known_hosts: Remove deprecated ssh_knownhosts_algorithms()
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Этот коммит содержится в:
Andreas Schneider
родитель
539d7ba249
Коммит
3141dec632
@ -22,7 +22,6 @@
|
||||
#ifndef SSH_KNOWNHOSTS_H_
|
||||
#define SSH_KNOWNHOSTS_H_
|
||||
|
||||
char **ssh_knownhosts_algorithms(ssh_session session);
|
||||
struct ssh_list *ssh_known_hosts_get_algorithms(ssh_session session);
|
||||
|
||||
#endif /* SSH_KNOWNHOSTS_H_ */
|
||||
|
||||
@ -581,112 +581,4 @@ int ssh_write_knownhost(ssh_session session) {
|
||||
|
||||
#define KNOWNHOSTS_MAXTYPES 10
|
||||
|
||||
/**
|
||||
* @internal
|
||||
* @brief Check which kind of host keys should be preferred for connection
|
||||
* by reading the known_hosts file.
|
||||
*
|
||||
* @param[in] session The SSH session to use.
|
||||
*
|
||||
* @returns array of supported key types
|
||||
* NULL on error
|
||||
*/
|
||||
char **ssh_knownhosts_algorithms(ssh_session session) {
|
||||
FILE *file = NULL;
|
||||
char **tokens;
|
||||
char *host;
|
||||
char *hostport;
|
||||
const char *type;
|
||||
int match;
|
||||
char **array;
|
||||
char *files[3] = { NULL };
|
||||
int i=0, j, k;
|
||||
|
||||
if (session->opts.knownhosts == NULL) {
|
||||
if (ssh_options_apply(session) < 0) {
|
||||
ssh_set_error(session, SSH_REQUEST_DENIED,
|
||||
"Can't find a known_hosts file");
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
|
||||
if (session->opts.host == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
host = ssh_lowercase(session->opts.host);
|
||||
hostport = ssh_hostport(host, session->opts.port > 0 ? session->opts.port : 22);
|
||||
array = malloc(sizeof(char *) * KNOWNHOSTS_MAXTYPES);
|
||||
|
||||
if (host == NULL || hostport == NULL || array == NULL) {
|
||||
ssh_set_error_oom(session);
|
||||
SAFE_FREE(host);
|
||||
SAFE_FREE(hostport);
|
||||
SAFE_FREE(array);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
/* set the list of known hosts */
|
||||
if (session->opts.global_knownhosts != NULL){
|
||||
files[i++]=session->opts.global_knownhosts;
|
||||
}
|
||||
files[i++] = session->opts.knownhosts;
|
||||
files[i] = NULL;
|
||||
k = 0;
|
||||
i = 0;
|
||||
|
||||
do {
|
||||
tokens = ssh_get_knownhost_line(&file, files[k], &type);
|
||||
|
||||
/* End of file, return the current state */
|
||||
if (tokens == NULL) {
|
||||
++k;
|
||||
if (files[k] == NULL) {
|
||||
break;
|
||||
} else {
|
||||
continue;
|
||||
}
|
||||
}
|
||||
match = match_hashed_host(host, tokens[0]);
|
||||
if (match == 0){
|
||||
match = match_hostname(hostport, tokens[0], strlen(tokens[0]));
|
||||
}
|
||||
if (match == 0) {
|
||||
match = match_hostname(host, tokens[0], strlen(tokens[0]));
|
||||
}
|
||||
if (match == 0) {
|
||||
match = match_hashed_host(hostport, tokens[0]);
|
||||
}
|
||||
if (match) {
|
||||
/* We got a match. Now check the key type */
|
||||
SSH_LOG(SSH_LOG_DEBUG, "server %s:%d has %s in known_hosts",
|
||||
host, session->opts.port, type);
|
||||
/* don't copy more than once */
|
||||
for(j=0;j<i && match;++j){
|
||||
if(strcmp(array[j], type)==0)
|
||||
match=0;
|
||||
}
|
||||
if (match){
|
||||
array[i] = strdup(type);
|
||||
i++;
|
||||
if(i>= KNOWNHOSTS_MAXTYPES-1){
|
||||
tokens_free(tokens);
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
tokens_free(tokens);
|
||||
} while (1);
|
||||
|
||||
array[i]=NULL;
|
||||
SAFE_FREE(host);
|
||||
SAFE_FREE(hostport);
|
||||
if (file != NULL) {
|
||||
fclose(file);
|
||||
}
|
||||
|
||||
/* Return the current state at end of file */
|
||||
return array;
|
||||
}
|
||||
|
||||
/** @} */
|
||||
|
||||
@ -324,42 +324,6 @@ static void torture_knownhosts_conflict(void **state) {
|
||||
/* session will be freed by session_teardown() */
|
||||
}
|
||||
|
||||
static void torture_knownhosts_precheck(void **state) {
|
||||
struct torture_state *s = *state;
|
||||
ssh_session session = s->ssh.session;
|
||||
char known_hosts_file[1024];
|
||||
FILE *file;
|
||||
int rc;
|
||||
char **kex;
|
||||
|
||||
snprintf(known_hosts_file,
|
||||
sizeof(known_hosts_file),
|
||||
"%s/%s",
|
||||
s->socket_dir,
|
||||
TORTURE_KNOWN_HOSTS_FILE);
|
||||
|
||||
rc = ssh_options_set(session, SSH_OPTIONS_HOST, TORTURE_SSH_SERVER);
|
||||
assert_int_equal(rc, SSH_OK);
|
||||
|
||||
rc = ssh_options_set(session, SSH_OPTIONS_KNOWNHOSTS, known_hosts_file);
|
||||
assert_int_equal(rc, SSH_OK);
|
||||
|
||||
file = fopen(known_hosts_file, "w");
|
||||
assert_true(file != NULL);
|
||||
fprintf(file, "127.0.0.10 ssh-rsa %s\n", BADRSA);
|
||||
fprintf(file, "127.0.0.10 ssh-ed25519 %s\n", BADED25519);
|
||||
fclose(file);
|
||||
|
||||
kex = ssh_knownhosts_algorithms(session);
|
||||
assert_true(kex != NULL);
|
||||
assert_string_equal(kex[0],"ssh-rsa");
|
||||
assert_string_equal(kex[1],"ssh-ed25519");
|
||||
assert_true(kex[2]==NULL);
|
||||
free(kex[1]);
|
||||
free(kex[0]);
|
||||
free(kex);
|
||||
}
|
||||
|
||||
int torture_run_tests(void) {
|
||||
int rc;
|
||||
struct CMUnitTest tests[] = {
|
||||
@ -378,9 +342,6 @@ int torture_run_tests(void) {
|
||||
cmocka_unit_test_setup_teardown(torture_knownhosts_conflict,
|
||||
session_setup,
|
||||
session_teardown),
|
||||
cmocka_unit_test_setup_teardown(torture_knownhosts_precheck,
|
||||
session_setup,
|
||||
session_teardown),
|
||||
};
|
||||
|
||||
ssh_init();
|
||||
|
||||
Загрузка…
x
Ссылка в новой задаче
Block a user