1
1
Граф коммитов

5515 Коммитов

Автор SHA1 Сообщение Дата
tatataeki
332f1c2e09 sftp: fix the length calculation of packet in sftp_write
Signed-off-by: tatataeki <shengzeyu19_98@163.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2022-06-29 18:29:26 +02:00
Andreas Schneider
63e09908f1 poll: Document errno will be set for ssh_event_dopoll()
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2022-06-23 12:35:39 +02:00
Andreas Schneider
b34f8e6efa tests:client: Add a non-blocking publickey test
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2022-06-23 12:22:44 +02:00
Andreas Schneider
ab07668d54 tests:client: Add a publickey test
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2022-06-23 12:22:43 +02:00
Andreas Schneider
f6ad8057a7 auth: Fix error returned in ssh_userauth_try_publickey()
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2022-06-23 12:22:41 +02:00
Wez Furlong
51a53cc6d4 add support for identityagent ssh_config option
This commit adds an `agent_socket` field to the session options
and connects the config parser to that option.

`SSH_OPTIONS_IDENTITY_AGENT` is added to allow applications to
set this option for themselves.

agent.c is updated to take the `agent_socket` value in preference
to the `SSH_AUTH_SOCK` environment variable.

Signed-off-by: Wez Furlong <wez@fb.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2022-06-22 13:56:14 +02:00
Wez Furlong
899ec9e519 Enable ssh agent authentication on Windows
Windows has supported unix domain sockets for a couple of years
now; see this article for more information about that:
<https://devblogs.microsoft.com/commandline/af_unix-comes-to-windows/>

This commit allows libssh to consider using agent authentication
on Windows systems.

It is mostly removing `#ifndef _WIN32` that prevented the unix
domain socket code from being compiled in, and adjusting the use
of `read(2)` and `write(2)` to `recv(2)` and `send(2)`, as the former
functions are not compatible with sockets on Windows systems.

For mingw systems, afunix.h isn't available so we use the
technique as was used to resolve building with mingw as used
by the curl project in: https://github.com/curl/curl/pull/5170

Signed-off-by: Wez Furlong <wez@fb.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2022-06-22 13:56:14 +02:00
Andreas Schneider
7bcc2d83a4 packet: Fix ssh_packet_socket_callback() return value
According to the documentation the return value is the number of
processed bytes, so the returned value is never negative. We should not
use ssize_t in public headers as it isn't available on Windows! We only
have it defined in priv.h!

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2022-06-22 12:28:30 +02:00
Andreas Schneider
2ba4b51e0f include: Add missing include for ssh_socket_callbacks_struct
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2022-06-22 12:28:30 +02:00
Andreas Schneider
1be117b351 gitlab-ci: Remove 'allow_failure' for visualstudio
This has been fixed already.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2022-06-22 12:28:28 +02:00
Jakub Jelen
bdeb7418c5 ci: Build benchmarks to catch more errors
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2022-06-20 12:03:11 +02:00
Jakub Jelen
f18cc433db benchmark: Add explicit extension
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2022-06-20 12:00:03 +02:00
Andreas Schneider
65256ad5f6 crypto: Use stdint types and make code more readable of secure_memcmp()
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2022-06-20 09:18:59 +02:00
Carlo Bramini
86057e60f2 CYGWIN provides an implemention of libargp as a separate package:
https://cygwin.com/cgi-bin2/package-grep.cgi?grep=libargp&arch=x86_64

The current CMakeLists.txt already provides the detection of this library for BSD/SOLARIS/OSX, so CYGWIN can be easily added there for support.

Signed-off-by: Carlo Bramini <carlo_bramini@users.sourceforge.net>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2022-06-20 09:15:37 +02:00
Andreas Schneider
a889527c1b libsshpp: Fix openForward to not set sourcehost to NULL by default
This parameter is required.

