lib/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2025-12-08 03:42:12 +03:00
Code Activity

Move ssh_match_group() from misc.c to match.c

Browse Source 
ssh_match_group() has been moved from misc.c to match.c, because it fits
better with other match_*() functions in match.c

The name of the function has also been changed from "ssh_match_group" to
"match_group" to be consistent with the naming of the other match.c
functions.

Signed-off-by: Eshan Kelkar <eshankelkar@galorithm.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
This commit is contained in:
Eshan Kelkar
2024-06-11 09:15:00 +05:30
committed by Sahana Prasad
parent 21627509f5
commit d41a0aaa13
8 changed files with 46 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
include/libssh/misc.h
View File

@@ -105,8 +105,6 @@ void ssh_timestamp_init(struct ssh_timestamp *ts);
int ssh_timeout_elapsed(struct ssh_timestamp *ts, int timeout);
int ssh_timeout_update(struct ssh_timestamp *ts, int timeout);
int ssh_match_group(const char *group, const char *object);
void uint64_inc(unsigned char *counter);
void ssh_log_hexdump(const char *descr, const unsigned char *what, size_t len);

1
include/libssh/priv.h
View File

@@ -335,6 +335,7 @@ int match_cidr_address_list(const char *address,
const char *addrlist,
int sa_family);
#endif
int match_group(const char *group, const char *object);
/* connector.c */
int ssh_connector_set_event(ssh_connector connector, ssh_event event);

16
src/kex.c
View File

@@ -510,16 +510,16 @@ SSH_PACKET_CALLBACK(ssh_packet_kexinit)
* flag and verify packet sequence numbers.
*/
if (server_kex) {
ok = ssh_match_group(crypto->client_kex.methods[SSH_KEX],
KEX_STRICT_CLIENT);
ok = match_group(crypto->client_kex.methods[SSH_KEX],
KEX_STRICT_CLIENT);
if (ok) {
SSH_LOG(SSH_LOG_DEBUG, "Client supports strict kex, enabling.");
session->flags |= SSH_SESSION_FLAG_KEX_STRICT;
}
} else {
/* client kex */
ok = ssh_match_group(crypto->server_kex.methods[SSH_KEX],
KEX_STRICT_SERVER);
ok = match_group(crypto->server_kex.methods[SSH_KEX],
KEX_STRICT_SERVER);
if (ok) {
SSH_LOG(SSH_LOG_DEBUG, "Server supports strict kex, enabling.");
session->flags |= SSH_SESSION_FLAG_KEX_STRICT;
@@ -531,8 +531,8 @@ SSH_PACKET_CALLBACK(ssh_packet_kexinit)
* If client sent a ext-info-c message in the kex list, it supports
* RFC 8308 extension negotiation.
*/
ok = ssh_match_group(crypto->client_kex.methods[SSH_KEX],
KEX_EXTENSION_CLIENT);
ok = match_group(crypto->client_kex.methods[SSH_KEX],
KEX_EXTENSION_CLIENT);
if (ok) {
const char *hostkeys = NULL, *wanted_hostkeys = NULL;
@@ -546,7 +546,7 @@ SSH_PACKET_CALLBACK(ssh_packet_kexinit)
*/
hostkeys = crypto->client_kex.methods[SSH_HOSTKEYS];
wanted_hostkeys = session->opts.wanted_methods[SSH_HOSTKEYS];
ok = ssh_match_group(hostkeys, "rsa-sha2-512");
ok = match_group(hostkeys, "rsa-sha2-512");
if (ok) {
/* Check if rsa-sha2-512 is allowed by config */
if (wanted_hostkeys != NULL) {
@@ -558,7 +558,7 @@ SSH_PACKET_CALLBACK(ssh_packet_kexinit)
SAFE_FREE(is_allowed);
}
}
ok = ssh_match_group(hostkeys, "rsa-sha2-256");
ok = match_group(hostkeys, "rsa-sha2-256");
if (ok) {
/* Check if rsa-sha2-256 is allowed by config */
if (wanted_hostkeys != NULL) {

25
src/match.c
View File

@@ -577,3 +577,28 @@ match_cidr_address_list(const char *address,
return rc;
}
#endif
int match_group(const char *group, const char *object)
{
const char *a;
const char *z;
z = group;
do {
a = strchr(z, ',');
if (a == NULL) {
if (strcmp(z, object) == 0) {
return 1;
}
return 0;
} else {
if (strncmp(z, object, a - z) == 0) {
return 1;
}
}
z = a + 1;
} while (1);
/* not reached */
return 0;
}

6
src/messages.c
View File

@@ -933,9 +933,9 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_request){
if (rc == SSH_OK) {
/* Check if the signature from client matches server preferences */
if (session->opts.pubkey_accepted_types) {
if (!ssh_match_group(session->opts.pubkey_accepted_types,
sig->type_c))
{
cmp = match_group(session->opts.pubkey_accepted_types,
sig->type_c);
if (cmp != 1) {
ssh_set_error(session,
SSH_FATAL,
"Public key from client (%s) doesn't match server "

26
src/misc.c
View File

@@ -1571,32 +1571,6 @@ int ssh_timeout_update(struct ssh_timestamp *ts, int timeout)
return ret >= 0 ? ret: 0;
}
int ssh_match_group(const char *group, const char *object)
{
const char *a;
const char *z;
z = group;
do {
a = strchr(z, ',');
if (a == NULL) {
if (strcmp(z, object) == 0) {
return 1;
}
return 0;
} else {
if (strncmp(z, object, a - z) == 0) {
return 1;
}
}
z = a + 1;
} while(1);
/* not reached */
return 0;
}
#if !defined(HAVE_EXPLICIT_BZERO)
void explicit_bzero(void *s, size_t n)
{

12
src/packet_cb.c
View File

@@ -170,8 +170,8 @@ SSH_PACKET_CALLBACK(ssh_packet_newkeys)
/* Check if signature from server matches user preferences */
if (session->opts.wanted_methods[SSH_HOSTKEYS]) {
rc = ssh_match_group(session->opts.wanted_methods[SSH_HOSTKEYS],
sig->type_c);
rc = match_group(session->opts.wanted_methods[SSH_HOSTKEYS],
sig->type_c);
if (rc == 0) {
ssh_set_error(session,
SSH_FATAL,
@@ -277,10 +277,14 @@ SSH_PACKET_CALLBACK(ssh_packet_ext_info)
if (cmp == 0) {
/* TODO check for NULL bytes */
SSH_LOG(SSH_LOG_PACKET, "Extension: %s=<%s>", name, value);
if (ssh_match_group(value, "rsa-sha2-512")) {
rc = match_group(value, "rsa-sha2-512");
if (rc == 1) {
session->extensions |= SSH_EXT_SIG_RSA_SHA512;
}
if (ssh_match_group(value, "rsa-sha2-256")) {
rc = match_group(value, "rsa-sha2-256");
if (rc == 1) {
session->extensions |= SSH_EXT_SIG_RSA_SHA256;
}
} else {

2
src/pki.c
View File

@@ -371,7 +371,7 @@ int ssh_key_algorithm_allowed(ssh_session session, const char *type)
}
SSH_LOG(SSH_LOG_DEBUG, "Checking %s with list <%s>", type, allowed_list);
return ssh_match_group(allowed_list, type);
return match_group(allowed_list, type);
}
bool ssh_key_size_allowed_rsa(int min_size, ssh_key key)