mirror of
https://github.com/libssh2/libssh2.git
synced 2025-05-31 16:21:14 +03:00
2addafb77b
- in `hostkey.c` check the result of `libssh2_sha256_init()` and
`libssh2_sha512_init()` calls. This avoid the warning that we're
ignoring the return values.
- fix code using `int` (or `SOCKET`) for sockets. Use libssh2's
dedicated `libssh2_socket_t` and `LIBSSH2_INVALID_SOCKET` instead.
- fix compiler warnings due to `STATUS_*` macro redefinitions between
`ntstatus.h` / `winnt.h`. Solve it by manually defining the single
`STATUS` value we need from `ntstatus.h` and stop including the whole
header.
Fixes #733
- improve Windows UWP/WinRT builds by detecting it with code copied
from the curl project. Then excluding problematic libssh2 parts
according to PR by Dmitry Kostjučenko.
Fixes #734
- always use `SecureZeroMemory()` on Windows.
We can tweak this if not found or not inlined by a C compiler which
we otherwise support. Same if it causes issues with UWP apps.
Ref: https://learn.microsoft.com/en-us/previous-versions/windows/desktop/legacy/aa366877(v=vs.85)
Ref: https://learn.microsoft.com/en-us/windows-hardware/drivers/ddi/wdm/nf-wdm-rtlsecurezeromemory
- always enable `LIBSSH2_CLEAR_MEMORY` on Windows. CMake and
curl-for-win builds already did that. Delete `SecureZeroMemory()`
detection from autotools' WinCNG backend logic, that this
setting used to depend on.
TODO: Enable it for all platforms in a separate PR.
TODO: For clearing buffers in WinCNG, call `_libssh2_explicit_zero()`,
insead of a local function or explicit `SecureZeroMemory()`.
- Makefile.inc: move `os400qc3.h` to `HEADERS`. This fixes
compilation on non-unixy platforms. Recent regression.
- `libssh2.rc`: replace copyright with plain ASCII, as in curl.
Ref: curl/curl@1ca62bb
Ref: curl/curl#7765
Ref: curl/curl#7776
- CMake fixes and improvements:
- enable warnings with llvm/clang.
- enable more comprehensive warnings with gcc and llvm/clang.
Logic copied from curl:
233810bb5f/CMakeLists.txt (L131-L148)
- fix `Policy CMP0080` CMake warning by deleting that reference.
- add `ENABLE_WERROR` (default: `OFF`) option. Ported from curl.
- add `PICKY_COMPILER` (default: `ON`) option, as known from curl.
It controls both the newly added picky warnings for llvm/clang and
gcc, and also the pre-existing ones for MSVC.
- `win32/GNUmakefile` fixes and improvements:
- delete `_AMD64_` and add missing `-m64` for x64 builds under test.
- add support for `ARCH=custom`.
It disables hardcoded Intel 64-bit and Intel 32-bit options,
allowing ARM64 builds.
- add support for `LIBSSH2_RCFLAG_EXTRAS`.
To pass custom options to windres, e.g. in ARM64 builds.
- add support for `LIBSSH2_RC`. To override `windres`.
- delete support for Metrowerks C. Last released in 2004.
- `win32/libssh2_config.h`: delete unnecessary socket #includes
`src/libssh2_priv.h` includes `winsock2.h` and `ws2tcpip.h` further
down the line, triggered by `HAVE_WINSOCK2_H`.
`mswsock.h` does not seem to be necessary anymore.
Double-including these (before `windows.h`) caused compiler failures
when building against BoringSSL and warnings with LibreSSL. We could
work this around by passing `-DNOCRYPT`. Deleting the duplicates
fixes these issues.
