shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-04 20:30:38 +09:00
Code Issues Packages Projects Releases Wiki Activity
3,361 Commits 12 Branches 62 Tags
ddea46f890bd5d87669f23b26d676adedaa5f610
Commit Graph

3361 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Anderson Toshiyuki Sasaki
ddea46f890 CVE-2018-10933: Introduce SSH_AUTH_STATE_PASSWORD_AUTH_SENT 
The introduced auth state allows to identify when authentication using
password was tried.

Fixes T101

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
 2018-10-09 11:45:58 +02:00
Anderson Toshiyuki Sasaki
e5f0e711b0 CVE-2018-10933: Introduced new auth states 
Introduced the states SSH_AUTH_STATE_PUBKEY_OFFER_SENT and
SSH_AUTH_STATE_PUBKEY_AUTH_SENT to know when SSH2_MSG_USERAUTH_PK_OK and
SSH2_MSG_USERAUTH_SUCCESS should be expected.

Fixes T101

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
 2018-10-09 11:45:58 +02:00
Andreas Schneider
e765c1400a dh: Use ssh_get_fingerprint_hash() in ssh_print_hash() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 92aa2cf496)
 2018-10-09 10:16:30 +02:00
Andreas Schneider
7a7c0a54bc dh: Add ssh_get_fingerprint_hash() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit bbed139eca)
 2018-10-09 10:16:27 +02:00
Jan-Niklas Burfeind
9c62d6dfcd dh: Add ssh_print_hash() function which can deal with sha256 
Signed-off-by: Jan-Niklas Burfeind <libssh@aiyionpri.me>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit f32cb70675)
 2018-10-09 10:16:20 +02:00
Jan-Niklas Burfeind
f3f140e65f dh: Add SSH_PUBLICKEY_HASH_SHA256 to ssh_get_publickey_hash() 
Signed-off-by: Jan-Niklas Burfeind <libssh@aiyionpri.me>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 1499b38aef)
 2018-10-09 10:16:14 +02:00
Jakub Jelen
c977a97093 Assorted changes to make the proxycommand test pass 
Cherry-picked from the following commit:
e4653b82bd
 2018-10-05 12:09:45 +02:00
Jakub Jelen
743a34ad9f Assorted changes to make the sftp_read test working 
CHerry-picked from the following commit:
571f547556
 2018-10-05 12:09:45 +02:00
Jakub Jelen
0f9e6598ef Assorted changes to make the sftp_dir test working 
Cherry-picked from the following commit:
af3de262b6
 2018-10-05 12:09:45 +02:00
Jakub Jelen
f8007d7147 Assorted changes to make the torture_forward test pass 
Cherry-picked from the following commit:
be25b58380
 2018-10-05 12:09:45 +02:00
Jakub Jelen
3d70d4f08d Assorted changes to make torture_request_env pass 
Cherry-picked from the following commit:
4bc6af6c17
 2018-10-05 12:09:45 +02:00
Andreas Schneider
bade29d3d5 torture: Fix torture_ssh_session() for cwrap testing 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>

(cherry-picked from commit 66f51df9)
 2018-10-05 12:09:45 +02:00
Andreas Schneider
399ff6bbde tests: Add public keys for bob 
This also allows bob to auth as alice.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry-picked from commit ee866441)
 2018-10-05 12:09:45 +02:00
Jakub Jelen
c0d9aeda18 Assorted changes to make knownhosts test work 
Cherry-picked from the following commit:
b65dcb3a35
 2018-10-05 12:09:45 +02:00
Andreas Schneider
82b2d31c29 tortrue: Add ed25519 hostkey to sshd 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>

(cherry-picked from commit 250bf37a)
 2018-10-05 12:09:45 +02:00
Jakub Jelen
74102dfd7a Assorted changes from master to make torture_algorithms test working 
Cherry-picked from the following commits:
cbd75c3e35
3014e3c458
 2018-10-05 12:09:45 +02:00
Andreas Schneider
d678f6a9ea torture: Fix building on Windows 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>

(cherry-picked from commit b74a1841)
 2018-10-05 12:09:45 +02:00
Jakub Jelen
00b8e6d1f0 tests: UsePrivilegeSeparation has no effect since OpenSSH 7.5 
Additionally, we can already work around the privilege separation.

http://www.openssh.com/txt/release-7.5

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>

(cherry-picked from commit 56317caa)
 2018-10-05 12:09:45 +02:00
Jakub Jelen
aeb859e130 tests: Do not trace sshd 
OpenSSH's sshd does not work well under valgrind so lets avoid tracing it.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>

(cherry-picked from commit ca4fb9c6)
 2018-10-05 12:09:45 +02:00
Jakub Jelen
b393f7e5e9 tests: Temporarily build chroot_wrapper 
(cherry-picked from commit 094aa5eb)
 2018-10-05 12:09:45 +02:00
Andreas Schneider
2004617fd0 tests: Always start tests as root so we can switch to a user 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>

(cherry-picked from commit 1729d4a1)
 2018-10-05 12:09:45 +02:00
Jakub Jelen
c5fe7c5a72 tests: Do not generate pcap file by default 
pcap file is generated by the processes writing to the sockets,
which is not allowed for privilege-separated process in new
OpenSSH servers (confined by seccomp filter).

