lib/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2025-12-14 04:18:54 +03:00
Code Activity

feat: add option to read user-supplied key string in ssh_bind_options_set()

Browse Source 
Signed-off-by: Debanga Sarma <deb737@proton.me>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
This commit is contained in:
Debanga Sarma
2024-04-09 22:04:35 +05:30
committed by Jakub Jelen
parent d34bfdab69
commit 2daf3dc4a8
2 changed files with 47 additions and 69 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
include/libssh/server.h
View File

@@ -58,6 +58,7 @@ enum ssh_bind_options_e {
SSH_BIND_OPTIONS_PROCESS_CONFIG, SSH_BIND_OPTIONS_PROCESS_CONFIG,
SSH_BIND_OPTIONS_MODULI, SSH_BIND_OPTIONS_MODULI,
SSH_BIND_OPTIONS_RSA_MIN_SIZE, SSH_BIND_OPTIONS_RSA_MIN_SIZE,
SSH_BIND_OPTIONS_IMPORT_KEY_STR,
}; };
typedef struct ssh_bind_struct* ssh_bind; typedef struct ssh_bind_struct* ssh_bind;

81
src/options.c
View File

@@ -2048,6 +2048,10 @@ static int ssh_bind_set_algo(ssh_bind sshbind,
* Set the Private Key for the server directly * Set the Private Key for the server directly
* (ssh_key). It will be free'd by ssh_bind_free(). * (ssh_key). It will be free'd by ssh_bind_free().
* *
* - SSH_BIND_OPTIONS_IMPORT_KEY_STR:
* Set the Private key for the server from a
* base64 encoded buffer (const char *).
*
* - SSH_BIND_OPTIONS_CIPHERS_C_S: * - SSH_BIND_OPTIONS_CIPHERS_C_S:
* Set the symmetric cipher client to server * Set the symmetric cipher client to server
* (const char *, comma-separated list). * (const char *, comma-separated list).
@@ -2137,29 +2141,46 @@ ssh_bind_options_set(ssh_bind sshbind,
case SSH_BIND_OPTIONS_ECDSAKEY: case SSH_BIND_OPTIONS_ECDSAKEY:
/* deprecated */ /* deprecated */
case SSH_BIND_OPTIONS_HOSTKEY: case SSH_BIND_OPTIONS_HOSTKEY:
case SSH_BIND_OPTIONS_IMPORT_KEY:
case SSH_BIND_OPTIONS_IMPORT_KEY_STR:
if (value == NULL) { if (value == NULL) {
ssh_set_error_invalid(sshbind); ssh_set_error_invalid(sshbind);
return -1; return -1;
} else { } else {
int key_type; int key_type;
ssh_key key;
ssh_key *bind_key_loc = NULL; ssh_key *bind_key_loc = NULL;
char **bind_key_path_loc; ssh_key key = NULL;
char **bind_key_path_loc = NULL;
if (type == SSH_BIND_OPTIONS_IMPORT_KEY_STR) {
const char *key_str = (const char *)value;
rc = ssh_pki_import_privkey_base64(key_str,
NULL,
NULL,
NULL,
&key);
if (rc == SSH_ERROR) {
ssh_set_error(sshbind,
SSH_FATAL,
"Failed to import key from buffer");
return -1;
}
} else if (type == SSH_BIND_OPTIONS_IMPORT_KEY) {
key = (ssh_key)value;
} else {
rc = ssh_pki_import_privkey_file(value, NULL, NULL, NULL, &key); rc = ssh_pki_import_privkey_file(value, NULL, NULL, NULL, &key);
if (rc != SSH_OK) { if (rc != SSH_OK) {
return -1; return -1;
} }
}
allowed = ssh_bind_key_size_allowed(sshbind, key); allowed = ssh_bind_key_size_allowed(sshbind, key);
if (!allowed) { if (!allowed) {
ssh_set_error(sshbind, ssh_set_error(sshbind,
SSH_FATAL, SSH_FATAL,
"The host key size %d is too small.", "The host key size %d is too small.",
ssh_key_size(key)); ssh_key_size(key));
ssh_key_free(key);
return -1; return -1;
} }
key_type = ssh_key_type(key); key_type = ssh_key_type(key);
switch (key_type) { switch (key_type) {
case SSH_KEYTYPE_ECDSA_P256: case SSH_KEYTYPE_ECDSA_P256:
@@ -2189,12 +2210,13 @@ ssh_bind_options_set(ssh_bind sshbind,
"Unsupported key type %d", "Unsupported key type %d",
key_type); key_type);
} }
if (type == SSH_BIND_OPTIONS_RSAKEY ||
type == SSH_BIND_OPTIONS_ECDSAKEY ||
type == SSH_BIND_OPTIONS_HOSTKEY) {
if (bind_key_loc == NULL) { if (bind_key_loc == NULL) {
ssh_key_free(key); ssh_key_free(key);
return -1; return -1;
} }
/* Set the location of the key on disk even though we don't /* Set the location of the key on disk even though we don't
need it in case some other function wants it */ need it in case some other function wants it */
rc = ssh_bind_set_key(sshbind, bind_key_path_loc, value); rc = ssh_bind_set_key(sshbind, bind_key_path_loc, value);
@@ -2202,56 +2224,11 @@ ssh_bind_options_set(ssh_bind sshbind,
ssh_key_free(key); ssh_key_free(key);
return -1; return -1;
} }
ssh_key_free(*bind_key_loc);
*bind_key_loc = key;
}
break;
case SSH_BIND_OPTIONS_IMPORT_KEY:
if (value == NULL) {
ssh_set_error_invalid(sshbind);
return -1;
} else { } else {
int key_type; if (bind_key_loc == NULL) {
ssh_key *bind_key_loc = NULL;
ssh_key key = (ssh_key)value;
allowed = ssh_bind_key_size_allowed(sshbind, key);
if (!allowed) {
ssh_set_error(sshbind,
SSH_FATAL,
"The host key size %d is too small.",
ssh_key_size(key));
return -1; return -1;
} }
key_type = ssh_key_type(key);
switch (key_type) {
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
#ifdef HAVE_ECC
bind_key_loc = &sshbind->ecdsa;
#else
ssh_set_error(sshbind,
SSH_FATAL,
"ECDSA key used and libssh compiled "
"without ECDSA support");
#endif
break;
case SSH_KEYTYPE_RSA:
bind_key_loc = &sshbind->rsa;
break;
case SSH_KEYTYPE_ED25519:
bind_key_loc = &sshbind->ed25519;
break;
default:
ssh_set_error(sshbind,
SSH_FATAL,
"Unsupported key type %d",
key_type);
} }
if (bind_key_loc == NULL)
return -1;
ssh_key_free(*bind_key_loc); ssh_key_free(*bind_key_loc);
*bind_key_loc = key; *bind_key_loc = key;
} }