diff options
-rw-r--r-- | include/libssh/bind.h | 1 | ||||
-rw-r--r-- | include/libssh/server.h | 1 | ||||
-rw-r--r-- | include/libssh/session.h | 1 | ||||
-rw-r--r-- | src/bind.c | 20 | ||||
-rw-r--r-- | src/dh-gex.c | 12 | ||||
-rw-r--r-- | src/options.c | 17 | ||||
-rw-r--r-- | src/session.c | 1 |
7 files changed, 48 insertions, 5 deletions
diff --git a/include/libssh/bind.h b/include/libssh/bind.h index 6b5f19dd..94256d4a 100644 --- a/include/libssh/bind.h +++ b/include/libssh/bind.h @@ -50,6 +50,7 @@ struct ssh_bind_struct { bool config_processed; char *config_dir; char *pubkey_accepted_key_types; + char* moduli_file; }; struct ssh_poll_handle_struct *ssh_bind_get_poll(struct ssh_bind_struct diff --git a/include/libssh/server.h b/include/libssh/server.h index 41f89d5c..1c18b38c 100644 --- a/include/libssh/server.h +++ b/include/libssh/server.h @@ -56,6 +56,7 @@ enum ssh_bind_options_e { SSH_BIND_OPTIONS_PUBKEY_ACCEPTED_KEY_TYPES, SSH_BIND_OPTIONS_HOSTKEY_ALGORITHMS, SSH_BIND_OPTIONS_PROCESS_CONFIG, + SSH_BIND_OPTIONS_MODULI, }; typedef struct ssh_bind_struct* ssh_bind; diff --git a/include/libssh/session.h b/include/libssh/session.h index 22256150..ddd52fd6 100644 --- a/include/libssh/session.h +++ b/include/libssh/session.h @@ -217,6 +217,7 @@ struct ssh_session_struct { char *pubkey_accepted_types; char *ProxyCommand; char *custombanner; + char *moduli_file; unsigned long timeout; /* seconds */ unsigned long timeout_usec; unsigned int port; @@ -393,6 +393,7 @@ void ssh_bind_free(ssh_bind sshbind){ /* options */ SAFE_FREE(sshbind->banner); + SAFE_FREE(sshbind->moduli_file); SAFE_FREE(sshbind->bindaddr); SAFE_FREE(sshbind->config_dir); SAFE_FREE(sshbind->pubkey_accepted_key_types); @@ -485,8 +486,23 @@ int ssh_bind_accept_fd(ssh_bind sshbind, ssh_session session, socket_t fd){ } session->common.log_verbosity = sshbind->common.log_verbosity; - if(sshbind->banner != NULL) - session->opts.custombanner = strdup(sshbind->banner); + + if (sshbind->banner != NULL) { + session->opts.custombanner = strdup(sshbind->banner); + if (session->opts.custombanner == NULL) { + ssh_set_error_oom(sshbind); + return SSH_ERROR; + } + } + + if (sshbind->moduli_file != NULL) { + session->opts.moduli_file = strdup(sshbind->moduli_file); + if (session->opts.moduli_file == NULL) { + ssh_set_error_oom(sshbind); + return SSH_ERROR; + } + } + ssh_socket_free(session->socket); session->socket = ssh_socket_new(session); if (session->socket == NULL) { diff --git a/src/dh-gex.c b/src/dh-gex.c index 88a97140..c6295f8f 100644 --- a/src/dh-gex.c +++ b/src/dh-gex.c @@ -489,7 +489,8 @@ static int ssh_retrieve_dhgroup_file(FILE *moduli, * @param[out] g generator * @return SSH_OK on success, SSH_ERROR otherwise. */ -static int ssh_retrieve_dhgroup(uint32_t pmin, +static int ssh_retrieve_dhgroup(char *moduli_file, + uint32_t pmin, uint32_t pn, uint32_t pmax, size_t *size, @@ -508,7 +509,11 @@ static int ssh_retrieve_dhgroup(uint32_t pmin, return ssh_fallback_group(pmax, p, g); } - moduli = fopen(MODULI_FILE, "r"); + if (moduli_file != NULL) + moduli = fopen(moduli_file, "r"); + else + moduli = fopen(MODULI_FILE, "r"); + if (moduli == NULL) { SSH_LOG(SSH_LOG_WARNING, "Unable to open moduli file: %s", @@ -627,7 +632,8 @@ static SSH_PACKET_CALLBACK(ssh_packet_server_dhgex_request) pn = pmin; } } - rc = ssh_retrieve_dhgroup(pmin, + rc = ssh_retrieve_dhgroup(session->opts.moduli_file, + pmin, pn, pmax, &size, diff --git a/src/options.c b/src/options.c index 692fc837..d5921645 100644 --- a/src/options.c +++ b/src/options.c @@ -1655,6 +1655,10 @@ static int ssh_bind_set_algo(ssh_bind sshbind, * possible algorithms is created from the list of keys * set and then filtered against this list. * (const char *, comma-separated list). + * + * - SSH_BIND_OPTIONS_MODULI + * Set the path to the moduli file. Defaults to + * /etc/ssh/moduli if not specified (const char *). * * @param value The value to set. This is a generic pointer and the * datatype which should be used is described at the @@ -2003,6 +2007,19 @@ int ssh_bind_options_set(ssh_bind sshbind, enum ssh_bind_options_e type, sshbind->config_processed = !(*x); } break; + case SSH_BIND_OPTIONS_MODULI: + if (value == NULL) { + ssh_set_error_invalid(sshbind); + return -1; + } else { + SAFE_FREE(sshbind->moduli_file); + sshbind->moduli_file = strdup(value); + if (sshbind->moduli_file == NULL) { + ssh_set_error_oom(sshbind); + return -1; + } + } + break; default: ssh_set_error(sshbind, SSH_REQUEST_DENIED, "Unknown ssh option %d", type); return -1; diff --git a/src/session.c b/src/session.c index 3199096a..b5ffcbc2 100644 --- a/src/session.c +++ b/src/session.c @@ -304,6 +304,7 @@ void ssh_free(ssh_session session) SAFE_FREE(session->opts.bindaddr); SAFE_FREE(session->opts.custombanner); + SAFE_FREE(session->opts.moduli_file); SAFE_FREE(session->opts.username); SAFE_FREE(session->opts.host); SAFE_FREE(session->opts.sshdir); |