mirror of
https://git.libssh.org/projects/libssh.git
synced 2025-12-11 03:42:35 +03:00
Move ssh_match_group() from misc.c to match.c
ssh_match_group() has been moved from misc.c to match.c, because it fits better with other match_*() functions in match.c The name of the function has also been changed from "ssh_match_group" to "match_group" to be consistent with the naming of the other match.c functions. Signed-off-by: Eshan Kelkar <eshankelkar@galorithm.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Sahana Prasad <sahana@redhat.com>
This commit is contained in:
Eshan Kelkar
committed by
Sahana Prasad
Sahana Prasad
parent
21627509f5
commit
d41a0aaa13
@@ -105,8 +105,6 @@ void ssh_timestamp_init(struct ssh_timestamp *ts);
|
|||||||
int ssh_timeout_elapsed(struct ssh_timestamp *ts, int timeout);
|
int ssh_timeout_elapsed(struct ssh_timestamp *ts, int timeout);
|
||||||
int ssh_timeout_update(struct ssh_timestamp *ts, int timeout);
|
int ssh_timeout_update(struct ssh_timestamp *ts, int timeout);
|
||||||
|
|
||||||
int ssh_match_group(const char *group, const char *object);
|
|
||||||
|
|
||||||
void uint64_inc(unsigned char *counter);
|
void uint64_inc(unsigned char *counter);
|
||||||
|
|
||||||
void ssh_log_hexdump(const char *descr, const unsigned char *what, size_t len);
|
void ssh_log_hexdump(const char *descr, const unsigned char *what, size_t len);
|
||||||
|
|||||||
@@ -335,6 +335,7 @@ int match_cidr_address_list(const char *address,
|
|||||||
const char *addrlist,
|
const char *addrlist,
|
||||||
int sa_family);
|
int sa_family);
|
||||||
#endif
|
#endif
|
||||||
|
int match_group(const char *group, const char *object);
|
||||||
|
|
||||||
/* connector.c */
|
/* connector.c */
|
||||||
int ssh_connector_set_event(ssh_connector connector, ssh_event event);
|
int ssh_connector_set_event(ssh_connector connector, ssh_event event);
|
||||||
|
|||||||
16
src/kex.c
16
src/kex.c
@@ -510,16 +510,16 @@ SSH_PACKET_CALLBACK(ssh_packet_kexinit)
|
|||||||
* flag and verify packet sequence numbers.
|
* flag and verify packet sequence numbers.
|
||||||
*/
|
*/
|
||||||
if (server_kex) {
|
if (server_kex) {
|
||||||
ok = ssh_match_group(crypto->client_kex.methods[SSH_KEX],
|
ok = match_group(crypto->client_kex.methods[SSH_KEX],
|
||||||
KEX_STRICT_CLIENT);
|
KEX_STRICT_CLIENT);
|
||||||
if (ok) {
|
if (ok) {
|
||||||
SSH_LOG(SSH_LOG_DEBUG, "Client supports strict kex, enabling.");
|
SSH_LOG(SSH_LOG_DEBUG, "Client supports strict kex, enabling.");
|
||||||
session->flags |= SSH_SESSION_FLAG_KEX_STRICT;
|
session->flags |= SSH_SESSION_FLAG_KEX_STRICT;
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
/* client kex */
|
/* client kex */
|
||||||
ok = ssh_match_group(crypto->server_kex.methods[SSH_KEX],
|
ok = match_group(crypto->server_kex.methods[SSH_KEX],
|
||||||
KEX_STRICT_SERVER);
|
KEX_STRICT_SERVER);
|
||||||
if (ok) {
|
if (ok) {
|
||||||
SSH_LOG(SSH_LOG_DEBUG, "Server supports strict kex, enabling.");
|
SSH_LOG(SSH_LOG_DEBUG, "Server supports strict kex, enabling.");
|
||||||
session->flags |= SSH_SESSION_FLAG_KEX_STRICT;
|
session->flags |= SSH_SESSION_FLAG_KEX_STRICT;
|
||||||
@@ -531,8 +531,8 @@ SSH_PACKET_CALLBACK(ssh_packet_kexinit)
|
|||||||
* If client sent a ext-info-c message in the kex list, it supports
|
* If client sent a ext-info-c message in the kex list, it supports
|
||||||
* RFC 8308 extension negotiation.
