aboutsummaryrefslogtreecommitdiff
path: root/src/options.c
diff options
context:
space:
mode:
authorJakub Jelen <jjelen@redhat.com>2018-08-07 11:25:27 +0200
committerAndreas Schneider <asn@cryptomilk.org>2018-08-31 14:18:34 +0200
commit4521ab73b6858efa0083ac96a1775719b1f649ae (patch)
treefd828e2ee89bb72b051008afc528dc7880beeede /src/options.c
parent9ca6127b91c785289535b302feccdf23d5bcc6b1 (diff)
downloadlibssh-4521ab73b6858efa0083ac96a1775719b1f649ae.tar.gz
libssh-4521ab73b6858efa0083ac96a1775719b1f649ae.tar.xz
libssh-4521ab73b6858efa0083ac96a1775719b1f649ae.zip
options: The new option SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES
This option allows to specify acceptable public key algorithms and reflects the PubkeyAcceptedTypes configuration option from OpenSSH. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Diffstat (limited to 'src/options.c')
-rw-r--r--src/options.c31
1 files changed, 31 insertions, 0 deletions
diff --git a/src/options.c b/src/options.c
index 0e428e65..2376b3a6 100644
--- a/src/options.c
+++ b/src/options.c
@@ -147,6 +147,14 @@ int ssh_options_copy(ssh_session src, ssh_session *dest) {
return -1;
}
}
+
+ if (src->opts.pubkey_accepted_types != NULL) {
+ new->opts.pubkey_accepted_types = strdup(src->opts.pubkey_accepted_types);
+ if (new->opts.pubkey_accepted_types == NULL) {
+ ssh_free(new);
+ return -1;
+ }
+ }
new->opts.fd = src->opts.fd;
new->opts.port = src->opts.port;
new->opts.timeout = src->opts.timeout;
@@ -343,6 +351,11 @@ int ssh_options_set_algo(ssh_session session,
* comma-separated list). ex:
* "ssh-rsa,ssh-dss,ecdh-sha2-nistp256"
*
+ * - SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES:
+ * Set the preferred public key algorithms to be used for
+ * authentication (const char *, comma-separated list). ex:
+ * "ssh-rsa,rsa-sha2-256,ssh-dss,ecdh-sha2-nistp256"
+ *
* - SSH_OPTIONS_COMPRESSION_C_S:
* Set the compression to use for client to server
* communication (const char *, "yes", "no" or a specific
@@ -743,6 +756,24 @@ int ssh_options_set(ssh_session session, enum ssh_options_e type,
return -1;
}
break;
+ case SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES:
+ v = value;
+ if (v == NULL || v[0] == '\0') {
+ ssh_set_error_invalid(session);
+ return -1;
+ } else {
+ p = ssh_keep_known_algos(SSH_HOSTKEYS, v);
+ if (p == NULL) {
+ ssh_set_error(session, SSH_REQUEST_DENIED,
+ "Setting method: no known public key algorithm (%s)",
+ v);
+ return -1;
+ }
+
+ SAFE_FREE(session->opts.pubkey_accepted_types);
+ session->opts.pubkey_accepted_types = p;
+ }
+ break;
case SSH_OPTIONS_HMAC_C_S:
v = value;
if (v == NULL || v[0] == '\0') {