aboutsummaryrefslogtreecommitdiff
path: root/src/session.c
AgeCommit message (Collapse)AuthorFilesLines
5 daysDo not close socket passed through options on error conditionsHEADmasterJakub Jelen1-2/+16
Fixes: #244 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Sahana Prasad <sahana@redhat.com>
5 daysReformat ssh_silent_disconnectJakub Jelen1-7/+9
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Sahana Prasad <sahana@redhat.com>
2024-01-02session: Avoid memory leaksJakub Jelen1-2/+5
Thanks coverity CID 1531417 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <norbertpocs0@gmail.com>
2023-12-18CVE-2023-6918: Systematically check return values when calculating digestsJakub Jelen1-19/+53
with all crypto backends Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2023-12-05Handle automatic certificate authenticationJakub Jelen1-0/+33
This involves reading the certificates from configuration files through options and handling them similarly as the OpenSSH does when doing the auto pubkey authentication, also in combination with agent or identities only. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Sahana Prasad <sahana@redhat.com>
2023-10-31session: Free agent state on windowsJakub Jelen1-5/+1
Fixes: #220 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Sahana Prasad <sahana@redhat.com>
2023-08-02add control master and path optionAhsen Kamal1-0/+2
Signed-off-by: Ahsen Kamal <itsahsenkamal@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com>
2023-06-28session: Avoid potential null dereference on low-memory conditionsJakub Jelen1-0/+4
CID 1500478 Thanks coverity Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com>
2023-06-05Error out if ctx is NULL.Kevin Backhouse1-1/+5
Signed-off-by: Kevin Backhouse <kevinbackhouse@github.com> Reviewed-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2023-03-06free memory of peer_discon_msgAhsen Kamal1-0/+1
Signed-off-by: Ahsen Kamal <itsahsenkamal@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2023-03-06rename discon_msg to peer_discon_msgAhsen Kamal1-2/+2
Signed-off-by: Ahsen Kamal <itsahsenkamal@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2023-02-02Remove support for DSA KeysMohammad Shehar Yaar Tausif1-13/+0
Solving issue #110. The original work is at !231 Some changes were needed because the newly added features in master through time Signed-off-by: Mohammad Shehar Yaar Tausif <sheharyaar48@gmail.com> Signed-off-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2022-11-29Add flags for escape expand operationNorbert Pocs1-0/+2
Calling `ssh_options_apply` more times can result in an unwanted behaviour of expanding the escape characters more times. Adding flags to check if the expansion was already done on the current string variables. Signed-off-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2022-11-29Add a placehohlder for non-expanded identitiesNorbert Pocs1-4/+19
Expanding a string twice could lead to unwanted behaviour. This solution creates a ssh_list (`opts.identites_non_exp`) to store the strings before expansion and by using ssh_apply it moves the string to the `opts.identities`. This way the expanded strings are separated. Signed-off-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2022-11-02Reformat and initialize pointersJakub Jelen1-8/+10
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2022-10-12Fix various spelling issues reported by codespellJakub Jelen1-1/+1
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2022-10-07SSH_LOG_TRACE: Recategorize loglevelsNorbert Pocs1-2/+2
Do not print out logs when no fatal error happens. This approach is similiar to openssh, when Error/Fatal does not print recoverable error logs. recategorized based on - SSH_LOG_TRACE are debug logs when error happens Signed-off-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2022-10-04session.c: Remove dot from documentation group definitionNorbert Pocs1-1/+1
Signed-off-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2022-09-22Implement IdentitiesOnlyLinus Kardell1-0/+1
Signed-off-by: Linus Kardell <linus.kardell@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2022-08-29session: Initialize the port with the standard port (22)Andreas Schneider1-1/+1
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2022-08-08session: Avoid memory leak of agent_socket from configuration fileJakub Jelen1-0/+1
Thanks oss-fuzz https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=48268 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2022-08-03session: Initialize pointersJakub Jelen1-1/+1
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2022-07-04Rewrite strerror to ssh_strerrorNorbert Pocs1-1/+3
Signed-off-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2022-07-02client: Add ssh_session_set_disconnect_message()omsheladia1-0/+1
Fix #98 by adding 'ssh_session_set_disconnect_message' Whenever the ssh session disconnects a "Bye Bye" message was set and displayed. Now the peer has a choice to set a customised message to be sent after the session is disconnected. The default "Bye Bye" will be set if this function is not called or not called correctly. The testcases in tests/server/torture_server can also demonstrate how this function works. Signed-off-by: Om Sheladia <omsheladia10@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2022-06-22Enable ssh agent authentication on WindowsWez Furlong1-2/+0
