <debian-remote@lists.debian.org>
Changed-By: Matteo F. Vescovi <mfv@debian.org>
Closes: 924319
Changes:
 remmina (1.3.3+dfsg-2) unstable; urgency=medium
 .
   * debian/patches/: patchset updated
     - 01-SSH_fix.patch added (Closes: #924319)
Checksums-Sha1:
 45aa4e1961b60815ee741295526e6d7e8c0d1361 3142 remmina_1.3.3+dfsg-2.dsc
 86a5d6c6aba873fbe5beb27e669f77995e0f9b3f 11908 remmina_1.3.3+dfsg-2.debian.tar.xz
 5b54c249c820ff73313e054944afe6d2a1cdddfc 6066 remmina_1.3.3+dfsg-2_source.buildinfo
Checksums-Sha256:
 055eaffd05961c030a61aa191308f1b2cd94888ca4bff8de5a113ae4c2d51818 3142 remmina_1.3.3+dfsg-2.dsc
 d5f5d7f809cc7b937610a3b3893c2a9d5e75bb0dda6a25d5213b702068b1982e 11908 remmina_1.3.3+dfsg-2.debian.tar.xz
 1efbf18071cea57084d85841ca0f975f5faf4c339d734a10d6d662a61eb0ed02 6066 remmina_1.3.3+dfsg-2_source.buildinfo
Files:
 8347a3b34a8ba392d68a9a37b2207cb0 3142 x11 optional remmina_1.3.3+dfsg-2.dsc
 f1a529a4445fa57321f8fa200673cc28 11908 x11 optional remmina_1.3.3+dfsg-2.debian.tar.xz
 c20dcf72d8d304015c6154686d8c2939 6066 x11 optional remmina_1.3.3+dfsg-2_source.buildinfo

-----BEGIN PGP SIGNATURE-----
Comment: Debian powered!

iQKTBAEBCgB9FiEE890J+NqH0d9QRsmbBhL0lE7NzVoFAlyIFD1fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEYz
REQwOUY4REE4N0QxREY1MDQ2Qzk5QjA2MTJGNDk0NEVDRENENUEACgkQBhL0lE7N
zVqP9xAAjJ9sixGT/RjemNeoQwCEhUyRnmi6OD0XpkSsLTrfQE7BVSElmqLv8crV
sC9IcxyGlOED2/YqDDbjmxBfa4N66UmEwadPEKrnDuI5K2pADD8ZQtxgq5C7dRrC
C6HhuvtudIhLMC0Jt7cXzisMeiPs/JgMTCw99SsdPwp5IQxm5jqxVLq8v3jQFjf9
kNcUuU0NNdkVZ7Zsth2oWCncF7f0PIJL/mNMt5BrJ82paO91qEp4g+jhZg4KAqRw
FIg43q0042yLFHno4LY1o+L49hFJk8uy+VqEIl9TQCjKDEFaBAwvs63gGQrMWKXF
KFtJBy/uyqWSNHhKNPeV25e5s/ZZKSxH62G+XuX/h0eIqCowi+G875QsQHUNqq5O
6g0bt2RuhmPCXmy6cgTIfD1YhOun+Xwp67QthAN4jiDrBqyX+OGT6zpBC6bo+tG+
ars+gu02eF2Y68AKhoPyoJR2jEk9xRjvatBc8ItyjtFCeM0+1iojV8wO7MeGIe87
L1R3j6B8zuodrRNc46UMDcB46+X6oXlaNVz0+01dBLSkCL+uobLFjGubHEk1+fyq
G+yZpBW4JJEix29ffIS7YdApd3dwlTYRZWYv0zgzHtc7/M9rT08MoTiwpjggb8eG
BaPi8/NKe2Ko8Ybw/GPLpj+V2MpKScXph95v5atBT4RRdwTec04=
=Fd9e
-----END PGP SIGNATURE-----

--- End Message ---