/* Should work until Apnic decides to assign it :) */
#define BLACKHOLE "1.1.1.1"
static int sshd_setup(void **state)
{
torture_setup_sshd_server(state);
return 0;
}
static int sshd_teardown(void **state) {
torture_teardown_sshd_server(state);
return 0;
}
static int session_setup(void **state)
{
struct torture_state *s = *state;
int verbosity = torture_libssh_verbosity();
struct passwd *pwd;
int rc;
pwd = getpwnam("bob");
assert_non_null(pwd);
rc = setuid(pwd->pw_uid);
assert_return_code(rc, errno);
s->ssh.session = ssh_new();
assert_non_null(s->ssh.session);
ssh_options_set(s->ssh.session, SSH_OPTIONS_LOG_VERBOSITY, &verbosity);
return 0;
}
static int session_teardown(void **state)
{
struct torture_state *s = *state;
ssh_disconnect(s->ssh.session);
ssh_free(s->ssh.session);
return 0;
}
static void torture_connect_nonblocking(void **state) {
struct torture_state *s = *state;
ssh_session session = s->ssh.session;
int rc;
rc = ssh_options_set(session, SSH_OPTIONS_HOST, TORTURE_SSH_SERVER);
assert_true(rc == SSH_OK);
ssh_set_blocking(session,0);
do {
rc = ssh_connect(session);
assert_true(rc != SSH_ERROR);
} while(rc == SSH_AGAIN);
assert_true(rc == SSH_OK);
}
#if 0 /* This does not work with socket_wrapper */
static void torture_connect_timeout(void **state) {
struct torture_state *s = *state;
ssh_session session = s->ssh.session;
struct timeval before, after;
int rc;
long timeout = 2;
time_t sec;
suseconds_t usec;
rc = ssh_options_set(session, SSH_OPTIONS_HOST, BLACKHOLE);
assert_true(rc == SSH_OK);
rc = ssh_options_set(session, SSH_OPTIONS_TIMEOUT, &timeout);
assert_true(rc == SSH_OK);
rc = gettimeofday(&before, NULL);
assert_true(rc == 0);
rc = ssh_connect(session);
assert_true(rc == SSH_ERROR);
rc = gettimeofday(&after, NULL);
assert_true(rc == 0);
sec = after.tv_sec - before.tv_sec;
usec = after.tv_usec - before.tv_usec;
/* Borrow a second for the missing usecs, but don't bother calculating */
if (usec < 0)
sec--;
assert_in_range(sec, 1, 3);
}
static int session_setup(void **state)
{
struct torture_state *s = *state;
int verbosity = torture_libssh_verbosity();
struct passwd *pwd;
int rc;
pwd = getpwnam("bob");
assert_non_null(pwd);
rc = setuid(pwd->pw_uid);
assert_return_code(rc, errno);
s->ssh.session = ssh_new();
assert_non_null(s->ssh.session);
rc = ssh_options_set(s->ssh.session, SSH_OPTIONS_LOG_VERBOSITY, &verbosity);
assert_ssh_return_code(s->ssh.session, rc);
rc = ssh_options_set(s->ssh.session, SSH_OPTIONS_HOST, TORTURE_SSH_SERVER);
assert_ssh_return_code(s->ssh.session, rc);
rc = ssh_options_set(s->ssh.session,
SSH_OPTIONS_USER,
TORTURE_SSH_USER_ALICE);
assert_ssh_return_code(s->ssh.session, rc);
return 0;
}
static void torture_knownhosts_other(void **state)
{
struct torture_state *s = *state;
ssh_session session = s->ssh.session;
char known_hosts_file[1024] = {0};
enum ssh_known_hosts_e found;
FILE *file = NULL;
int rc;
snprintf(known_hosts_file,
sizeof(known_hosts_file),
"%s/%s",
s->socket_dir,
TORTURE_KNOWN_HOSTS_FILE);
rc = ssh_options_set(session, SSH_OPTIONS_KNOWNHOSTS, known_hosts_file);
assert_ssh_return_code(session, rc);
rc = ssh_options_set(session, SSH_OPTIONS_HOSTKEYS, "ssh-ed25519");
assert_ssh_return_code(session, rc);
file = fopen(known_hosts_file, "w");
