lib/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2025-12-14 04:18:54 +03:00
Code Activity

Add support for more options in ssh_options_get()

Browse Source 
Signed-off-by: Adam Kerrison <adam_kerrison@bmc.com>
Squashed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
This commit is contained in:
Adam Kerrison
2023-07-04 12:27:28 +01:00
committed by Jakub Jelen
parent d2a8a464a7
commit 74a8d271ad
3 changed files with 472 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
include/libssh/options.h
View File

@@ -33,6 +33,8 @@ int ssh_options_set_algo(ssh_session session,
char **place); char **place);
int ssh_options_apply(ssh_session session); int ssh_options_apply(ssh_session session);
char *ssh_options_get_algo(ssh_session session, enum ssh_kex_types_e algo);
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif

139
src/options.c
View File

@@ -1290,6 +1290,46 @@ int ssh_options_set(ssh_session session, enum ssh_options_e type,
return 0; return 0;
} }
/**
* @brief This function returns the current algorithms used for algorithm
* negotiation. It is either libssh default, option manually set or option
* read from configuration file.
*
* This function will return NULL on error
*
* @param session An allocated SSH session structure.
* @param algo One of the ssh_kex_types_e values.
*/
char *ssh_options_get_algo(ssh_session session,
enum ssh_kex_types_e algo)
{
char *value = NULL;
/* Check session and algo values are valid */
if (session == NULL) {
return NULL;
}
if (algo >= SSH_LANG_C_S) {
ssh_set_error_invalid(session);
return NULL;
}
/* Get the option the user has set, if there is one */
value = session->opts.wanted_methods[algo];
if (value == NULL) {
/* The user has not set a value, return the appropriate default */
if (ssh_fips_mode())
value = (char *)ssh_kex_get_fips_methods(algo);
else
value = (char *)ssh_kex_get_default_methods(algo);
}
return value;
}
/** /**
* @brief This function can get ssh the ssh port. It must only be used on * @brief This function can get ssh the ssh port. It must only be used on
* a valid ssh session. This function is useful when the session * a valid ssh session. This function is useful when the session
@@ -1356,7 +1396,44 @@ int ssh_options_get_port(ssh_session session, unsigned int* port_target) {
* Get the path to the known_hosts file being used. * Get the path to the known_hosts file being used.
* *
* - SSH_OPTIONS_CONTROL_PATH: * - SSH_OPTIONS_CONTROL_PATH:
* Get the path to the control socket being used for connection multiplexing. * Get the path to the control socket being used for connection
* multiplexing.
*
* - SSH_OPTIONS_KEY_EXCHANGE:
* Get the key exchange methods to be used. If the option has
* not been set, returns the defaults.
*
* - SSH_OPTIONS_HOSTKEYS:
* Get the preferred server host key types. If the option has
* not been set, returns the defaults.
*
* - SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES:
* Get the preferred public key algorithms to be used for
* authentication.
*
* - SSH_OPTIONS_CIPHERS_C_S:
* Get the symmetric cipher client to server. If the option has
* not been set, returns the defaults.
*
* - SSH_OPTIONS_CIPHERS_S_C:
* Get the symmetric cipher server to client. If the option has
* not been set, returns the defaults.
*
* - SSH_OPTIONS_HMAC_C_S:
* Get the Message Authentication Code algorithm client to server
* If the option has not been set, returns the defaults.
*
* - SSH_OPTIONS_HMAC_S_C:
* Get the Message Authentication Code algorithm server to client
* If the option has not been set, returns the defaults.
*
* - SSH_OPTIONS_COMPRESSION_C_S:
* Get the compression to use for client to server communication
* If the option has not been set, returns the defaults.
*
* - SSH_OPTIONS_COMPRESSION_S_C:
* Get the compression to use for server to client communication
* If the option has not been set, returns the defaults.
