shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-04 20:30:38 +09:00
Code Issues Packages Projects Releases Wiki Activity
6,249 Commits 12 Branches 62 Tags
cce600f98031fdf41aa28f2f2c9c5eacf509e75f
Commit Graph

6249 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Aditya Sinha
cce600f980 test for ssh_get_kex_algo() 
Signed-off-by: Aditya Sinha <aditya072006@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-03-30 13:10:53 +02:00
Aditya Sinha
95150b1137 Adding the missing Algorithms to ssh_get_kex_algo() function 
Signed-off-by: Aditya Sinha <aditya072006@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-03-30 13:10:52 +02:00
Aditya Sinha
65b2591b91 Reformatting the ssh_get_kex_aglo() function 
Signed-off-by: Aditya Sinha <aditya072006@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-03-30 13:10:51 +02:00
Praneeth Sarode
a5e9529ca7 curve25519: refactor mbedTLS code to remove code duplication 
Signed-off-by: Praneeth Sarode <praneethsarode@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-03-30 13:04:48 +02:00
Praneeth Sarode
49a355c272 curve25519: Use mbedTLS curve25519 for ECDH, if available 
Signed-off-by: Praneeth Sarode <praneethsarode@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-03-30 13:04:47 +02:00
David Wedderwille
84d02e7440 kex: Make existing convenience features available 
Signed-off-by: David Wedderwille <davidwe@posteo.de>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-03-30 12:17:42 +02:00
David Wedderwille
0b91ba779c kex: Improved naming of variables. 
Signed-off-by: David Wedderwille <davidwe@posteo.de>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-03-30 12:17:41 +02:00
Yuvraj Saxena
d02163546d fuzz: Add ProxyJump misconfiguration cases to ssh_client_config_fuzzer_corpus 
This commit adds test cases to catch issues where ProxyJump configurations lead to infinite loops or incorrect username usage, as reported in issue #287, and issue #291

Signed-off-by: Yuvraj Saxena <ysaxenax@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-03-30 12:14:37 +02:00
AsadaShino
a93e84efb9 authenticate_console:Stop authentication after SSH session disconnection to avoid hanging up in poll 
Signed-off-by: AsadaShino <1164429449@qq.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-03-20 15:29:59 +01:00
Eshan Kelkar
a59d587060 sftpserver.c: Add support for O_TRUNC while opening files 
Signed-off-by: Eshan Kelkar <eshankelkar@galorithm.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-03-18 18:13:52 +01:00
Eshan Kelkar
6c4e4a9e1c torture_sftpserver.c: Add test for O_TRUNC while opening files 
Signed-off-by: Eshan Kelkar <eshankelkar@galorithm.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-03-18 18:13:51 +01:00
Abdallah Alhadad
aa681c268e extensions: Host-bound public key authentication 
Signed-off-by: Abdallah Alhadad <abdallahselhdad@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-03-18 17:34:04 +02:00
Abdallah Alhadad
fe381d6aa4 refactor: Extract build_pubkey_auth_request function for public key authentication 
Signed-off-by: Abdallah Alhadad <abdallahselhdad@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-03-18 17:33:57 +02:00
Abdallah Alhadad
1f76cc0c6a reformat: functions related to pubkey authentication 
Signed-off-by: Abdallah Alhadad <abdallahselhdad@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-03-15 22:16:46 +00:00
John Thacker
bf2b8954e8 CMake: Add Requires.private information for GSSAPI to .pc file 
Try to find GSSAPI via pkg-config. If found, add the appropriate
module name, depending on the flavor, to the libssh.pc file so that
the pkg-config can report the list of libraries needed when linking
against the static library version of libssh.

Fix #293

Signed-off-by: John Thacker <johnthacker@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-03-12 15:05:57 +01:00
Jakub Jelen
7e3935e7d2 Add timeout extension requirement to the MR template 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2025-03-11 14:03:23 +01:00
Jakub Jelen
d38b471fd8 ci: Move MR template from webui to git 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2025-03-11 14:03:22 +01:00
Jakub Jelen
735a4368c2 Document the need to extend the CI timeout 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2025-03-11 14:03:21 +01:00
Jakub Jelen
a25f9d211d tests: Fix variable names to avoid codespell issues 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2025-03-04 16:00:33 +01:00
Jakub Jelen
3a52bf1679 tests: Reproducer for graceful failure on ignored Match arguments 
https://gitlab.com/libssh/libssh-mirror/-/issues/291#note_2376323499
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2025-03-04 16:00:33 +01:00
Jakub Jelen
f7bdd779d6 config: Be less strict when parsing unknown Match keywords 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2025-03-04 16:00:33 +01:00
Jakub Jelen
8ef249a4a4 config: Fix copy&paste error in error message 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2025-03-04 14:09:08 +01:00
Praneeth Sarode
d9da8f212d docs: Add section on ABI versioning and symbol management to CONTRIBUTING. 
Signed-off-by: Praneeth Sarode <praneethsarode@gmail.com>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-03-04 13:00:27 +01:00
Norbert Pocs
9613e9508d tests/torture_proxyjump: Fix codespell issues 
Signed-off-by: Norbert Pocs <norbertpocs0@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-03-03 11:20:48 +01:00
Norbert Pocs
6b9a6529bd tests: Add torture_proxyjump_multiple_users_sshd_jump with Doe 
Tests proxyjump with two servers and two users.

Signed-off-by: Norbert Pocs <norbertpocs0@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-03-03 11:20:48 +01:00
Norbert Pocs
b14cde6d2a tests: Add multiple server proxyjump testcase 
Tests proxyjump with the same user through two servers.

Signed-off-by: Norbert Pocs <norbertpocs0@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-03-03 11:20:48 +01:00
Norbert Pocs
e01c32f41e tests: Add torture_setup_sshd_servers 
Starts a second sshd. This enables to test proxyjump through
multiple servers.