Timeline:
2013: c910cd382dfa07fed2adaabf688af9e4a084fa1d deleted `mswsock.h` from `src/libssh2_priv.h`
2008: 8c43bc52b1e3de2c8fc7899a80aec0e98de4e2d8 added `winsock2.h` and `ws2tcpip.h` to `src/libssh2_priv.h`
2005: dc4bb1af967d2c53e90349f2f37324c622e714f5 added the now deleted #includes
- delete or replace `LIBSSH2_WIN32` with `WIN32`.
- replace hand-rolled `HAVE_WINDOWS_H` macro with `WIN32`. Also delete
its detections/definitions.
- delete unused `LIBSSH2_DARWIN` macro.
- delete unused `writev()` Windows implementation
There is no reference to `writev()` since 2007-02-02, commit
9d55db6501aa4e21f0858cf36cdc2ddc11b96e83.
- fix a bunch of MSVC / llvm/clang / gcc compiler warnings:
- `warning C4100: '...': unreferenced formal parameter`
- using value of undefined PP macro `LIBSSH2DEBUG`
- missing void from function definition
- `if()` block missing in non-debug builds
- unreferenced variable in non-debug builds
- `warning: must specify at least one argument for '...' parameter of variadic macro [-Wgnu-zero-variadic-macro-arguments]`
in `_libssh2_debug()`
- `warning C4295: 'ciphertext' : array is too small to include a terminating null character`
- `warning C4706: assignment within conditional expression`
- `warning C4996: 'inet_addr': Use inet_pton() or InetPton() instead or
define _WINSOCK_DEPRECATED_NO_WARNINGS to disable deprecated API warnings`
By suppressning it. Would be best to use inet_pton() as suggested.
On Windows this needs Vista though.
- `warning C4152: nonstandard extension, function/data pointer conversion in expression`
(silenced locally)
- `warning C4068: unknown pragma`
Ref: https://ci.appveyor.com/project/libssh2org/libssh2/builds/46354480/job/j7d0m34qgq8rag5w
Closes #808
261 lines
6.9 KiB
C
261 lines
6.9 KiB
C
/*
|
|
* Sample showing how to do SSH2 connect using ssh-agent.
|
|
*
|
|
* The sample code has default values for host name, user name:
|
|
*
|
|
* "ssh2_agent host user"
|
|
*/
|
|
|
|
#ifdef WIN32
|
|
#ifndef _WINSOCK_DEPRECATED_NO_WARNINGS
|
|
#define _WINSOCK_DEPRECATED_NO_WARNINGS
|
|
#endif
|
|
#endif
|
|
|
|
#include "libssh2_config.h"
|
|
#include <libssh2.h>
|
|
#include <libssh2_sftp.h>
|
|
|
|
#ifdef WIN32
|
|
# include <windows.h>
|
|
#endif
|
|
#ifdef HAVE_WINSOCK2_H
|
|
# include <winsock2.h>
|
|
#endif
|
|
#ifdef HAVE_SYS_SOCKET_H
|
|
# include <sys/socket.h>
|
|
#endif
|
|
#ifdef HAVE_NETINET_IN_H
|
|
# include <netinet/in.h>
|
|
#endif
|
|
# ifdef HAVE_UNISTD_H
|
|
#include <unistd.h>
|
|
#endif
|
|
# ifdef HAVE_ARPA_INET_H
|
|
#include <arpa/inet.h>
|
|
#endif
|
|
|
|
#include <sys/types.h>
|
|
#include <fcntl.h>
|
|
#include <errno.h>
|
|
#include <stdio.h>
|
|
#include <ctype.h>
|
|
#include <stdlib.h>
|
|
|
|
const char *username = "username";
|
|
|
|
int main(int argc, char *argv[])
|
|
{
|
|
unsigned long hostaddr;
|
|
libssh2_socket_t sock = LIBSSH2_INVALID_SOCKET;
|
|
int i, rc;
|
|