* *
* @param value The value to get into. As a char**, space will be * @param value The value to get into. As a char**, space will be
* allocated by the function for the value, it is * allocated by the function for the value, it is
@@ -1380,14 +1457,14 @@ int ssh_options_get(ssh_session session, enum ssh_options_e type, char** value)
switch(type) switch(type)
{ {
case SSH_OPTIONS_HOST: { case SSH_OPTIONS_HOST:
src = session->opts.host; src = session->opts.host;
break; break;
}
case SSH_OPTIONS_USER: { case SSH_OPTIONS_USER:
src = session->opts.username; src = session->opts.username;
break; break;
}
case SSH_OPTIONS_IDENTITY: { case SSH_OPTIONS_IDENTITY: {
struct ssh_iterator *it; struct ssh_iterator *it;
it = ssh_list_get_iterator(session->opts.identity); it = ssh_list_get_iterator(session->opts.identity);
@@ -1400,22 +1477,58 @@ int ssh_options_get(ssh_session session, enum ssh_options_e type, char** value)
src = ssh_iterator_value(char *, it); src = ssh_iterator_value(char *, it);
break; break;
} }
case SSH_OPTIONS_PROXYCOMMAND: {
case SSH_OPTIONS_PROXYCOMMAND:
src = session->opts.ProxyCommand; src = session->opts.ProxyCommand;
break; break;
}
case SSH_OPTIONS_KNOWNHOSTS: { case SSH_OPTIONS_KNOWNHOSTS:
src = session->opts.knownhosts; src = session->opts.knownhosts;
break; break;
}
case SSH_OPTIONS_GLOBAL_KNOWNHOSTS: { case SSH_OPTIONS_GLOBAL_KNOWNHOSTS:
src = session->opts.global_knownhosts; src = session->opts.global_knownhosts;
break; break;
} case SSH_OPTIONS_CONTROL_PATH:
case SSH_OPTIONS_CONTROL_PATH: {
src = session->opts.control_path; src = session->opts.control_path;
break; break;
}
case SSH_OPTIONS_CIPHERS_C_S:
src = ssh_options_get_algo(session, SSH_CRYPT_C_S);
break;
case SSH_OPTIONS_CIPHERS_S_C:
src = ssh_options_get_algo(session, SSH_CRYPT_S_C);
break;
case SSH_OPTIONS_KEY_EXCHANGE:
src = ssh_options_get_algo(session, SSH_KEX);
break;
case SSH_OPTIONS_HOSTKEYS:
src = ssh_options_get_algo(session, SSH_HOSTKEYS);
break;
case SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES:
src = session->opts.pubkey_accepted_types;
break;
case SSH_OPTIONS_HMAC_C_S:
src = ssh_options_get_algo(session, SSH_MAC_C_S);
break;
case SSH_OPTIONS_HMAC_S_C:
src = ssh_options_get_algo(session, SSH_MAC_S_C);
break;
case SSH_OPTIONS_COMPRESSION_C_S:
src = ssh_options_get_algo(session, SSH_COMP_C_S);
break;
case SSH_OPTIONS_COMPRESSION_S_C:
src = ssh_options_get_algo(session, SSH_COMP_S_C);
break;
default: default:
ssh_set_error(session, SSH_REQUEST_DENIED, "Unknown ssh option %d", type); ssh_set_error(session, SSH_REQUEST_DENIED, "Unknown ssh option %d", type);
return SSH_ERROR; return SSH_ERROR;

361
tests/unittests/torture_options.c
View File

@@ -98,7 +98,7 @@ static void torture_options_set_ciphers(void **state) {
/* Test known ciphers */ /* Test known ciphers */
rc = ssh_options_set(session, SSH_OPTIONS_CIPHERS_C_S, rc = ssh_options_set(session, SSH_OPTIONS_CIPHERS_C_S,
"aes128-ctr,aes192-ctr,aes256-ctr"); "aes128-ctr,aes192-ctr,aes256-ctr");
assert_true(rc == 0); assert_ssh_return_code(session, rc);
assert_non_null(session->opts.wanted_methods[SSH_CRYPT_C_S]); assert_non_null(session->opts.wanted_methods[SSH_CRYPT_C_S]);
if (ssh_fips_mode()) { if (ssh_fips_mode()) {
assert_string_equal(session->opts.wanted_methods[SSH_CRYPT_C_S], assert_string_equal(session->opts.wanted_methods[SSH_CRYPT_C_S],
@@ -111,7 +111,7 @@ static void torture_options_set_ciphers(void **state) {
/* Test one unknown cipher */ /* Test one unknown cipher */
