shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-11 18:50:28 +09:00
Code Issues Packages Projects Releases Wiki Activity

options: The new option SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES

Browse Source 
This option allows to specify acceptable public key algorithms
and reflects the PubkeyAcceptedTypes configuration option from
OpenSSH.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This commit is contained in:
Jakub Jelen
2018-08-07 11:25:27 +02:00
committed by Andreas Schneider
parent 9ca6127b91
commit 4521ab73b6
4 changed files with 34 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
include/libssh/libssh.h
View File

@@ -404,6 +404,7 @@ enum ssh_options_e {
SSH_OPTIONS_GSSAPI_AUTH, SSH_OPTIONS_GSSAPI_AUTH,
SSH_OPTIONS_GLOBAL_KNOWNHOSTS, SSH_OPTIONS_GLOBAL_KNOWNHOSTS,
SSH_OPTIONS_NODELAY, SSH_OPTIONS_NODELAY,
SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES,
}; };
enum { enum {

1
include/libssh/session.h
View File

@@ -204,6 +204,7 @@ struct ssh_session_struct {
char *knownhosts; char *knownhosts;
char *global_knownhosts; char *global_knownhosts;
char *wanted_methods[10]; char *wanted_methods[10];
char *pubkey_accepted_types;
char *ProxyCommand; char *ProxyCommand;
char *custombanner; char *custombanner;
unsigned long timeout; /* seconds */ unsigned long timeout; /* seconds */

31
src/options.c
View File

@@ -147,6 +147,14 @@ int ssh_options_copy(ssh_session src, ssh_session *dest) {
return -1; return -1;
} }
} }
if (src->opts.pubkey_accepted_types != NULL) {
new->opts.pubkey_accepted_types = strdup(src->opts.pubkey_accepted_types);
if (new->opts.pubkey_accepted_types == NULL) {
ssh_free(new);
return -1;
}
}
new->opts.fd = src->opts.fd; new->opts.fd = src->opts.fd;
new->opts.port = src->opts.port; new->opts.port = src->opts.port;
new->opts.timeout = src->opts.timeout; new->opts.timeout = src->opts.timeout;
@@ -343,6 +351,11 @@ int ssh_options_set_algo(ssh_session session,
* comma-separated list). ex: * comma-separated list). ex:
* "ssh-rsa,ssh-dss,ecdh-sha2-nistp256" * "ssh-rsa,ssh-dss,ecdh-sha2-nistp256"
* *
* - SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES:
* Set the preferred public key algorithms to be used for
* authentication (const char *, comma-separated list). ex:
* "ssh-rsa,rsa-sha2-256,ssh-dss,ecdh-sha2-nistp256"
*
* - SSH_OPTIONS_COMPRESSION_C_S: * - SSH_OPTIONS_COMPRESSION_C_S:
* Set the compression to use for client to server * Set the compression to use for client to server
* communication (const char *, "yes", "no" or a specific * communication (const char *, "yes", "no" or a specific
@@ -743,6 +756,24 @@ int ssh_options_set(ssh_session session, enum ssh_options_e type,
return -1; return -1;
} }
break; break;
case SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES:
v = value;
if (v == NULL || v[0] == '\0') {
ssh_set_error_invalid(session);
return -1;
} else {
p = ssh_keep_known_algos(SSH_HOSTKEYS, v);
if (p == NULL) {
ssh_set_error(session, SSH_REQUEST_DENIED,
"Setting method: no known public key algorithm (%s)",
v);
return -1;
}
SAFE_FREE(session->opts.pubkey_accepted_types);
session->opts.pubkey_accepted_types = p;
}
break;
case SSH_OPTIONS_HMAC_C_S: case SSH_OPTIONS_HMAC_C_S:
v = value; v = value;
if (v == NULL || v[0] == '\0') { if (v == NULL || v[0] == '\0') {

1
src/session.c
View File

@@ -282,6 +282,7 @@ void ssh_free(ssh_session session) {
SAFE_FREE(session->opts.ProxyCommand); SAFE_FREE(session->opts.ProxyCommand);
SAFE_FREE(session->opts.gss_server_identity); SAFE_FREE(session->opts.gss_server_identity);
SAFE_FREE(session->opts.gss_client_identity); SAFE_FREE(session->opts.gss_client_identity);
SAFE_FREE(session->opts.pubkey_accepted_types);
for (i = 0; i < 10; i++) { for (i = 0; i < 10; i++) {
if (session->opts.wanted_methods[i]) { if (session->opts.wanted_methods[i]) {