aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/config.c42
-rw-r--r--src/kex.c84
-rw-r--r--src/options.c31
3 files changed, 137 insertions, 20 deletions
diff --git a/src/config.c b/src/config.c
index 6187c90f..42148df7 100644
--- a/src/config.c
+++ b/src/config.c
@@ -33,6 +33,8 @@
#include "libssh/misc.h"
#include "libssh/options.h"
+#define MAX_LINE_SIZE 1024
+
enum ssh_config_opcode_e {
SOC_UNSUPPORTED = -1,
SOC_HOST,
@@ -50,6 +52,7 @@ enum ssh_config_opcode_e {
SOC_GSSAPISERVERIDENTITY,
SOC_GSSAPICLIENTIDENTITY,
SOC_GSSAPIDELEGATECREDENTIALS,
+ SOC_INCLUDE,
SOC_END /* Keep this one last in the list */
};
@@ -75,9 +78,13 @@ static struct ssh_config_keyword_table_s ssh_config_keyword_table[] = {
{ "gssapiserveridentity", SOC_GSSAPISERVERIDENTITY },
{ "gssapiserveridentity", SOC_GSSAPICLIENTIDENTITY },
{ "gssapidelegatecredentials", SOC_GSSAPIDELEGATECREDENTIALS },
+ { "include", SOC_INCLUDE },
{ NULL, SOC_UNSUPPORTED }
};
+static int ssh_config_parse_line(ssh_session session, const char *line,
+ unsigned int count, int *parsing, int seen[]);
+
static enum ssh_config_opcode_e ssh_config_get_opcode(char *keyword) {
int i;
@@ -186,6 +193,30 @@ static int ssh_config_get_yesno(char **str, int notfound) {
return notfound;
}
+static void local_parse_file(ssh_session session, const char *filename, int *parsing, int seen[]) {
+ FILE *f;
+ char line[MAX_LINE_SIZE] = {0};
+ unsigned int count = 0;
+
+ if ((f = fopen(filename, "r")) == NULL) {
+ SSH_LOG(SSH_LOG_RARE, "Cannot find file %s to load",
+ filename);
+ return;
+ }
+
+ SSH_LOG(SSH_LOG_PACKET, "Reading additional configuration data from %s", filename);
+ while (fgets(line, sizeof(line), f)) {
+ count++;
+ if (ssh_config_parse_line(session, line, count, parsing, seen) < 0) {
+ fclose(f);
+ return;
+ }
+ }
+
+ fclose(f);
+ return;
+}
+
static int ssh_config_parse_line(ssh_session session, const char *line,
unsigned int count, int *parsing, int seen[]) {
enum ssh_config_opcode_e opcode;
@@ -218,7 +249,7 @@ static int ssh_config_parse_line(ssh_session session, const char *line,
}
opcode = ssh_config_get_opcode(keyword);
- if (*parsing == 1 && opcode != SOC_HOST && opcode != SOC_UNSUPPORTED) {
+ if (*parsing == 1 && opcode != SOC_HOST && opcode != SOC_UNSUPPORTED && opcode != SOC_INCLUDE) {
if (seen[opcode] != 0) {
return 0;
}
@@ -226,6 +257,13 @@ static int ssh_config_parse_line(ssh_session session, const char *line,
}
switch (opcode) {
+ case SOC_INCLUDE: /* recursive include of other files */
+
+ p = ssh_config_get_str_tok(&s, NULL);
+ if (p && *parsing) {
+ local_parse_file(session, p, parsing, seen);
+ }
+ break;
case SOC_HOST: {
int ok = 0;
@@ -387,7 +425,7 @@ static int ssh_config_parse_line(ssh_session session, const char *line,
/* ssh_config_parse_file */
int ssh_config_parse_file(ssh_session session, const char *filename) {
- char line[1024] = {0};
+ char line[MAX_LINE_SIZE] = {0};
unsigned int count = 0;
FILE *f;
int parsing;
diff --git a/src/kex.c b/src/kex.c
index 2e7702b8..21523fa9 100644
--- a/src/kex.c
+++ b/src/kex.c
@@ -281,6 +281,71 @@ char *ssh_find_matching(const char *available_d, const char *preferred_d){
return NULL;
}
+static char *ssh_find_all_matching(const char *available_d,
+ const char *preferred_d)
+{
+ char **tok_available, **tok_preferred;