rc = ssh_options_set(session, SSH_OPTIONS_CIPHERS_C_S, rc = ssh_options_set(session, SSH_OPTIONS_CIPHERS_C_S,
"aes128-ctr,unknown-crap@example.com,aes256-ctr"); "aes128-ctr,unknown-crap@example.com,aes256-ctr");
assert_true(rc == 0); assert_ssh_return_code(session, rc);
assert_non_null(session->opts.wanted_methods[SSH_CRYPT_C_S]); assert_non_null(session->opts.wanted_methods[SSH_CRYPT_C_S]);
assert_string_equal(session->opts.wanted_methods[SSH_CRYPT_C_S], assert_string_equal(session->opts.wanted_methods[SSH_CRYPT_C_S],
"aes128-ctr,aes256-ctr"); "aes128-ctr,aes256-ctr");
@@ -122,6 +122,53 @@ static void torture_options_set_ciphers(void **state) {
assert_false(rc == 0); assert_false(rc == 0);
} }
static void torture_options_get_ciphers(void **state)
{
ssh_session session = *state;
int rc;
char *value = NULL;
/* Test defaults returned */
rc = ssh_options_get(session, SSH_OPTIONS_CIPHERS_C_S, &value);
assert_ssh_return_code(session, rc);
assert_non_null(value);
if (ssh_fips_mode()) {
assert_string_equal(value,
"aes256-gcm@openssh.com,"
"aes256-ctr,"
"aes256-cbc,"
"aes128-gcm@openssh.com,"
"aes128-ctr,"
"aes128-cbc");
} else {
assert_string_equal(value,
"chacha20-poly1305@openssh.com,"
"aes256-gcm@openssh.com,"
"aes128-gcm@openssh.com,"
"aes256-ctr,"
"aes192-ctr,"
"aes128-ctr");
}
ssh_string_free_char(value);
/* Test explicit ciphers */
rc = ssh_options_set(session,
SSH_OPTIONS_CIPHERS_C_S,
"aes128-ctr,aes192-ctr,aes256-ctr");
assert_ssh_return_code(session, rc);
value = NULL;
rc = ssh_options_get(session, SSH_OPTIONS_CIPHERS_C_S, &value);
assert_ssh_return_code(session, rc);
assert_non_null(value);
if (ssh_fips_mode()) {
assert_string_equal(value, "aes128-ctr,aes256-ctr");
} else {
assert_string_equal(value, "aes128-ctr,aes192-ctr,aes256-ctr");
}
ssh_string_free_char(value);
}
static void torture_options_set_key_exchange(void **state) static void torture_options_set_key_exchange(void **state)
{ {
ssh_session session = *state; ssh_session session = *state;
@@ -135,7 +182,7 @@ static void torture_options_set_key_exchange(void **state)
"diffie-hellman-group18-sha512," "diffie-hellman-group18-sha512,"
"diffie-hellman-group14-sha256," "diffie-hellman-group14-sha256,"
"diffie-hellman-group14-sha1"); "diffie-hellman-group14-sha1");
assert_true(rc == 0); assert_ssh_return_code(session, rc);
assert_non_null(session->opts.wanted_methods[SSH_KEX]); assert_non_null(session->opts.wanted_methods[SSH_KEX]);
if (ssh_fips_mode()) { if (ssh_fips_mode()) {
assert_string_equal(session->opts.wanted_methods[SSH_KEX], assert_string_equal(session->opts.wanted_methods[SSH_KEX],
@@ -157,7 +204,7 @@ static void torture_options_set_key_exchange(void **state)
"diffie-hellman-group16-sha512," "diffie-hellman-group16-sha512,"
"unknown-crap@example.com," "unknown-crap@example.com,"
"diffie-hellman-group18-sha512"); "diffie-hellman-group18-sha512");
assert_true(rc == 0); assert_ssh_return_code(session, rc);
assert_non_null(session->opts.wanted_methods[SSH_KEX]); assert_non_null(session->opts.wanted_methods[SSH_KEX]);
assert_string_equal(session->opts.wanted_methods[SSH_KEX], assert_string_equal(session->opts.wanted_methods[SSH_KEX],
"diffie-hellman-group16-sha512," "diffie-hellman-group16-sha512,"
@@ -170,6 +217,66 @@ static void torture_options_set_key_exchange(void **state)
assert_false(rc == 0); assert_false(rc == 0);
} }
static void torture_options_get_key_exchange(void **state)
{
ssh_session session = *state;
int rc;
char *value = NULL;
/* Test defaults returned */
rc = ssh_options_get(session, SSH_OPTIONS_KEY_EXCHANGE, &value);
