Add ssh_send_issue_banner() API

Signed-off-by: Seung Min Park <smpark@pnpsecure.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This commit is contained in:
Seung Min Park 2022-06-16 13:59:46 +09:00 committed by Andreas Schneider
parent 332f1c2e09
commit 4978f30320
6 changed files with 101 additions and 0 deletions

View File

@ -49,6 +49,27 @@ static int tries = 0;
static int error = 0;
static ssh_channel chan=NULL;
static int auth_none(ssh_session session,
const char *user,
void *userdata)
{
ssh_string banner = NULL;
(void)user; /* unused */
(void)userdata; /* unused */
ssh_set_auth_methods(session,
SSH_AUTH_METHOD_PASSWORD | SSH_AUTH_METHOD_GSSAPI_MIC);
banner = ssh_string_from_char("Banner Example\n");
if (banner != NULL) {
ssh_send_issue_banner(session, banner);
}
ssh_string_free(banner);
return SSH_AUTH_DENIED;
}
static int auth_password(ssh_session session, const char *user,
const char *password, void *userdata){
(void)userdata;
@ -242,6 +263,7 @@ int main(int argc, char **argv){
ssh_event mainloop;
struct ssh_server_callbacks_struct cb = {
.userdata = NULL,
.auth_none_function = auth_none,
.auth_password_function = auth_password,
#ifdef WITH_GSSAPI
.auth_gssapi_mic_function = auth_gssapi_mic,

View File

@ -245,6 +245,18 @@ LIBSSH_API void ssh_bind_free(ssh_bind ssh_bind_o);
*/
LIBSSH_API void ssh_set_auth_methods(ssh_session session, int auth_methods);
/**
* @brief Send the server's issue-banner to client.
*
*
* @param[in] session The server session.
*
* @param[in] banner The server's banner.
*
* @return SSH_OK on success, SSH_ERROR on error.
*/
LIBSSH_API int ssh_send_issue_banner(ssh_session session, const ssh_string banner);
/**********************************************************
* SERVER MESSAGING
**********************************************************/

View File

@ -524,6 +524,30 @@ void ssh_set_auth_methods(ssh_session session, int auth_methods)
session->auth.supported_methods = (uint32_t)auth_methods & 0x3fU;
}
int ssh_send_issue_banner(ssh_session session, const ssh_string banner)
{
int rc = SSH_ERROR;
if (session == NULL) {
return SSH_ERROR;
}
SSH_LOG(SSH_LOG_PACKET,
"Sending a server issue banner");
rc = ssh_buffer_pack(session->out_buffer,
"bS",
SSH2_MSG_USERAUTH_BANNER,
banner);
if (rc != SSH_OK) {
ssh_set_error_oom(session);
return SSH_ERROR;
}
rc = ssh_packet_send(session);
return rc;
}
/* Do the banner and key exchange */
int ssh_handle_key_exchange(ssh_session session) {
int rc;

View File

@ -51,6 +51,40 @@
#include <util.h>
#endif
int auth_none_cb(UNUSED_PARAM(ssh_session session),
const char *user,
void *userdata)
{
struct session_data_st *sdata = NULL;
ssh_string banner = NULL;
sdata = (struct session_data_st *)userdata;
if (sdata == NULL) {
fprintf(stderr, "Error: NULL userdata\n");
goto denied;
}
if (sdata->username == NULL) {
fprintf(stderr, "Error: expected username not set\n");
goto denied;
}
printf("None authentication of user %s\n", user);
/* Send the banner */
banner = ssh_string_from_char(SSHD_BANNER_MESSAGE);
if (banner == NULL) {
goto denied;
}
if (ssh_send_issue_banner(session, banner) == SSH_ERROR) {
fprintf(stderr, "Error: Failed to send the banner.\n");
goto denied;
}
denied:
ssh_string_free(banner);
return SSH_AUTH_DENIED;
}
int auth_pubkey_cb(UNUSED_PARAM(ssh_session session),
const char *user,
UNUSED_PARAM(struct ssh_key_struct *pubkey),
@ -743,6 +777,7 @@ struct ssh_server_callbacks_struct *get_default_server_cb(void)
goto end;
}
cb->auth_none_function = auth_none_cb;
cb->auth_password_function = auth_password_cb;
cb->auth_pubkey_function = auth_pubkey_cb;
cb->channel_open_request_session_function = channel_new_session_cb;

View File

@ -32,6 +32,8 @@
#define SSHD_DEFAULT_ADDRESS "127.0.0.1"
#define SSHD_DEFAULT_PCAP_FILE "debug.server.pcap"
#define SSHD_BANNER_MESSAGE "Test Banner Message\nlibssh-send-banner\n"
#ifndef KEYS_FOLDER
#ifdef _WIN32
#define KEYS_FOLDER

View File

@ -174,6 +174,7 @@ static void torture_server_auth_none(void **state)
struct test_server_st *tss = *state;
struct torture_state *s = NULL;
ssh_session session = NULL;
char *banner = NULL;
int rc;
assert_non_null(tss);
@ -193,6 +194,11 @@ static void torture_server_auth_none(void **state)
rc = ssh_userauth_none(session, NULL);
assert_int_equal(rc, SSH_AUTH_DENIED);
banner = ssh_get_issue_banner(session);
assert_string_equal(banner, SSHD_BANNER_MESSAGE);
free(banner);
banner = NULL;
/* This request should return a SSH_REQUEST_DENIED error */
if (rc == SSH_ERROR) {
assert_int_equal(ssh_get_error_code(session), SSH_REQUEST_DENIED);