This was omitted from the 84d02e74 and caused issues to build when abimap is
not present.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This could happen only if the function would really be called with the NULL
session, but this was never the case as the session is dereferenced already on
all code paths toward this place.
This is just to make the scanner happy that the session can not really be NULL
here.
Thanks coverity!
CID 1593926
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Norbert Pocs <norbertpocs0@gmail.com>
This commit adds test cases to catch issues where ProxyJump configurations lead to infinite loops or incorrect username usage, as reported in issue #287, and issue #291
Signed-off-by: Yuvraj Saxena <ysaxenax@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Try to find GSSAPI via pkg-config. If found, add the appropriate
module name, depending on the flavor, to the libssh.pc file so that
the pkg-config can report the list of libraries needed when linking
against the static library version of libssh.
Fix#293
Signed-off-by: John Thacker <johnthacker@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Starts a second sshd. This enables to test proxyjump through
multiple servers.
Signed-off-by: Norbert Pocs <norbertpocs0@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
This will work only with pkcs11 provider. Not tested with engines.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
... instead of keeping around public and private key blobs.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
The p11-kit remoting was initially introduced because softhsm
was crashing during cleanup with OpenSSL 3.0. This was resolved
since then and this code introduces a lot of complexity and
possible bugs, such as when using the mechanisms from PKCS#11 3.0
that are unknown to the p11-kit remoting tool. It decides to remove
them from the list as demonstrated here:
https://github.com/p11-glue/p11-kit/issues/668
This resulted in pkcs11-provider not registering EDDSA siganture
methods to the OpenSSL and failing when asked to provide a singature
by the Ed25519 key from the PKCS#11 token.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
Add a cmake option to enable hermetic-usr, i.e., use of config files in /usr/.
If turned on, GLOBAL_*_CONFIG is prepended with /usr/ and defined as
USR_GLOBAL_*_CONFIG. Config lookup follows this path GLOBAL_*_CONFIG ->
USR_GLOBAL_*_CONFIG.
Introduce a ssh_config_parse primitive. This avoids convoluted checks for file
presence (without modifing the behaviour of ssh_config_parse_file) and allows
marking whether the config is global at the call site.
Signed-off-by: Lucas Mulling <lucas.mulling@suse.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
The GSSAPI find module sets GSSAPI_INCLUDE_DIR (singular) only and
passes that to find_package_handle_standard_arguments, but later
tests and marks as advanced GSSAPI_INCLUDE_DIRS (plural), which doesn't
exist. GSSAPI_INCLUDE_DIR is what's used in src/CMakeLists.txt
This hasn't had a major effect, because GSSAPI_FOUND gets set by
find_package_handle_standard_args, so the if statement that tests
GSSAPI_INCLUDE_DIRS (and never succeeded) would have been a no-op
in any case, so remove it. Standardize on the singular version when
marking as advanced.
Signed-off-by: John Thacker <johnthacker@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
