The visualstudio jobs typically take longer than the gitlab
default project-level timeout of 1h.
This can cause build failures when a fork is created as part of
a merge request, because the fork will use the default project-level
timeout.
Set a job-level timeout of 2h which will override the project-level
one according to https://docs.gitlab.com/ci/yaml/#timeout to
eliminate the need to manually adjust the project-level timeout in
forks.
Signed-off-by: Colin Baumgarten <colin.baumgarten@hubersuhner.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Merge-Request: <https://gitlab.com/libssh/libssh-mirror/-/merge_requests/826>
This should not happen because the OID is selected
from a subset of client-supplied OID in gss_acquire_cred,
i.e., it would imply a bug in krb5. But better be safe,
it would later cause an out-of-bounds read in
ssh_gssapi_send_response.
Reported and patch provided by Meta (vulns@meta.com).
Signed-off-by: Pavol Žáčik <pzacik@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Extend PubkeyAuthentication to support the OpenSSH-compatible modes no, yes/all, unbound, and host-bound.
Preserve the existing enable/disable flag behavior for callers using the legacy API, while also storing the selected mode and keeping the previous integer normalization in ssh_options_set().
Signed-off-by: Nuhiat-Arefin <nuhiatarefin@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Merge-Request: <https://gitlab.com/libssh/libssh-mirror/-/merge_requests/814>
Set the publickey pending call state before the ssh-userauth service request so nonblocking calls can resume cleanly when the first SSH_AUTH_AGAIN happens before the auth request is sent.
Reset pending_call_state on the affected error paths, and only jump straight to the response handler once the auth state shows that the publickey request was already sent.
Signed-off-by: Nuhiat-Arefin <nuhiatarefin@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Merge-Request: <https://gitlab.com/libssh/libssh-mirror/-/merge_requests/814>
Keep the unknown host handling under StrictHostKeyChecking off, including writing accepted keys through to known_hosts.
For changed host keys and different stored key types, do not treat the host as fully trusted. In that path, disable password and keyboard interactive authentication before returning OK.
Apply the same handling in both ssh_is_server_known() and ssh_session_get_known_hosts_entry().
Signed-off-by: Nuhiat-Arefin <nuhiatarefin@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Merge-Request: <https://gitlab.com/libssh/libssh-mirror/-/merge_requests/814>
Extend StrictHostKeyChecking from a boolean-style option to the full OpenSSH-compatible mode set: off, yes, ask and accept-new.
Preserve the legacy integer normalization used by ssh_options_set(), document the supported values in the public API, and switch the default to SSH_STRICT_HOSTKEY_ASK.
Known-host handling now recognizes SSH_STRICT_HOSTKEY_ACCEPT_NEW and stores unknown host keys automatically while still rejecting changes.
Signed-off-by: Nuhiat-Arefin <nuhiatarefin@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Merge-Request: <https://gitlab.com/libssh/libssh-mirror/-/merge_requests/814>
When StrictHostKeyChecking is disabled, libssh previously returned SSH_KNOWN_HOSTS_OK from ssh_session_get_known_hosts_entry() without updating the user known_hosts file.
Persist the accepted key in that path and reload it from the user file so a host that was accepted once does not appear unknown again on the next connection.
Signed-off-by: Nuhiat-Arefin <nuhiatarefin@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Merge-Request: <https://gitlab.com/libssh/libssh-mirror/-/merge_requests/814>
Tighten boolean token handling in config parsing.
For auth-related boolean options, reject unknown tokens instead of silently treating them as false. Keep exact yes/no and true/false handling through ssh_config_get_yesno(), but parse Compression through a dedicated exact token map so it remains limited to yes/no.
Signed-off-by: Nuhiat-Arefin <nuhiatarefin@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Merge-Request: <https://gitlab.com/libssh/libssh-mirror/-/merge_requests/814>
ssh_session_get_known_hosts_entry() could return SSH_KNOWN_HOSTS_OK without initializing *pentry, leaving callers with an undefined output pointer.
Initialize *pentry to NULL at function entry so every return path leaves the output in a defined state.
Signed-off-by: Nuhiat-Arefin <nuhiatarefin@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Merge-Request: <https://gitlab.com/libssh/libssh-mirror/-/merge_requests/814>
Add %n support to path expansion.
Defer HostName handling so the expanded value is computed even when the final host cannot be applied yet. HostName specific expansion lowercases literal hostname text and %h expansions, while unsupported HostName %X tokens are preserved literally and normal host validation still applies when the result is passed to SSH_OPTIONS_HOST.
This keeps the expansion logic correct now and leaves room for future HostName token support without changing the deferred path again.
Signed-off-by: Nuhiat-Arefin <nuhiatarefin@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Merge-Request: <https://gitlab.com/libssh/libssh-mirror/-/merge_requests/811>
Move RSA signature extraction and zero-padding from pki_signature_to_blob() into pki_do_sign_hash() so the correctly sized blob is built once at signing time, and store it in raw_sig across all paths. This removes rsa_sig (gcry_sexp_t) from the RSA flow and avoids the old leading-zero stripping that could produce undersized blobs rejected by strict implementations like Dropbear.
Signed-off-by: Yağmur Çiçekdağı <ygmcicekdagi@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Merge-Request: <https://gitlab.com/libssh/libssh-mirror/-/merge_requests/714>
isblank() is only defined for unsigned char values (or EOF). Passing a plain char can be undefined behaviour on platforms where char is signed and the input contains bytes with the high bit set. Cast the tokenizer inputs to unsigned char before calling isblank() so these ctype calls stay within their defined domain.
Signed-off-by: Nuhiat-Arefin <nuhiatarefin@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Merge-Request: <https://gitlab.com/libssh/libssh-mirror/-/merge_requests/806>
