lib/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2025-12-11 03:42:35 +03:00
Code Activity

Move ssh_match_group() from misc.c to match.c

Browse Source 
ssh_match_group() has been moved from misc.c to match.c, because it fits
better with other match_*() functions in match.c

The name of the function has also been changed from "ssh_match_group" to
"match_group" to be consistent with the naming of the other match.c
functions.

Signed-off-by: Eshan Kelkar <eshankelkar@galorithm.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
This commit is contained in:
Eshan Kelkar
2024-06-11 09:15:00 +05:30
committed by Sahana Prasad
parent 21627509f5
commit d41a0aaa13
8 changed files with 46 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
include/libssh/misc.h
View File

@@ -105,8 +105,6 @@ void ssh_timestamp_init(struct ssh_timestamp *ts);
int ssh_timeout_elapsed(struct ssh_timestamp *ts, int timeout); int ssh_timeout_elapsed(struct ssh_timestamp *ts, int timeout);
int ssh_timeout_update(struct ssh_timestamp *ts, int timeout); int ssh_timeout_update(struct ssh_timestamp *ts, int timeout);
int ssh_match_group(const char *group, const char *object);
void uint64_inc(unsigned char *counter); void uint64_inc(unsigned char *counter);
void ssh_log_hexdump(const char *descr, const unsigned char *what, size_t len); void ssh_log_hexdump(const char *descr, const unsigned char *what, size_t len);

1
include/libssh/priv.h
View File

@@ -335,6 +335,7 @@ int match_cidr_address_list(const char *address,
const char *addrlist, const char *addrlist,
int sa_family); int sa_family);
#endif #endif
int match_group(const char *group, const char *object);
/* connector.c */ /* connector.c */
int ssh_connector_set_event(ssh_connector connector, ssh_event event); int ssh_connector_set_event(ssh_connector connector, ssh_event event);

10
src/kex.c
View File

@@ -510,7 +510,7 @@ SSH_PACKET_CALLBACK(ssh_packet_kexinit)
* flag and verify packet sequence numbers. * flag and verify packet sequence numbers.
*/ */
if (server_kex) { if (server_kex) {
ok = ssh_match_group(crypto->client_kex.methods[SSH_KEX], ok = match_group(crypto->client_kex.methods[SSH_KEX],
KEX_STRICT_CLIENT); KEX_STRICT_CLIENT);
if (ok) { if (ok) {
SSH_LOG(SSH_LOG_DEBUG, "Client supports strict kex, enabling."); SSH_LOG(SSH_LOG_DEBUG, "Client supports strict kex, enabling.");
@@ -518,7 +518,7 @@ SSH_PACKET_CALLBACK(ssh_packet_kexinit)
} }
} else { } else {
/* client kex */ /* client kex */
ok = ssh_match_group(crypto->server_kex.methods[SSH_KEX], ok = match_group(crypto->server_kex.methods[SSH_KEX],
KEX_STRICT_SERVER); KEX_STRICT_SERVER);
if (ok) { if (ok) {
SSH_LOG(SSH_LOG_DEBUG, "Server supports strict kex, enabling."); SSH_LOG(SSH_LOG_DEBUG, "Server supports strict kex, enabling.");
@@ -531,7 +531,7 @@ SSH_PACKET_CALLBACK(ssh_packet_kexinit)
* If client sent a ext-info-c message in the kex list, it supports * If client sent a ext-info-c message in the kex list, it supports
* RFC 8308 extension negotiation. * RFC 8308 extension negotiation.
*/ */
ok = ssh_match_group(crypto->client_kex.methods[SSH_KEX], ok = match_group(crypto->client_kex.methods[SSH_KEX],
KEX_EXTENSION_CLIENT); KEX_EXTENSION_CLIENT);
if (ok) { if (ok) {
const char *hostkeys = NULL, *wanted_hostkeys = NULL; const char *hostkeys = NULL, *wanted_hostkeys = NULL;
@@ -546,7 +546,7 @@ SSH_PACKET_CALLBACK(ssh_packet_kexinit)
*/ */
hostkeys = crypto->client_kex.methods[SSH_HOSTKEYS]; hostkeys = crypto->client_kex.methods[SSH_HOSTKEYS];
wanted_hostkeys = session->opts.wanted_methods[SSH_HOSTKEYS]; wanted_hostkeys = session->opts.wanted_methods[SSH_HOSTKEYS];
ok = ssh_match_group(hostkeys, "rsa-sha2-512"); ok = match_group(hostkeys, "rsa-sha2-512");
if (ok) { if (ok) {
/* Check if rsa-sha2-512 is allowed by config */ /* Check if rsa-sha2-512 is allowed by config */
if (wanted_hostkeys != NULL) { if (wanted_hostkeys != NULL) {
@@ -558,7 +558,7 @@ SSH_PACKET_CALLBACK(ssh_packet_kexinit)
SAFE_FREE(is_allowed); SAFE_FREE(is_allowed);
} }
} }
ok = ssh_match_group(hostkeys, "rsa-sha2-256"); ok = match_group(hostkeys, "rsa-sha2-256");
if (ok) { if (ok) {
/* Check if rsa-sha2-256 is allowed by config */ /* Check if rsa-sha2-256 is allowed by config */
if (wanted_hostkeys != NULL) { if (wanted_hostkeys != NULL) {