+ int i_avail, i_pref;
+ char *ret;
+ unsigned max, len, pos = 0;
+
+ if ((available_d == NULL) || (preferred_d == NULL)) {
+ return NULL; /* don't deal with null args */
+ }
+
+ max = MAX(strlen(available_d), strlen(preferred_d));
+
+ ret = malloc(max+1);
+ if (ret == NULL) {
+ return NULL;
+ }
+ ret[0] = 0;
+
+ tok_available = tokenize(available_d);
+ if (tok_available == NULL) {
+ SAFE_FREE(ret);
+ return NULL;
+ }
+
+ tok_preferred = tokenize(preferred_d);
+ if (tok_preferred == NULL) {
+ SAFE_FREE(ret);
+ SAFE_FREE(tok_available[0]);
+ SAFE_FREE(tok_available);
+ return NULL;
+ }
+
+ for (i_pref = 0; tok_preferred[i_pref] ; ++i_pref) {
+ for (i_avail = 0; tok_available[i_avail]; ++i_avail) {
+ int cmp = strcmp(tok_available[i_avail],tok_preferred[i_pref]);
+ if (cmp == 0) {
+ /* match */
+ if (pos != 0) {
+ ret[pos] = ',';
+ pos++;
+ }
+
+ len = strlen(tok_available[i_avail]);
+ memcpy(&ret[pos], tok_available[i_avail], len);
+ pos += len;
+ ret[pos] = '\0';
+ }
+ }
+ }
+
+ if (ret[0] == '\0') {
+ SAFE_FREE(ret);
+ ret = NULL;
+ }
+
+ SAFE_FREE(tok_available[0]);
+ SAFE_FREE(tok_preferred[0]);
+ SAFE_FREE(tok_available);
+ SAFE_FREE(tok_preferred);
+
+ return ret;
+}
+
/**
* @internal
* @brief returns whether the first client key exchange algorithm or
@@ -660,10 +725,14 @@ error:
}
/* returns 1 if at least one of the name algos is in the default algorithms table */
-int ssh_verify_existing_algo(int algo, const char *name){
+int ssh_verify_existing_algo(enum ssh_kex_types_e algo, const char *name)
+{
char *ptr;
- if(algo>9 || algo <0)
+
+ if (algo > SSH_LANG_S_C) {
return -1;
+ }
+
ptr=ssh_find_matching(supported_methods[algo],name);
if(ptr){
free(ptr);
@@ -672,4 +741,13 @@ int ssh_verify_existing_algo(int algo, const char *name){
return 0;
}
-/* vim: set ts=2 sw=2 et cindent: */
+/* returns a copy of the provided list if everything is supported,
+ * otherwise a new list of the supported algorithms */
+char *ssh_keep_known_algos(enum ssh_kex_types_e algo, const char *list)
+{
+ if (algo > SSH_LANG_S_C) {
+ return NULL;
+ }
+
+ return ssh_find_all_matching(supported_methods[algo], list);
+}
diff --git a/src/options.c b/src/options.c
index 68c11053..9346b6d1 100644
--- a/src/options.c
+++ b/src/options.c
@@ -162,23 +162,24 @@ int ssh_options_copy(ssh_session src, ssh_session *dest) {
return 0;
}
-int ssh_options_set_algo(ssh_session session, int algo,
- const char *list) {
- if (!ssh_verify_existing_algo(algo, list)) {
- ssh_set_error(session, SSH_REQUEST_DENIED,
- "Setting method: no algorithm for method \"%s\" (%s)",
- ssh_kex_get_description(algo), list);
- return -1;
- }
+int ssh_options_set_algo(ssh_session session,
+ enum ssh_kex_types_e algo,
+ const char *list)
+{
+ char *p = NULL;
- SAFE_FREE(session->opts.wanted_methods[algo]);
- session->opts.wanted_methods[algo] = strdup(list);
- if (session->opts.wanted_methods[algo] == NULL) {
- ssh_set_error_oom(session);
- return -1;
- }
+ p = ssh_keep_known_algos(algo, list);
+ if (p == NULL) {
+ ssh_set_error(session, SSH_REQUEST_DENIED,
+ "Setting method: no algorithm for method \"%s\" (%s)",
+ ssh_kex_get_description(algo), list);
+ return -1;
+ }
- return 0;
+ SAFE_FREE(session->opts.wanted_methods[algo]);
+ session->opts.wanted_methods[algo] = p;
+
+ return 0;
}
/**