assert_non_null(file);
fprintf(file,
"127.0.0.10 %s\n",
torture_get_testkey_pub(SSH_KEYTYPE_RSA));
fclose(file);
rc = ssh_connect(session);
assert_ssh_return_code(session, rc);
found = ssh_session_is_known_server(session);
assert_int_equal(found, SSH_KNOWN_HOSTS_OTHER);
}
gboolean
remmina_ssh_init_session (RemminaSSH *ssh)
{
gint verbosity;
ssh->callback = g_new0 (struct ssh_callbacks_struct, 1);
ssh->callback->userdata = ssh;
/* Init & startup the SSH session */
ssh->session = ssh_new ();
ssh_options_set (ssh->session, SSH_OPTIONS_HOST, ssh->server);
ssh_options_set (ssh->session, SSH_OPTIONS_PORT, &ssh->port);
ssh_options_set (ssh->session, SSH_OPTIONS_USER, ssh->user);
if (remmina_log_running ())
{
verbosity = SSH_LOG_RARE;
ssh_options_set (ssh->session, SSH_OPTIONS_LOG_VERBOSITY, &verbosity);
ssh->callback->log_function = remmina_ssh_log_callback;
}
ssh_callbacks_init (ssh->callback);
ssh_set_callbacks(ssh->session, ssh->callback);
if (ssh_connect (ssh->session))
{
remmina_ssh_set_error (ssh, _("Failed to startup SSH session: %s"));
return FALSE;
}
/* Try the "none" authentication */
if (ssh_userauth_none (ssh->session, NULL) == SSH_AUTH_SUCCESS)
{
ssh->authenticated = TRUE;
}
return TRUE;
}
static int session_setup(void **state)
{
struct torture_state *s = *state;
int verbosity = torture_libssh_verbosity();
struct passwd *pwd;
bool b = false;
int rc;
pwd = getpwnam("bob");
assert_non_null(pwd);
rc = setuid(pwd->pw_uid);
assert_return_code(rc, errno);
s->ssh.session = ssh_new();
assert_non_null(s->ssh.session);
ssh_options_set(s->ssh.session, SSH_OPTIONS_LOG_VERBOSITY, &verbosity);
ssh_options_set(s->ssh.session, SSH_OPTIONS_HOST, TORTURE_SSH_SERVER);
/* Make sure no other configuration options from system will get used */
rc = ssh_options_set(s->ssh.session, SSH_OPTIONS_PROCESS_CONFIG, &b);
assert_ssh_return_code(s->ssh.session, rc);
return 0;
}
int ssh_login(const char *user, const char *passwd){
ssh_session ssh_id;
int ret = 0;
printf("[*] testing => %s:%s:%s\n", target, user, passwd);
ssh_id = ssh_new();
ssh_options_set(ssh_id, SSH_OPTIONS_HOST, target);
ssh_options_set(ssh_id, SSH_OPTIONS_USER, user);
if(ssh_connect(ssh_id) != SSH_OK){
goto end;
}
if(ssh_userauth_password(ssh_id, NULL, passwd) != SSH_AUTH_SUCCESS){
goto end;
}
printf("\n\n\tCracked --> [%s : %s]\n\n", user, passwd);
ret = 1;
end:
ssh_disconnect(ssh_id);
ssh_free(ssh_id);
return ret;
}
static void torture_options_set_user(void **state) {
ssh_session session = *state;
int rc;
#ifndef _WIN32
# ifndef NSS_BUFLEN_PASSWD
# define NSS_BUFLEN_PASSWD 4096
# endif /* NSS_BUFLEN_PASSWD */
struct passwd pwd;
struct passwd *pwdbuf;
char buf[NSS_BUFLEN_PASSWD];
/* get local username */
rc = getpwuid_r(getuid(), &pwd, buf, NSS_BUFLEN_PASSWD, &pwdbuf);
assert_true(rc == 0);
#endif /* _WIN32 */
rc = ssh_options_set(session, SSH_OPTIONS_USER, "guru");
assert_true(rc == 0);
assert_string_equal(session->opts.username, "guru");
rc = ssh_options_set(session, SSH_OPTIONS_USER, NULL);
assert_true(rc == 0);
#ifndef _WIN32
assert_string_equal(session->opts.username, pwd.pw_name);
#endif
}
static void test_algorithm(ssh_session session, const char *algo, const char *hmac) {
int rc;
rc = ssh_options_set(session, SSH_OPTIONS_CIPHERS_C_S, algo);
