lib/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2025-11-30 13:01:23 +03:00
Code Activity
4,674 Commits 12 Branches 62 Tags
167aa8bc6cdf2a3e12b18a567b98deee23559932
Commit Graph

101 Commits

Author SHA1 Message Date
Anderson Toshiyuki Sasaki
f4363f5655 options: Add option to set server accepted pubkey types 
The added option SSH_BIND_OPTIONS_PUBKEY_ACCEPTED_KEY_TYPES allows
restricting the allowed public key types accepted by the server for
authentication.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2019-06-12 10:17:54 +02:00
Anderson Toshiyuki Sasaki
5ed5e97114 messages: Fix NULL check, preventing SEGFAULT 
The wrong conditional check for newly allocated memory would make the
function to fail when the allocation was successful and access invalid
memory when the allocation failed.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-26 13:56:15 +01:00
Jakub Jelen
8e0c047031 packet: Introduce a new function to access crypto 
And remove most of the direct access to the structure throughout the code

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Daiki Ueno <dueno@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-09 10:14:56 +01:00
Jakub Jelen
d2434c69c0 pki: Separate signature extraction and verification 
Initial solution proposed by Tilo Eckert <tilo.eckert@flam.de>

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-11-30 16:21:18 +01:00
Jakub Jelen
57bdc9cb20 Whitespace cleanup 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-11-29 14:22:08 +01:00
Andreas Schneider
194c34ebe3 messages: Use SSH_MESSAGE_FREE 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2018-10-24 09:48:35 +02:00
Andreas Schneider
9fbbdcc154 messages: Rework ssh_message_queue() 
Return early and make it easier to understand.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2018-10-24 09:48:35 +02:00
Andreas Schneider
b9ac61d5a3 messages: Use calloc in ssh_message_new() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2018-10-24 09:48:35 +02:00
Andreas Schneider
ca425ebe67 messages: Make ssh_message_queue() static 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2018-10-24 09:48:35 +02:00
Andreas Schneider
60a3796041 messages: Log message if callback for window change fails 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2018-10-24 09:48:35 +02:00
Andreas Schneider
cc4f220fd3 messages: Log message if sending reply fails 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2018-10-24 09:48:35 +02:00
Andreas Schneider
bc72ec5821 messages: Some cleanup for ssh_packet_service_request 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2018-10-24 09:48:35 +02:00
Andreas Schneider
54ec81db2d messages: Reformat ssh_packet_service_request() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2018-10-24 09:48:35 +02:00
Andreas Schneider
9c200d3ef4 messages: Check that the requested service is 'ssh-connection' 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2018-10-19 12:31:04 +02:00
Anderson Toshiyuki Sasaki
cc513c4c9a messages: Fixed possible memory leak in ssh_message_queue 
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-09-27 15:21:30 +02:00
Andreas Schneider
f8fc0b9dfb messages: Fix memory leak in ssh_packet_userauth_request 
Found by AddressSanitizer.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2018-09-01 21:26:37 +02:00
Jakub Jelen
60ad7ee15d messages: Create correct digest for pki signatures 
This does not affect old signatures, where the public key algorithm
matches the public key type.

This is a problem when using SHA2 extension for the RSA keys, where
the new signature algorithsm are introduced in addition to the
exitsing ssh-rsa which was ignored throughout the code.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-08-31 14:18:34 +02:00
Andreas Schneider
c563ed636a Remove vim modelines from all files 
If you want modelines use my vim plugin:
https://github.com/cryptomilk/git-modeline.vim

git config --add vim.modeline "ts=4 sw=4 et"

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2018-06-28 08:41:08 +02:00
Andreas Schneider
ebcff9fd63 src: Use explicit_bzero() if available on the platform 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2018-02-12 14:41:27 +01:00
Meng Tan
f19158cadf Set channel as bound when accepting channel open request 
Signed-off-by: Meng Tan <mtan@wallix.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-02-01 18:23:38 +01:00
Andreas Schneider
abbd6e304a messages: Make sure we always free the answers pointer 
Found by ozz-fuzz

BUG: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1272

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2017-04-26 10:55:25 +02:00
Andreas Schneider
7c79b5c154 messages: Do not leak memory of previously allocated answers 
Found by ozz-fuzz

BUG: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1222

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2017-04-25 16:20:06 +02:00
Andreas Schneider
5eb41492c4 messages: Do not leak memory if answeres had been allocated previously 
Found by ozz-fuzz

BUG: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1222

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2017-04-24 13:27:20 +02:00
Andreas Schneider
c78c6c6542 messages: Do not leak memory if answered had been allocated previously 
BUG: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1184

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2017-04-21 11:12:10 +02:00
Andreas Schneider
67a2ba6f99 messages: Fix memory leaks in the ssh_packet_global_request callback 
BUG: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1208

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2017-04-21 10:56:13 +02:00
Max Bachmann
3ec8babfaf messages: Utilize the message queue for SSH_REQUEST_GLOBAL. 
Signed-off-by: Max Bachmann <mabahltm@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2017-04-11 09:55:22 +02:00
Andreas Schneider
5437deed1b callbacks: Add support for MSVC 
__typeof__ is GCC specific

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2016-11-05 20:00:02 +01:00
Aris Adamantiadis
bbe437dbb1 callbacks: Implement list of callbacks for channels 
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2016-05-02 16:56:54 +02:00
Aris Adamantiadis
0b9804a95b server: handle keepalive@openssh.com global requests 2016-03-14 22:28:03 +01:00
Fabiano Fidêncio
05fd0acf45 buffer: do not use ssh_buffer_get_rest_len() 
As ssh_buffer_get_len() actually calls ssh_buffer_get_rest_len(), let's
just use the first one. This is a preparatory step for removing
ssh_buffer_get_rest_len().

