shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-10 18:28:10 +09:00
Code Issues Packages Projects Releases Wiki Activity

Solve issue #113 "Remove unneeded configuration options not supported by OpenSSH anymore"

Browse Source 
Remove config options: protocol, mac, cipher, compressionlevel,
gssapikeyexchange,
gssapirenewalforcesrekey,
gssapitrustdns,
rhostsrsaauthentication,
rsaauthentication,
useprivilegedport,
pubkeyacceptedtypes
since they are not supported by OpenSSH

Rename some config options:
hostbasedkeytypes, challengeresponseauthentication and pubkeyacceptedkeytypes
to hosbasedacceptedalgorithms, kdbinteractiveauthentication and pubkeyacceptedalgorithms
to be consistent with the OpenSSH manual https://man.openbsd.org/sshd_config.
Keep pubkeyacceptedkeytypes for backward compatibility.
Rename SOC_PUBKEYACCEPTEDTYPES to SOC_PUBKEYACCEPTEDKEYTYPES in config.h

Update unittests/torture_config.c and unittests/torture_options.c

Signed-off-by: Anh Minh Tran <anhminh@seznam.cz>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
This commit is contained in:
Anh Minh Tran
2022-04-02 14:32:09 +00:00
committed by Jakub Jelen
parent 196fe36971
commit af9018ce13
4 changed files with 37 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
include/libssh/config.h
View File

@@ -42,7 +42,6 @@ enum ssh_config_opcode_e {
SOC_MACS, SOC_MACS,
SOC_COMPRESSION, SOC_COMPRESSION,
SOC_TIMEOUT, SOC_TIMEOUT,
SOC_PROTOCOL,
SOC_STRICTHOSTKEYCHECK, SOC_STRICTHOSTKEYCHECK,
SOC_KNOWNHOSTS, SOC_KNOWNHOSTS,
SOC_PROXYCOMMAND, SOC_PROXYCOMMAND,
@@ -60,7 +59,7 @@ enum ssh_config_opcode_e {
SOC_KBDINTERACTIVEAUTHENTICATION, SOC_KBDINTERACTIVEAUTHENTICATION,
SOC_PASSWORDAUTHENTICATION, SOC_PASSWORDAUTHENTICATION,
SOC_PUBKEYAUTHENTICATION, SOC_PUBKEYAUTHENTICATION,
SOC_PUBKEYACCEPTEDTYPES, SOC_PUBKEYACCEPTEDKEYTYPES,
SOC_REKEYLIMIT, SOC_REKEYLIMIT,
SOC_MAX /* Keep this one last in the list */ SOC_MAX /* Keep this one last in the list */

