diff options
author | Anderson Toshiyuki Sasaki <ansasaki@redhat.com> | 2019-05-15 11:48:49 +0200 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2019-06-12 10:17:54 +0200 |
commit | f4363f56551509e1c43a20115448af269525285f (patch) | |
tree | 564dfc6e40351d2e8083bdba6df82d28ba8664a6 /src/options.c | |
parent | bc95a517101cc2a124e35040e042ed5349696e2a (diff) | |
download | libssh-f4363f56551509e1c43a20115448af269525285f.tar.gz libssh-f4363f56551509e1c43a20115448af269525285f.tar.xz libssh-f4363f56551509e1c43a20115448af269525285f.zip |
options: Add option to set server accepted pubkey types
The added option SSH_BIND_OPTIONS_PUBKEY_ACCEPTED_KEY_TYPES allows
restricting the allowed public key types accepted by the server for
authentication.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Diffstat (limited to 'src/options.c')
-rw-r--r-- | src/options.c | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/src/options.c b/src/options.c index e9d8a721..244f3edf 100644 --- a/src/options.c +++ b/src/options.c @@ -1608,6 +1608,10 @@ static int ssh_bind_set_algo(ssh_bind sshbind, * paths of configuration files to * ssh_bind_options_parse_config(). * + * - SSH_BIND_OPTIONS_PUBKEY_ACCEPTED_KEY_TYPES: + * Set the public key algorithm accepted by the server + * (const char *, comma-separated list). + * * @param value The value to set. This is a generic pointer and the * datatype which should be used is described at the * corresponding value of type above. @@ -1912,6 +1916,24 @@ int ssh_bind_options_set(ssh_bind sshbind, enum ssh_bind_options_e type, } } break; + case SSH_BIND_OPTIONS_PUBKEY_ACCEPTED_KEY_TYPES: + v = value; + if (v == NULL || v[0] == '\0') { + ssh_set_error_invalid(sshbind); + return -1; + } else { + p = ssh_keep_known_algos(SSH_HOSTKEYS, v); + if (p == NULL) { + ssh_set_error(sshbind, SSH_REQUEST_DENIED, + "Setting method: no known public key algorithm (%s)", + v); + return -1; + } + + SAFE_FREE(sshbind->pubkey_accepted_key_types); + sshbind->pubkey_accepted_key_types = p; + } + break; default: ssh_set_error(sshbind, SSH_REQUEST_DENIED, "Unknown ssh option %d", type); return -1; |