struct sockaddr_in sin;
|
|
const char *fingerprint;
|
|
char *userauthlist;
|
|
LIBSSH2_SESSION *session = NULL;
|
|
LIBSSH2_CHANNEL *channel;
|
|
LIBSSH2_AGENT *agent = NULL;
|
|
struct libssh2_agent_publickey *identity, *prev_identity = NULL;
|
|
|
|
#ifdef WIN32
|
|
WSADATA wsadata;
|
|
int err;
|
|
|
|
err = WSAStartup(MAKEWORD(2, 0), &wsadata);
|
|
if(err != 0) {
|
|
fprintf(stderr, "WSAStartup failed with error: %d\n", err);
|
|
return 1;
|
|
}
|
|
#endif
|
|
|
|
if(argc > 1) {
|
|
hostaddr = inet_addr(argv[1]);
|
|
}
|
|
else {
|
|
hostaddr = htonl(0x7F000001);
|
|
}
|
|
|
|
if(argc > 2) {
|
|
username = argv[2];
|
|
}
|
|
|
|
rc = libssh2_init(0);
|
|
if(rc != 0) {
|
|
fprintf(stderr, "libssh2 initialization failed (%d)\n", rc);
|
|
return 1;
|
|
}
|
|
|
|
/* Ultra basic "connect to port 22 on localhost". Your code is
|
|
* responsible for creating the socket establishing the connection
|
|
*/
|
|
sock = socket(AF_INET, SOCK_STREAM, 0);
|
|
if(sock == LIBSSH2_INVALID_SOCKET) {
|
|
fprintf(stderr, "failed to create socket!\n");
|
|
rc = 1;
|
|
goto shutdown;
|
|
}
|
|
|
|
sin.sin_family = AF_INET;
|
|
sin.sin_port = htons(22);
|
|
sin.sin_addr.s_addr = hostaddr;
|
|
if(connect(sock, (struct sockaddr*)(&sin),
|
|
sizeof(struct sockaddr_in)) != 0) {
|
|
fprintf(stderr, "failed to connect!\n");
|
|
goto shutdown;
|
|
}
|
|
|
|
/* Create a session instance and start it up. This will trade welcome
|
|
* banners, exchange keys, and setup crypto, compression, and MAC layers
|
|
*/
|
|
session = libssh2_session_init();
|
|
if(libssh2_session_handshake(session, sock)) {
|
|
fprintf(stderr, "Failure establishing SSH session\n");
|
|
return 1;
|
|
}
|
|
|
|
/* At this point we havn't authenticated. The first thing to do is check
|
|
* the hostkey's fingerprint against our known hosts Your app may have it
|
|
* hard coded, may go to a file, may present it to the user, that's your
|
|
* call
|
|
*/
|
|
fingerprint = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_SHA1);
|
|
fprintf(stderr, "Fingerprint: ");
|
|
for(i = 0; i < 20; i++) {
|
|
fprintf(stderr, "%02X ", (unsigned char)fingerprint[i]);
|
|
}
|
|
fprintf(stderr, "\n");
|
|
|
|
/* check what authentication methods are available */
|
|
userauthlist = libssh2_userauth_list(session, username, strlen(username));
|
|
fprintf(stderr, "Authentication methods: %s\n", userauthlist);
|
|
if(strstr(userauthlist, "publickey") == NULL) {
|
|
fprintf(stderr, "\"publickey\" authentication is not supported\n");
|
|
goto shutdown;
|
|
}
|
|
|
|
/* Connect to the ssh-agent */
|
|
agent = libssh2_agent_init(session);
|
|
if(!agent) {
|
|
fprintf(stderr, "Failure initializing ssh-agent support\n");
|
|
rc = 1;
|
|
goto shutdown;
|
|
}
|
|
if(libssh2_agent_connect(agent)) {
|
|
fprintf(stderr, "Failure connecting to ssh-agent\n");
|
|
rc = 1;
|
|
goto shutdown;
|
|
}
|
|
if(libssh2_agent_list_identities(agent)) {