assert_int_equal(rc, SSH_OK);
rc = ssh_options_set(session, SSH_OPTIONS_CIPHERS_S_C, algo);
assert_int_equal(rc, SSH_OK);
rc = ssh_options_set(session, SSH_OPTIONS_HMAC_C_S, hmac);
assert_int_equal(rc, SSH_OK);
rc = ssh_options_set(session, SSH_OPTIONS_HMAC_S_C, hmac);
assert_int_equal(rc, SSH_OK);
rc = ssh_connect(session);
assert_int_equal(rc, SSH_OK);
rc = ssh_userauth_none(session, NULL);
if (rc != SSH_OK) {
rc = ssh_get_error_code(session);
assert_int_equal(rc, SSH_REQUEST_DENIED);
}
ssh_disconnect(session);
}
int main()
{
ssh_session my_ssh_session;
int rc;
int port = 22;
my_ssh_session = ssh_new();
if(my_ssh_session == NULL)
exit(-1);
ssh_options_set(my_ssh_session, SSH_OPTIONS_HOST, "localhost");
ssh_options_set(my_ssh_session, SSH_OPTIONS_PORT, &port);
ssh_options_set(my_ssh_session, SSH_OPTIONS_USER, "root");
rc = ssh_connect(my_ssh_session);
if(rc != SSH_OK)
{
fprintf(stderr, "Error connecting to localhost: %s\n", ssh_get_error(my_ssh_session));
exit(-1);
}
scp_write(my_ssh_session);
ssh_disconnect(my_ssh_session);
ssh_free(my_ssh_session);
}
static void torture_algorithms_zlib(void **state) {
ssh_session session = *state;
int rc;
rc = ssh_options_set(session,SSH_OPTIONS_HOST,"localhost");
assert_true(rc == SSH_OK);
rc = ssh_options_set(session, SSH_OPTIONS_COMPRESSION_C_S, "zlib");
assert_true(rc == SSH_OK);
rc = ssh_options_set(session, SSH_OPTIONS_COMPRESSION_S_C, "zlib");
assert_true(rc == SSH_OK);
rc = ssh_connect(session);
if (ssh_get_openssh_version(session)) {
assert_false(rc == SSH_OK);
} else {
assert_true(rc == SSH_OK);
rc = ssh_userauth_none(session, NULL);
if (rc != SSH_OK) {
rc = ssh_get_error_code(session);
assert_true(rc == SSH_REQUEST_DENIED);
}
}
ssh_disconnect(session);
}
SSH::SSH(const std::string& host, const std::string& user, const std::string& pass, const std::string port):
host_(host),user_(user),pass_(pass),sftp_(0) {
std::string timeout = getEnv(envTIMEOUT);
timeout_ = atol(timeout.c_str());
if (timeout_ == 0) {
throw Error(1, "Timeout Environmental Variable must be a positive integer.");
}
session_ = ssh_new();
if (session_ == NULL) {
throw Error(1, "Unable to create the the ssh session");
}
// try to connect
ssh_options_set(session_, SSH_OPTIONS_HOST, host_.c_str());
ssh_options_set(session_, SSH_OPTIONS_USER, user_.c_str());
ssh_options_set(session_, SSH_OPTIONS_TIMEOUT, &timeout_);
if (port != "") ssh_options_set(session_, SSH_OPTIONS_PORT_STR, port.c_str());
if (ssh_connect(session_) != SSH_OK) {
throw Error(1, ssh_get_error(session_));
}
// Authentication
if (ssh_userauth_password(session_, NULL, pass_.c_str()) != SSH_AUTH_SUCCESS) {
throw Error(1, ssh_get_error(session_));
}
}
void
Session::connect() {
if (this->c_session != NULL) {
this->disconnect();
}
this->c_session = ssh_new();
if (this->c_session == NULL) {
throw std::runtime_error("Cannot start session");
}
ssh_options_set(this->c_session, SSH_OPTIONS_HOST, this->hostname.c_str());
ssh_options_set(this->c_session, SSH_OPTIONS_PORT, &this->port);
int rc = ssh_connect(this->c_session);
if (rc != SSH_OK) {
fprintf(stderr, "Error connecting to localhost: %s\n", ssh_get_error(this->c_session));
throw std::runtime_error("Cannot connect to server");
}
if (this->password_auth) {