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2016-01-19 11:31:08 +01:00
Fabiano Fidêncio
954341dd1f buffer: rename ssh_buffer_get_rest() to ssh_buffer_get() 
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2016-01-19 11:31:07 +01:00
Fabiano Fidêncio
e368d01385 cleanup: use ssh_ prefix in the packet (non-static) functions 
Having "ssh_" prefix in the functions' name will avoid possible clashes
when compiling libssh statically.

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2016-01-19 11:31:07 +01:00
Fabiano Fidêncio
adc8c20ac1 cleanup: use ssh_ prefix in the buffer (non-static) functions 
Having "ssh_" prefix in the functions' name will avoid possible clashes
when compiling libssh statically.

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2016-01-19 11:31:07 +01:00
Fabiano Fidêncio
2bf6e66ffe client: handle agent forward open requests with callbacks 
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Aris Adamantiadis <aris@badcode.be>
 2015-07-07 13:24:55 +02:00
Andreas Schneider
5236358a48 messages: Don't leak memory after callback execution 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2015-04-02 16:13:20 +02:00
Andreas Schneider
19433dca00 messages: Check return value of ssh_buffer_unpack(). 
CID: 1230356

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Aris Adamantiadis <aris@0xbadc0de.be>
 2014-08-15 12:29:16 +02:00
Andreas Schneider
97c6b76863 messages: Fix two ssh_buffer_unpack(). 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Aris Adamantiadis <aris@0xbadc0de.be>
 2014-08-07 17:28:42 +02:00
Aris Adamantiadis
cfd2e4894e buffers: adapt messages.c to ssh_buffer_(un)pack() 
Reviewed-by: Andreas Schneider <asn@samba.org>
 2014-08-06 09:46:14 +02:00
Alan Dunn
f37c844bf7 messages: Add missing ntohl on X11 request screen number 
BUG: https://red.libssh.org/issues/160

Signed-off-by: Alan Dunn <amdunn@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2014-05-06 08:56:44 +02:00
Andreas Schneider
ad1313c2e5 Revert "direct-tcpip and forwarded-tcpip callbacks" 
This reverts commit efe785e711.

We need a Signed-off version. I didn't have the Certificate of Origin
yet.
 2014-04-09 12:49:06 +02:00
Loïc Michaux
efe785e711 direct-tcpip and forwarded-tcpip callbacks 2014-04-09 11:13:57 +02:00
Luka Perkov
a2fe341da5 messages: use predefined macro for clearing sensitive data 
Signed-off-by: Luka Perkov <luka.perkov@sartura.hr>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2014-03-27 10:16:14 +01:00
Audrius Butkevicius
dc93edc932 src: Fix argument order in ssh_channel_pty_window_change_callback 
So that it would match ssh_channel_pty_request_callback as well as the documentation

Signed-off-by: Audrius Butkevicius <audrius.butkevicius@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2014-02-02 22:19:46 +01:00
Andreas Schneider
2fe59071b2 src: Do not use deprecated functions. 2014-01-16 15:27:46 +01:00
Aris Adamantiadis
aecd952d18 update copyright information 2014-01-07 15:18:15 +01:00
Nicolas Viennot
754152aa22 server: Fix ssh_execute_server_callbacks() client execution 
When the public key auth handler is executed and returns SSH_OK,
ssh_execute_server_callbacks() still runs some client callbacks,
which may set rc to SSH_AGAIN, which triggers a default reply on
auth, denying auth.

Signed-off-by: Nicolas Viennot <nicolas@viennot.biz>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2013-11-03 10:52:38 +01:00
Jon Simons
d4f5a0e6ab server: fix pubkey reply for key probes 
Per RFC 4252, it is required to send back only one of either
SSH_MSG_USERAUTH_PK_OK or SSH_MSG_USERAUTH_FAILURE for public
key probes.

Update the handling of 'auth_pubkey_function' to send back PK_OK
instead of SSH_MSG_USERAUTH_SUCCESS for the case that the state
of the message at hand is SSH_PUBLICKEY_STATE_NONE.

With this change, it is now possible to process an initial key probe
and then subsequent signature validation using the server callbacks.

Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2013-11-02 21:02:56 +01:00
Tristan CACQUERAY
e588e2325d callbacks: add support for auth_none_function 2013-09-27 15:34:45 +02:00
Andreas Schneider
da1eaea51a gassapi: Fix check if it is enabled. 2013-07-22 10:42:30 +02:00
Andreas Schneider
1ab4b28b00 messages: Split ssh_execute_server_callbacks() in small functions. 2013-07-21 10:53:18 +02:00