static void torture_algorithms_zlib(void **state) {
ssh_session session = *state;
int rc;
rc = ssh_options_set(session,SSH_OPTIONS_HOST,"localhost");
assert_true(rc == SSH_OK);
rc = ssh_options_set(session, SSH_OPTIONS_COMPRESSION_C_S, "zlib");
assert_true(rc == SSH_OK);
rc = ssh_options_set(session, SSH_OPTIONS_COMPRESSION_S_C, "zlib");
assert_true(rc == SSH_OK);
rc = ssh_connect(session);
if (ssh_get_openssh_version(session)) {
assert_false(rc == SSH_OK);
} else {
assert_true(rc == SSH_OK);
rc = ssh_userauth_none(session, NULL);
if (rc != SSH_OK) {
rc = ssh_get_error_code(session);
assert_true(rc == SSH_REQUEST_DENIED);
}
}
ssh_disconnect(session);
}
static void torture_algorithms_zlib_openssh(void **state) {
struct torture_state *s = *state;
ssh_session session = s->ssh.session;
int rc;
rc = ssh_options_set(session, SSH_OPTIONS_COMPRESSION_C_S, "*****@*****.**");
#ifdef WITH_ZLIB
assert_int_equal(rc, SSH_OK);
#else
assert_int_equal(rc, SSH_ERROR);
#endif
rc = ssh_options_set(session, SSH_OPTIONS_COMPRESSION_S_C, "*****@*****.**");
#ifdef WITH_ZLIB
assert_int_equal(rc, SSH_OK);
#else
assert_int_equal(rc, SSH_ERROR);
#endif
rc = ssh_connect(session);
#ifdef WITH_ZLIB
if (ssh_get_openssh_version(session)) {
assert_true(rc==SSH_OK);
rc = ssh_userauth_none(session, NULL);
if (rc != SSH_OK) {
rc = ssh_get_error_code(session);
assert_int_equal(rc, SSH_REQUEST_DENIED);
}
ssh_disconnect(session);
return;
}
assert_false(rc == SSH_OK);
#else
assert_int_equal(rc, SSH_OK);
#endif
ssh_disconnect(session);
}
int
ssh_connect_p (char *haddr, int hport, char *remote_version, char * remote_fingerprint)
{
struct timeval tv;
double elapsed_time;
ssh_session my_ssh_session;
int version;
int myversion;
int hlen;
int rc;
int state;
int i;
unsigned char *hash = NULL;
char * fingerprint;
int in_known_host;
int sshv1,sshv2,sshv3;
gettimeofday(&tv, NULL);
my_ssh_session = ssh_new();
if (my_ssh_session == NULL)
return STATE_CRITICAL;
ssh_options_set(my_ssh_session, SSH_OPTIONS_HOST, haddr);
ssh_options_set(my_ssh_session, SSH_OPTIONS_PORT, &hport);
rc = ssh_connect(my_ssh_session);
if (rc != SSH_OK) {
printf ("Connect to Server failed\n");
exit (STATE_CRITICAL);
}
in_known_host=-1;
state = ssh_is_server_known(my_ssh_session);
hlen = ssh_get_pubkey_hash(my_ssh_session, &hash);
/* Get the finger print as a string */
fingerprint = ssh_get_hexa(hash, hlen);
if(remote_fingerprint && strcmp(remote_fingerprint, "known_host") == NULL) {
if(state != SSH_SERVER_KNOWN_OK) {
printf ("SSH CRITICAL - Fingerprint (%s) checked in known_hosts failed\n", remote_fingerprint,fingerprint);
exit(STATE_CRITICAL);
} else {
in_known_host=1;
}
}
/* FIXME: This alwats eval to false... */
if(remote_fingerprint && strcmp(remote_fingerprint, "known_host") && strcmp(remote_fingerprint, fingerprint)) {
printf ("SSH CRITICAL - Fingerprint (%s) mismatched %s\n", remote_fingerprint,fingerprint);
free(fingerprint);
exit(STATE_CRITICAL);
}
version = ssh_get_openssh_version(my_ssh_session);
if(remote_version && sscanf(remote_version, "%d.%d.%d", &sshv1, &sshv2, &sshv3)) {
myversion = SSH_VERSION_INT(sshv1, sshv2, sshv3);
if(version < myversion) {
printf ("SSH WARNING version on server is below %s\n", remote_version);
exit(STATE_CRITICAL);
}
}
elapsed_time = (double)deltime(tv) / 1.0e6;
printf (_("SSH OK - fingerprint: %s (Version %d) known_host_check:%d | %s\n"),
fingerprint, version,in_known_host, fperfdata("time", elapsed_time, "s",
FALSE, 0, FALSE, 0, TRUE, 0, TRUE, (int)socket_timeout));
free(fingerprint);
ssh_disconnect(my_ssh_session);
ssh_free(my_ssh_session);
exit(STATE_OK);
}
