lib/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2025-08-01 11:26:52 +03:00
Code Activity

feat: implement proxy jump using libssh

Browse Source 
tests: modify proxyjump tests to check for ssh_jump_info_struct

tests: add proxyjump functionality test

feat: add SSH_OPTIONS_PROXYJUMP

tests: proxyjump, check authentication

fix: ssh_socket_connect_proxyjump add exit label to exit on error

feat: implement io forwarding using pthread

feat: proxyjump: use threading instead of forking

feat: proxyjump: cancel forwarding threads on ssh_disconnect

fix: proxyjump remove ProxyJump bool and put pthread ifdefs

feat: use ssh_event for io forwarding instead of threads

reformat: tests to use assert_int_not_equal

fix: link to pthread

refactor: make function to free proxy jump list

docs: add comment for proxy jump channel

feat: add env variable to enable libssh proxy jump

feat: open channel for proxyjump like OpenSSH

feat: add more tests for proxy jump

fix: use a global variable to close io forwarding, this prevents segfaults

fix: handle proxy list in thread without creating copy
Signed-off-by: Gauravsingh Sisodia <xaerru@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Eshan Kelkar <eshankelkar@galorithm.com>
This commit is contained in:
Gauravsingh Sisodia
2024-02-28 17:20:52 +00:00
committed by Sahana Prasad
parent fe53cdfabd
commit 6d1ed76c7a
20 changed files with 1006 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
tests/client/CMakeLists.txt
View File

@ -33,6 +33,12 @@ if (WITH_PKCS11_URI)
torture_auth_pkcs11)
endif()
if (HAVE_PTHREAD)
set(LIBSSH_CLIENT_TESTS
${LIBSSH_CLIENT_TESTS}
torture_proxyjump)
endif()
if (DEFAULT_C_NO_DEPRECATION_FLAGS)
set_source_files_properties(torture_knownhosts.c
PROPERTIES

6
tests/client/torture_proxycommand.c
View File

@ -93,7 +93,7 @@ static void torture_options_set_proxycommand(void **state)
#ifdef WITH_EXEC
assert_ssh_return_code(session, rc);
fd = ssh_get_fd(session);
assert_true(fd != SSH_INVALID_SOCKET);
assert_int_not_equal(fd, SSH_INVALID_SOCKET);
rc = fcntl(fd, F_GETFL);
assert_int_equal(rc & O_RDWR, O_RDWR);
#else
@ -145,7 +145,7 @@ static void torture_options_set_proxycommand_ssh(void **state)
#ifdef WITH_EXEC
assert_ssh_return_code(session, rc);
fd = ssh_get_fd(session);
assert_true(fd != SSH_INVALID_SOCKET);
assert_int_not_equal(fd, SSH_INVALID_SOCKET);
rc = fcntl(fd, F_GETFL);
assert_int_equal(rc & O_RDWR, O_RDWR);
#else
@ -176,7 +176,7 @@ static void torture_options_set_proxycommand_ssh_stderr(void **state)
#ifdef WITH_EXEC
assert_ssh_return_code(session, rc);
fd = ssh_get_fd(session);
assert_true(fd != SSH_INVALID_SOCKET);
assert_int_not_equal(fd, SSH_INVALID_SOCKET);
rc = fcntl(fd, F_GETFL);
assert_int_equal(rc & O_RDWR, O_RDWR);
#else