rc = ssh_userauth_password(this->c_session, NULL, this->password.c_str());
if (rc != SSH_AUTH_SUCCESS) {
throw std::runtime_error("Cannot authenticate with server");
}
} else {
rc = ssh_userauth_autopubkey(this->c_session, NULL);
if (rc != SSH_AUTH_SUCCESS) {
throw std::runtime_error("Cannot authenticate with server");
}
}
}
static void torture_knownhosts_unknown(void **state)
{
struct torture_state *s = *state;
ssh_session session = s->ssh.session;
char known_hosts_file[1024] = {0};
enum ssh_known_hosts_e found;
int rc;
snprintf(known_hosts_file,
sizeof(known_hosts_file),
"%s/%s",
s->socket_dir,
TORTURE_KNOWN_HOSTS_FILE);
rc = ssh_options_set(session, SSH_OPTIONS_KNOWNHOSTS, known_hosts_file);
assert_ssh_return_code(session, rc);
rc = ssh_options_set(session, SSH_OPTIONS_HOSTKEYS, "ssh-ed25519");
assert_ssh_return_code(session, rc);
rc = ssh_connect(session);
assert_ssh_return_code(session, rc);
found = ssh_session_is_known_server(session);
assert_int_equal(found, SSH_KNOWN_HOSTS_UNKNOWN);
rc = ssh_session_update_known_hosts(session);
assert_ssh_return_code(session, rc);
ssh_disconnect(session);
ssh_free(session);
/* connect again and check host key */
session = ssh_new();
assert_non_null(session);
s->ssh.session = session;
rc = ssh_options_set(s->ssh.session, SSH_OPTIONS_HOST, TORTURE_SSH_SERVER);
assert_ssh_return_code(s->ssh.session, rc);
rc = ssh_options_set(s->ssh.session,
SSH_OPTIONS_USER,
TORTURE_SSH_USER_ALICE);
assert_ssh_return_code(s->ssh.session, rc);
rc = ssh_options_set(session, SSH_OPTIONS_KNOWNHOSTS, known_hosts_file);
assert_ssh_return_code(session, rc);
rc = ssh_connect(session);
assert_ssh_return_code(session, rc);
/* ssh-rsa is the default but libssh should try ssh-ed25519 instead */
found = ssh_session_is_known_server(session);
assert_int_equal(found, SSH_KNOWN_HOSTS_OK);
/* session will be freed by session_teardown() */
}
/**
* Initialize the connection of the server
* @param QString server the address of the SSH server
* @param QString login the login for the SSH server
* @param int port the port of the SSH server
* @return bool true if it's ok, false else
*/
bool Kssh::launch_connect(QString server, QString login, int port)
{
#ifdef DEBUG
int log = SSH_LOG_FUNCTIONS;
#else
int log = SSH_LOG_NOLOG;
#endif
// define the log level
if (ssh_options_set(this->m_session, SSH_OPTIONS_LOG_VERBOSITY, &log) < 0) {
#ifdef DEBUG
Klog::debug("impossible to set SSH_OPTIONS_LOG_VERBOSITY");
#endif
return false;
}
// define the login
if (ssh_options_set(this->m_session, SSH_OPTIONS_USER, login.toStdString().data()) < 0) {
#ifdef DEBUG
Klog::debug("impossible to set SSH_OPTIONS_USER");
#endif
return false;
}
// define the host
if (ssh_options_set(this->m_session, SSH_OPTIONS_HOST, server.toStdString().data()) < 0) {
#ifdef DEBUG
Klog::debug("impossible to set SSH_OPTIONS_HOST");
#endif
return false;
}
// define the port
if (ssh_options_set(this->m_session, SSH_OPTIONS_PORT, &port) < 0) {
#ifdef DEBUG
Klog::debug("impossible to set SSH_OPTIONS_PORT");
#endif
return false;
}
// define the knownhosts filename
QString known_hosts = Kconfig::getKnownHosts();
if (ssh_options_set(this->m_session, SSH_OPTIONS_KNOWNHOSTS, known_hosts.toStdString().data()) < 0) {
#ifdef DEBUG
Klog::debug("impossible to set SSH_OPTIONS_KNOWNHOSTS");
