aboutsummaryrefslogtreecommitdiff
path: root/include
AgeCommit message (Collapse)AuthorFilesLines
5 daysDo not close socket passed through options on error conditionsHEADmasterJakub Jelen1-0/+1
Fixes: #244 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Sahana Prasad <sahana@redhat.com>
2024-03-06updated documentation of sftp_tell64Abdelrahman Yossef1-2/+1
Signed-off-by: Abdelrahman Youssef <abdelrahmanyossef12@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2024-03-06Issue #157: Use the current TTY's settings by default.Daniel Evers1-0/+8
When opening a PTY on the server, try to use the current TTY's settings (i.e. based on STDIN). If that fails or STDIN isn't a TTY, use default modes that avoid any character translation. Don't rely on stdin to be a TTY (breaks CI). Instead, open a PTY and temporarily use that as "fake" stdin. Signed-off-by: Daniel Evers (daniel.evers@utimaco.com) Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2024-03-06Fix #157: Allow to set terminal modes for PTYsDaniel Evers2-2/+7
Added the new function `ssh_channel_request_pty_size_modes` which allows to pass additional encoded SSH terminal modes (see opcodes in RFC 4245). Signed-off-by: Daniel Evers (daniel.evers@utimaco.com) Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2024-02-22Fix a syntax errorrenmingshuai1-1/+1
Signed-off-by: renmingshuai <renmingshuai@huawei.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2024-02-13sftp: Fix copy&paste error in the doxygen commentJakub Jelen1-1/+1
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Sahana Prasad <sahana@redhat.com>
2024-02-13sftp: Handle read/write limits in the old low-level SFTP APIJakub Jelen1-3/+9
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Sahana Prasad <sahana@redhat.com>
2024-01-15misc: Add function to check username syntaxNorbert Pocs1-0/+1
Malicious code can be injected using the username with metacharacters, therefore the username must be validated before using it with any %u. Signed-off-by: Norbert Pocs <norbertpocs0@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2024-01-15sftp_aio.c, sftp.h: Add capping to sftp aio write APIEshan Kelkar1-12/+16
Signed-off-by: Eshan Kelkar <eshankelkar@galorithm.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2024-01-15sftp_aio.c, sftp.h: Add capping to the sftp aio read APIEshan Kelkar1-6/+15
Signed-off-by: Eshan Kelkar <eshankelkar@galorithm.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2024-01-15sftp.c, sftp.h: Store the limits in the sftp_sessionEshan Kelkar1-0/+1
In the sftp_init() call, the limits are stored in the sftp_sesssion. If the limits@openssh.com extension is supported the limits are retrieved from the server, else libssh uses the default limits. The sftp library functions that require the limits can access them using the sftp session. The library user can call sftp_limits() to get a copy of the limits stored in the sftp session. Since the limits were already retrieved from the server during sftp_init(), this sftp_limits() call requires no communication with the server. Signed-off-by: Eshan Kelkar <eshankelkar@galorithm.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2024-01-09Fix docstring for ssh_message_auth_password()JamesWrigley1-1/+1
Signed-off-by: James Wrigley <james@puiterwijk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2024-01-09Remove logging functions from the threads Doxygen groupJamesWrigley1-1/+1
The closing brace of the @addtogroup command was too low, causing some logging functions to be added to the threads group. Signed-off-by: James Wrigley <james@puiterwijk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <norbertpocs0@gmail.com>
2024-01-09Happy new year 2024!Andreas Schneider1-1/+1
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2024-01-02Document that options set on a bind will be free'd by ssh_bind_freeJamesWrigley1-0/+3
Signed-off-by: James Wrigley <james@puiterwijk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2023-12-22Fix regression in IPv6 addresses in hostname parsingJakub Jelen1-3/+8
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2023-12-18CVE-2023-6918: Systematically check return values when calculating digestsJakub Jelen1-15/+19
with all crypto backends Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2023-12-18CVE-2023-6918: Remove unused evp functions and typesJakub Jelen4-11/+0
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2023-12-18CVE-2023-48795: Server side mitigationsAris Adamantiadis1-0/+1
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2023-12-18CVE-2023-48795: client side mitigationAris Adamantiadis2-0/+7
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2023-12-18CVE-2023-6004: misc: Add function to check allowed characters of a hostnameNorbert Pocs1-0/+2
The hostname can be a domain name or an ip address. The colon has to be allowed because of IPv6 even it is prohibited in domain names. Signed-off-by: Norbert Pocs <norbertpocs0@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2023-12-15pki: New API functions exporting (also ed25519 keys in different formats)Jakub Jelen3-2/+26
This also adds an fallback to OpenSSH file format in non-OpenSSL backends and OpenSSH-compatible private key export for writing OpenSSH private keys. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2023-12-05Handle automatic certificate authenticationJakub Jelen3-0/+4
This involves reading the certificates from configuration files through options and handling them similarly as the OpenSSH does when doing the auto pubkey authentication, also in combination with agent or identities only. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Sahana Prasad <sahana@redhat.com>
2023-12-05pki: Add support for comparing certificatesJakub Jelen1-1/+2
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Sahana Prasad <sahana@redhat.com>
2023-12-05pki: Avoid needless cast to voidJakub Jelen1-1/+1
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Sahana Prasad <sahana@redhat.com>
