From b2d0d13a2d6709c740453ee3ff32bc37160cc331 Mon Sep 17 00:00:00 2001 From: Jean-Philippe Garcia Ballester Date: Sun, 9 Jul 2006 10:36:44 +0000 Subject: Add ssh_finalize to handle finalization of libssh and underlying cryptographic library. Add corresponding paragraph in API draft. git-svn-id: svn+ssh://svn.berlios.de/svnroot/repos/libssh/trunk@75 7dcaeef0-15fb-0310-b436-a5af3365683c --- doc/libssh-0.2-api-1.txt | 15 +++++++++++++++ libssh/Makefile.in | 2 +- libssh/init.c | 34 ++++++++++++++++++++++++++++++++++ libssh/libssh.vers | 2 +- sample.c | 8 ++++++++ samplesshd.c | 3 +++ 6 files changed, 62 insertions(+), 2 deletions(-) create mode 100644 libssh/init.c diff --git a/doc/libssh-0.2-api-1.txt b/doc/libssh-0.2-api-1.txt index ff35b392..22d08e58 100644 --- a/doc/libssh-0.2-api-1.txt +++ b/doc/libssh-0.2-api-1.txt @@ -48,6 +48,19 @@ things that each kind of object must do. B. Description of objects and functions +Initialization and finalization +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Initialization is for now called automatically, so you don't have to take care +of that. +As for finalization, we need to finalize the underlying cryptographic library +(either OpenSSL or libgcrypt). Be sure that you call ssh_finalize when this +library won't be used anymore, even by other libraries (i.e. if you use libssh +and another library that uses OpenSSL, call ssh_finalize when any function of +both these libraries won't be called). +If you trust your operating system to clean up the mess after a process +terminates, you can skip this call. + Options structure ~~~~~~~~~~~~~~~~~ @@ -351,6 +364,8 @@ channel functions will run. C. Change log of this document +3. Add paragraph about initalization and finalization. + 2. ssh_options_set_username finaly is kept into the options, because it can be set by ssh_options_getopt() diff --git a/libssh/Makefile.in b/libssh/Makefile.in index 5b28caaf..28f919f0 100644 --- a/libssh/Makefile.in +++ b/libssh/Makefile.in @@ -3,7 +3,7 @@ OBJECTS= client.o packet.o dh.o crypt.o connect.o error.o buffer.o \ string.o kex.o channels.o options.o keys.o auth.o base64.o \ keyfiles.o misc.o gzip.o wrapper.o sftp.o server.o crc32.o \ session.o messages.o channels1.o auth1.o sftpserver.o \ - gcrypt_missing.o + gcrypt_missing.o init.o SHELL = /bin/sh VPATH = @srcdir@ diff --git a/libssh/init.c b/libssh/init.c new file mode 100644 index 00000000..e7f27bc1 --- /dev/null +++ b/libssh/init.c @@ -0,0 +1,34 @@ +/* init.c */ +/* This file handles initialization and finalization of the library */ + +/* +Copyright 2003,04,06 Aris Adamantiadis + +This file is part of the SSH Library + +The SSH Library is free software; you can redistribute it and/or modify +it under the terms of the GNU Lesser General Public License as published by +the Free Software Foundation; either version 2.1 of the License, or (at your +option) any later version. + +The SSH Library is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY +or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public +License for more details. + +You should have received a copy of the GNU Lesser General Public License +along with the SSH Library; see the file COPYING. If not, write to +the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, +MA 02111-1307, USA. */ + +#include "libssh/priv.h" + +int ssh_finalize() +{ +#ifdef HAVE_LIBGCRYPT + gcry_control(GCRYCTL_TERM_SECMEM); +#elif