Fixes #25

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2022-06-15 16:19:56 +02:00
Andreas Schneider
ca51565056 options: Document that the caller needs to close the socket
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2022-06-15 16:08:41 +02:00
Andreas Schneider
4b20d7ad18 client: Do not close the socket if it was set via options
Fixes #122

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2022-06-15 16:08:41 +02:00
Norbert Pocs
442599f0d1 Fix type mismatch warnings
Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2022-06-15 14:47:06 +02:00
Norbert Pocs
eb9dc8cfc4 Add errno reset with strtoul call
Contaminated errno can happen before strtoul call, thereofore
cleaning it before the call.
The errno is not used for checking later in code if fail happens,
therefore cleaning it right after error.

Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2022-06-09 16:46:49 +02:00
Jakub Jelen
07f4d5e723 Document poll failures
Resolved: https://gitlab.com/libssh/libssh-mirror/-/issues/46
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2022-06-09 09:08:02 +02:00
Jakub Jelen
c9263dea2b Deprecate API functions handling old key structures
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2022-06-09 09:08:02 +02:00
Jakub Jelen
e0bceea815 Remove duplicate function in headers files
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2022-06-09 09:08:02 +02:00
Jakub Jelen
7bd850ab36 Remove bogus semicolons
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2022-06-09 09:08:02 +02:00
Sahana Prasad
4b3a6342db Deprecate duplicate/ unused functions
and fix obvious naming mistakes, mostly in documentation

Signed-off-by: Sahana Prasad <sahana@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2022-06-09 09:08:02 +02:00
Jakub Jelen
2aa137947a Reformat most of the function headers
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2022-06-09 09:08:02 +02:00
Jakub Jelen
daabd78742 Remove remaining mentions of SSH-v1 protocol
also remove anything mentioning limitation to SSHv2 as it is the only
protocol supported these days.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2022-06-09 09:08:02 +02:00
Jakub Jelen
1d238694e7 Improve documentation by mentioning the free functions
Related: https://gitlab.com/libssh/libssh-mirror/-/issues/3
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2022-06-09 09:08:02 +02:00
Jakub Jelen
6623856e08 tests: Try to test signals handling (and fail)
The cmocka captures all signals so I was not able to reproduce the code
path. But leaving the code in for future readers.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2022-06-09 09:08:02 +02:00
Jakub Jelen
9e03bf9f1e bind: Return different error if accept was interrupted
Fixes: https://gitlab.com/libssh/libssh-mirror/-/issues/13
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2022-06-09 09:08:02 +02:00
Jakub Jelen
b312d4681e Move ssh_key_dup to public API
Fixes: https://gitlab.com/libssh/libssh-mirror/-/issues/15
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2022-06-09 09:08:02 +02:00
Jakub Jelen
254bfd6d73 ssh_x11_client: Fix coverity reports
Thanks coverity

Fixes:
 * CID 1488472:  Security best practices violations  (STRING_OVERFLOW)
 * CID 1488471:  Error handling issues  (CHECKED_RETURN)
 * CID 1472029:  Error handling issues  (NEGATIVE_RETURNS)

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2022-06-09 09:08:02 +02:00
Jakub Jelen
2420e4a981 cmake: Move the ws2_32 as the last library for mingw to work
Fixes: https://gitlab.com/libssh/libssh-mirror/-/issues/84
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2022-06-09 09:08:02 +02:00
Carlo Bramini
b4d532b809 Don't set "-fstack-clash-protection" option on Windows
Signed-off-by: Carlo Bramini <carlo_bramini@users.sourceforge.net>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2022-06-08 09:06:42 +02:00
Carlo Bramini
79ad989cf4 keygen2 requires also ${ARGP_LIBRARY}
Signed-off-by: Carlo Bramini <carlo_bramini@users.sourceforge.net>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2022-06-08 09:06:42 +02:00
Jakub Jelen
100017982d Avoid usage of deprecated functions and whitespace cleanup
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2022-06-07 14:16:59 +02:00
Tomas Holmqvist
dd318aa1a1 channels: Add originator to ssh_channel_accept
Added API function ssh_channel_open_forward_port that is the same as
ssh_channel_accept_forward with the addition to determine the
originator address and port

