aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
5 daysDo not close socket passed through options on error conditionsHEADmasterJakub Jelen4-12/+20
Fixes: #244 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Sahana Prasad <sahana@redhat.com>
5 daysReformat ssh_silent_disconnectJakub Jelen1-7/+9
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Sahana Prasad <sahana@redhat.com>
6 daysci: Add shellcheckJakub Jelen2-0/+58
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
6 daysFix shellcheck issuesJakub Jelen6-19/+22
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
6 daysclang-format: Note about line break after short typeJakub Jelen1-0/+2
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
6 daysRun all reviews in single jobJakub Jelen1-22/+8
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
6 daysci: Move codespell to the review stage in fileJakub Jelen1-11/+13
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
6 daysgitlab-ci: Check merge requests for Signed-off-by trailersAndreas Schneider2-0/+46
Based on Andreas work in https://gitlab.com/libssh/libssh-mirror/-/merge_requests/104/ Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
6 daysRun CI in merge requests and in branchesJakub Jelen1-0/+22
This should avoid duplicate pipelines as suggested in (gitlab-org/gitlab!230928) Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
7 daysAdd review stage to the CI checking formattingJakub Jelen2-0/+26
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
9 daysfeat: Handle hostkeys like OpenSSHGauravsingh Sisodia4-80/+62
fix: memory leak fix: add defaults after parsing fix: set defaults in ssh_bind_listen tests: add test for checking default hostkey paths remove: null check for hostkey paths, can't happen since we set defaults now examples: ssh_server remove "no default keys", default hostkeys set in ssh_bind_listen Signed-off-by: Gauravsingh Sisodia <xaerru@gmail.com> Reviewed-by: Sahana Prasad <sahana@redhat.com>
9 daysreformat: bind.cGauravsingh Sisodia1-74/+93
reformat: remove unneeded free Signed-off-by: Gauravsingh Sisodia <xaerru@gmail.com> Reviewed-by: Sahana Prasad <sahana@redhat.com>
9 daystests: Avoid hardcoding 64b arch path to pkcs11-spyJakub Jelen3-2/+18
Find the path to the library using cmake and enable this sort of logging only with TORTURE_PKCS11 environment variable. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Sahana Prasad <sahana@redhat.com>
2024-03-08cmake: Use -fprofile-update=atomic to avoid coverage files corruption from ↵Jakub Jelen1-1/+1
threads The gcc should be able to select this automatically based on the presence of -pthread is present on the commandline, but given that we link the tests static, we do not have this? Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2024-03-08Rework the coverage buildJakub Jelen9-47/+89
This reworks it to avoid a need to special build type and adding the flags only to the targets that need it (skipping testing wrappers which break with them). It also updates the CodeCoverage module from the following URL: https://github.com/bilke/cmake-modules/blob/master/CodeCoverage.cmake Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2024-03-08tests: Introduce chown wrapper to avoid OpenSSH touching PTY ownershipJakub Jelen2-1/+33
The OpenSSH as part of the new test torture_request_pty_modes attempts to chown the pty to the faked user, which is obviously not permitted when the test does not run as a root. But since all the permissions for SSH are faked, just ignoring these requests should be safe enough giving expected results. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2024-03-08tests: Print content of channels to investigate random failuresJakub Jelen1-0/+1
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2024-03-08Conditionalize TTY options that are not available on freebsdJakub Jelen1-0/+6
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2024-03-06updated documentation of sftp_tell64Abdelrahman Yossef1-2/+1
Signed-off-by: Abdelrahman Youssef <abdelrahmanyossef12@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2024-03-06Issue #157: Added authorDaniel Evers1-0/+1
Signed-off-by: Daniel Evers (daniel.evers@utimaco.com) Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2024-03-06Issue #157: Adapted documentation to the latest code changes.Daniel Evers1-0/+3
Signed-off-by: Daniel Evers (daniel.evers@utimaco.com) Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2024-03-06Issue #157: Use the current TTY's settings by default.Daniel Evers6-17/+589