assert_ssh_return_code(session, rc);
assert_non_null(value);
if (ssh_fips_mode()) {
assert_string_equal(value,
"ecdh-sha2-nistp256,"
"ecdh-sha2-nistp384,"
"ecdh-sha2-nistp521,"
"diffie-hellman-group-exchange-sha256,"
"diffie-hellman-group14-sha256,"
"diffie-hellman-group16-sha512,"
"diffie-hellman-group18-sha512");
} else {
assert_string_equal(value,
"curve25519-sha256,curve25519-sha256@libssh.org,"
"ecdh-sha2-nistp256,ecdh-sha2-nistp384,"
"ecdh-sha2-nistp521,diffie-hellman-group18-sha512,"
"diffie-hellman-group16-sha512,"
"diffie-hellman-group-exchange-sha256,"
"diffie-hellman-group14-sha256");
}
ssh_string_free_char(value);
/* Test explicit kexes */
rc = ssh_options_set(session,
SSH_OPTIONS_KEY_EXCHANGE,
"curve25519-sha256,curve25519-sha256@libssh.org,"
"ecdh-sha2-nistp256,diffie-hellman-group16-sha512,"
"diffie-hellman-group18-sha512,"
"diffie-hellman-group14-sha256,"
"diffie-hellman-group14-sha1");
assert_ssh_return_code(session, rc);
value = NULL;
rc = ssh_options_get(session, SSH_OPTIONS_KEY_EXCHANGE, &value);
assert_ssh_return_code(session, rc);
assert_non_null(value);
if (ssh_fips_mode()) {
assert_string_equal(value,
"ecdh-sha2-nistp256,diffie-hellman-group16-sha512,"
"diffie-hellman-group18-sha512,"
"diffie-hellman-group14-sha256");
} else {
assert_string_equal(value,
"curve25519-sha256,curve25519-sha256@libssh.org,"
"ecdh-sha2-nistp256,diffie-hellman-group16-sha512,"
"diffie-hellman-group18-sha512,"
"diffie-hellman-group14-sha256,"
"diffie-hellman-group14-sha1");
}
ssh_string_free_char(value);
}
static void torture_options_set_hostkey(void **state) { static void torture_options_set_hostkey(void **state) {
ssh_session session = *state; ssh_session session = *state;
int rc; int rc;
@@ -178,7 +285,7 @@ static void torture_options_set_hostkey(void **state) {
rc = ssh_options_set(session, rc = ssh_options_set(session,
SSH_OPTIONS_HOSTKEYS, SSH_OPTIONS_HOSTKEYS,
"ssh-ed25519,ecdsa-sha2-nistp384,ssh-rsa"); "ssh-ed25519,ecdsa-sha2-nistp384,ssh-rsa");
assert_true(rc == 0); assert_ssh_return_code(session, rc);
assert_non_null(session->opts.wanted_methods[SSH_HOSTKEYS]); assert_non_null(session->opts.wanted_methods[SSH_HOSTKEYS]);
if (ssh_fips_mode()) { if (ssh_fips_mode()) {
assert_string_equal(session->opts.wanted_methods[SSH_HOSTKEYS], assert_string_equal(session->opts.wanted_methods[SSH_HOSTKEYS],
@@ -194,7 +301,7 @@ static void torture_options_set_hostkey(void **state) {
"ecdsa-sha2-nistp521," "ecdsa-sha2-nistp521,"
"unknown-crap@example.com," "unknown-crap@example.com,"
"rsa-sha2-256"); "rsa-sha2-256");
assert_true(rc == 0); assert_ssh_return_code(session, rc);
assert_non_null(session->opts.wanted_methods[SSH_HOSTKEYS]); assert_non_null(session->opts.wanted_methods[SSH_HOSTKEYS]);
assert_string_equal(session->opts.wanted_methods[SSH_HOSTKEYS], assert_string_equal(session->opts.wanted_methods[SSH_HOSTKEYS],
"ecdsa-sha2-nistp521," "ecdsa-sha2-nistp521,"
@@ -207,6 +314,61 @@ static void torture_options_set_hostkey(void **state) {
assert_false(rc == 0); assert_false(rc == 0);
} }
static void torture_options_get_hostkey(void **state)
{
ssh_session session = *state;
int rc;
char *value = NULL;
rc = ssh_options_get(session, SSH_OPTIONS_HOSTKEYS, &value);
assert_ssh_return_code(session, rc);
assert_non_null(value);
if (ssh_fips_mode()) {
assert_string_equal(value,
"ecdsa-sha2-nistp521-cert-v01@openssh.com,"
"ecdsa-sha2-nistp384-cert-v01@openssh.com,"
"ecdsa-sha2-nistp256-cert-v01@openssh.com,"
"rsa-sha2-512-cert-v01@openssh.com,"