|
* RFC 8308 extension negotiation.
|
||||||
*/
|
*/
|
||||||
ok = ssh_match_group(crypto->client_kex.methods[SSH_KEX],
|
ok = match_group(crypto->client_kex.methods[SSH_KEX],
|
||||||
KEX_EXTENSION_CLIENT);
|
KEX_EXTENSION_CLIENT);
|
||||||
if (ok) {
|
if (ok) {
|
||||||
const char *hostkeys = NULL, *wanted_hostkeys = NULL;
|
const char *hostkeys = NULL, *wanted_hostkeys = NULL;
|
||||||
|
|
||||||
@@ -546,7 +546,7 @@ SSH_PACKET_CALLBACK(ssh_packet_kexinit)
|
|||||||
*/
|
*/
|
||||||
hostkeys = crypto->client_kex.methods[SSH_HOSTKEYS];
|
hostkeys = crypto->client_kex.methods[SSH_HOSTKEYS];
|
||||||
wanted_hostkeys = session->opts.wanted_methods[SSH_HOSTKEYS];
|
wanted_hostkeys = session->opts.wanted_methods[SSH_HOSTKEYS];
|
||||||
ok = ssh_match_group(hostkeys, "rsa-sha2-512");
|
ok = match_group(hostkeys, "rsa-sha2-512");
|
||||||
if (ok) {
|
if (ok) {
|
||||||
/* Check if rsa-sha2-512 is allowed by config */
|
/* Check if rsa-sha2-512 is allowed by config */
|
||||||
if (wanted_hostkeys != NULL) {
|
if (wanted_hostkeys != NULL) {
|
||||||
@@ -558,7 +558,7 @@ SSH_PACKET_CALLBACK(ssh_packet_kexinit)
|
|||||||
SAFE_FREE(is_allowed);
|
SAFE_FREE(is_allowed);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
ok = ssh_match_group(hostkeys, "rsa-sha2-256");
|
ok = match_group(hostkeys, "rsa-sha2-256");
|
||||||
if (ok) {
|
if (ok) {
|
||||||
/* Check if rsa-sha2-256 is allowed by config */
|
/* Check if rsa-sha2-256 is allowed by config */
|
||||||
if (wanted_hostkeys != NULL) {
|
if (wanted_hostkeys != NULL) {
|
||||||
|
|||||||
25
src/match.c
25
src/match.c
@@ -577,3 +577,28 @@ match_cidr_address_list(const char *address,
|
|||||||
return rc;
|
return rc;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
int match_group(const char *group, const char *object)
|
||||||
|
{
|
||||||
|
const char *a;
|
||||||
|
const char *z;
|
||||||
|
|
||||||
|
z = group;
|
||||||
|
do {
|
||||||
|
a = strchr(z, ',');
|
||||||
|
if (a == NULL) {
|
||||||
|
if (strcmp(z, object) == 0) {
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
return 0;
|
||||||
|
} else {
|
||||||
|
if (strncmp(z, object, a - z) == 0) {
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
z = a + 1;
|
||||||
|
} while (1);
|
||||||
|
|
||||||
|
/* not reached */
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|||||||
@@ -933,9 +933,9 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_request){
|
|||||||
if (rc == SSH_OK) {
|
if (rc == SSH_OK) {
|
||||||
/* Check if the signature from client matches server preferences */
|
/* Check if the signature from client matches server preferences */
|
||||||
if (session->opts.pubkey_accepted_types) {
|
if (session->opts.pubkey_accepted_types) {
|
||||||
if (!ssh_match_group(session->opts.pubkey_accepted_types,
|
cmp = match_group(session->opts.pubkey_accepted_types,
|
||||||
sig->type_c))
|
sig->type_c);
|
||||||
{
|
if (cmp != 1) {
|
||||||
ssh_set_error(session,
|
ssh_set_error(session,
|
||||||
SSH_FATAL,
|
SSH_FATAL,
|
||||||
"Public key from client (%s) doesn't match server "
|
"Public key from client (%s) doesn't match server "
|