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>

(cherry-picked from commit 5d3ab421)
 2018-10-05 12:09:45 +02:00
Jakub Jelen
fec4dc4eff tests: Give server more time to start 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>

(cherry-picked from commit f8f7989c)
 2018-10-05 12:09:45 +02:00
Jakub Jelen
3d0c9cc6b5 tests: Do not test blowfish ciphers with OpenSSH 7.6 and newer 
(cherry-picked from commit b92c4996)
 2018-10-05 12:09:45 +02:00
Andreas Schneider
4d6048ef88 torture: Add support to specify verbosity level via env variable 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>

(cherry-picked from commit 2a9c3966)
 2018-10-05 12:09:45 +02:00
Andreas Schneider
3d2d777e26 torture: Fix a warning 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>

(cherry-picked from commit 2bd65015)
 2018-10-05 12:09:45 +02:00
Aris Adamantiadis
8520adf609 osx: fix compilation 
(cherry-picked from commit 886fdc8b)
 2018-10-05 12:09:45 +02:00
Justus Winter
c0be59f876 tests: Make test suite work out of the box on Debian 
* tests/torture.c (torture_setup_create_sshd_config): Rework how the
location of the sftp server is discovered, and add the Debian-specific
location.

Signed-off-by: Justus Winter <justus@g10code.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>

(cherry-picked from commit e37fd832)
 2018-10-05 12:09:45 +02:00
Andreas Schneider
2983b21996 torture: Fix ssh version detection 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>

(cherry-picked from commit de309c51)
 2018-10-05 12:09:45 +02:00
Andreas Schneider
88ae595583 torture: Set sshd debug level to DEBUG3 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>

(cherry-picked from commit 06343074)
 2018-10-05 12:09:45 +02:00
Andreas Schneider
a228c3f728 torture: Also write stderr to a file 
This allows to capture debug information of the wrappers.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>

(cherry-picked from commit c365ff3d)
 2018-10-05 12:09:45 +02:00
Andreas Schneider
53ed121a9c torture: Add additional sftp-server path for BSD 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>

(cherry-picked from commit 1bbfe058)
 2018-10-05 12:09:45 +02:00
Andreas Schneider
5a1ebdec9d tests: Wait for sshd to start before connecting 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>

(cherry-picked from commit a3557b81)
 2018-10-05 12:09:45 +02:00
Andreas Schneider
bf2a33b21e tests: Turn on PAM support in sshd with pam_wrapper 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>

(cherry-picked from commit 7aa84318)
 2018-10-05 12:09:45 +02:00
Andreas Schneider
130194aa0e torture: Improve process termination function 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>

(cherry-picked from commit 0e98f121)
 2018-10-05 12:09:45 +02:00
Andreas Schneider
1ebfd3834a tests: Support other openssh versions ... 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>

(cherry-picked from commit 6e7eae96)
 2018-10-05 12:09:45 +02:00
Andreas Schneider
1eeeace975 cmake: Configure nss_wrapper and uid_wrapper 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>

(cherry-picked from commit 21b0d29e)
 2018-10-02 16:35:28 +02:00
Andreas Schneider
73ebcb3ab8 torture: Start sshd as root 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>

(cherry-picked from commit a30d16c4)
 2018-10-02 16:35:08 +02:00
Andreas Schneider
bd7b509278 torture: Enable old host key algos for testing 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>

(cherry-picked from commit c1fb9483)
 2018-10-02 16:34:49 +02:00
Andreas Schneider
652acbeb21 torture: Enable old cipher and kex algos in sshd 
We need to test them, so enable them in the sshd.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>

(cherry-picked from commit dd0d04ae)
 2018-10-02 16:34:23 +02:00
Andreas Schneider
96e04d4691 torture: Create a torture_terminate_process() function 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>

(cherry-picked from commit ae89b6c0)
 2018-10-02 16:34:02 +02:00
Andreas Schneider
7113074ae4 torture: Add torture_teardown_sshd_server(). 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>

(cherry-picked from commit 14f1ce2e)
 2018-10-02 16:33:40 +02:00
Andreas Schneider
2db325eb74 torture: Restrict files to we write to our user. 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>

(cherry-picked from commit 62b0f58d)
 2018-10-02 16:33:18 +02:00
Andreas Schneider
9937d0b552 torture: Add function to setup sshd server 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>

(cherry-picked from commit c3f963e7)
 2018-10-02 16:32:45 +02:00
Andreas Schneider
ae3e2a19c8 torture: Add torture_teardown_socket_dir(). 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>

(cherry-picked from commit fd09c4cb)
 2018-10-02 16:32:04 +02:00
Andreas Schneider
3567524fb2 torture: Add torture_setup_socket_dir(). 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>

(cherry-picked from commit 13f68fc2)
 2018-10-02 16:31:32 +02:00
Andreas Schneider
4814c188eb tests: Add ssh host keys for test environment. 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>

(cherry-picked from commit c2d63627)
 2018-10-02 16:31:16 +02:00
Andreas Schneider
a317188cb7 cmake: Search for cwrap and sshd. 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>

(cherry-picked from commit 6596d27e)
 2018-10-02 16:29:17 +02:00
Andreas Schneider
1d4151e51f libcrypt: Add missing header for compat 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2018-06-30 14:10:32 +02:00
Andreas Schneider
c228fa7631 pki: Fix duplicating ed25519 public keys 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 816234350d)
 2018-06-29 17:18:12 +02:00