ssh_packet_socket_callback() will not return error codes like
SSH_ERROR on failure. Instead it will always return an unsigned
size_t value representing the number of bytes which have been
processed.
So adjust the assert in the test accordingly, making sure that all
input bytes have actually been processed.
Signed-off-by: Colin Baumgarten <colin.baumgarten@hubersuhner.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Merge-Request: <https://gitlab.com/libssh/libssh-mirror/-/merge_requests/824>
Extend PubkeyAuthentication to support the OpenSSH-compatible modes no, yes/all, unbound, and host-bound.
Preserve the existing enable/disable flag behavior for callers using the legacy API, while also storing the selected mode and keeping the previous integer normalization in ssh_options_set().
Signed-off-by: Nuhiat-Arefin <nuhiatarefin@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Merge-Request: <https://gitlab.com/libssh/libssh-mirror/-/merge_requests/814>
Set the publickey pending call state before the ssh-userauth service request so nonblocking calls can resume cleanly when the first SSH_AUTH_AGAIN happens before the auth request is sent.
Reset pending_call_state on the affected error paths, and only jump straight to the response handler once the auth state shows that the publickey request was already sent.
Signed-off-by: Nuhiat-Arefin <nuhiatarefin@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Merge-Request: <https://gitlab.com/libssh/libssh-mirror/-/merge_requests/814>
Keep the unknown host handling under StrictHostKeyChecking off, including writing accepted keys through to known_hosts.
For changed host keys and different stored key types, do not treat the host as fully trusted. In that path, disable password and keyboard interactive authentication before returning OK.
Apply the same handling in both ssh_is_server_known() and ssh_session_get_known_hosts_entry().
Signed-off-by: Nuhiat-Arefin <nuhiatarefin@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Merge-Request: <https://gitlab.com/libssh/libssh-mirror/-/merge_requests/814>
Extend StrictHostKeyChecking from a boolean-style option to the full OpenSSH-compatible mode set: off, yes, ask and accept-new.
Preserve the legacy integer normalization used by ssh_options_set(), document the supported values in the public API, and switch the default to SSH_STRICT_HOSTKEY_ASK.
Known-host handling now recognizes SSH_STRICT_HOSTKEY_ACCEPT_NEW and stores unknown host keys automatically while still rejecting changes.
Signed-off-by: Nuhiat-Arefin <nuhiatarefin@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Merge-Request: <https://gitlab.com/libssh/libssh-mirror/-/merge_requests/814>
Tighten boolean token handling in config parsing.
For auth-related boolean options, reject unknown tokens instead of silently treating them as false. Keep exact yes/no and true/false handling through ssh_config_get_yesno(), but parse Compression through a dedicated exact token map so it remains limited to yes/no.
Signed-off-by: Nuhiat-Arefin <nuhiatarefin@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Merge-Request: <https://gitlab.com/libssh/libssh-mirror/-/merge_requests/814>
Add torture_getopt.c with 11 test cases covering basic option parsing,
arguments, optional arguments, unknown options, missing arguments,
BADARG colon behavior, double-dash termination, combined options,
optind advancement, reset behavior, and no-options edge case.
Registered in the unit test CMakeLists.txt.
Signed-off-by: Mingyuan Li <2560359315@qq.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Remove _MSC_VER guards from torture_options_getopt and
torture_options_getopt_o_option so they run unconditionally,
now that a bundled getopt fallback is available.
Signed-off-by: Mingyuan Li <2560359315@qq.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Merge ssh_key_type_from_signature_name() and ssh_key_hash_from_name()
into a single function ssh_key_type_and_hash_from_signature_name() to:
- Avoid double string comparisons on the same algorithm name
- Return SSH_ERROR on unknown/NULL input instead of silently returning SSH_DIGEST_AUTO
- Use strlen() before strcmp() to short-circuit string comparisons.
Handle GSSAPI "null" hostkey case in wrapper.c.
Add unit tests for the new function.
Fixes: https://gitlab.com/libssh/libssh-mirror/-/issues/355
Signed-off-by: Haythem666 <haythem.farhat@epfl.ch>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