25
src/match.c
View File

@@ -577,3 +577,28 @@ match_cidr_address_list(const char *address,
return rc; return rc;
} }
#endif #endif
int match_group(const char *group, const char *object)
{
const char *a;
const char *z;
z = group;
do {
a = strchr(z, ',');
if (a == NULL) {
if (strcmp(z, object) == 0) {
return 1;
}
return 0;
} else {
if (strncmp(z, object, a - z) == 0) {
return 1;
}
}
z = a + 1;
} while (1);
/* not reached */
return 0;
}

6
src/messages.c
View File

@@ -933,9 +933,9 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_request){
if (rc == SSH_OK) { if (rc == SSH_OK) {
/* Check if the signature from client matches server preferences */ /* Check if the signature from client matches server preferences */
if (session->opts.pubkey_accepted_types) { if (session->opts.pubkey_accepted_types) {
if (!ssh_match_group(session->opts.pubkey_accepted_types, cmp = match_group(session->opts.pubkey_accepted_types,
sig->type_c)) sig->type_c);
{ if (cmp != 1) {
ssh_set_error(session, ssh_set_error(session,
SSH_FATAL, SSH_FATAL,
"Public key from client (%s) doesn't match server " "Public key from client (%s) doesn't match server "

26
src/misc.c
View File

@@ -1571,32 +1571,6 @@ int ssh_timeout_update(struct ssh_timestamp *ts, int timeout)
return ret >= 0 ? ret: 0; return ret >= 0 ? ret: 0;
} }
int ssh_match_group(const char *group, const char *object)
{
const char *a;
const char *z;
z = group;
do {
a = strchr(z, ',');
if (a == NULL) {
if (strcmp(z, object) == 0) {
return 1;
}
return 0;
} else {
if (strncmp(z, object, a - z) == 0) {
return 1;
}
}
z = a + 1;
} while(1);
/* not reached */
return 0;
}
#if !defined(HAVE_EXPLICIT_BZERO) #if !defined(HAVE_EXPLICIT_BZERO)
void explicit_bzero(void *s, size_t n) void explicit_bzero(void *s, size_t n)
{ {

10
src/packet_cb.c
View File

@@ -170,7 +170,7 @@ SSH_PACKET_CALLBACK(ssh_packet_newkeys)
/* Check if signature from server matches user preferences */ /* Check if signature from server matches user preferences */
if (session->opts.wanted_methods[SSH_HOSTKEYS]) { if (session->opts.wanted_methods[SSH_HOSTKEYS]) {
rc = ssh_match_group(session->opts.wanted_methods[SSH_HOSTKEYS], rc = match_group(session->opts.wanted_methods[SSH_HOSTKEYS],
sig->type_c); sig->type_c);
if (rc == 0) { if (rc == 0) {
ssh_set_error(session, ssh_set_error(session,
@@ -277,10 +277,14 @@ SSH_PACKET_CALLBACK(ssh_packet_ext_info)
if (cmp == 0) { if (cmp == 0) {
/* TODO check for NULL bytes */ /* TODO check for NULL bytes */
SSH_LOG(SSH_LOG_PACKET, "Extension: %s=<%s>", name, value); SSH_LOG(SSH_LOG_PACKET, "Extension: %s=<%s>", name, value);
if (ssh_match_group(value, "rsa-sha2-512")) {
rc = match_group(value, "rsa-sha2-512");
if (rc == 1) {
session->extensions |= SSH_EXT_SIG_RSA_SHA512; session->extensions |= SSH_EXT_SIG_RSA_SHA512;
} }
if (ssh_match_group(value, "rsa-sha2-256")) {
rc = match_group(value, "rsa-sha2-256");
if (rc == 1) {
session->extensions |= SSH_EXT_SIG_RSA_SHA256; session->extensions |= SSH_EXT_SIG_RSA_SHA256;
} }
} else { } else {

2
src/pki.c
View File

@@ -371,7 +371,7 @@ int ssh_key_algorithm_allowed(ssh_session session, const char *type)
} }
SSH_LOG(SSH_LOG_DEBUG, "Checking %s with list <%s>", type, allowed_list); SSH_LOG(SSH_LOG_DEBUG, "Checking %s with list <%s>", type, allowed_list);
return ssh_match_group(allowed_list, type); return match_group(allowed_list, type);
} }
bool ssh_key_size_allowed_rsa(int min_size, ssh_key key) bool ssh_key_size_allowed_rsa(int min_size, ssh_key key)