diff options
author | Anderson Toshiyuki Sasaki <ansasaki@redhat.com> | 2019-05-15 11:48:49 +0200 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2019-06-12 10:17:54 +0200 |
commit | f4363f56551509e1c43a20115448af269525285f (patch) | |
tree | 564dfc6e40351d2e8083bdba6df82d28ba8664a6 /src/bind.c | |
parent | bc95a517101cc2a124e35040e042ed5349696e2a (diff) | |
download | libssh-f4363f56551509e1c43a20115448af269525285f.tar.gz libssh-f4363f56551509e1c43a20115448af269525285f.tar.xz libssh-f4363f56551509e1c43a20115448af269525285f.zip |
options: Add option to set server accepted pubkey types
The added option SSH_BIND_OPTIONS_PUBKEY_ACCEPTED_KEY_TYPES allows
restricting the allowed public key types accepted by the server for
authentication.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Diffstat (limited to 'src/bind.c')
-rw-r--r-- | src/bind.c | 25 |
1 files changed, 25 insertions, 0 deletions
@@ -38,6 +38,7 @@ #include "libssh/buffer.h" #include "libssh/socket.h" #include "libssh/session.h" +#include "libssh/token.h" /** * @addtogroup libssh_server @@ -402,6 +403,7 @@ void ssh_bind_free(ssh_bind sshbind){ SAFE_FREE(sshbind->banner); SAFE_FREE(sshbind->bindaddr); SAFE_FREE(sshbind->config_dir); + SAFE_FREE(sshbind->pubkey_accepted_key_types); SAFE_FREE(sshbind->dsakey); SAFE_FREE(sshbind->rsakey); @@ -456,6 +458,29 @@ int ssh_bind_accept_fd(ssh_bind sshbind, ssh_session session, socket_t fd){ } } + if (sshbind->pubkey_accepted_key_types != NULL) { + if (session->opts.pubkey_accepted_types == NULL) { + session->opts.pubkey_accepted_types = strdup(sshbind->pubkey_accepted_key_types); + if (session->opts.pubkey_accepted_types == NULL) { + ssh_set_error_oom(sshbind); + return SSH_ERROR; + } + } else { + char *p; + /* If something was set to the session prior to calling this + * function, keep only what is allowed by the options set in + * sshbind */ + p = ssh_find_all_matching(sshbind->pubkey_accepted_key_types, + session->opts.pubkey_accepted_types); + if (p == NULL) { + return SSH_ERROR; + } + + SAFE_FREE(session->opts.pubkey_accepted_types); + session->opts.pubkey_accepted_types = p; + } + } + session->common.log_verbosity = sshbind->common.log_verbosity; if(sshbind->banner != NULL) session->opts.custombanner = strdup(sshbind->banner); |