48
src/config.c
View File

@@ -68,7 +68,6 @@ static struct ssh_config_keyword_table_s ssh_config_keyword_table[] = {
{ "macs", SOC_MACS }, { "macs", SOC_MACS },
{ "compression", SOC_COMPRESSION }, { "compression", SOC_COMPRESSION },
{ "connecttimeout", SOC_TIMEOUT }, { "connecttimeout", SOC_TIMEOUT },
{ "protocol", SOC_PROTOCOL },
{ "stricthostkeychecking", SOC_STRICTHOSTKEYCHECK }, { "stricthostkeychecking", SOC_STRICTHOSTKEYCHECK },
{ "userknownhostsfile", SOC_KNOWNHOSTS }, { "userknownhostsfile", SOC_KNOWNHOSTS },
{ "proxycommand", SOC_PROXYCOMMAND }, { "proxycommand", SOC_PROXYCOMMAND },
@@ -81,7 +80,6 @@ static struct ssh_config_keyword_table_s ssh_config_keyword_table[] = {
{ "loglevel", SOC_LOGLEVEL}, { "loglevel", SOC_LOGLEVEL},
{ "hostkeyalgorithms", SOC_HOSTKEYALGORITHMS}, { "hostkeyalgorithms", SOC_HOSTKEYALGORITHMS},
{ "kexalgorithms", SOC_KEXALGORITHMS}, { "kexalgorithms", SOC_KEXALGORITHMS},
{ "mac", SOC_UNSUPPORTED}, /* SSHv1 */
{ "gssapiauthentication", SOC_GSSAPIAUTHENTICATION}, { "gssapiauthentication", SOC_GSSAPIAUTHENTICATION},
{ "kbdinteractiveauthentication", SOC_KBDINTERACTIVEAUTHENTICATION}, { "kbdinteractiveauthentication", SOC_KBDINTERACTIVEAUTHENTICATION},
{ "passwordauthentication", SOC_PASSWORDAUTHENTICATION}, { "passwordauthentication", SOC_PASSWORDAUTHENTICATION},
@@ -95,20 +93,15 @@ static struct ssh_config_keyword_table_s ssh_config_keyword_table[] = {
{ "canonicalizemaxdots", SOC_UNSUPPORTED}, { "canonicalizemaxdots", SOC_UNSUPPORTED},
{ "canonicalizepermittedcnames", SOC_UNSUPPORTED}, { "canonicalizepermittedcnames", SOC_UNSUPPORTED},
{ "certificatefile", SOC_UNSUPPORTED}, { "certificatefile", SOC_UNSUPPORTED},
{ "challengeresponseauthentication", SOC_UNSUPPORTED}, { "kbdinteractiveauthentication", SOC_UNSUPPORTED},
{ "checkhostip", SOC_UNSUPPORTED}, { "checkhostip", SOC_UNSUPPORTED},
{ "cipher", SOC_UNSUPPORTED}, /* SSHv1 */
{ "compressionlevel", SOC_UNSUPPORTED}, /* SSHv1 */
{ "connectionattempts", SOC_UNSUPPORTED}, { "connectionattempts", SOC_UNSUPPORTED},
{ "enablesshkeysign", SOC_UNSUPPORTED}, { "enablesshkeysign", SOC_UNSUPPORTED},
{ "fingerprinthash", SOC_UNSUPPORTED}, { "fingerprinthash", SOC_UNSUPPORTED},
{ "forwardagent", SOC_UNSUPPORTED}, { "forwardagent", SOC_UNSUPPORTED},
{ "gssapikeyexchange", SOC_UNSUPPORTED},
{ "gssapirenewalforcesrekey", SOC_UNSUPPORTED},
{ "gssapitrustdns", SOC_UNSUPPORTED},
{ "hashknownhosts", SOC_UNSUPPORTED}, { "hashknownhosts", SOC_UNSUPPORTED},
{ "hostbasedauthentication", SOC_UNSUPPORTED}, { "hostbasedauthentication", SOC_UNSUPPORTED},
{ "hostbasedkeytypes", SOC_UNSUPPORTED}, { "hostbasedacceptedalgorithms", SOC_UNSUPPORTED},
{ "hostkeyalias", SOC_UNSUPPORTED}, { "hostkeyalias", SOC_UNSUPPORTED},
{ "identitiesonly", SOC_UNSUPPORTED}, { "identitiesonly", SOC_UNSUPPORTED},
{ "identityagent", SOC_UNSUPPORTED}, { "identityagent", SOC_UNSUPPORTED},
@@ -120,12 +113,10 @@ static struct ssh_config_keyword_table_s ssh_config_keyword_table[] = {
{ "preferredauthentications", SOC_UNSUPPORTED}, { "preferredauthentications", SOC_UNSUPPORTED},