#endif
return false;
}
// launch the connection
if (ssh_connect(this->m_session) == SSH_ERROR) {
Klog::error(QString("Connection failed : ") + QString(ssh_get_error(this->m_session)));
this->disconnect();
return false;
}
return true;
}
static void setup(void **state) {
int verbosity = torture_libssh_verbosity();
ssh_session session = ssh_new();
ssh_options_set(session, SSH_OPTIONS_HOST, "localhost");
ssh_options_set(session, SSH_OPTIONS_LOG_VERBOSITY, &verbosity);
*state = session;
}
int connect_ssh_session(const char* user, const char* host) {
ssh_options_set(my_ssh_session, SSH_OPTIONS_USER, user);
ssh_options_set(my_ssh_session, SSH_OPTIONS_HOST, host);
int ret = ssh_connect(my_ssh_session);
if (ret != SSH_OK) {
fprintf(stderr, "Error connecting to %s: %s\n", host,
ssh_get_error(my_ssh_session));
}
return ret;
}
static int client(ssh_session_t *session)
{
int auth=0;
char *banner;
int state;
if (user)
{
if (ssh_options_set(session, SSH_OPTIONS_USER, user) < 0)
{
return -1;
}
}
if (ssh_options_set(session, SSH_OPTIONS_HOST ,host) < 0)
{
return -1;
}
if (proxycommand != NULL)
{
if(ssh_options_set(session, SSH_OPTIONS_PROXYCOMMAND, proxycommand))
{
return -1;
}
}
ssh_options_parse_config(session, NULL);
if(ssh_connect(session))
{
fprintf(stderr,"Connection failed : %s\n",ssh_get_error(session));
return -1;
}
state = verify_knownhost(session);
if (state != 0)
{
return -1;
}
ssh_userauth_none(session, NULL);
banner = ssh_get_issue_banner(session);
if(banner)
{
printf("%s\n", banner);
free(banner);
}
auth = authenticate_console(session);
if(auth != SSH_AUTH_SUCCESS)
{
return -1;
}
if(!cmds[0]) {
shell(session);
} else {
batch_shell(session);
}
return 0;
}
ssh_session sn_ssh_get_session(int verbosity) {
ssh_session s = ssh_new();
if (!s) {
std::cerr << "[ssh\tfail] Error getting SSH session object." << std::endl;
exit(ERR_NO_SSH_SESSION);
}
ssh_options_set(s, SSH_OPTIONS_HOST, "segfault.party");
ssh_options_set(s, SSH_OPTIONS_USER, "bots");
ssh_options_set(s, SSH_OPTIONS_LOG_VERBOSITY, &verbosity);
return s;
}
static int session_setup(void **state)
{
struct torture_state *s = *state;
int verbosity = torture_libssh_verbosity();
s->ssh.session = ssh_new();
assert_non_null(s->ssh.session);
ssh_options_set(s->ssh.session, SSH_OPTIONS_LOG_VERBOSITY, &verbosity);
ssh_options_set(s->ssh.session, SSH_OPTIONS_HOST, TORTURE_SSH_SERVER);
return 0;
}
static void torture_options_set_host(void **state) {
ssh_session session = *state;
int rc;
rc = ssh_options_set(session, SSH_OPTIONS_HOST, "localhost");
assert_true(rc == 0);
assert_string_equal(session->opts.host, "localhost");
rc = ssh_options_set(session, SSH_OPTIONS_HOST, "guru@meditation");
assert_true(rc == 0);
assert_string_equal(session->opts.host, "meditation");
assert_string_equal(session->opts.username, "guru");
}
static void torture_options_set_fd(void **state) {
ssh_session session = *state;
socket_t fd = 42;
int rc;
rc = ssh_options_set(session, SSH_OPTIONS_FD, &fd);
assert_true(rc == 0);
assert_true(session->opts.fd == fd);
rc = ssh_options_set(session, SSH_OPTIONS_FD, NULL);
assert_true(rc == SSH_ERROR);
assert_true(session->opts.fd == SSH_INVALID_SOCKET);
}
static void
cockpit_ssh_transport_set_property (GObject *obj,
guint prop_id,
