lib/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2025-11-29 01:03:57 +03:00
Code Activity

add moduli file location as an ssh_bind option

Browse Source 
Signed-off-by: Andrew Wiley <wiley@outlook.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
This commit is contained in:
Andrew Wiley
2021-05-01 12:19:18 -07:00
parent 6aa88e22d6
commit c40576c6f6
7 changed files with 48 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
include/libssh/bind.h
View File

@@ -50,6 +50,7 @@ struct ssh_bind_struct {
bool config_processed; bool config_processed;
char *config_dir; char *config_dir;
char *pubkey_accepted_key_types; char *pubkey_accepted_key_types;
char* moduli_file;
}; };
struct ssh_poll_handle_struct *ssh_bind_get_poll(struct ssh_bind_struct struct ssh_poll_handle_struct *ssh_bind_get_poll(struct ssh_bind_struct

1
include/libssh/server.h
View File

@@ -56,6 +56,7 @@ enum ssh_bind_options_e {
SSH_BIND_OPTIONS_PUBKEY_ACCEPTED_KEY_TYPES, SSH_BIND_OPTIONS_PUBKEY_ACCEPTED_KEY_TYPES,
SSH_BIND_OPTIONS_HOSTKEY_ALGORITHMS, SSH_BIND_OPTIONS_HOSTKEY_ALGORITHMS,
SSH_BIND_OPTIONS_PROCESS_CONFIG, SSH_BIND_OPTIONS_PROCESS_CONFIG,
SSH_BIND_OPTIONS_MODULI,
}; };
typedef struct ssh_bind_struct* ssh_bind; typedef struct ssh_bind_struct* ssh_bind;

1
include/libssh/session.h
View File

@@ -217,6 +217,7 @@ struct ssh_session_struct {
char *pubkey_accepted_types; char *pubkey_accepted_types;
char *ProxyCommand; char *ProxyCommand;
char *custombanner; char *custombanner;
char *moduli_file;
unsigned long timeout; /* seconds */ unsigned long timeout; /* seconds */
unsigned long timeout_usec; unsigned long timeout_usec;
unsigned int port; unsigned int port;

20
src/bind.c
View File

@@ -393,6 +393,7 @@ void ssh_bind_free(ssh_bind sshbind){
/* options */ /* options */
SAFE_FREE(sshbind->banner); SAFE_FREE(sshbind->banner);
SAFE_FREE(sshbind->moduli_file);
SAFE_FREE(sshbind->bindaddr); SAFE_FREE(sshbind->bindaddr);
SAFE_FREE(sshbind->config_dir); SAFE_FREE(sshbind->config_dir);
SAFE_FREE(sshbind->pubkey_accepted_key_types); SAFE_FREE(sshbind->pubkey_accepted_key_types);
@@ -485,8 +486,23 @@ int ssh_bind_accept_fd(ssh_bind sshbind, ssh_session session, socket_t fd){
} }
session->common.log_verbosity = sshbind->common.log_verbosity; session->common.log_verbosity = sshbind->common.log_verbosity;
if(sshbind->banner != NULL)
session->opts.custombanner = strdup(sshbind->banner); if (sshbind->banner != NULL) {
session->opts.custombanner = strdup(sshbind->banner);
if (session->opts.custombanner == NULL) {
ssh_set_error_oom(sshbind);
return SSH_ERROR;
}
}
if (sshbind->moduli_file != NULL) {
session->opts.moduli_file = strdup(sshbind->moduli_file);
if (session->opts.moduli_file == NULL) {
ssh_set_error_oom(sshbind);
return SSH_ERROR;
}
}
ssh_socket_free(session->socket); ssh_socket_free(session->socket);
session->socket = ssh_socket_new(session); session->socket = ssh_socket_new(session);
if (session->socket == NULL) { if (session->socket == NULL) {

12
src/dh-gex.c
View File

@@ -489,7 +489,8 @@ static int ssh_retrieve_dhgroup_file(FILE *moduli,
* @param[out] g generator * @param[out] g generator
* @return SSH_OK on success, SSH_ERROR otherwise. * @return SSH_OK on success, SSH_ERROR otherwise.
*/ */
static int ssh_retrieve_dhgroup(uint32_t pmin, static int ssh_retrieve_dhgroup(char *moduli_file,
uint32_t pmin,
uint32_t pn, uint32_t pn,
uint32_t pmax, uint32_t pmax,
size_t *size, size_t *size,
@@ -508,7 +509,11 @@ static int ssh_retrieve_dhgroup(uint32_t pmin,
return ssh_fallback_group(pmax, p, g); return ssh_fallback_group(pmax, p, g);
} }
moduli = fopen(MODULI_FILE, "r"); if (moduli_file != NULL)
moduli = fopen(moduli_file, "r");
else
moduli = fopen(MODULI_FILE, "r");
if (moduli == NULL) { if (moduli == NULL) {
SSH_LOG(SSH_LOG_WARNING, SSH_LOG(SSH_LOG_WARNING,
"Unable to open moduli file: %s", "Unable to open moduli file: %s",
@@ -627,7 +632,8 @@ static SSH_PACKET_CALLBACK(ssh_packet_server_dhgex_request)
pn = pmin; pn = pmin;
} }
} }
rc = ssh_retrieve_dhgroup(pmin, rc = ssh_retrieve_dhgroup(session->opts.moduli_file,
pmin,
pn, pn,
pmax, pmax,
&size, &size,

17
src/options.c
View File

@@ -1655,6 +1655,10 @@ static int ssh_bind_set_algo(ssh_bind sshbind,
* possible algorithms is created from the list of keys * possible algorithms is created from the list of keys
* set and then filtered against this list. * set and then filtered against this list.
* (const char *, comma-separated list). * (const char *, comma-separated list).
*
* - SSH_BIND_OPTIONS_MODULI
* Set the path to the moduli file. Defaults to
* /etc/ssh/moduli if not specified (const char *).
* *
* @param value The value to set. This is a generic pointer and the * @param value The value to set. This is a generic pointer and the
* datatype which should be used is described at the * datatype which should be used is described at the
@@ -2003,6 +2007,19 @@ int ssh_bind_options_set(ssh_bind sshbind, enum ssh_bind_options_e type,
sshbind->config_processed = !(*x); sshbind->config_processed = !(*x);
} }
break; break;
case SSH_BIND_OPTIONS_MODULI:
if (value == NULL) {
ssh_set_error_invalid(sshbind);
return -1;
} else {
SAFE_FREE(sshbind->moduli_file);
sshbind->moduli_file = strdup(value);
if (sshbind->moduli_file == NULL) {
ssh_set_error_oom(sshbind);
return -1;
}
}
break;
default: default:
ssh_set_error(sshbind, SSH_REQUEST_DENIED, "Unknown ssh option %d", type); ssh_set_error(sshbind, SSH_REQUEST_DENIED, "Unknown ssh option %d", type);
return -1; return -1;

1
src/session.c
View File

@@ -304,6 +304,7 @@ void ssh_free(ssh_session session)
SAFE_FREE(session->opts.bindaddr); SAFE_FREE(session->opts.bindaddr);
SAFE_FREE(session->opts.custombanner); SAFE_FREE(session->opts.custombanner);
SAFE_FREE(session->opts.moduli_file);
SAFE_FREE(session->opts.username); SAFE_FREE(session->opts.username);
SAFE_FREE(session->opts.host); SAFE_FREE(session->opts.host);
SAFE_FREE(session->opts.sshdir); SAFE_FREE(session->opts.sshdir);