server: Use default methods instead of all

Previously, when no methods were set, the server would enable all supported methods. This changes this behaviour by setting only the default methods. The server in pkd_daemon.c was changed to set explicitly all the supported methods to keep the previous behaviour. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-05-22 19:01:18 +02:00 · 2019-05-22 19:01:18 +02:00 · dc35bbbeb1
--- a/src/server.c
+++ b/src/server.c
@ -142,7 +142,7 @@ int server_set_kex(ssh_session session)
    if (session->opts.wanted_methods[SSH_HOSTKEYS]) {
        allowed = session->opts.wanted_methods[SSH_HOSTKEYS];
    } else {
-        allowed = ssh_kex_get_supported_method(SSH_HOSTKEYS);
+        allowed = ssh_kex_get_default_methods(SSH_HOSTKEYS);
    }

    /* It is expected for the list of allowed hostkeys to be ordered by
@ -164,7 +164,7 @@ int server_set_kex(ssh_session session)

    for (i = 0; i < 10; i++) {
        if ((wanted = session->opts.wanted_methods[i]) == NULL) {
-            wanted = ssh_kex_get_supported_method(i);
+            wanted = ssh_kex_get_default_methods(i);
        }
        server->methods[i] = strdup(wanted);
        if (server->methods[i] == NULL) {
--- a/tests/pkd/pkd_daemon.c
+++ b/tests/pkd/pkd_daemon.c
@ -249,6 +249,7 @@ static int pkd_exec_hello(int fd, struct pkd_daemon_args *args)
    const char *default_kex = NULL;
    char *all_kex = NULL;
    size_t kex_len = 0;
+    const char *all_ciphers = NULL;
    const uint64_t rekey_data_limit = args->rekey_data_limit;

    pkd_state.eof_received = 0;
@ -306,6 +307,21 @@ static int pkd_exec_hello(int fd, struct pkd_daemon_args *args)
        goto outclose;
    }

+    /* Enable all supported ciphers */
+    all_ciphers = ssh_kex_get_supported_method(SSH_CRYPT_C_S);
+    rc = ssh_bind_options_set(b, SSH_BIND_OPTIONS_CIPHERS_C_S, all_ciphers);
+    if (rc != 0) {
+        pkderr("ssh_bind_options_set Ciphers C-S: %s\n", ssh_get_error(b));
+        goto outclose;
+    }
+
+    all_ciphers = ssh_kex_get_supported_method(SSH_CRYPT_S_C);
+    rc = ssh_bind_options_set(b, SSH_BIND_OPTIONS_CIPHERS_S_C, all_ciphers);
+    if (rc != 0) {
+        pkderr("ssh_bind_options_set Ciphers S-C: %s\n", ssh_get_error(b));
+        goto outclose;
+    }
+
    s = ssh_new();
    if (s == NULL) {
        pkderr("ssh_new\n");