shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-05 21:00:33 +09:00
Code Issues Packages Projects Releases Wiki Activity
4,027 Commits 12 Branches 62 Tags
2e56db3b2f9651c7ac3f313e35694fffd6a5739a
Commit Graph

1533 Commits

Author SHA1 Message Date
Andreas Schneider
2e56db3b2f sftp: Reformat sftp_xstat() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit b00a0578f9)
 2018-09-03 19:04:13 +02:00
Andreas Schneider
4eb759bf40 sftp: Use ssh_buffer_unpack() in sftp_canonicalize_path() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 336c097ae7)
 2018-09-03 19:04:13 +02:00
Andreas Schneider
c3987a9796 sftp: Use ssh_buffer_pack() in sftp_canonicalize_path() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 1dd8466f66)
 2018-09-03 19:04:13 +02:00
Andreas Schneider
a070c942e7 sftp: Reformat sftp_canonicalize_path() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 8b19ef05f3)
 2018-09-03 19:04:13 +02:00
Andreas Schneider
113b1872cf sftp: Use sftp_buffer_pack() in sftp_fstatvfs() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 7e11e41a9f)
 2018-09-03 19:04:13 +02:00
Andreas Schneider
c7dc2937fc sftp: Reformat sftp_fstatvfs() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 5914ea7c75)
 2018-09-03 19:04:13 +02:00
Andreas Schneider
075895da40 sftp: Use ssh_buffer_pack() in sftp_fsync() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit f1e84d5e67)
 2018-09-03 19:04:13 +02:00
Andreas Schneider
7930086a37 sftp: Use ssh_buffer_pack() in sftp_statvfs() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 8e3dd09e11)
 2018-09-03 19:04:13 +02:00
Andreas Schneider
3f376f848d sftp: Reformat sftp_statvfs() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit ae0afec98d)
 2018-09-03 19:04:13 +02:00
Andreas Schneider
3cee61a65b sftp: Use ssh_buffer_unpack() in sftp_readlink() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 0be43c333e)
 2018-09-03 19:04:13 +02:00
Andreas Schneider
90321f732e sftp: Use ssh_buffer_pack() in sftp_readlink() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 83a5d3b258)
 2018-09-03 19:04:13 +02:00
Andreas Schneider
c6140b1a4c sftp: Reformat sftp_readlink() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit bb4bdec184)
 2018-09-03 19:04:13 +02:00
Andreas Schneider
9290d89570 sftp: Use ssh_buffer_pack() in sftp_setstat() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit e0449ba21f)
 2018-09-03 19:04:13 +02:00
Andreas Schneider
da9ab71f88 sftp: Reformat sftp_setstat() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 8a56b90c3e)
 2018-09-03 19:04:13 +02:00
Andreas Schneider
53dfee98d2 sftp: Use ssh_buffer_pack() in sftp_mkdir() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 218c67a51d)
 2018-09-03 19:04:13 +02:00
Andreas Schneider
bb14611f86 sftp: Reformat sftp_mkdir() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 89c525bbf1)
 2018-09-03 19:04:13 +02:00
Andreas Schneider
b1aca92268 sftp: Use ssh_buffer_pack in sftp_open() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 2c0baef7d4)
 2018-09-03 19:04:13 +02:00
Andreas Schneider
2b524655ae sftp: Reformat sftp_open() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit bfb6718b50)
 2018-09-03 19:04:13 +02:00
Andreas Schneider
b51594c34a sftp: Use ssh_buffer_pack() in sftp_handle_close() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit d99c066a0b)
 2018-09-03 19:04:13 +02:00
Andreas Schneider
b409b7d092 sftp: Reformat sftp_handle_close() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 2844942c1b)
 2018-09-03 19:04:13 +02:00
Andreas Schneider
4256936fed sftp: Use ssh_buffer_pack() in sftp_readdir() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 3a729829fd)
 2018-09-03 19:04:13 +02:00
Andreas Schneider
fdb6dc7069 sftp: Reformat sftp_readdir() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 576fdbe1e8)
 2018-09-03 19:04:13 +02:00
Andreas Schneider
6291900234 sftp: Use ssh_buffer_pack() in sftp_opendir() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 87df9cfc5d)
 2018-09-03 19:04:13 +02:00
Andreas Schneider
216bd2abd8 sftp: Reformat sftp_opendir() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit ea375d1605)
 2018-09-03 19:04:13 +02:00
Andreas Schneider
574f279f00 buffer: Precalculate the size required for ssh_buffer_pack() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit c15bd2831f)
 2018-09-03 19:04:13 +02:00
Andreas Schneider
d886870bbf buffer: Only reduce the buffer size if it gets bigger than 64K 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit efef877356)
 2018-09-03 19:04:13 +02:00
Andreas Schneider
f56c93cccd buffer: Only allow to allocate a maximum of 256MB 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 254a0f7132)
 2018-09-03 19:04:13 +02:00
Andreas Schneider
bbd17bc97a buffer: Always preallocate a buffer with 64 bytes 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit d2131b286f)
 2018-09-03 19:04:13 +02:00
Andreas Schneider
26fa923b55 buffer: Rewrite ssh_buffer_free() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit c1c32bda14)
 2018-09-03 19:04:13 +02:00
Andreas Schneider
177a082974 buffer: Use bool for secure buffer 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit a1b57d3b94)
 2018-09-03 19:04:13 +02:00
Andreas Schneider
ce3ee332d4 buffer: Reformat buffer_shift() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit be703974e9)
 2018-09-03 19:04:13 +02:00
Andreas Schneider
eb95f8fa85 buffer: Cleanup buffer_verify 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 29f36791c9)
 2018-09-03 19:04:13 +02:00
Andreas Schneider
f880a7728f auth: Fix freeing memory in ssh_userauth_agent_publickey() 
CID 1395453