{ "proxyjump", SOC_PROXYJUMP}, { "proxyjump", SOC_PROXYJUMP},
{ "proxyusefdpass", SOC_UNSUPPORTED}, { "proxyusefdpass", SOC_UNSUPPORTED},
{ "pubkeyacceptedtypes", SOC_PUBKEYACCEPTEDTYPES}, { "pubkeyacceptedalgorithms", SOC_PUBKEYACCEPTEDKEYTYPES},
{ "rekeylimit", SOC_REKEYLIMIT}, { "rekeylimit", SOC_REKEYLIMIT},
{ "remotecommand", SOC_UNSUPPORTED}, { "remotecommand", SOC_UNSUPPORTED},
{ "revokedhostkeys", SOC_UNSUPPORTED}, { "revokedhostkeys", SOC_UNSUPPORTED},
{ "rhostsrsaauthentication", SOC_UNSUPPORTED},
{ "rsaauthentication", SOC_UNSUPPORTED}, /* SSHv1 */
{ "serveralivecountmax", SOC_UNSUPPORTED}, { "serveralivecountmax", SOC_UNSUPPORTED},
{ "serveraliveinterval", SOC_UNSUPPORTED}, { "serveraliveinterval", SOC_UNSUPPORTED},
{ "streamlocalbindmask", SOC_UNSUPPORTED}, { "streamlocalbindmask", SOC_UNSUPPORTED},
@@ -133,7 +124,6 @@ static struct ssh_config_keyword_table_s ssh_config_keyword_table[] = {
{ "syslogfacility", SOC_UNSUPPORTED}, { "syslogfacility", SOC_UNSUPPORTED},
{ "tcpkeepalive", SOC_UNSUPPORTED}, { "tcpkeepalive", SOC_UNSUPPORTED},
{ "updatehostkeys", SOC_UNSUPPORTED}, { "updatehostkeys", SOC_UNSUPPORTED},
{ "useprivilegedport", SOC_UNSUPPORTED},
{ "verifyhostkeydns", SOC_UNSUPPORTED}, { "verifyhostkeydns", SOC_UNSUPPORTED},
{ "visualhostkey", SOC_UNSUPPORTED}, { "visualhostkey", SOC_UNSUPPORTED},
{ "clearallforwardings", SOC_NA}, { "clearallforwardings", SOC_NA},
@@ -157,7 +147,7 @@ static struct ssh_config_keyword_table_s ssh_config_keyword_table[] = {
{ "tunnel", SOC_NA}, { "tunnel", SOC_NA},
{ "tunneldevice", SOC_NA}, { "tunneldevice", SOC_NA},
{ "xauthlocation", SOC_NA}, { "xauthlocation", SOC_NA},
{ "pubkeyacceptedkeytypes", SOC_PUBKEYACCEPTEDTYPES}, { "pubkeyacceptedkeytypes", SOC_PUBKEYACCEPTEDKEYTYPES},
{ NULL, SOC_UNKNOWN } { NULL, SOC_UNKNOWN }
}; };
@@ -887,34 +877,6 @@ ssh_config_parse_line(ssh_session session,
} }
} }
break; break;
case SOC_PROTOCOL:
p = ssh_config_get_str_tok(&s, NULL);
if (p && *parsing) {
char *a, *b, *save = NULL;
b = strdup(p);
if (b == NULL) {
SAFE_FREE(x);
ssh_set_error_oom(session);
return -1;
}
i = 0;
ssh_options_set(session, SSH_OPTIONS_SSH2, &i);
for (a = strtok_r(b, ",", &save); a; a = strtok_r(NULL, ",", &save)) {
switch (atoi(a)) {
case 1:
break;
case 2:
i = 1;
ssh_options_set(session, SSH_OPTIONS_SSH2, &i);
break;
default:
break;
}
}
SAFE_FREE(b);
}
break;
case SOC_TIMEOUT: case SOC_TIMEOUT:
l = ssh_config_get_long(&s, -1); l = ssh_config_get_long(&s, -1);
if (l >= 0 && *parsing) { if (l >= 0 && *parsing) {
@@ -1015,7 +977,7 @@ ssh_config_parse_line(ssh_session session,
ssh_options_set(session, SSH_OPTIONS_HOSTKEYS, p); ssh_options_set(session, SSH_OPTIONS_HOSTKEYS, p);
} }
break; break;
case SOC_PUBKEYACCEPTEDTYPES: case SOC_PUBKEYACCEPTEDKEYTYPES:
p = ssh_config_get_str_tok(&s, NULL); p = ssh_config_get_str_tok(&s, NULL);
if (p && *parsing) { if (p && *parsing) {
ssh_options_set(session, SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES, p); ssh_options_set(session, SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES, p);

