Added API function ssh_channel_open_forward_port that is the same as
ssh_channel_accept_forward with the addition to determine the
originator address and port
Signed-off-by: Tomas Holmqvist <tomhol@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Thanks to Harry Sintonen from WithSecure for pointing this out.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
In certificate authentication with OpenSSH 8.0, the SHA2 signatures were
not accepted correctly [1]. This was not an issue up until the OpenSSH
8.8p1, which does no longer allow SHA1 signatures by default so this
broke the CI and tests against the new OpenSSH [2].
Fixes!107
[1] https://bugzilla.mindrot.org/show_bug.cgi?id=3016
[2] https://gitlab.com/libssh/libssh-mirror/-/issues/107
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Calling some channel procedures on a freed channel is always resulting
in segmentation fault errors. The reason is that when a channel is
freed with 'ssh_channel_do_free' procedure, its 'session' field is set
to NULL; then when a channel procedure tries to access any field of
'channel->session' structure it is effectively dereferencing a NULL
pointer.
The change fixes that behavior by adding a check which ensures that a
channel state is not SSH_CHANNEL_FLAG_FREED_LOCAL before accessing its
parent session.
Also the test suite is updated to check for the fixed errors, and the
Doxygen documentation updated accordingly.
There was a bug introduced in b0fb7d15: 'ssh_channel_poll',
'ssh_channel_poll_timeout' and 'ssh_channel_get_exit_status' would
compare the channel state to the 'SSH_CHANNEL_FLAG_FREED_LOCAL'
constant to check if the channel is alive. But the procedures must
check the channel flags for the presence of
'SSH_CHANNEL_FLAG_FREED_LOCAL' bits instead. This change fixes the
bug.
Signed-off-by: Artyom V. Poptsov <poptsov.artyom@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
We do not use SHA1 as it is disabled in many systems
Verifies CVE-2021-3634
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
The test for delayed close asks for the execution of a command that
generates big output (larger than the default window) to make data to
remain in buffers while the close message arrives, triggering the
delayed channel closure.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
The test checks if the client can handle the error returned by the
server when the maximum number of channel sessions is exceeded.
Fixes T239
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
The test might fail if there is a local configuration file that changes
the location of the known_hosts file. The test should not be affected
by configuration files present in the testing environment.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
The test checks if a command appended to the file path is not executed.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
determines if public keys must be loaded in pkcs #11 tokens or not.
tests: Adds the load_public parameter in all files where torture_setup_tokens() was used.
Signed-off-by: Sahana Prasad <sahana@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
This adds testcases for the regression introduced in 3bad0607.
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
The OpenSSH 7.4 or 7.6 in Ubuntu and CentOS 7 does not support SHA2
RSA certificates and libssh automatically falls back to SHA1, which
is not allowed by default.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
If the library is not initialized, SSH_ERROR is returned and the error
message is set properly.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Verify the error code returned by kill() in torture_terminate_process().
The error code is raised when killing the process failed.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
The SFTP files wouldn't be closed during the rekey tests leading to
memory leak.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
as nothing really sets these keys up and they are probably preserverd
from some previous test, which is really not a good testing strategy.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Test if the file name is correctly escaped to avoid protocol message
injection.
Fixes T189
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Do not process system-wide configuration when reinitializing a session
during testing. This could lead to different settings set from the
expected one (which was initialized during test setup).
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Previously, the tests were sharing the same file path to create the
known_hosts file, which can create a race condition if the tests run in
parallel. Such file was deleted between tests.
By using different different files for each test, the risk of race
conditions is eliminated. Moreover, it makes unnecessary to destroy the
file between tests.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Previously, if the path to known_hosts file set through
SSH_OPTIONS_KNOWNHOSTS included missing directories,
ssh_session_update_known_hosts() would fail. The added test case checks
that this is not the case anymore.
The logic of checking if the directory is accessible before creating it
was replaced by creating the directory if opening the file failed. This
is to minimize the risk of TOCTOU race conditions.
Fixes: T166
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Added a test case where invalid global requests are sent to the server
which should reject them, but not stop working.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
In torture_rekey_time(), "long long" was used instead of uint32_t. This
makes the test to fail in some architectures where the sizes don't match.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Also systematically use assert_ssh_return_code() instead of various
checks for return codes.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Skip tests using non allowed algorithms.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Use only allowed algorithms if in FIPS mode.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
When running in FIPS mode, skip the tests using algorithms not allowed.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
If in FIPS mode, skip tests which require algorithms not allowed. Also
use allowed algorithms when possible to avoid skipping the test.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
OpenSSH agent has a bug which makes it to not use SHA2 in signatures
when using certificates. It always uses SHA1.
See https://gitlab.com/libssh/libssh-mirror/merge_requests/34
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
