From dc35bbbeb1342be08051bfc25ca562e9ad3fcfa7 Mon Sep 17 00:00:00 2001 From: Anderson Toshiyuki Sasaki Date: Wed, 22 May 2019 19:01:18 +0200 Subject: [PATCH] server: Use default methods instead of all Previously, when no methods were set, the server would enable all supported methods. This changes this behaviour by setting only the default methods. The server in pkd_daemon.c was changed to set explicitly all the supported methods to keep the previous behaviour. Signed-off-by: Anderson Toshiyuki Sasaki Reviewed-by: Jakub Jelen --- src/server.c | 4 ++-- tests/pkd/pkd_daemon.c | 16 ++++++++++++++++ 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/src/server.c b/src/server.c index adb6ff7c..1fb68118 100644 --- a/src/server.c +++ b/src/server.c @@ -142,7 +142,7 @@ int server_set_kex(ssh_session session) if (session->opts.wanted_methods[SSH_HOSTKEYS]) { allowed = session->opts.wanted_methods[SSH_HOSTKEYS]; } else { - allowed = ssh_kex_get_supported_method(SSH_HOSTKEYS); + allowed = ssh_kex_get_default_methods(SSH_HOSTKEYS); } /* It is expected for the list of allowed hostkeys to be ordered by @@ -164,7 +164,7 @@ int server_set_kex(ssh_session session) for (i = 0; i < 10; i++) { if ((wanted = session->opts.wanted_methods[i]) == NULL) { - wanted = ssh_kex_get_supported_method(i); + wanted = ssh_kex_get_default_methods(i); } server->methods[i] = strdup(wanted); if (server->methods[i] == NULL) { diff --git a/tests/pkd/pkd_daemon.c b/tests/pkd/pkd_daemon.c index 7a174e29..d04b8c23 100644 --- a/tests/pkd/pkd_daemon.c +++ b/tests/pkd/pkd_daemon.c @@ -249,6 +249,7 @@ static int pkd_exec_hello(int fd, struct pkd_daemon_args *args) const char *default_kex = NULL; char *all_kex = NULL; size_t kex_len = 0; + const char *all_ciphers = NULL; const uint64_t rekey_data_limit = args->rekey_data_limit; pkd_state.eof_received = 0; @@ -306,6 +307,21 @@ static int pkd_exec_hello(int fd, struct pkd_daemon_args *args) goto outclose; } + /* Enable all supported ciphers */ + all_ciphers = ssh_kex_get_supported_method(SSH_CRYPT_C_S); + rc = ssh_bind_options_set(b, SSH_BIND_OPTIONS_CIPHERS_C_S, all_ciphers); + if (rc != 0) { + pkderr("ssh_bind_options_set Ciphers C-S: %s\n", ssh_get_error(b)); + goto outclose; + } + + all_ciphers = ssh_kex_get_supported_method(SSH_CRYPT_S_C); + rc = ssh_bind_options_set(b, SSH_BIND_OPTIONS_CIPHERS_S_C, all_ciphers); + if (rc != 0) { + pkderr("ssh_bind_options_set Ciphers S-C: %s\n", ssh_get_error(b)); + goto outclose; + } + s = ssh_new(); if (s == NULL) { pkderr("ssh_new\n");