|
|
fprintf(stderr, "Failure requesting identities to ssh-agent\n");
|
|
rc = 1;
|
|
goto shutdown;
|
|
}
|
|
while(1) {
|
|
rc = libssh2_agent_get_identity(agent, &identity, prev_identity);
|
|
if(rc == 1)
|
|
break;
|
|
if(rc < 0) {
|
|
fprintf(stderr,
|
|
"Failure obtaining identity from ssh-agent support\n");
|
|
rc = 1;
|
|
goto shutdown;
|
|
}
|
|
if(libssh2_agent_userauth(agent, username, identity)) {
|
|
fprintf(stderr, "\tAuthentication with username %s and "
|
|
"public key %s failed!\n",
|
|
username, identity->comment);
|
|
}
|
|
else {
|
|
fprintf(stderr, "\tAuthentication with username %s and "
|
|
"public key %s succeeded!\n",
|
|
username, identity->comment);
|
|
break;
|
|
}
|
|
prev_identity = identity;
|
|
}
|
|
if(rc) {
|
|
fprintf(stderr, "Couldn't continue authentication\n");
|
|
goto shutdown;
|
|
}
|
|
|
|
/* We're authenticated now. */
|
|
|
|
/* Request a shell */
|
|
channel = libssh2_channel_open_session(session);
|
|
if(!channel) {
|
|
fprintf(stderr, "Unable to open a session\n");
|
|
goto shutdown;
|
|
}
|
|
|
|
/* Some environment variables may be set,
|
|
* It's up to the server which ones it'll allow though
|
|
*/
|
|
libssh2_channel_setenv(channel, "FOO", "bar");
|
|
|
|
/* Request a terminal with 'vanilla' terminal emulation
|
|
* See /etc/termcap for more options
|
|
*/
|
|
if(libssh2_channel_request_pty(channel, "vanilla")) {
|
|
fprintf(stderr, "Failed requesting pty\n");
|
|
goto skip_shell;
|
|
}
|
|
|
|
/* Open a SHELL on that pty */
|
|
if(libssh2_channel_shell(channel)) {
|
|
fprintf(stderr, "Unable to request shell on allocated pty\n");
|
|
goto shutdown;
|
|
}
|
|
|
|
/* At this point the shell can be interacted with using
|
|
* libssh2_channel_read()
|
|
* libssh2_channel_read_stderr()
|
|
* libssh2_channel_write()
|
|
* libssh2_channel_write_stderr()
|
|
*
|
|
* Blocking mode may be (en|dis)abled with: libssh2_channel_set_blocking()
|
|
* If the server send EOF, libssh2_channel_eof() will return non-0
|
|
* To send EOF to the server use: libssh2_channel_send_eof()
|
|
* A channel can be closed with: libssh2_channel_close()
|
|
* A channel can be freed with: libssh2_channel_free()
|
|
*/
|
|
|
|
skip_shell:
|
|
if(channel) {
|
|
libssh2_channel_free(channel);
|
|
channel = NULL;
|
|
}
|
|
|
|
/* Other channel types are supported via:
|
|
* libssh2_scp_send()
|
|
* libssh2_scp_recv2()
|
|
* libssh2_channel_direct_tcpip()
|
|
*/
|
|
|
|
shutdown:
|
|
|
|
if(agent) {
|
|
libssh2_agent_disconnect(agent);
|
|
libssh2_agent_free(agent);
|
|
}
|
|
|
|
if(session) {
|
|
libssh2_session_disconnect(session,
|
|
"Normal Shutdown, Thank you for playing");
|
|
libssh2_session_free(session);
|
|
}
|
|
|
|
if(sock != LIBSSH2_INVALID_SOCKET) {
|
|
#ifdef WIN32
|
|
closesocket(sock);
|
|
#else
|
|
close(sock);
|
|
#endif
|
|
}
|
|
|
|
fprintf(stderr, "all done!\n");
|
|
|
|
libssh2_exit();
|
|
|
|
return rc;
|
|
}
|