fix: memory leak
fix: add defaults after parsing
fix: set defaults in ssh_bind_listen
tests: add test for checking default hostkey paths
remove: null check for hostkey paths, can't happen since we set defaults now
examples: ssh_server remove "no default keys", default hostkeys set in ssh_bind_listen
Signed-off-by: Gauravsingh Sisodia <xaerru@gmail.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
Find the path to the library using cmake and enable this sort of logging only
with TORTURE_PKCS11 environment variable.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
The gcc should be able to select this automatically based on the presence of
-pthread is present on the commandline, but given that we link the tests static,
we do not have this?
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
The OpenSSH as part of the new test torture_request_pty_modes attempts to chown
the pty to the faked user, which is obviously not permitted when the test does
not run as a root. But since all the permissions for SSH are faked, just
ignoring these requests should be safe enough giving expected results.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
When opening a PTY on the server, try to use the current TTY's settings
(i.e. based on STDIN). If that fails or STDIN isn't a TTY, use default
modes that avoid any character translation.
Don't rely on stdin to be a TTY (breaks CI). Instead, open a PTY and
temporarily use that as "fake" stdin.
Signed-off-by: Daniel Evers (daniel.evers@utimaco.com)
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Added the new function `ssh_channel_request_pty_size_modes` which allows
to pass additional encoded SSH terminal modes (see opcodes in RFC 4245).
Signed-off-by: Daniel Evers (daniel.evers@utimaco.com)
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Imported targets are highly preferred over the individual variables
for includes and libs because they will be used in a coherent way
and any spelling mistakes or unavailability won't go unnoticed.
Also it will prevent bugs like conan-io/conan-center-index#16900
or using mismatching header/libs combinations.
Signed-off-by: Gregor Jasny <gjasny@googlemail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
because if a fallback happens, the WITH_(GCRYPT|MBEDTLS) variables
do not match the selection, anymore. Also a silent fallback is pretty
bad if it is unnoticed.
Signed-off-by: Gregor Jasny <gjasny@googlemail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Socket paths have a length limit, and depending on the working directory of the
source code, these tests occasionally fail if the path is too long. Avoid this
by using a template string that is absolute and in /tmp, which should avoid the
socket path length issues.
This fixes building libssh with pkcs11 provider support in 'fedpkg mockbuild'.
Signed-off-by: Clemens Lang <cllang@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Fix read file with fgets and remove memory leaks
Remove use of ssh_pki_import_pubkey_file in ssh server and update max line size
Fix example server line no. and formatting
Fix check for leading whitespace in line
Reformat to avoid nesting
Remove setting sdata->authenticated to 0, the default is 0
Better error messages and handle case for fgets failing
Increment lineno at start
Signed-off-by: Gauravsingh Sisodia <xaerru@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Malicious code can be injected using the username with metacharacters,
therefore the username must be validated before using it with any %u.
Signed-off-by: Norbert Pocs <norbertpocs0@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
A section has been added to explain the capping applied by the
sftp aio API. Also the example codes have been changed such that
they expect sftp_aio_begin_*() functions to return an ssize_t
indicating the number of bytes it requested the server to
read/write.
Signed-off-by: Eshan Kelkar <eshankelkar@galorithm.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Following changes have been made:
1. The benchmark now expects sftp_aio_begin_write() to
return a ssize_t indicating an error (or) the number of
bytes for which it sent a write request.
2. If the user sets the chunk size > max limit for writing
via CLI, the benchmark does not use the set chunk size and
instead uses the max limit for writing as the chunk size
3. fprintf calls have been added to print the reason for
failure if the benchmark fails.
Signed-off-by: Eshan Kelkar <eshankelkar@galorithm.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Following changes have been made :
1. The benchmark now expects sftp_aio_begin_read() to
return an ssize_t indicating an error (or) the number of
bytes for which it sent a read request.
2. If the user sets a chunk size > max limit for the reading
via CLI, the benchmark does not use the set chunk size and
instead uses the max limit for reading as the chunk size for
download.
3. fprintf calls have been introduced to print the reason
for the failure if the benchmark fails.
Signed-off-by: Eshan Kelkar <eshankelkar@galorithm.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
The tests have been changed such that the return value of
sftp_aio_begin_*() functions is expected to be a ssize_t
which indicates the number of bytes for which the function
sent a read/write request or error.
Tests for trying to read/write bytes more than the max limit
enforced by the API have also been added.
The negative tests for reading and writing have also been
seperated for the sake of clarity.
Signed-off-by: Eshan Kelkar <eshankelkar@galorithm.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Test has been changed such that sftp_limits() is called
when the limits@openssh.com extension is supported as well
as when it is not supported.
Also, a simple negative test has been added for NULL
argument.
Signed-off-by: Eshan Kelkar <eshankelkar@galorithm.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
In the sftp_init() call, the limits are stored in the sftp_sesssion.
If the limits@openssh.com extension is supported the limits are retrieved
from the server, else libssh uses the default limits.
The sftp library functions that require the limits can access them using
the sftp session.
The library user can call sftp_limits() to get a copy of the limits
stored in the sftp session. Since the limits were already retrieved
from the server during sftp_init(), this sftp_limits() call requires
no communication with the server.
Signed-off-by: Eshan Kelkar <eshankelkar@galorithm.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
This incorrectly stated that it would return an integer value instead of a
string.
Signed-off-by: James Wrigley <james@puiterwijk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
The closing brace of the @addtogroup command was too low, causing some logging
functions to be added to the threads group.
Signed-off-by: James Wrigley <james@puiterwijk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Norbert Pocs <norbertpocs0@gmail.com>
The current documentation incorrectly states that it will return 0 on EOF, but
the function calls ssh_channel_poll() internally, which will return SSH_EOF,
which will then be returned by ssh_channel_read_nonblocking().
Signed-off-by: James Wrigley <james@puiterwijk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Norbert Pocs <norbertpocs0@gmail.com>