When opening a PTY on the server, try to use the current TTY's settings (i.e. based on STDIN). If that fails or STDIN isn't a TTY, use default modes that avoid any character translation. Don't rely on stdin to be a TTY (breaks CI). Instead, open a PTY and temporarily use that as "fake" stdin. Signed-off-by: Daniel Evers (daniel.evers@utimaco.com) Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2024-03-06Issue #157: Added documentationDaniel Evers1-2/+8
Signed-off-by: Daniel Evers (daniel.evers@utimaco.com) Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2024-03-06Fix #157: Allow to set terminal modes for PTYsDaniel Evers6-7/+171
Added the new function `ssh_channel_request_pty_size_modes` which allows to pass additional encoded SSH terminal modes (see opcodes in RFC 4245). Signed-off-by: Daniel Evers (daniel.evers@utimaco.com) Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2024-02-22cmake: use imported targets for OpenSSL and zlibGregor Jasny7-56/+8
Imported targets are highly preferred over the individual variables for includes and libs because they will be used in a coherent way and any spelling mistakes or unavailability won't go unnoticed. Also it will prevent bugs like conan-io/conan-center-index#16900 or using mismatching header/libs combinations. Signed-off-by: Gregor Jasny <gjasny@googlemail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2024-02-22cmake: remove fallback for crypto lib lookupGregor Jasny1-24/+8
because if a fallback happens, the WITH_(GCRYPT|MBEDTLS) variables do not match the selection, anymore. Also a silent fallback is pretty bad if it is unnoticed. Signed-off-by: Gregor Jasny <gjasny@googlemail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2024-02-22cmake: Use Python find_packageAndreas Schneider2-5/+4
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2024-02-22Fix a syntax errorrenmingshuai1-1/+1
Signed-off-by: renmingshuai <renmingshuai@huawei.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2024-02-13sftp: Fix copy&paste error in the doxygen commentJakub Jelen1-1/+1
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Sahana Prasad <sahana@redhat.com>
2024-02-13sftp: Handle read/write limits in the old low-level SFTP APIJakub Jelen2-8/+27
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Sahana Prasad <sahana@redhat.com>
2024-02-13tests:pkd: Add missing includes for cmockaAndreas Schneider2-0/+2
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2024-01-26tests: Use /tmp for tmpdirs that contain socketsClemens Lang3-3/+3
Socket paths have a length limit, and depending on the working directory of the source code, these tests occasionally fail if the path is too long. Avoid this by using a template string that is absolute and in /tmp, which should avoid the socket path length issues. This fixes building libssh with pkcs11 provider support in 'fedpkg mockbuild'. Signed-off-by: Clemens Lang <cllang@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2024-01-22examples: server check all keys in authorized_keys instead of oneGauravsingh Sisodia1-21/+72
Fix read file with fgets and remove memory leaks Remove use of ssh_pki_import_pubkey_file in ssh server and update max line size Fix example server line no. and formatting Fix check for leading whitespace in line Reformat to avoid nesting Remove setting sdata->authenticated to 0, the default is 0 Better error messages and handle case for fgets failing Increment lineno at start Signed-off-by: Gauravsingh Sisodia <xaerru@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2024-01-15misc.c: Initialize pointers and free itNorbert Pocs1-2/+4
Signed-off-by: Norbert Pocs <norbertpocs0@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2024-01-15torture: Add cases for username checksNorbert Pocs2-0/+9
Signed-off-by: Norbert Pocs <norbertpocs0@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2024-01-15Check any input username for validityNorbert Pocs3-2/+17
Check possible inputs of username for malicious code. Signed-off-by: Norbert Pocs <norbertpocs0@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2024-01-15misc: Add function to check username syntaxNorbert Pocs3-0/+67
Malicious code can be injected using the username with metacharacters, therefore the username must be validated before using it with any %u. Signed-off-by: Norbert Pocs <norbertpocs0@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2024-01-15sftp_aio.dox: Change the sftp aio tutorial to incorporate cappingEshan Kelkar1-38/+168
A section has been added to explain the capping applied by the sftp aio API. Also the example codes have been changed such that they expect sftp_aio_begin_*() functions to return an ssize_t indicating the number of bytes it requested the server to read/write. Signed-off-by: Eshan Kelkar <eshankelkar@galorithm.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2024-01-15bench_sftp.c: Change sftp aio upload benchmarkEshan Kelkar1-19/+76