"rsa-sha2-256-cert-v01@openssh.com,"
"ecdsa-sha2-nistp521,"
"ecdsa-sha2-nistp384,"
"ecdsa-sha2-nistp256,"
"rsa-sha2-512,"
"rsa-sha2-256");
} else {
assert_string_equal(value,
"ssh-ed25519-cert-v01@openssh.com,"
"ecdsa-sha2-nistp521-cert-v01@openssh.com,"
"ecdsa-sha2-nistp384-cert-v01@openssh.com,"
"ecdsa-sha2-nistp256-cert-v01@openssh.com,"
"sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,"
"rsa-sha2-512-cert-v01@openssh.com,"
"rsa-sha2-256-cert-v01@openssh.com,"
"ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,"
"ecdsa-sha2-nistp256,sk-ssh-ed25519@openssh.com,"
"sk-ecdsa-sha2-nistp256@openssh.com,"
"rsa-sha2-512,rsa-sha2-256");
}
ssh_string_free_char(value);
/* Test explicit host keys */
rc = ssh_options_set(session,
SSH_OPTIONS_HOSTKEYS,
"ssh-ed25519,ecdsa-sha2-nistp384,ssh-rsa");
assert_ssh_return_code(session, rc);
value = NULL;
rc = ssh_options_get(session, SSH_OPTIONS_HOSTKEYS, &value);
assert_ssh_return_code(session, rc);
assert_non_null(value);
if (ssh_fips_mode()) {
assert_string_equal(value, "ecdsa-sha2-nistp384");
} else {
assert_string_equal(value, "ssh-ed25519,ecdsa-sha2-nistp384,ssh-rsa");
}
ssh_string_free_char(value);
}
static void torture_options_set_pubkey_accepted_types(void **state) { static void torture_options_set_pubkey_accepted_types(void **state) {
ssh_session session = *state; ssh_session session = *state;
int rc; int rc;
@@ -216,7 +378,7 @@ static void torture_options_set_pubkey_accepted_types(void **state) {
rc = ssh_options_set(session, rc = ssh_options_set(session,
SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES, SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES,
"ssh-ed25519,ecdsa-sha2-nistp384,ssh-rsa"); "ssh-ed25519,ecdsa-sha2-nistp384,ssh-rsa");
assert_true(rc == 0); assert_ssh_return_code(session, rc);
assert_non_null(session->opts.pubkey_accepted_types); assert_non_null(session->opts.pubkey_accepted_types);
if (ssh_fips_mode()) { if (ssh_fips_mode()) {
assert_string_equal(session->opts.pubkey_accepted_types, assert_string_equal(session->opts.pubkey_accepted_types,
@@ -231,7 +393,7 @@ static void torture_options_set_pubkey_accepted_types(void **state) {
rc = ssh_options_set(session, rc = ssh_options_set(session,
SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES, SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES,
"ssh-ed25519,unknown-crap@example.com,ssh-rsa"); "ssh-ed25519,unknown-crap@example.com,ssh-rsa");
assert_true(rc == 0); assert_ssh_return_code(session, rc);
assert_non_null(session->opts.pubkey_accepted_types); assert_non_null(session->opts.pubkey_accepted_types);
assert_string_equal(session->opts.pubkey_accepted_types, assert_string_equal(session->opts.pubkey_accepted_types,
"ssh-ed25519,ssh-rsa"); "ssh-ed25519,ssh-rsa");
@@ -257,7 +419,7 @@ static void torture_options_set_pubkey_accepted_types(void **state) {
rc = ssh_options_set(session, rc = ssh_options_set(session,
SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES, SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES,
"rsa-sha2-256,ssh-rsa"); "rsa-sha2-256,ssh-rsa");
assert_true(rc == 0); assert_ssh_return_code(session, rc);
assert_non_null(session->opts.pubkey_accepted_types); assert_non_null(session->opts.pubkey_accepted_types);
if (ssh_fips_mode()) { if (ssh_fips_mode()) {
assert_string_equal(session->opts.pubkey_accepted_types, assert_string_equal(session->opts.pubkey_accepted_types,
@@ -275,13 +437,37 @@ static void torture_options_set_pubkey_accepted_types(void **state) {
