The configuration of identities are first saved to `opts.identities_non_exp`,
then moved to `opts.identities` after calling ssh_options_apply and expanding
the identity strings. These tests are testing against the proper configuration
Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
The test failed on Fedora Koji and openSUSE Build Service on i686 only. Probably
the rekey on the server needs longer here to collect enough entropy. So we need
to try harder before we stop :-)
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
The ncat tool from nmap is available on all unix platforms. The nc
binary might link to ncat or something else. Settle on one we know
also the options can be used if needed.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
what we set in open funtion by the argument mode. The mode of the created file
is (mode & ~umask), So we set umask to typical default value(octal 022).
Signed-off-by: renmingshuai <renmingshuai@huawei.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Added API function ssh_channel_open_forward_port that is the same as
ssh_channel_accept_forward with the addition to determine the
originator address and port
Signed-off-by: Tomas Holmqvist <tomhol@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Thanks to Harry Sintonen from WithSecure for pointing this out.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Calling some channel procedures on a freed channel is always resulting
in segmentation fault errors. The reason is that when a channel is
freed with 'ssh_channel_do_free' procedure, its 'session' field is set
to NULL; then when a channel procedure tries to access any field of
'channel->session' structure it is effectively dereferencing a NULL
pointer.
The change fixes that behavior by adding a check which ensures that a
channel state is not SSH_CHANNEL_FLAG_FREED_LOCAL before accessing its
parent session.
Also the test suite is updated to check for the fixed errors, and the
Doxygen documentation updated accordingly.
There was a bug introduced in b0fb7d15: 'ssh_channel_poll',
'ssh_channel_poll_timeout' and 'ssh_channel_get_exit_status' would
compare the channel state to the 'SSH_CHANNEL_FLAG_FREED_LOCAL'
constant to check if the channel is alive. But the procedures must
check the channel flags for the presence of
'SSH_CHANNEL_FLAG_FREED_LOCAL' bits instead. This change fixes the
bug.
Signed-off-by: Artyom V. Poptsov <poptsov.artyom@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
We do not use SHA1 as it is disabled in many systems
Verifies CVE-2021-3634
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
The test for delayed close asks for the execution of a command that
generates big output (larger than the default window) to make data to
remain in buffers while the close message arrives, triggering the
delayed channel closure.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
The test checks if the client can handle the error returned by the
server when the maximum number of channel sessions is exceeded.
Fixes T239
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
The test might fail if there is a local configuration file that changes
the location of the known_hosts file. The test should not be affected
by configuration files present in the testing environment.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
The test checks if a command appended to the file path is not executed.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
determines if public keys must be loaded in pkcs #11 tokens or not.
tests: Adds the load_public parameter in all files where torture_setup_tokens() was used.
Signed-off-by: Sahana Prasad <sahana@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
The OpenSSH 7.4 or 7.6 in Ubuntu and CentOS 7 does not support SHA2
RSA certificates and libssh automatically falls back to SHA1, which
is not allowed by default.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
If the library is not initialized, SSH_ERROR is returned and the error
message is set properly.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Verify the error code returned by kill() in torture_terminate_process().
The error code is raised when killing the process failed.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
The SFTP files wouldn't be closed during the rekey tests leading to
memory leak.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
as nothing really sets these keys up and they are probably preserverd
from some previous test, which is really not a good testing strategy.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Test if the file name is correctly escaped to avoid protocol message
injection.
Fixes T189
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Do not process system-wide configuration when reinitializing a session
during testing. This could lead to different settings set from the
expected one (which was initialized during test setup).
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Previously, the tests were sharing the same file path to create the
known_hosts file, which can create a race condition if the tests run in
parallel. Such file was deleted between tests.
By using different different files for each test, the risk of race
conditions is eliminated. Moreover, it makes unnecessary to destroy the
file between tests.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Previously, if the path to known_hosts file set through
SSH_OPTIONS_KNOWNHOSTS included missing directories,
ssh_session_update_known_hosts() would fail. The added test case checks
that this is not the case anymore.
The logic of checking if the directory is accessible before creating it
was replaced by creating the directory if opening the file failed. This
is to minimize the risk of TOCTOU race conditions.
Fixes: T166
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Added a test case where invalid global requests are sent to the server
which should reject them, but not stop working.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