defined HAVE_LIBCRYPTO + EVP_cleanup(); +#endif + return 0; +} diff --git a/libssh/libssh.vers b/libssh/libssh.vers index a1bc8580..61665365 100644 --- a/libssh/libssh.vers +++ b/libssh/libssh.vers @@ -3,7 +3,7 @@ SSH_0.2 { ssh_get_error; ssh_get_error_code; ssh_say; ssh_set_verbosity; ssh_new; ssh_set_options; ssh_get_fd; ssh_silent_disconnect; ssh_connect; ssh_disconnect; ssh_service_request; ssh_get_issue_banner; - ssh_copyright; ssh_get_version; + ssh_copyright; ssh_get_version; ssh_finalize; ssh_set_fd_toread; ssh_set_fd_towrite; ssh_set_fd_except; string_from_char; string_len; string_new; string_fill; string_to_char; string_copy; string_burn; string_data; diff --git a/sample.c b/sample.c index 7491d73a..37af237d 100644 --- a/sample.c +++ b/sample.c @@ -391,6 +391,7 @@ int main(int argc, char **argv){ if(ssh_connect(session)){ fprintf(stderr,"Connection failed : %s\n",ssh_get_error(session)); ssh_disconnect(session); + ssh_finalize(); return 1; } state=ssh_is_server_known(session); @@ -403,6 +404,7 @@ int main(int argc, char **argv){ ssh_print_hexa("Public key hash",hash,MD5_DIGEST_LEN); fprintf(stderr,"For security reason, connection will be stopped\n"); ssh_disconnect(session); + ssh_finalize(); exit(-1); case SSH_SERVER_FOUND_OTHER: fprintf(stderr,"The host key for this server was not found but an other type of key exists.\n"); @@ -410,6 +412,7 @@ int main(int argc, char **argv){ "into thinking the key does not exist\n" "We advise you to rerun the client with -d or -r for more safety.\n"); ssh_disconnect(session); + ssh_finalize(); exit(-1); case SSH_SERVER_NOT_KNOWN: fprintf(stderr,"The server is unknown. Do you trust the host key ?\n"); @@ -431,6 +434,7 @@ int main(int argc, char **argv){ case SSH_SERVER_ERROR: fprintf(stderr,"%s",ssh_get_error(session)); ssh_disconnect(session); + ssh_finalize(); exit(-1); } @@ -438,6 +442,7 @@ int main(int argc, char **argv){ auth=ssh_userauth_autopubkey(session); if(auth==SSH_AUTH_ERROR){ fprintf(stderr,"Authenticating with pubkey: %s\n",ssh_get_error(session)); + ssh_finalize(); return -1; } banner=ssh_get_issue_banner(session); @@ -450,6 +455,7 @@ int main(int argc, char **argv){ if(auth==SSH_AUTH_ERROR){ fprintf(stderr,"authenticating with keyb-interactive: %s\n", ssh_get_error(session)); + ssh_finalize(); return -1; } } @@ -458,6 +464,7 @@ int main(int argc, char **argv){ if(ssh_userauth_password(session,NULL,password) != SSH_AUTH_SUCCESS){ fprintf(stderr,"Authentication failed: %s\n",ssh_get_error(session)); ssh_disconnect(session); + ssh_finalize(); return -1; } memset(password,0,strlen(password)); @@ -479,6 +486,7 @@ int main(int argc, char **argv){ if(!sftp && !cmds[0]) do_cleanup(); ssh_disconnect(session); + ssh_finalize(); return 0; } diff --git a/samplesshd.c b/samplesshd.c index d51ac318..fe45562b 100644 --- a/samplesshd.c +++ b/samplesshd.c @@ -94,6 +94,7 @@ int main(int argc, char **argv){ } while (!auth); if(!auth){ printf("error : %s\n",ssh_get_error(session)); + ssh_finalize(); return 1; } do { @@ -113,6 +114,7 @@ int main(int argc, char **argv){ } while(message && !chan); if(!chan){ printf("error : %s\n",ssh_get_error(session)); + ssh_finalize(); return 1; } do { @@ -142,6 +144,7 @@ int main(int argc, char **argv){ write(1,buffer_get(buf),buffer_get_len(buf)); } while (i>0); ssh_disconnect(session); + ssh_finalize(); return 0; } -- cgit v1.2.3