assert_int_equal(type, SSH_DIGEST_SHA256); assert_int_equal(type, SSH_DIGEST_SHA256);
} }
static void torture_options_get_pubkey_accepted_types(void **state)
{
ssh_session session = *state;
int rc;
char *value = NULL;
/* Test known public key algorithms */
rc = ssh_options_set(session,
SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES,
"ssh-ed25519,ecdsa-sha2-nistp384,ssh-rsa");
assert_ssh_return_code(session, rc);
rc = ssh_options_get(session, SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES, &value);
assert_ssh_return_code(session, rc);
assert_non_null(value);
if (ssh_fips_mode()) {
assert_string_equal(value, "ecdsa-sha2-nistp384");
} else {
assert_string_equal(value, "ssh-ed25519,ecdsa-sha2-nistp384,ssh-rsa");
}
ssh_string_free_char(value);
}
static void torture_options_set_macs(void **state) { static void torture_options_set_macs(void **state) {
ssh_session session = *state; ssh_session session = *state;
int rc; int rc;
/* Test known MACs */ /* Test known MACs */
rc = ssh_options_set(session, SSH_OPTIONS_HMAC_S_C, "hmac-sha1"); rc = ssh_options_set(session, SSH_OPTIONS_HMAC_S_C, "hmac-sha1");
assert_true(rc == 0); assert_ssh_return_code(session, rc);
assert_non_null(session->opts.wanted_methods[SSH_MAC_S_C]); assert_non_null(session->opts.wanted_methods[SSH_MAC_S_C]);
assert_string_equal(session->opts.wanted_methods[SSH_MAC_S_C], "hmac-sha1"); assert_string_equal(session->opts.wanted_methods[SSH_MAC_S_C], "hmac-sha1");
@@ -289,14 +475,14 @@ static void torture_options_set_macs(void **state) {
rc = ssh_options_set(session, rc = ssh_options_set(session,
SSH_OPTIONS_HMAC_S_C, SSH_OPTIONS_HMAC_S_C,
"hmac-sha1-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha1,hmac-sha2-256"); "hmac-sha1-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha1,hmac-sha2-256");
assert_true(rc == 0); assert_ssh_return_code(session, rc);
assert_non_null(session->opts.wanted_methods[SSH_MAC_S_C]); assert_non_null(session->opts.wanted_methods[SSH_MAC_S_C]);
assert_string_equal(session->opts.wanted_methods[SSH_MAC_S_C], assert_string_equal(session->opts.wanted_methods[SSH_MAC_S_C],
"hmac-sha1-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha1,hmac-sha2-256"); "hmac-sha1-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha1,hmac-sha2-256");
/* Test unknown MACs */ /* Test unknown MACs */
rc = ssh_options_set(session, SSH_OPTIONS_HMAC_S_C, "unknown-crap@example.com,hmac-sha1-etm@openssh.com,unknown@example.com"); rc = ssh_options_set(session, SSH_OPTIONS_HMAC_S_C, "unknown-crap@example.com,hmac-sha1-etm@openssh.com,unknown@example.com");
assert_true(rc == 0); assert_ssh_return_code(session, rc);
assert_non_null(session->opts.wanted_methods[SSH_MAC_S_C]); assert_non_null(session->opts.wanted_methods[SSH_MAC_S_C]);
assert_string_equal(session->opts.wanted_methods[SSH_MAC_S_C], "hmac-sha1-etm@openssh.com"); assert_string_equal(session->opts.wanted_methods[SSH_MAC_S_C], "hmac-sha1-etm@openssh.com");
@@ -305,7 +491,141 @@ static void torture_options_set_macs(void **state) {
assert_false(rc == 0); assert_false(rc == 0);
} }
static void torture_options_get_host(void **state) { static void torture_options_get_macs(void **state)
{
ssh_session session = *state;
int rc;
char *value = NULL;
/* test defaults returned */
rc = ssh_options_get(session, SSH_OPTIONS_HMAC_S_C, &value);
assert_ssh_return_code(session, rc);
assert_non_null(value);
if (ssh_fips_mode()) {
assert_string_equal(value,
"hmac-sha2-256-etm@openssh.com,"
"hmac-sha1-etm@openssh.com,"
"hmac-sha2-512-etm@openssh.com,"