31
tests/unittests/torture_config.c
View File

@@ -37,6 +37,7 @@ extern LIBSSH_THREAD int ssh_log_level;
#define LIBSSH_TESTCONFIG12 "libssh_testconfig12.tmp" #define LIBSSH_TESTCONFIG12 "libssh_testconfig12.tmp"
#define LIBSSH_TESTCONFIGGLOB "libssh_testc*[36].tmp" #define LIBSSH_TESTCONFIGGLOB "libssh_testc*[36].tmp"
#define LIBSSH_TEST_PUBKEYTYPES "libssh_test_PubkeyAcceptedKeyTypes.tmp" #define LIBSSH_TEST_PUBKEYTYPES "libssh_test_PubkeyAcceptedKeyTypes.tmp"
#define LIBSSH_TEST_PUBKEYALGORITHMS "libssh_test_PubkeyAcceptedAlgorithms.tmp"
#define LIBSSH_TEST_NONEWLINEEND "libssh_test_NoNewLineEnd.tmp" #define LIBSSH_TEST_NONEWLINEEND "libssh_test_NoNewLineEnd.tmp"
#define LIBSSH_TEST_NONEWLINEONELINE "libssh_test_NoNewLineOneline.tmp" #define LIBSSH_TEST_NONEWLINEONELINE "libssh_test_NoNewLineOneline.tmp"
#define LIBSSH_TEST_RECURSIVE_INCLUDE "libssh_test_recursive_include.tmp" #define LIBSSH_TEST_RECURSIVE_INCLUDE "libssh_test_recursive_include.tmp"
@@ -52,7 +53,7 @@ extern LIBSSH_THREAD int ssh_log_level;
"\n\nIdentityFile "ID_FILE"\n" \ "\n\nIdentityFile "ID_FILE"\n" \
"\n\nKexAlgorithms "KEXALGORITHMS"\n" \ "\n\nKexAlgorithms "KEXALGORITHMS"\n" \
"\n\nHostKeyAlgorithms "HOSTKEYALGORITHMS"\n" \ "\n\nHostKeyAlgorithms "HOSTKEYALGORITHMS"\n" \
"\n\nPubkeyAcceptedTypes "PUBKEYACCEPTEDTYPES"\n" \ "\n\nPubkeyAcceptedAlgorithms "PUBKEYACCEPTEDTYPES"\n" \
"\n\nMACs "MACS"\n" "\n\nMACs "MACS"\n"
/* Multiple Port settings -> parsing returns early. */ /* Multiple Port settings -> parsing returns early. */
@@ -178,6 +179,9 @@ extern LIBSSH_THREAD int ssh_log_level;
#define LIBSSH_TEST_PUBKEYTYPES_STRING \ #define LIBSSH_TEST_PUBKEYTYPES_STRING \
"PubkeyAcceptedKeyTypes "PUBKEYACCEPTEDTYPES"\n" "PubkeyAcceptedKeyTypes "PUBKEYACCEPTEDTYPES"\n"
#define LIBSSH_TEST_PUBKEYALGORITHMS_STRING \
"PubkeyAcceptedAlgorithms "PUBKEYACCEPTEDTYPES"\n"
#define LIBSSH_TEST_NONEWLINEEND_STRING \ #define LIBSSH_TEST_NONEWLINEEND_STRING \
"ConnectTimeout 30\n" \ "ConnectTimeout 30\n" \
"LogLevel DEBUG3" "LogLevel DEBUG3"
@@ -230,6 +234,7 @@ static int setup_config_files(void **state)
unlink(LIBSSH_TESTCONFIG11); unlink(LIBSSH_TESTCONFIG11);
unlink(LIBSSH_TESTCONFIG12); unlink(LIBSSH_TESTCONFIG12);
unlink(LIBSSH_TEST_PUBKEYTYPES); unlink(LIBSSH_TEST_PUBKEYTYPES);
unlink(LIBSSH_TEST_PUBKEYALGORITHMS);
unlink(LIBSSH_TEST_NONEWLINEEND); unlink(LIBSSH_TEST_NONEWLINEEND);
unlink(LIBSSH_TEST_NONEWLINEONELINE); unlink(LIBSSH_TEST_NONEWLINEONELINE);
@@ -278,6 +283,9 @@ static int setup_config_files(void **state)
torture_write_file(LIBSSH_TEST_PUBKEYTYPES, torture_write_file(LIBSSH_TEST_PUBKEYTYPES,
LIBSSH_TEST_PUBKEYTYPES_STRING); LIBSSH_TEST_PUBKEYTYPES_STRING);
