diff options
-rw-r--r-- | libssh/kex.c | 35 | ||||
-rw-r--r-- | sftp_server/Makefile | 2 | ||||
-rw-r--r-- | sftp_server/Makefile.in | 2 | ||||
-rw-r--r-- | sftp_server/acl.c | 31 | ||||
-rw-r--r-- | sftp_server/server.h | 43 |
5 files changed, 105 insertions, 8 deletions
diff --git a/libssh/kex.c b/libssh/kex.c index 45ec3f77..7b7722e0 100644 --- a/libssh/kex.c +++ b/libssh/kex.c @@ -300,8 +300,19 @@ static void build_session_id1(SSH_SESSION *session, STRING *servern, #endif } +/* returns 1 if the modulus of k1 is < than the one of k2 */ +static int modulus_smaller(PUBLIC_KEY *k1, PUBLIC_KEY *k2){ + RSA *r1=k1->rsa_pub; + RSA *r2=k2->rsa_pub; + if(BN_cmp(r1->n,r2->n)<0) + return 1; + else + return 0; +} + +#define ABS(A) ( (A)<0 ? -(A):(A) ) STRING *encrypt_session_key(SSH_SESSION *session, PUBLIC_KEY *svrkey, - PUBLIC_KEY *hostkey){ + PUBLIC_KEY *hostkey,int slen, int hlen ){ char buffer[32]; int i; STRING *data1,*data2; @@ -319,9 +330,19 @@ STRING *encrypt_session_key(SSH_SESSION *session, PUBLIC_KEY *svrkey, buffer[i]^=session->next_crypto->session_id[i]; data1=string_new(32); string_fill(data1,buffer,32); - data2=ssh_encrypt_rsa1(session,data1,svrkey); - free(data1); - data1=ssh_encrypt_rsa1(session,data2,hostkey); + if(ABS(hlen-slen)<128){ + ssh_say(1,"Difference between server modulus and host modulus is only %d. It's illegal and may not work\n", + ABS(hlen-slen)); + } + if(modulus_smaller(svrkey,hostkey)){ + data2=ssh_encrypt_rsa1(session,data1,svrkey); + free(data1); + data1=ssh_encrypt_rsa1(session,data2,hostkey); + } else { + data2=ssh_encrypt_rsa1(session,data1,hostkey); + free(data1); + data1=ssh_encrypt_rsa1(session,data2,svrkey); + } return data1; } @@ -417,7 +438,7 @@ int ssh_get_kex1(SSH_SESSION *session){ buffer_add_u8(session->out_buffer,SSH_CIPHER_3DES); buffer_add_data(session->out_buffer,session->server_kex.cookie,8); - enc_session=encrypt_session_key(session,svr,host); + enc_session=encrypt_session_key(session,svr,host,server_bits, host_bits); bits=string_len(enc_session)*8 - 7; ssh_say(2,"%d bits,%d bytes encrypted session\n",bits,string_len(enc_session)); bits=htons(bits); @@ -435,7 +456,9 @@ int ssh_get_kex1(SSH_SESSION *session){ session->current_crypto=session->next_crypto; session->next_crypto=NULL; if(packet_wait(session,SSH_SMSG_SUCCESS,1)){ - ssh_set_error(session,SSH_FATAL,"Key exchange failed : %s\n",ssh_get_error(session)); + char buffer[1024]; + snprintf(buffer,sizeof(buffer),"Key exchange failed : %s",ssh_get_error(session)); + ssh_set_error(session,SSH_FATAL,"%s",buffer); return -1; } ssh_say(1,"received SSH_SMSG_SUCCESS\n"); diff --git a/sftp_server/Makefile b/sftp_server/Makefile index e3cfecbe..325e2bb4 100644 --- a/sftp_server/Makefile +++ b/sftp_server/Makefile @@ -1,4 +1,4 @@ -OBJECTS= main.o config.o list.o protocol.o userauth.o \ +OBJECTS= main.o config.o list.o protocol.o userauth.o file.o acl.o \ libconfig/libconfig.a ../libssh/libssh.a SHELL = /bin/sh diff --git a/sftp_server/Makefile.in b/sftp_server/Makefile.in index 47061d00..55c9f3cf 100644 --- a/sftp_server/Makefile.in +++ b/sftp_server/Makefile.in @@ -1,4 +1,4 @@ -OBJECTS= main.o config.o list.o protocol.o userauth.o \ +OBJECTS= main.o config.o list.o protocol.o userauth.o file.o acl.o \ libconfig/libconfig.a ../libssh/libssh.a SHELL = /bin/sh VPATH = @srcdir@ diff --git a/sftp_server/acl.c b/sftp_server/acl.c new file mode 100644 index 00000000..31c448e5 --- /dev/null +++ b/sftp_server/acl.c @@ -0,0 +1,31 @@ +/* Access control lists*/ +/* +Copyright 2005 Aris Adamantiadis + +This file is part of the SSH Library + +The SSH Library is free software; you can redistribute it and/or modify +it under the terms of the GNU Lesser General Public License as published by +the Free Software Foundation; either version 2.1 of the License, or (at your +option) any later version. + +The SSH Library is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY +or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public +License for more details. + +You should have received a copy of the GNU Lesser General Public License +along with the SSH Library; see the file COPYING. If not, write to +the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, +MA 02111-1307, USA. */ +#include "server.h" + +int acl_open(char *file, int mode); +int acl_opendir(char *dir); +int acl_stat(char *file); +int acl_rm(char *file); +int acl_rmdir(char *dir); +int acl_mv(char *from, char *to); +int acl_mkdir(char *dir); +int acl_symlink(char *from, char *to); +int acl_setstat(char *file); diff --git a/sftp_server/server.h b/sftp_server/server.h index f4f30a27..b37b1fb4 100644 --- a/sftp_server/server.h +++ b/sftp_server/server.h @@ -44,3 +44,46 @@ struct dir { list *Write; }; +/* acl_* functions returns this : */ +/* 1 : operation allowed */ +/* 0 : operation denied */ +int acl_open(char *file, int mode); +int acl_opendir(char *dir); +int acl_stat(char *file); +int acl_rm(char *file); +int acl_rmdir(char *dir); +int acl_mv(char *from, char *to); +int acl_mkdir(char *dir); +int acl_symlink(char *from, char *to); +int acl_setstat(char *file); + +/* still experimental */ + +#define BLOCKLEN 65536 + +/* here is how it works : */ +/* the buffer is BLOCKLEN long. */ +/* Bytes is the number of valid bytes into the buffer. these valid bytes */ +/* begin at &buffer[0] */ +/* buffer+start is mapped at offset. */ +/* thus, there are (bytes-start) bytes ready to be read. */ + +struct file { + int fd; + u64 offset; + unsigned char buffer[BLOCKLEN]; + int bytes; + int start; // number of the first byte pointed by offset + int mode; + int eof; + int delayed_write; /* there are data into the buffer to be read */ + int write_end; /* end of data, relative to buffer[0] */ + int write_start; /* begining of data */ +}; + + +struct file *file_open(char *filename, int mode); +int file_sync(struct file *file); +int file_close(struct file *file); + + |