The global openssl configuration file automatically loads a pkcs11
provider, but it does it before we set up the token, which makes
the pkcs11 tests failing.
The workaround is to not load the global configuration, which is
delaying the loading of the pkcs11 provider to the time of first
use.
Consequently, this will require separate integration end-to-end
test that will verify the libssh works correctly with the pkcs11
provider loaded early.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
(cherry picked from commit 46d7417620)
The "sane" default is now based on the man stty "sane" alias with addition of
utf8.
Fixes: #270
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 48d474f78c)
... before checking the content.
This test was failing randomly when the read returned only partial buffer.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 2743b510ac)
Casting int to bool might not always work as expected
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 41d370864e)
feat: tests set hostname for sshd, make GSSAPIStrictAcceptorCheck yes pass
feat: add GSSAPI_TESTING cmake option
feat: gssapi libssh server test
feat: make kdc setup and teardown functions
feat: add kinit, kadmin scripts to kdc setup function
feat: add some client gssapi auth tests
Signed-off-by: Gauravsingh Sisodia <xaerru@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
tests: modify proxyjump tests to check for ssh_jump_info_struct
tests: add proxyjump functionality test
feat: add SSH_OPTIONS_PROXYJUMP
tests: proxyjump, check authentication
fix: ssh_socket_connect_proxyjump add exit label to exit on error
feat: implement io forwarding using pthread
feat: proxyjump: use threading instead of forking
feat: proxyjump: cancel forwarding threads on ssh_disconnect
fix: proxyjump remove ProxyJump bool and put pthread ifdefs
feat: use ssh_event for io forwarding instead of threads
reformat: tests to use assert_int_not_equal
fix: link to pthread
refactor: make function to free proxy jump list
docs: add comment for proxy jump channel
feat: add env variable to enable libssh proxy jump
feat: open channel for proxyjump like OpenSSH
feat: add more tests for proxy jump
fix: use a global variable to close io forwarding, this prevents segfaults
fix: handle proxy list in thread without creating copy
Signed-off-by: Gauravsingh Sisodia <xaerru@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Eshan Kelkar <eshankelkar@galorithm.com>
.. to satisfy restricted environment or fuzzers
We are encountering weird issues in the oss-fuzz that the file disappears during
coverage build so I assume some corpus sneaked in, that contains some commands
that end up being executed as part of the coverage run causing it randomly
failing.
The solution I propose is to build fuzzers without ability to call arbitrary
commands on the filesystem (such as `rm -rf /`) as this is not the point the
fuzzers should be testing.
This is controlled by the WITH_EXEC CMake option (enabled by default).
https://github.com/google/oss-fuzz/issues/10136
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
Reviewed-by: Eshan Kelkar <eshankelkar@galorithm.com>
This way we will get errors as return code else we don't know if the
function failed (SSH_ERROR) or the exit_status is -1 which would
correspond to SSH_ERROR.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Legacy code in 'ssh_set_callbacks' will fallback to
'ssh_legacy_log_callback' (if the current log cb is
NULL) setting the user data to the current session.
However, if any other session is created afterwards,
it won't update the user data with the new session,
potentially leading to a use-after-free.
Fixes#238.
Signed-off-by: Diego Roux <diegoroux04@protonmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
When opening a PTY on the server, try to use the current TTY's settings
(i.e. based on STDIN). If that fails or STDIN isn't a TTY, use default
modes that avoid any character translation.
Don't rely on stdin to be a TTY (breaks CI). Instead, open a PTY and
temporarily use that as "fake" stdin.
Signed-off-by: Daniel Evers (daniel.evers@utimaco.com)
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Added the new function `ssh_channel_request_pty_size_modes` which allows
to pass additional encoded SSH terminal modes (see opcodes in RFC 4245).
Signed-off-by: Daniel Evers (daniel.evers@utimaco.com)
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Socket paths have a length limit, and depending on the working directory of the
source code, these tests occasionally fail if the path is too long. Avoid this
by using a template string that is absolute and in /tmp, which should avoid the
socket path length issues.
This fixes building libssh with pkcs11 provider support in 'fedpkg mockbuild'.
Signed-off-by: Clemens Lang <cllang@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
The tests have been changed such that the return value of
sftp_aio_begin_*() functions is expected to be a ssize_t
which indicates the number of bytes for which the function
sent a read/write request or error.
Tests for trying to read/write bytes more than the max limit
enforced by the API have also been added.
The negative tests for reading and writing have also been
seperated for the sake of clarity.
Signed-off-by: Eshan Kelkar <eshankelkar@galorithm.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Test has been changed such that sftp_limits() is called
when the limits@openssh.com extension is supported as well
as when it is not supported.
Also, a simple negative test has been added for NULL
argument.
Signed-off-by: Eshan Kelkar <eshankelkar@galorithm.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
This avoids very-long test and false positives when using some
auto-pubkey authentication from picking up default keys, which are available in
bob's home directory when we want to test the certificate authentication.
The separate file is also needed because once we change to bob's UID, we can not
simply go back different UID and this sounds cleaner than setting up SSH_DIR to
different users ...
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
torture_sftp_aio.c has been added in tests/client/ directory.
It contains torture_sftp_aio_read(), torture_sftp_aio_write()
and torture_sftp_aio_negative().
torture_sftp_aio_read() tests sftp_aio_begin_read() and
sftp_aio_wait_read() to perform async reads.
torture_sftp_aio_write() tests sftp_aio_begin_write() and
sftp_aio_wait_write() to perform async writes.
torture_sftp_aio_negative() performs negative tests on the
sftp aio read/write API.
Signed-off-by: Eshan Kelkar <eshankelkar@galorithm.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
ssh_channel_read() reads the data into the buffer, but doesn't
append a '\0' after it. When the buffer is asserted to be equal to
a string further in the test, the assertion could fail if the byte
after the data stored in the buffer doesn't contain '\0' (and it mayn't)
This commit appends a '\0' after the data read into the buffer before
comparing it with a string.
Signed-off-by: Eshan Kelkar <eshankelkar@galorithm.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
If IPv6 address fail to connect IPv4 should be tried in non-blocking mode.
Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