Signed-off-by: Tomas Holmqvist <tomhol@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2022-06-07 14:16:59 +02:00
Andreas Schneider
fef0b3208a Fix editorconfig
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2022-05-23 10:14:18 +02:00
Jakub Jelen
ddd0367e9c Do not accept signatures not meeting size requirements
Thanks to Harry Sintonen from WithSecure for pointing this out.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2022-05-12 09:13:51 +02:00
Jakub Jelen
41b4d50e52 Allow limiting RSA Key size also for server
Thanks to Harry Sintonen from WithSecure for pointing this out.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2022-05-12 09:13:49 +02:00
Jakub Jelen
b408f5724a Allow limiting RSA key size used for authentication
Thanks to Harry Sintonen from WithSecure for pointing this out.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2022-05-12 09:13:45 +02:00
Jakub Jelen
1c0372e0aa pki: Implement ssh_key_size to get key size in bits
Thanks to Harry Sintonen from WithSecure for pointing this out.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2022-05-12 09:13:38 +02:00
Jakub Jelen
8b9b45066b Generate new 2k certificate key working in FIPS
The original key had 2018 bits, which falls short for current security
requirements

Steps I used:

$ ssh-keygen -f tests/keys/certauth/id_rsa -t rsa -b 2048 -C libssh_torture_auth -N ''
$ ssh-keygen -s tests/keys/user_ca -I torture_auth_carlos -n alice ./tests/keys/certauth/id_rsa.pub

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2022-05-12 09:13:38 +02:00
Jakub Jelen
97a03083ba unsorted formatting cleanup
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2022-05-10 12:39:26 +02:00
Marco Fortina
88bc364c05 examples: Add 'ssh X11 client' sample
Signed-off-by: Marco Fortina <marco.fortina@atlantica.it>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2022-05-02 20:06:22 +02:00
Junda Ai
41e2d17119 Fix multiple spelling and grammar mistakes
Signed-off-by: Junda Ai <aijunda29@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2022-05-02 19:05:51 +02:00
Dhanuka Warusadura
3084b2bc41 trivial fix: Fixes some spelling errors
Signed-off-by: Dhanuka Warusadura <csx@tuta.io>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2022-04-19 15:55:49 +02:00
Anh Minh Tran
af9018ce13 Solve issue #113 "Remove unneeded configuration options not supported by OpenSSH anymore"
Remove config options: protocol, mac, cipher, compressionlevel,
gssapikeyexchange,
gssapirenewalforcesrekey,
gssapitrustdns,
rhostsrsaauthentication,
rsaauthentication,
useprivilegedport,
pubkeyacceptedtypes
since they are not supported by OpenSSH

Rename some config options:
hostbasedkeytypes, challengeresponseauthentication and pubkeyacceptedkeytypes
to hosbasedacceptedalgorithms, kdbinteractiveauthentication and pubkeyacceptedalgorithms
to be consistent with the OpenSSH manual https://man.openbsd.org/sshd_config.
Keep pubkeyacceptedkeytypes for backward compatibility.
Rename SOC_PUBKEYACCEPTEDTYPES to SOC_PUBKEYACCEPTEDKEYTYPES in config.h

Update unittests/torture_config.c and unittests/torture_options.c

Signed-off-by: Anh Minh Tran <anhminh@seznam.cz>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2022-04-14 11:47:14 +02:00
Gene Oden
196fe36971 knownhosts, config: Avoid using MT-unsafe implementations of strtok()
Use the POSIX strtok_r() or equivalent implementations to resolve.

Thanks to @wez1 for the early review.

Fixes #104

Signed-off-by: Gene Oden <goden@fb.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2022-03-16 07:45:34 -07:00
Norbert Pocs
b5ce8fa96a Fix fips mode check in openssl3
FIPS_mode function is no longer supported in openssl version 3

Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2022-03-09 16:48:43 +01:00
Jakub Jelen
70d3760daa tests: Reproducer for usage of NULL sshdir
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2022-02-15 12:41:35 +01:00