222
tests/client/torture_proxyjump.c Normal file
View File

@ -0,0 +1,222 @@
#include "config.h"
#define LIBSSH_STATIC
#include "torture.h"
#include <libssh/libssh.h>
#include <pwd.h>
#include <errno.h>
#include <fcntl.h>
static int
sshd_setup(void **state)
{
torture_setup_sshd_server(state, false);
return 0;
}
static int
sshd_teardown(void **state)
{
torture_teardown_sshd_server(state);
return 0;
}
static int
session_setup(void **state)
{
struct torture_state *s = *state;
int verbosity = torture_libssh_verbosity();
struct passwd *pwd = NULL;
int rc;
bool b = false;
pwd = getpwnam("bob");
assert_non_null(pwd);
rc = setuid(pwd->pw_uid);
assert_return_code(rc, errno);
s->ssh.session = ssh_new();
assert_non_null(s->ssh.session);
rc = ssh_options_set(s->ssh.session, SSH_OPTIONS_LOG_VERBOSITY, &verbosity);
assert_ssh_return_code(s->ssh.session, rc);
rc = ssh_options_set(s->ssh.session, SSH_OPTIONS_HOST, TORTURE_SSH_SERVER);
assert_ssh_return_code(s->ssh.session, rc);
rc = ssh_options_set(s->ssh.session,
SSH_OPTIONS_USER,
TORTURE_SSH_USER_ALICE);
assert_ssh_return_code(s->ssh.session, rc);
/* Make sure no other configuration options from system will get used */
rc = ssh_options_set(s->ssh.session, SSH_OPTIONS_PROCESS_CONFIG, &b);
assert_ssh_return_code(s->ssh.session, rc);
unsetenv("SSH_AUTH_SOCK");
unsetenv("SSH_AGENT_PID");
return 0;
}
static int
session_teardown(void **state)
{
struct torture_state *s = *state;
ssh_disconnect(s->ssh.session);
ssh_free(s->ssh.session);
return 0;
}
static void
torture_proxyjump_single_jump(void **state)
{
struct torture_state *s = *state;
ssh_session session = s->ssh.session;
char proxyjump_buf[500] = {0};
const char *address = torture_server_address(AF_INET);
int rc;
socket_t fd;
rc = snprintf(proxyjump_buf, sizeof(proxyjump_buf), "alice@%s:22", address);
if (rc < 0 || rc >= (int)sizeof(proxyjump_buf)) {
fail_msg("snprintf failed");
}
rc = ssh_options_set(session, SSH_OPTIONS_PROXYJUMP, proxyjump_buf);
assert_ssh_return_code(session, rc);
rc = ssh_connect(session);
assert_ssh_return_code(session, rc);
fd = ssh_get_fd(session);
assert_int_not_equal(fd, SSH_INVALID_SOCKET);
rc = fcntl(fd, F_GETFL);
assert_int_equal(rc & O_RDWR, O_RDWR);
rc = ssh_userauth_publickey_auto(session, NULL, NULL);
assert_int_equal(rc, SSH_AUTH_SUCCESS);
}
static int
before_connection(ssh_session jump_session, void *user)
{
(void)jump_session;
(void)user;
return 0;
}
static int
verify_knownhost(ssh_session jump_session, void *user)
{
(void)jump_session;
(void)user;
return 0;
}
static int
authenticate(ssh_session jump_session, void *user)
{
(void)user;
return ssh_userauth_publickey_auto(jump_session, NULL, NULL);
}
static void
torture_proxyjump_multiple_jump(void **state)
{
struct torture_state *s = *state;
ssh_session session = s->ssh.session;
char proxyjump_buf[500] = {0};
const char *address = torture_server_address(AF_INET);
int rc;
socket_t fd;
struct ssh_jump_callbacks_struct c = {
.before_connection = before_connection,
.verify_knownhost = verify_knownhost,
.authenticate = authenticate
};
rc = snprintf(proxyjump_buf,
sizeof(proxyjump_buf),
"alice@%s:22,alice@%s:22",
address,
address);
if (rc < 0 || rc >= (int)sizeof(proxyjump_buf)) {
fail_msg("snprintf failed");
}
rc = ssh_options_set(session, SSH_OPTIONS_PROXYJUMP, proxyjump_buf);
assert_ssh_return_code(session, rc);
rc = ssh_options_set(session, SSH_OPTIONS_PROXYJUMP_CB_LIST_APPEND, &c);
assert_ssh_return_code(session, rc);
rc = ssh_options_set(session, SSH_OPTIONS_PROXYJUMP_CB_LIST_APPEND, &c);
assert_ssh_return_code(session, rc);
rc = ssh_connect(session);
assert_ssh_return_code(session, rc);
fd = ssh_get_fd(session);
assert_int_not_equal(fd, SSH_INVALID_SOCKET);
rc = fcntl(fd, F_GETFL);
assert_int_equal(rc & O_RDWR, O_RDWR);
rc = ssh_userauth_publickey_auto(session, NULL, NULL);
assert_int_equal(rc, SSH_AUTH_SUCCESS);
}
static void
torture_proxyjump_invalid_jump(void **state)
{
struct torture_state *s = *state;
ssh_session session = s->ssh.session;
char proxyjump_buf[500] = {0};
const char *address = torture_server_address(AF_INET);
int rc;
rc = snprintf(proxyjump_buf,
sizeof(proxyjump_buf),
"doesnotexist@%s:54",
address);
if (rc < 0 || rc >= (int)sizeof(proxyjump_buf)) {
fail_msg("snprintf failed");
}
rc = ssh_options_set(session, SSH_OPTIONS_PROXYJUMP, proxyjump_buf);
assert_ssh_return_code(session, rc);
rc = ssh_connect(session);
assert_ssh_return_code_equal(session, rc, SSH_ERROR);
}
int
torture_run_tests(void)
{
int rc;
struct CMUnitTest tests[] = {
cmocka_unit_test_setup_teardown(torture_proxyjump_single_jump,
session_setup,
session_teardown),
cmocka_unit_test_setup_teardown(torture_proxyjump_multiple_jump,
session_setup,
session_teardown),
cmocka_unit_test_setup_teardown(torture_proxyjump_invalid_jump,
session_setup,
session_teardown),
};
ssh_init();
torture_filter_tests(tests);
rc = cmocka_run_group_tests(tests, sshd_setup, sshd_teardown);
ssh_finalize();
return rc;
}