2023-12-04sftp.h : Deprecate the old sftp async API for readingEshan Kelkar1-2/+6
Signed-off-by: Eshan Kelkar <eshankelkar@galorithm.com> Reviewed-by: Sahana Prasad <sahana@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2023-12-04Introduce sftp async i/o (aio) apiEshan Kelkar1-0/+211
The existing sftp async read api has two problems : 1. sftp_async_read() assumes that the value of the third parameter count is same as the number of bytes requested to read in the corresponding call to sftp_async_read_begin(). But the documentation of sftp_async_read() allows the value of count parameter to be more than that requested length. If value of count parameter is more than that requested length then sftp_async_read() updates the file->offset incorrectly which leads to further read/writes occuring from incorrect offsets. The problem here is that sftp_async_read() doesn't know about the number of bytes requested to read specified in the call to sftp_async_read_begin(), and it wrongly assumes the value of its count parameter (which is actually the size of the buffer to store the read data) to be the same as the number of bytes requested to read. 2. sftp_async_read_begin() returns an uint32_t type value type casted to int as a request identifier, whereas sftp_async_read() expects an uint32_t type value as a request identifier. Due to this the user has to typecast the identifier returned by sftp_async_read_begin() from int to uint32_t and then pass it to sftp_async_read(). This type casting is cumbersome for the user and hence the approach is not user-friendly. This commit solves the above two problems by introducing a new sftp aio api. The sftp_aio_begin_*() functions in the api send an i/o request to the sftp server and provide the caller a dynamically allocated structure storing information about the sent request. Information like number of bytes requested for i/o, id of sent request etc is stored in the structure. That structure should be provided to the sftp_aio_wait_*() functions in the api which wait for the response corresponding to the request whose info is stored in the provided structure. The libssh user is supposed to handle that structure through an opaque type sftp_aio. Since the structure stores the number of bytes requested for i/o, sftp_aio_wait_*() knows about the number of bytes requested for i/o (specified in the call to sftp_aio_begin_*()) and hence updates the file->offset correctly solving problem #1 present in the existing async api. Since the structure provided by sftp_aio_begin_*() (containing the request id) is supplied to sftp_aio_wait_*(), no casting of id's needs to be done by the user solving problem #2 of the existing async api. Signed-off-by: Eshan Kelkar <eshankelkar@galorithm.com> Reviewed-by: Sahana Prasad <sahana@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2023-12-04Move certain functions from sftp.c to a new file sftp_common.cEshan Kelkar1-0/+22
Currently the sftp api code is limited to sftp.c, sftpserver.c In future it can be required to add new sftp related APIs which are present in their own separate source files instead of adding their code to the already large sftp.c file. Those new hypothetical or existing (in sftpserver.c) sftp API functions present in the source files other than sftp.c will need to call certain functions present in sftp.c which are not provided in the public api as they are for internal use (by other sftp related functions) only. Some of these sftp.c functions have external linkage, some of them don't and cannot be currently accessed outside sftp.c This commit : 1. Moves such functions along with the functions they depend on from sftp.c to a new file sftp_common.c, to seperate them out from other sftp api functions. 2. Makes necessary changes to make required functions visible outside sftp_common.c 3. Uses the header file sftp_priv.h for necessary declarations (and not sftp.h) since these functions are not to be provided in the public sftp api. Signed-off-by: Eshan Kelkar <eshankelkar@galorithm.com> Reviewed-by: Sahana Prasad <sahana@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2023-11-22Adding expand-path@openssh.com extension for clientanshul agrawal1-0/+13
Signed-off-by: anshul agrawal <anshulagrawal2902@gmail.com> Reviewed-by: Sahana Prasad <sahana@redhat.com> Reviewed-by: Eshan Kelkar <eshankelkar@galorithm.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2023-10-04Add missing function to header file on windowsJakub Jelen1-2/+0
Fixes: #214 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Sahana Prasad <sahana@redhat.com>
2023-09-25Adding support for limits@openssh.com on client sideanfanite3961-0/+29
Signed-off-by: anfanite396 <dipamt1729@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2023-09-15sftp: Cap maximum SFTP writeJakub Jelen1-0/+4
The curl does not do any (or enough) chunking when writing large files using the sftp_write() function which causes some servers to choke [1]. The simplest solution is to limit the SFTP packet size according the SFTP specification recommendation which is 32768 B and not write more. This means the function will not write the whole amount of data it was asked to write and the calling applications are required to handle the return values correctly. More complicated solution would be to send several SFTP packet from the single sftp_write() function by iterating over the all data passed. The next improvement in the long term should be respecting the value reported by the server in the limits@openssh.com extension, which specifies the maximum packet size and reads/writes explicitly (if supported). [1] https://github.com/curl/curl/pull/11804 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2023-08-25crypto: Add ssh_crypto_free().Simon Josefsson3-0/+12
The intention is that this releases memory allocated by the crypto library, for functions like bignum_bn2hex() and bignum_bn2dec(). Consequently, ssh_gcry_bn2dec and ssh_mbedcry_bn2num should use gcry_malloc() and mbedtls_calloc() respectively to allocate memory since it will/should be released by ssh_crypto_free() so that the internal APIs are consistent between crypto libraries. Signed-off-by: Simon Josefsson <simon@josefsson.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2023-08-22misc.c : Introduce ssh_writen()Eshan Kelkar1-0/+1
