shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-09 09:54:25 +09:00
Code Issues Packages Projects Releases Wiki Activity

feat: add null hostkey for server

Browse Source 
fix: skip gssapi tests in fips mode

fix: skip gssapi_key_exchange_null test on ubuntu and tumbleweed

fix: return early when rc != 0 to show error

tests: replace int asserts by ssh return code asserts

fix: add fatal error when hostkeys are not found and gssapi kex is not enabled

ci: add comment linking gssapi null kex bug in ubuntu and tumbleweed

fix: don't specify hostkeys in config instead of deleting files

tests: assert kex method was null

refactor: remove redundant include

refactor: better error message

fix: check null before accessing in gssapi.c

fix: allow setting no hostkeys
Signed-off-by: Gauravsingh Sisodia <xaerru@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This commit is contained in:
Gauravsingh Sisodia
2024-08-29 14:03:12 +00:00
committed by Jakub Jelen
parent fd1c3e8878
commit c1aab9903f
21 changed files with 579 additions and 117 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
tests/torture.c
View File

@@ -819,9 +819,9 @@ torture_setup_create_sshd_config(void **state, bool pam, bool second_sshd)
"Port 22\n"
"ListenAddress %s\n"
"ListenAddress %s\n"
"HostKey %s\n" /* ed25519 HostKey */
"HostKey %s\n" /* RSA HostKey */
"HostKey %s\n" /* ECDSA HostKey */
"%s %s\n" /* ed25519 HostKey */
"%s %s\n" /* RSA HostKey */
"%s %s\n" /* ECDSA HostKey */
"\n"
"TrustedUserCAKeys %s\n"
"\n"
@@ -860,8 +860,8 @@ torture_setup_create_sshd_config(void **state, bool pam, bool second_sshd)
"Port 22\n"
"ListenAddress %s\n"
"ListenAddress %s\n"
"HostKey %s\n" /* RSA HostKey */
"HostKey %s\n" /* ECDSA HostKey */
"%s %s\n" /* RSA HostKey */
"%s %s\n" /* ECDSA HostKey */
"\n"
"TrustedUserCAKeys %s\n" /* Trusted CA */
"\n"
@@ -977,16 +977,6 @@ torture_setup_create_sshd_config(void **state, bool pam, bool second_sshd)
torture_get_testkey(SSH_KEYTYPE_ECDSA_P521, 0));
torture_write_file(trusted_ca_pubkey, torture_rsa_certauth_pub);
}
if (s->disable_hostkeys) {
char ss[1000] = {0};
rc = snprintf(ss, sizeof(ss), "rm %s/sshd/ssh_host_ecdsa_key %s/sshd/ssh_host_ed25519_key %s/sshd/ssh_host_rsa_key", s->socket_dir, s->socket_dir, s->socket_dir);
if (rc < 0 || rc >= (int)sizeof(ss)) {
fail_msg("snprintf failed");
}
rc = system(ss);
assert_int_equal(rc, SSH_OK);
}
sftp_server = getenv("TORTURE_SFTP_SERVER");
if (sftp_server == NULL) {
@@ -1009,8 +999,22 @@ torture_setup_create_sshd_config(void **state, bool pam, bool second_sshd)
fips_config_string,
second_sshd ? TORTURE_SSHD_SRV1_IPV4 : TORTURE_SSHD_SRV_IPV4,
second_sshd ? TORTURE_SSHD_SRV1_IPV6 : TORTURE_SSHD_SRV_IPV6,
rsa_hostkey,
ecdsa_hostkey,
"HostKey", rsa_hostkey,
"HostKey", ecdsa_hostkey,
trusted_ca_pubkey,
sftp_server,
usepam,
additional_config,
second_sshd ? s->srv1_pidfile : s->srv_pidfile);
} else if (s->disable_hostkeys) {
snprintf(sshd_config,
sizeof(sshd_config),
config_string,
second_sshd ? TORTURE_SSHD_SRV1_IPV4 : TORTURE_SSHD_SRV_IPV4,
second_sshd ? TORTURE_SSHD_SRV1_IPV6 : TORTURE_SSHD_SRV_IPV6,
"", "",
"", "",
"", "",
trusted_ca_pubkey,
sftp_server,
usepam,
@@ -1022,9 +1026,9 @@ torture_setup_create_sshd_config(void **state, bool pam, bool second_sshd)
config_string,
second_sshd ? TORTURE_SSHD_SRV1_IPV4 : TORTURE_SSHD_SRV_IPV4,
second_sshd ? TORTURE_SSHD_SRV1_IPV6 : TORTURE_SSHD_SRV_IPV6,
ed25519_hostkey,
rsa_hostkey,
ecdsa_hostkey,
"HostKey", ed25519_hostkey,
"HostKey", rsa_hostkey,
"HostKey", ecdsa_hostkey,
trusted_ca_pubkey,
sftp_server,
usepam,