Windows has supported unix domain sockets for a couple of years now; see this article for more information about that: <https://devblogs.microsoft.com/commandline/af_unix-comes-to-windows/> This commit allows libssh to consider using agent authentication on Windows systems. It is mostly removing `#ifndef _WIN32` that prevented the unix domain socket code from being compiled in, and adjusting the use of `read(2)` and `write(2)` to `recv(2)` and `send(2)`, as the former functions are not compatible with sockets on Windows systems. For mingw systems, afunix.h isn't available so we use the technique as was used to resolve building with mingw as used by the curl project in: https://github.com/curl/curl/pull/5170 Signed-off-by: Wez Furlong <wez@fb.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2022-06-15Fix type mismatch warningsNorbert Pocs1-3/+3
Signed-off-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2022-06-09Reformat most of the function headersJakub Jelen1-1/+2
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2022-06-09Improve documentation by mentioning the free functionsJakub Jelen1-2/+2
Related: https://gitlab.com/libssh/libssh-mirror/-/issues/3 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2022-05-02Fix multiple spelling and grammar mistakesJunda Ai1-4/+4
Signed-off-by: Junda Ai <aijunda29@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2022-04-19trivial fix: Fixes some spelling errorsDhanuka Warusadura1-1/+1
Signed-off-by: Dhanuka Warusadura <csx@tuta.io> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2021-06-04add moduli file location as an ssh_bind optionAndrew Wiley1-0/+1
Signed-off-by: Andrew Wiley <wiley@outlook.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-04-24session: add missing return value documentationHeiko Thiery1-1/+2
Add SSH_AGAIN as return value to ssh_handle_packets documentation. Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-04-06kex: Add support for diffie-hellman-group14-sha256Anderson Toshiyuki Sasaki1-0/+2
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-12-09session: Use SSH_BUFFER_FREE()Andreas Schneider1-5/+5
Fixes T183 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-12-09session: Use SSH_STRING_FREE()Andreas Schneider1-2/+2
Fixes T183 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-11-18Use only one variable denoting the size of methods arraysJakub Jelen1-1/+1
Previously, there was non-consistent usage of constans SSH_KEX_METHODS, KEX_METHODS_SIZE and of magic number 10 to reference the arrays used for algorithm negotiation by peers. This commit settles down to the single constant and its usage throughout the whole codebase. Fixes T195 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-11-18session: Initialize states explicitlyAnderson Toshiyuki Sasaki1-0/+10
In ssh_session_new(), initialize the state machines states explicitly for better readability. Fixes T194 Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-11-18session: Reformat ssh_new()Anderson Toshiyuki Sasaki1-45/+51
Fixes T194 Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-06-13session: OpenSSH is using SHA256 fingerprints nowJakub Jelen1-1/+1
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-06-12session: Do not use MD5 in FIPS modeAnderson Toshiyuki Sasaki1-2/+21
Do not use MD5 when generating fingerprints in FIPS mode. The call will fail in such case. The test suite was updated with a negative test for this case. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-02-22Add flag for tracking EtM HMACsDirkjan Bussink1-2/+2
This adds a flag to the type structures to track if we use a Encrypt-then-MAC cipher instead of Encrypt-and-MAC. EtM is a more secure hashing mechanism. Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com> Reviewed-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-01-30session: Repects timeout=0 for packets on blocking sessionsTill Wimmer1-1/+1
Signed-off-by: Till Wimmer <g4-lisz@tonarchiv.ch> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-25session: Initialize allocated memoryAndreas Schneider1-3/+3
Found by MemorySanitizer. Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-24dh: move unrelated functions out of dh.cAris Adamantiadis1-0/+234
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-09packet: Implement rekeying based on the recommendation from RFC'sJakub Jelen1-2/+15
The default rekeying recommendations are specified in RFC4344 Section 3 (First and Second Rekeying Recommendations). Additionally, the rekeying can be specified in configuration file/options allowing us to turn the rekeying off, base it on time or make it more strict. The code is highly inspired by the OpenSSH rekeying code. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Daiki Ueno <dueno@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-12-07session: Check the session timeout and use it if setAndreas Schneider1-19/+25
This checks if a timeout has been set using ssh_options_set(). If it has been set it will use that parametr by default for blocking sessions. This is at least what users are expecting. Fixes T33 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-12-07session: Use long for the timeoutAndreas Schneider1-1/+1
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-12-07config: Get rid of the dynamic seen arrayJakub Jelen1-1/+0
* This makes the array constant in the session structure, avoiding allocations and frees while parsing the file * It also drops passing the seen array to all the functions, because it is already part of the passed session * The test cases are adjusted to match these changes Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-11-23session: Reformat ssh_{set,is}_blockingJakub Jelen1-8/+10
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-11-02config: Preserve the seen array among invocationsJakub Jelen1-0/+1
This follows the OpenSSH behavior of parsing subseqent configuration files, while applying only the first option. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>