torture_write_file(LIBSSH_TEST_PUBKEYALGORITHMS,
LIBSSH_TEST_PUBKEYALGORITHMS_STRING);
torture_write_file(LIBSSH_TEST_NONEWLINEEND, torture_write_file(LIBSSH_TEST_NONEWLINEEND,
LIBSSH_TEST_NONEWLINEEND_STRING); LIBSSH_TEST_NONEWLINEEND_STRING);
@@ -304,6 +312,7 @@ static int teardown_config_files(void **state)
unlink(LIBSSH_TESTCONFIG11); unlink(LIBSSH_TESTCONFIG11);
unlink(LIBSSH_TESTCONFIG12); unlink(LIBSSH_TESTCONFIG12);
unlink(LIBSSH_TEST_PUBKEYTYPES); unlink(LIBSSH_TEST_PUBKEYTYPES);
unlink(LIBSSH_TEST_PUBKEYALGORITHMS);
return 0; return 0;
} }
@@ -1291,6 +1300,22 @@ static void torture_config_pubkeytypes_string(void **state)
torture_config_pubkeytypes(state, NULL, LIBSSH_TEST_PUBKEYTYPES_STRING); torture_config_pubkeytypes(state, NULL, LIBSSH_TEST_PUBKEYTYPES_STRING);
} }
/**
* @brief test parsing PubkeyAcceptedKAlgorithms from file
*/
static void torture_config_pubkeyalgorithms_file(void **state)
{
torture_config_pubkeytypes(state, LIBSSH_TEST_PUBKEYALGORITHMS, NULL);
}
/**
* @brief test parsing PubkeyAcceptedAlgorithms from string
*/
static void torture_config_pubkeyalgorithms_string(void **state)
{
torture_config_pubkeytypes(state, NULL, LIBSSH_TEST_PUBKEYALGORITHMS_STRING);
}
/** /**
* @brief Verify the configuration parser handles * @brief Verify the configuration parser handles
* missing newline in the end * missing newline in the end
@@ -1777,6 +1802,10 @@ int torture_run_tests(void)
setup, teardown), setup, teardown),
cmocka_unit_test_setup_teardown(torture_config_pubkeytypes_string, cmocka_unit_test_setup_teardown(torture_config_pubkeytypes_string,
setup, teardown), setup, teardown),
cmocka_unit_test_setup_teardown(torture_config_pubkeyalgorithms_file,
setup, teardown),
cmocka_unit_test_setup_teardown(torture_config_pubkeyalgorithms_string,
setup, teardown),
cmocka_unit_test_setup_teardown(torture_config_nonewlineend_file, cmocka_unit_test_setup_teardown(torture_config_nonewlineend_file,
setup, teardown), setup, teardown),
cmocka_unit_test_setup_teardown(torture_config_nonewlineend_string, cmocka_unit_test_setup_teardown(torture_config_nonewlineend_string,

2
tests/unittests/torture_options.c
View File

@@ -837,7 +837,7 @@ static void torture_options_copy(void **state)
"MACs hmac-sha2-256\n" "MACs hmac-sha2-256\n"
"HostKeyAlgorithms ssh-ed25519,ecdsa-sha2-nistp521\n" "HostKeyAlgorithms ssh-ed25519,ecdsa-sha2-nistp521\n"
"Compression yes\n" "Compression yes\n"
"PubkeyAcceptedTypes ssh-ed25519,ecdsa-sha2-nistp521\n" "PubkeyAcceptedAlgorithms ssh-ed25519,ecdsa-sha2-nistp521\n"
"ProxyCommand nc 127.0.0.10 22\n" "ProxyCommand nc 127.0.0.10 22\n"
/* ops.custombanner */ /* ops.custombanner */
"ConnectTimeout 42\n" "ConnectTimeout 42\n"