A call to write() may perform a short write on a local file. To avoid short writes, ssh_writen() can be used. Signed-off-by: Eshan Kelkar <eshankelkar@galorithm.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com>
2023-08-22misc.c : Introduce ssh_readn()Eshan Kelkar1-0/+18
A call to read() may peform a short read from a local file even when sufficient data is present in the file. ssh_readn() can be used instead of read() to avoid such short reads. Signed-off-by: Eshan Kelkar <eshankelkar@galorithm.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com>
2023-08-22mbedcrypto: Make bignum_bn2dec() return char*.Simon Josefsson1-2/+2
This aligns it with libgcrypt/OpenSSL backends which uses char*. It also aligns mbedcrypto's bignum_bn2hex() to use an unsigned cast just like OpenSSL backend. Signed-off-by: Simon Josefsson <simon@josefsson.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2023-08-02add control master and path optionAhsen Kamal3-0/+15
Signed-off-by: Ahsen Kamal <itsahsenkamal@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com>
2023-07-11priv.h : Add compatibility code for WindowsEshan Kelkar1-0/+14
Compatibility code for mapping open, read, write, close and unlink to _open, _read, _write, _close and _unlink respectively on Windows was repeated in a lot of .c files. This commit adds that compatibility code to include/libssh/priv.h and removes it from the .c files (while ensuring that those .c files include priv.h) so that the compatibility code stays in one place, can be maintained easily and can be added easily to another source file by including priv.h in that file. Signed-off-by: Eshan Kelkar <eshankelkar@galorithm.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2023-06-26Deprecate SSH_BIND_OPTIONS_{RSA,ECDSA}KEY in favor of generic HOSTKEYJakub Jelen1-2/+2
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com>
2023-06-06sftp: Properly check bounds of incoming packetJakub Jelen1-1/+1
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2023-06-06Deprecate untested function sftp_server_initJakub Jelen1-1/+1
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2023-06-06Rename the sftp_process_init_packet()Jakub Jelen1-2/+2
... to better describe the function, which is only replying to the client with our version and extensions. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2023-06-06Remove needless new symbols and add required to APIJakub Jelen2-44/+21
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2023-06-06sftpserver: Move duplicate code handling SFTP operations to libraryJakub Jelen3-2/+82
These can be replaced by user-provided functions when needed. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2023-06-06sftp: fix format problems, style nit and building problemstatataeki1-9/+44
Signed-off-by: tatataeki <shengzeyu19_98@163.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2023-06-06examples: add sftpserver example and fix problemstatataeki1-1/+0
Signed-off-by: tatataeki <shengzeyu19_98@163.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2023-06-06sftp: add sftp api for sftpservertatataeki1-0/+10
Signed-off-by: tatataeki <shengzeyu19_98@163.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2023-05-04CVE-2023-1667:kex: Add support for sending first_kex_packet_follows flagJakub Jelen2-3/+11
This is not completely straightforward as it requires us to do some state shuffling. We introduce internal flag that can turn this on in client side, so far for testing only as we do not want to universally enable this. We also repurpose the server flag indicating the guess was wrong also for the client to make desired decisions. If we found out our guess was wrong, we need to hope the server was able to figure out this much, we need to revert the DH FSM state, drop the callbacks from the "wrong" key exchange method and initiate the right one. The server side is already tested by the pkd_hello_i1, which is executing tests against dropbrear clients, which is using this flag by default out of the box. Tested manually also with the pkd_hello --rekey to make sure the server is able to handle the rekeying with all key exchange methods. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2023-05-04CVE-2023-1667:kex: Correctly handle last fields of KEXINIT also in the ↵Jakub Jelen1-0/+5
client side Previously, the last two fields of KEXINIT were considered as always zero for the key exchange. This was true for the sending side, but might have not been true for the received KEXINIT from the peer. This moves the construction of these two fields closer to their reading or writing, instead of hardcoding them on the last possible moment before they go as input to the hashing function. This also allows accepting the first_kex_packet_follows on the client side, even though there is no kex algorithm now that would allow this. It also avoid memory leaks in case the server_set_kex() or ssh_set_client_kex() gets called multiple times, ensuring the algorithms will not change under our hands. It also makes use of a new flag to track if we sent KEXINIT. Previously, this was tracked only implicitly by the content of the session->next_crypto->{server,client}_kex (local kex). If it was not set, we considered it was not send. But given that we need to check the local kex even before sending it when we receive first_kex_packet_follows flag in the KEXINIT, this can no longer be used. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2023-05-04CVE-2023-1667:dh: Expose the callback cleanup functionsJakub Jelen4-0/+4
These will be helpful when we already sent the first key exchange packet, but we found out that our guess was wrong and we need to initiate different key exchange method with different callbacks. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>