Signed-off-by: Norbert Pocs <norbertpocs0@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-02-28 10:05:12 +01:00
Jakub Jelen
dd6a711354 Use windows-compatible access() function to unbreak windows build 
Fixes up 3372c2ad78 which did not properly check
the included header file.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2025-02-27 13:31:35 +01:00
Jakub Jelen
c1a7de78d1 tests: Add PKCS#11 URI tests with Ed25519 keys 
This will work only with pkcs11 provider. Not tested with engines.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
 2025-02-27 10:52:17 +01:00
Jakub Jelen
9735f074ba tests: Skip Ed25519 keys in FIPS mode 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
 2025-02-27 10:52:17 +01:00
Jakub Jelen
b2b56151c0 pki: Fail more gracefully when parsing Ed25519 keys in FIPS mode 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
 2025-02-27 10:52:17 +01:00
Jakub Jelen
de7903a633 Do not import Ed25519 keys in FIPS Mode 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
 2025-02-27 10:52:17 +01:00
Jakub Jelen
a089513e40 pki_crypto: OpenSSL 1.1.1 compatible Ed25519 key duplication 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
 2025-02-27 10:52:17 +01:00
Jakub Jelen
ec9d7d13fd Use Ed25519 in OpenSSL through the EVP_PKEY API 
... instead of keeping around public and private key blobs.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
 2025-02-27 10:52:17 +01:00
Jakub Jelen
f14568262a tests: Update PKCS#11 tests to follow global verbosity 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
 2025-02-27 10:52:17 +01:00
Jakub Jelen
257e8eb2c1 tests: Add PEM public Ed25519 key 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
 2025-02-27 10:52:17 +01:00
Jakub Jelen
99fcd56135 tests: Remove p11-kit remoting from pkcs11 tests 
The p11-kit remoting was initially introduced because softhsm
was crashing during cleanup with OpenSSL 3.0. This was resolved
since then and this code introduces a lot of complexity and
possible bugs, such as when using the mechanisms from PKCS#11 3.0
that are unknown to the p11-kit remoting tool. It decides to remove
them from the list as demonstrated here:

https://github.com/p11-glue/p11-kit/issues/668

This resulted in pkcs11-provider not registering EDDSA siganture
methods to the OpenSSL and failing when asked to provide a singature
by the Ed25519 key from the PKCS#11 token.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
 2025-02-27 10:52:17 +01:00
Jakub Jelen
8922e43578 tests: Improve logging on failures in ed25519 test 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
 2025-02-27 10:52:17 +01:00
Jakub Jelen
e36ca61e36 pki: Fix error message 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
 2025-02-27 10:52:17 +01:00
Jakub Jelen
02c092d3d9 pki: Avoid needless assignment 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
 2025-02-27 10:52:17 +01:00
Jakub Jelen
520f758902 pki_crypto: Reformat pki_key_compare 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
 2025-02-27 10:52:17 +01:00
Jakub Jelen
12b8eed093 pki_crypto: Reformat pki_private_key_to_pem 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
 2025-02-27 10:52:17 +01:00
Lucas Mulling
3372c2ad78 cmake: Add option WITH_HERMETIC_USR 
Add a cmake option to enable hermetic-usr, i.e., use of config files in /usr/.
If turned on, GLOBAL_*_CONFIG is prepended with /usr/ and defined as
USR_GLOBAL_*_CONFIG. Config lookup follows this path GLOBAL_*_CONFIG ->
USR_GLOBAL_*_CONFIG.

Introduce a ssh_config_parse primitive. This avoids convoluted checks for file
presence (without modifing the behaviour of ssh_config_parse_file) and allows
marking whether the config is global at the call site.

Signed-off-by: Lucas Mulling <lucas.mulling@suse.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-02-27 10:24:42 +01:00
John Thacker
6b83aa9a40 CMake: Use GSSAPI_INCLUDE_DIR consistently 
The GSSAPI find module sets GSSAPI_INCLUDE_DIR (singular) only and
passes that to find_package_handle_standard_arguments, but later
tests and marks as advanced GSSAPI_INCLUDE_DIRS (plural), which doesn't
exist. GSSAPI_INCLUDE_DIR is what's used in src/CMakeLists.txt

This hasn't had a major effect, because GSSAPI_FOUND gets set by
find_package_handle_standard_args, so the if statement that tests
GSSAPI_INCLUDE_DIRS (and never succeeded) would have been a no-op
in any case, so remove it. Standardize on the singular version when
marking as advanced.

Signed-off-by: John Thacker <johnthacker@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2025-02-26 10:14:59 +01:00
Jakub Jelen
7f045e2d91 tests: Unit test nested quotes 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2025-02-11 13:20:20 +01:00
Jakub Jelen
2b916b3b88 tests: Reformat test list 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2025-02-11 12:17:34 +01:00
Jakub Jelen
a10553ae57 Reproducer for #291 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2025-02-11 12:17:34 +01:00
Jakub Jelen
d1ce336ae3 config: Allow escaping quotes inside of quoted tokens 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2025-02-11 12:17:34 +01:00
Praneeth Sarode
79ac8b85d8 tests: add tests for users-groups-by-id@openssh.com on client side 
Signed-off-by: Praneeth Sarode <praneethsarode@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Eshan Kelkar <eshankelkar@galorithm.com>
 2025-02-05 17:01:40 +05:30
Praneeth Sarode
9a9cafeed5 sftp: add users-groups-by-id@openssh.com extension for client 
Signed-off-by: Praneeth Sarode <praneethsarode@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Eshan Kelkar <eshankelkar@galorithm.com>
 2025-02-05 17:01:20 +05:30