"hmac-sha2-256,"
"hmac-sha1,"
"hmac-sha2-512");
} else {
assert_string_equal(value,
"hmac-sha2-256-etm@openssh.com,"
"hmac-sha2-512-etm@openssh.com,"
"hmac-sha2-256,"
"hmac-sha2-512");
}
ssh_string_free_char(value);
/* Test known MACs */
rc = ssh_options_set(session, SSH_OPTIONS_HMAC_S_C, "hmac-sha1");
assert_ssh_return_code(session, rc);
value = NULL;
rc = ssh_options_get(session, SSH_OPTIONS_HMAC_S_C, &value);
assert_ssh_return_code(session, rc);
assert_non_null(value);
assert_string_equal(value, "hmac-sha1");
ssh_string_free_char(value);
}
static void torture_options_set_compression(void **state)
{
ssh_session session = *state;
int rc;
const char *known_value;
const char *multiple;
#ifdef WITH_ZLIB
if (ssh_fips_mode()) {
known_value = "none";
multiple = "none,squeeze";
} else {
known_value = "zlib";
multiple = "zlib,squeeze";
}
#else
known_value = "none";
multiple = "none,squeeze";
#endif
/* Test known compression */
rc = ssh_options_set(session, SSH_OPTIONS_COMPRESSION_S_C, known_value);
assert_ssh_return_code(session, rc);
assert_non_null(session->opts.wanted_methods[SSH_COMP_S_C]);
assert_string_equal(session->opts.wanted_methods[SSH_COMP_S_C],
known_value);
/* Test multiple known compression */
if (!ssh_fips_mode()) {
rc = ssh_options_set(session,
SSH_OPTIONS_COMPRESSION_S_C,
"none,zlib@openssh.com");
assert_ssh_return_code(session, rc);
assert_non_null(session->opts.wanted_methods[SSH_COMP_S_C]);
#ifdef WITH_ZLIB
assert_string_equal(session->opts.wanted_methods[SSH_COMP_S_C],
"none,zlib@openssh.com");
#else
assert_string_equal(session->opts.wanted_methods[SSH_COMP_S_C], "none");
#endif
}
/* Test unknown compression */
rc = ssh_options_set(session, SSH_OPTIONS_COMPRESSION_S_C, multiple);
assert_ssh_return_code(session, rc);
assert_non_null(session->opts.wanted_methods[SSH_COMP_S_C]);
assert_string_equal(session->opts.wanted_methods[SSH_COMP_S_C],
known_value);
/* Test all unknown compression */
rc = ssh_options_set(session, SSH_OPTIONS_COMPRESSION_S_C, "squeeze");
assert_false(rc == 0);
}
static void torture_options_get_compression(void **state)
{
ssh_session session = *state;
int rc;
char *value = NULL;
const char *test_value = NULL;
#ifdef WITH_ZLIB
if (ssh_fips_mode()) {
test_value = "none";
} else {
test_value = "zlib@openssh.com";
}
#else
test_value = "none";
#endif
/* test defaults returned */
rc = ssh_options_get(session, SSH_OPTIONS_COMPRESSION_S_C, &value);
assert_ssh_return_code(session, rc);
assert_non_null(value);
#ifdef WITH_ZLIB
assert_string_equal(value, "none,zlib@openssh.com");
#else
assert_string_equal(value, "none");
#endif
ssh_string_free_char(value);
/* Test known compression */
rc = ssh_options_set(session, SSH_OPTIONS_COMPRESSION_S_C, test_value);
assert_ssh_return_code(session, rc);
value = NULL;
rc = ssh_options_get(session, SSH_OPTIONS_COMPRESSION_S_C, &value);
assert_ssh_return_code(session, rc);
assert_non_null(value);
assert_string_equal(value, test_value);
ssh_string_free_char(value);
}
static void torture_options_get_host(void **state)
{
ssh_session session = *state; ssh_session session = *state;
int rc; int rc;
char* host = NULL; char* host = NULL;
@@ -317,7 +637,7 @@ static void torture_options_get_host(void **state) {
assert_false(ssh_options_get(session, SSH_OPTIONS_HOST, &host)); assert_false(ssh_options_get(session, SSH_OPTIONS_HOST, &host));
assert_string_equal(host, "localhost"); assert_string_equal(host, "localhost");
free(host); ssh_string_free_char(host);
} }