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit f99e6766d6)
 2018-09-02 10:30:54 +02:00
Andreas Schneider
4d34890624 messages: Fix memory leak in ssh_packet_userauth_request 
Found by AddressSanitizer.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit f8fc0b9dfb)
 2018-09-01 21:34:02 +02:00
Andreas Schneider
fa3c73016d auth: Fix a memory leak in ssh_userauth_agent_publickey() 
CID 1230358

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit ea2b403ab2)
 2018-09-01 09:43:43 +02:00
Andreas Schneider
ffabd8c6ed pki: Fix a memory leak in ssh_pki_do_sign() 
CID 1395335

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 8323cd791f)
 2018-09-01 09:43:40 +02:00
Andreas Schneider
219a311925 packet: Add a bound check for nr_extensions 
CID 1395335

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 461ebd1e2f)
 2018-09-01 09:43:36 +02:00
Jakub Jelen
3d207f72a0 pki: Support RSA SHA2 signatures of sessionid for server 
This involves mostly creation of host keys proofs but needs
to follow the same procedure as the client authentication
signatures.

At the same time, the SHA2 extension is enabled in the pkd
so we are able to atomicaly provide correct signatures and
pass tests.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit b4c8bd9fe4)
 2018-08-31 14:30:53 +02:00
Jakub Jelen
f53d2f7511 server: We should list SHA2 variants in offered hostkeys 
The SHA2 variants should be preferred. Also the buffer needs to be
extended to fit all possible public key algorithms.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 5d13006650)
 2018-08-31 14:30:53 +02:00
Jakub Jelen
b853d99546 server: Support for extension negotiation 
This includes intercepting the  ext-info-c  string from
the client kex proposal, configuring the server to allow using
this extension and sending the SSH_MSG_EXT_INFO packet back
to the client after the new keys are in use.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 6fa5e8adb0)
 2018-08-31 14:30:53 +02:00
Jakub Jelen
a09976e3d6 messages: Create correct digest for pki signatures 
This does not affect old signatures, where the public key algorithm
matches the public key type.

This is a problem when using SHA2 extension for the RSA keys, where
the new signature algorithsm are introduced in addition to the
exitsing ssh-rsa which was ignored throughout the code.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 60ad7ee15d)
 2018-08-31 14:30:53 +02:00
Jakub Jelen
7dcd749ee1 auth: Prevent authentication with non-allowed key algorithms 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 09cf301eee)
 2018-08-31 14:30:53 +02:00
Jakub Jelen
30368fb06a tests: PUBLICKEY_ACCEPTED_TYPES are effective 
Verify the PUBLICKEY_ACCEPTED_TYPES option is handled correctly
and affects the signature algorithm selection based on the
extensions and can be used to limit list of offered mechanisms
to the server.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 594c62d718)
 2018-08-31 14:30:53 +02:00
Jakub Jelen
fd6b7db1ce pki: Allow filtering accepted public key types based on the configuration 
This effectively allows to disable using the SHA2 extension, disable
other old public key mechanisms out of the box (hello DSA) or force
the new SHA2-based key algorithm types if needed.

This exposes the  default_methods  array from  kex.c.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 4169be45eb)
 2018-08-31 14:30:53 +02:00
Jakub Jelen
0e20418296 config: Accept the PubkeyAcceptedTypes configuration option 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 37864b6575)
 2018-08-31 14:30:53 +02:00
Jakub Jelen
92b59ace9e options: The new option SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES 
This option allows to specify acceptable public key algorithms
and reflects the PubkeyAcceptedTypes configuration option from
OpenSSH.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 4521ab73b6)
 2018-08-31 14:30:53 +02:00
Jakub Jelen
af7b5b78ee kex: The public key algorithms are no longer only host keys 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 9ca6127b91)
 2018-08-31 14:30:53 +02:00
Jakub Jelen
2b67e2d54c SHA2 extension in the ssh-agent interface 
The new constants for flags are defined in draft-miller-ssh-agent-02
are active if the SHA2 extension is negotiated with the server.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit ebb01549d0)
 2018-08-31 14:30:53 +02:00
Jakub Jelen
97d6eb84a4 auth: Support SHA2 extension for pubkey authentication (RFC 8332) 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 82da0c3361)
 2018-08-31 14:30:53 +02:00
Jakub Jelen
33f2211cae pki: RSA signatures with SHA2 hash algorithms (RFC 8332) 
* This change introduces a new API to request signature using
   one key and different hash algorithms. This is used only with
   RSA keys, that used to have SHA1 hardcoded, but the new
   algorithsms allow to use the SHA2 hashes, if the extension
   is negotiated.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 1f08aabe43)
 2018-08-31 14:30:53 +02:00