Following changes have been made: 1. The benchmark now expects sftp_aio_begin_write() to return a ssize_t indicating an error (or) the number of bytes for which it sent a write request. 2. If the user sets the chunk size > max limit for writing via CLI, the benchmark does not use the set chunk size and instead uses the max limit for writing as the chunk size 3. fprintf calls have been added to print the reason for failure if the benchmark fails. Signed-off-by: Eshan Kelkar <eshankelkar@galorithm.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2024-01-15bench_sftp.c: Change sftp aio download benchmarkEshan Kelkar1-23/+84
Following changes have been made : 1. The benchmark now expects sftp_aio_begin_read() to return an ssize_t indicating an error (or) the number of bytes for which it sent a read request. 2. If the user sets a chunk size > max limit for the reading via CLI, the benchmark does not use the set chunk size and instead uses the max limit for reading as the chunk size for download. 3. fprintf calls have been introduced to print the reason for the failure if the benchmark fails. Signed-off-by: Eshan Kelkar <eshankelkar@galorithm.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2024-01-15torture_sftp_aio.c: Change the tests according to aio api changesEshan Kelkar1-76/+241
The tests have been changed such that the return value of sftp_aio_begin_*() functions is expected to be a ssize_t which indicates the number of bytes for which the function sent a read/write request or error. Tests for trying to read/write bytes more than the max limit enforced by the API have also been added. The negative tests for reading and writing have also been seperated for the sake of clarity. Signed-off-by: Eshan Kelkar <eshankelkar@galorithm.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2024-01-15sftp_aio.c, sftp.h: Add capping to sftp aio write APIEshan Kelkar2-17/+26
Signed-off-by: Eshan Kelkar <eshankelkar@galorithm.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2024-01-15sftp_aio.c, sftp.h: Add capping to the sftp aio read APIEshan Kelkar2-8/+22
Signed-off-by: Eshan Kelkar <eshankelkar@galorithm.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2024-01-15torture_sftp_limits.c: Change the testEshan Kelkar1-8/+88
Test has been changed such that sftp_limits() is called when the limits@openssh.com extension is supported as well as when it is not supported. Also, a simple negative test has been added for NULL argument. Signed-off-by: Eshan Kelkar <eshankelkar@galorithm.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2024-01-15sftp.c, sftp.h: Store the limits in the sftp_sessionEshan Kelkar2-2/+112
In the sftp_init() call, the limits are stored in the sftp_sesssion. If the limits@openssh.com extension is supported the limits are retrieved from the server, else libssh uses the default limits. The sftp library functions that require the limits can access them using the sftp session. The library user can call sftp_limits() to get a copy of the limits stored in the sftp session. Since the limits were already retrieved from the server during sftp_init(), this sftp_limits() call requires no communication with the server. Signed-off-by: Eshan Kelkar <eshankelkar@galorithm.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2024-01-15sftp.c: Reformat sftp limits API accoding to the current coding styleEshan Kelkar1-6/+3
Signed-off-by: Eshan Kelkar <eshankelkar@galorithm.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2024-01-15sftp.c: Reformat sftp_init() according to the current coding styleEshan Kelkar1-78/+85
Signed-off-by: Eshan Kelkar <eshankelkar@galorithm.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2024-01-09Fix docstring for ssh_message_auth_password()JamesWrigley1-1/+1
Signed-off-by: James Wrigley <james@puiterwijk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2024-01-09Fix docstring for ssh_userauth_kbdint_getanswer()JamesWrigley1-1/+2
This incorrectly stated that it would return an integer value instead of a string. Signed-off-by: James Wrigley <james@puiterwijk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2024-01-09Remove logging functions from the threads Doxygen groupJamesWrigley1-1/+1
The closing brace of the @addtogroup command was too low, causing some logging functions to be added to the threads group. Signed-off-by: James Wrigley <james@puiterwijk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <norbertpocs0@gmail.com>