static void torture_options_set_port(void **state) { static void torture_options_set_port(void **state) {
@@ -363,7 +683,7 @@ static void torture_options_get_user(void **state) {
assert_int_equal(rc, SSH_OK); assert_int_equal(rc, SSH_OK);
assert_non_null(user); assert_non_null(user);
assert_string_equal(user, "magicaltrevor"); assert_string_equal(user, "magicaltrevor");
free(user); ssh_string_free_char(user);
} }
static void torture_options_set_fd(void **state) { static void torture_options_set_fd(void **state) {
@@ -454,7 +774,7 @@ static void torture_options_get_identity(void **state) {
assert_int_equal(rc, SSH_OK); assert_int_equal(rc, SSH_OK);
assert_non_null(identity); assert_non_null(identity);
assert_string_equal(identity, "identity2"); assert_string_equal(identity, "identity2");
free(identity); ssh_string_free_char(identity);
} }
static void torture_options_set_global_knownhosts(void **state) static void torture_options_set_global_knownhosts(void **state)
@@ -773,7 +1093,7 @@ static void torture_options_config_match(void **state)
localuser = ssh_get_local_username(); localuser = ssh_get_local_username();
assert_non_null(localuser); assert_non_null(localuser);
fputs(localuser, config); fputs(localuser, config);
free(localuser); ssh_string_free_char(localuser);
fputs("\n" fputs("\n"
"\tPort 33\n" "\tPort 33\n"
"Match all\n" "Match all\n"
@@ -2354,10 +2674,17 @@ int torture_run_tests(void) {
cmocka_unit_test_setup_teardown(torture_options_control_master, setup, teardown), cmocka_unit_test_setup_teardown(torture_options_control_master, setup, teardown),
cmocka_unit_test_setup_teardown(torture_options_control_path, setup, teardown), cmocka_unit_test_setup_teardown(torture_options_control_path, setup, teardown),
cmocka_unit_test_setup_teardown(torture_options_set_ciphers, setup, teardown), cmocka_unit_test_setup_teardown(torture_options_set_ciphers, setup, teardown),
cmocka_unit_test_setup_teardown(torture_options_get_ciphers, setup, teardown),
cmocka_unit_test_setup_teardown(torture_options_set_key_exchange, setup, teardown), cmocka_unit_test_setup_teardown(torture_options_set_key_exchange, setup, teardown),
cmocka_unit_test_setup_teardown(torture_options_get_key_exchange, setup, teardown),
cmocka_unit_test_setup_teardown(torture_options_set_hostkey, setup, teardown), cmocka_unit_test_setup_teardown(torture_options_set_hostkey, setup, teardown),
cmocka_unit_test_setup_teardown(torture_options_get_hostkey, setup, teardown),
cmocka_unit_test_setup_teardown(torture_options_set_pubkey_accepted_types, setup, teardown), cmocka_unit_test_setup_teardown(torture_options_set_pubkey_accepted_types, setup, teardown),
cmocka_unit_test_setup_teardown(torture_options_get_pubkey_accepted_types, setup, teardown),
cmocka_unit_test_setup_teardown(torture_options_set_macs, setup, teardown), cmocka_unit_test_setup_teardown(torture_options_set_macs, setup, teardown),
cmocka_unit_test_setup_teardown(torture_options_get_macs, setup, teardown),
cmocka_unit_test_setup_teardown(torture_options_set_compression, setup, teardown),
cmocka_unit_test_setup_teardown(torture_options_get_compression, setup, teardown),
cmocka_unit_test_setup_teardown(torture_options_copy, setup, teardown), cmocka_unit_test_setup_teardown(torture_options_copy, setup, teardown),
cmocka_unit_test_setup_teardown(torture_options_config_host, setup, teardown), cmocka_unit_test_setup_teardown(torture_options_config_host, setup, teardown),
cmocka_unit_test_setup_teardown(torture_options_config_match, cmocka_unit_test_setup_teardown(torture_options_config_match,