aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--libssh/kex.c35
-rw-r--r--sftp_server/Makefile2
-rw-r--r--sftp_server/Makefile.in2
-rw-r--r--sftp_server/acl.c31
-rw-r--r--sftp_server/server.h43
5 files changed, 105 insertions, 8 deletions
diff --git a/libssh/kex.c b/libssh/kex.c
index 45ec3f77..7b7722e0 100644
--- a/libssh/kex.c
+++ b/libssh/kex.c
@@ -300,8 +300,19 @@ static void build_session_id1(SSH_SESSION *session, STRING *servern,
#endif
}
+/* returns 1 if the modulus of k1 is < than the one of k2 */
+static int modulus_smaller(PUBLIC_KEY *k1, PUBLIC_KEY *k2){
+ RSA *r1=k1->rsa_pub;
+ RSA *r2=k2->rsa_pub;
+ if(BN_cmp(r1->n,r2->n)<0)
+ return 1;
+ else
+ return 0;
+}
+
+#define ABS(A) ( (A)<0 ? -(A):(A) )
STRING *encrypt_session_key(SSH_SESSION *session, PUBLIC_KEY *svrkey,
- PUBLIC_KEY *hostkey){
+ PUBLIC_KEY *hostkey,int slen, int hlen ){
char buffer[32];
int i;
STRING *data1,*data2;
@@ -319,9 +330,19 @@ STRING *encrypt_session_key(SSH_SESSION *session, PUBLIC_KEY *svrkey,
buffer[i]^=session->next_crypto->session_id[i];
data1=string_new(32);
string_fill(data1,buffer,32);
- data2=ssh_encrypt_rsa1(session,data1,svrkey);
- free(data1);
- data1=ssh_encrypt_rsa1(session,data2,hostkey);
+ if(ABS(hlen-slen)<128){
+ ssh_say(1,"Difference between server modulus and host modulus is only %d. It's illegal and may not work\n",
+ ABS(hlen-slen));
+ }
+ if(modulus_smaller(svrkey,hostkey)){
+ data2=ssh_encrypt_rsa1(session,data1,svrkey);
+ free(data1);
+ data1=ssh_encrypt_rsa1(session,data2,hostkey);
+ } else {
+ data2=ssh_encrypt_rsa1(session,data1,hostkey);
+ free(data1);
+ data1=ssh_encrypt_rsa1(session,data2,svrkey);
+ }
return data1;
}
@@ -417,7 +438,7 @@ int ssh_get_kex1(SSH_SESSION *session){
buffer_add_u8(session->out_buffer,SSH_CIPHER_3DES);
buffer_add_data(session->out_buffer,session->server_kex.cookie,8);
- enc_session=encrypt_session_key(session,svr,host);
+ enc_session=encrypt_session_key(session,svr,host,server_bits, host_bits);
bits=string_len(enc_session)*8 - 7;
ssh_say(2,"%d bits,%d bytes encrypted session\n",bits,string_len(enc_session));
bits=htons(bits);
@@ -435,7 +456,9 @@ int ssh_get_kex1(SSH_SESSION *session){
session->current_crypto=session->next_crypto;
session->next_crypto=NULL;
if(packet_wait(session,SSH_SMSG_SUCCESS,1)){
- ssh_set_error(session,SSH_FATAL,"Key exchange failed : %s\n",ssh_get_error(session));
+ char buffer[1024];
+ snprintf(buffer,sizeof(buffer),"Key exchange failed : %s",ssh_get_error(session));
+ ssh_set_error(session,SSH_FATAL,"%s",buffer);
return -1;
}
ssh_say(1,"received SSH_SMSG_SUCCESS\n");
diff --git a/sftp_server/Makefile b/sftp_server/Makefile
index e3cfecbe..325e2bb4 100644
--- a/sftp_server/Makefile
+++ b/sftp_server/Makefile
@@ -1,4 +1,4 @@
-OBJECTS= main.o config.o list.o protocol.o userauth.o \
+OBJECTS= main.o config.o list.o protocol.o userauth.o file.o acl.o \
libconfig/libconfig.a ../libssh/libssh.a
SHELL = /bin/sh
diff --git a/sftp_server/Makefile.in b/sftp_server/Makefile.in
index 47061d00..55c9f3cf 100644
--- a/sftp_server/Makefile.in
+++ b/sftp_server/Makefile.in
@@ -1,4 +1,4 @@
-OBJECTS= main.o config.o list.o protocol.o userauth.o \
+OBJECTS= main.o config.o list.o protocol.o userauth.o file.o acl.o \
libconfig/libconfig.a ../libssh/libssh.a
SHELL = /bin/sh
VPATH = @srcdir@
diff --git a/sftp_server/acl.c b/sftp_server/acl.c
new file mode 100644
index 00000000..31c448e5
--- /dev/null
+++ b/sftp_server/acl.c
@@ -0,0 +1,31 @@
+/* Access control lists*/
+/*
+Copyright 2005 Aris Adamantiadis
+
+This file is part of the SSH Library
+
+The SSH Library is free software; you can redistribute it and/or modify
+it under the terms of the GNU Lesser General Public License as published by
+the Free Software Foundation; either version 2.1 of the License, or (at your
+option) any later version.
+
+The SSH Library is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+License for more details.
+
+You should have received a copy of the GNU Lesser General Public License
+along with the SSH Library; see the file COPYING. If not, write to
+the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
+MA 02111-1307, USA. */
+#include "server.h"
+
+int acl_open(char *file, int mode);
+int acl_opendir(char *dir);
+int acl_stat(char *file);
+int acl_rm(char *file);
+int acl_rmdir(char *dir);
+int acl_mv(char *from, char *to);
+int acl_mkdir(char *dir);
+int acl_symlink(char *from, char *to);
+int acl_setstat(char *file);
diff --git a/sftp_server/server.h b/sftp_server/server.h
index f4f30a27..b37b1fb4 100644
--- a/sftp_server/server.h
+++ b/sftp_server/server.h
@@ -44,3 +44,46 @@ struct dir {
list *Write;
};
+/* acl_* functions returns this : */
+/* 1 : operation allowed */
+/* 0 : operation denied */
+int acl_open(char *file, int mode);
+int acl_opendir(char *dir);
+int acl_stat(char *file);
+int acl_rm(char *file);
+int acl_rmdir(char *dir);
+int acl_mv(char *from, char *to);
+int acl_mkdir(char *dir);
+int acl_symlink(char *from, char *to);
+int acl_setstat(char *file);
+
+/* still experimental */
+
+#define BLOCKLEN 65536
+
+/* here is how it works : */
+/* the buffer is BLOCKLEN long. */
+/* Bytes is the number of valid bytes into the buffer. these valid bytes */
+/* begin at &buffer[0] */
+/* buffer+start is mapped at offset. */
+/* thus, there are (bytes-start) bytes ready to be read. */
+
+struct file {
+ int fd;
+ u64 offset;
+ unsigned char buffer[BLOCKLEN];
+ int bytes;
+ int start; // number of the first byte pointed by offset
+ int mode;
+ int eof;
+ int delayed_write; /* there are data into the buffer to be read */
+ int write_end; /* end of data, relative to buffer[0] */
+ int write_start; /* begining of data */
+};
+
+
+struct file *file_open(char *filename, int mode);
+int file_sync(struct file *file);
+int file_close(struct file *file);
+
+