||||||
|
|||||||
26
src/misc.c
26
src/misc.c
@@ -1571,32 +1571,6 @@ int ssh_timeout_update(struct ssh_timestamp *ts, int timeout)
|
|||||||
return ret >= 0 ? ret: 0;
|
return ret >= 0 ? ret: 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
int ssh_match_group(const char *group, const char *object)
|
|
||||||
{
|
|
||||||
const char *a;
|
|
||||||
const char *z;
|
|
||||||
|
|
||||||
z = group;
|
|
||||||
do {
|
|
||||||
a = strchr(z, ',');
|
|
||||||
if (a == NULL) {
|
|
||||||
if (strcmp(z, object) == 0) {
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
return 0;
|
|
||||||
} else {
|
|
||||||
if (strncmp(z, object, a - z) == 0) {
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
z = a + 1;
|
|
||||||
} while(1);
|
|
||||||
|
|
||||||
/* not reached */
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
#if !defined(HAVE_EXPLICIT_BZERO)
|
#if !defined(HAVE_EXPLICIT_BZERO)
|
||||||
void explicit_bzero(void *s, size_t n)
|
void explicit_bzero(void *s, size_t n)
|
||||||
{
|
{
|
||||||
|
|||||||
@@ -170,8 +170,8 @@ SSH_PACKET_CALLBACK(ssh_packet_newkeys)
|
|||||||
|
|
||||||
/* Check if signature from server matches user preferences */
|
/* Check if signature from server matches user preferences */
|
||||||
if (session->opts.wanted_methods[SSH_HOSTKEYS]) {
|
if (session->opts.wanted_methods[SSH_HOSTKEYS]) {
|
||||||
rc = ssh_match_group(session->opts.wanted_methods[SSH_HOSTKEYS],
|
rc = match_group(session->opts.wanted_methods[SSH_HOSTKEYS],
|
||||||
sig->type_c);
|
sig->type_c);
|
||||||
if (rc == 0) {
|
if (rc == 0) {
|
||||||
ssh_set_error(session,
|
ssh_set_error(session,
|
||||||
SSH_FATAL,
|
SSH_FATAL,
|
||||||
@@ -277,10 +277,14 @@ SSH_PACKET_CALLBACK(ssh_packet_ext_info)
|
|||||||
if (cmp == 0) {
|
if (cmp == 0) {
|
||||||
/* TODO check for NULL bytes */
|
/* TODO check for NULL bytes */
|
||||||
SSH_LOG(SSH_LOG_PACKET, "Extension: %s=<%s>", name, value);
|
SSH_LOG(SSH_LOG_PACKET, "Extension: %s=<%s>", name, value);
|
||||||
if (ssh_match_group(value, "rsa-sha2-512")) {
|
|
||||||
|
rc = match_group(value, "rsa-sha2-512");
|
||||||
|
if (rc == 1) {
|
||||||
session->extensions |= SSH_EXT_SIG_RSA_SHA512;
|
session->extensions |= SSH_EXT_SIG_RSA_SHA512;
|
||||||
}
|
}
|
||||||
if (ssh_match_group(value, "rsa-sha2-256")) {
|
|
||||||
|
rc = match_group(value, "rsa-sha2-256");
|
||||||
|
if (rc == 1) {
|
||||||
session->extensions |= SSH_EXT_SIG_RSA_SHA256;
|
session->extensions |= SSH_EXT_SIG_RSA_SHA256;
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
|
|||||||
@@ -371,7 +371,7 @@ int ssh_key_algorithm_allowed(ssh_session session, const char *type)
|
|||||||
}
|
}
|
||||||
|
|
||||||
SSH_LOG(SSH_LOG_DEBUG, "Checking %s with list <%s>", type, allowed_list);
|
SSH_LOG(SSH_LOG_DEBUG, "Checking %s with list <%s>", type, allowed_list);
|
||||||
return ssh_match_group(allowed_list, type);
|
return match_group(allowed_list, type);
|
||||||
}
|
}
|
||||||
|
|
||||||
bool ssh_key_size_allowed_rsa(int min_size, ssh_key key)
|
bool ssh_key_size_allowed_rsa(int min_size, ssh_key key)
|
||||||
|
|||||||
Reference in New Issue
Block a user