const GValue *value,
GParamSpec *pspec)
{
CockpitSshTransport *self = COCKPIT_SSH_TRANSPORT (obj);
const gchar *string;
int port;
switch (prop_id)
{
case PROP_HOST:
self->logname = g_value_dup_string (value);
self->data->logname = self->logname;
g_warn_if_fail (ssh_options_set (self->data->session, SSH_OPTIONS_HOST,
g_value_get_string (value)) == 0);
break;
case PROP_PORT:
port = g_value_get_uint (value);
if (port == 0)
port = 22;
g_warn_if_fail (ssh_options_set (self->data->session, SSH_OPTIONS_PORT, &port) == 0);
break;
case PROP_KNOWN_HOSTS:
string = g_value_get_string (value);
if (string == NULL)
string = PACKAGE_LOCALSTATE_DIR "/lib/cockpit/known_hosts";
ssh_options_set (self->data->session, SSH_OPTIONS_KNOWNHOSTS, string);
self->data->knownhosts_file = g_strdup (string);
break;
case PROP_CREDS:
self->data->creds = g_value_dup_boxed (value);
break;
case PROP_COMMAND:
string = g_value_get_string (value);
if (string == NULL)
string = "cockpit-bridge";
self->data->command = g_strdup (string);
break;
case PROP_HOST_KEY:
self->data->expect_key = g_value_dup_string (value);
break;
case PROP_IGNORE_KEY:
self->data->ignore_key = g_value_get_boolean (value);
break;
default:
G_OBJECT_WARN_INVALID_PROPERTY_ID (obj, prop_id, pspec);
break;
}
}
// TODO: remove this obsolete
static int client(ssh_session session)
{
int auth=0;
int state;
if (user)
if (ssh_options_set(session, SSH_OPTIONS_USER, user) < 0)
return -1;
if (ssh_options_set(session, SSH_OPTIONS_HOST ,host) < 0)
return -1;
if (proxycommand != NULL)
{
if(ssh_options_set(session, SSH_OPTIONS_PROXYCOMMAND, proxycommand))
return -1;
}
ssh_options_parse_config(session, NULL);
if(ssh_connect(session))
{
fprintf(stderr,"Connection failed : %s\n",ssh_get_error(session));
return -1;
}
state=verify_knownhost(session);
if (state != 0)
return -1;
ssh_userauth_none(session, NULL);
auth=authenticate_console(session);
if(auth != SSH_AUTH_SUCCESS)
{
return -1;
}
shell(session);
return 0;
}
ssh_session connect_ssh(const char *host, const char *user,int verbosity)
{
ssh_session session;
int auth=0;
session=ssh_new();
if(session==NULL) return(NULL);
if(user!=NULL)
{
if(ssh_options_set(session,SSH_OPTIONS_USER,user)<0)
{
ssh_free(session);
return NULL;
}
}
if(ssh_options_set(session,SSH_OPTIONS_HOST,host)<0)
{
ssh_free(session);
return(NULL);
}
ssh_options_set(session,SSH_OPTIONS_LOG_VERBOSITY,&verbosity);
if(ssh_connect(session))
{
prterr("Connection failed : %s\n",ssh_get_error(session));
ssh_disconnect(session);
ssh_free(session);
return(NULL);
}
if(verify_knownhost(session)<0)
{
ssh_disconnect(session);
ssh_free(session);
return(NULL);
}
auth=authenticate_console(session);
if(auth==SSH_AUTH_SUCCESS)
{
return(session);
} else if(auth==SSH_AUTH_DENIED)
{
prterr("Error: Authentication failed.");
} else {
prterr("Error while authenticating : %s\n",ssh_get_error(session));
}
ssh_disconnect(session);
ssh_free(session);
return(NULL);
}
// Connect to a SSH server.
// When the connection is established, read data from stdin and send it to the server.
void client_pipe(char *host, int port)
{
ssh_session s = ssh_new();
ssh_options_set(s, SSH_OPTIONS_HOST, host);
ssh_options_set(s, SSH_OPTIONS_PORT, &port);
ssh_options_set(s, SSH_OPTIONS_USER, "xya");
//ssh_options_set(s, SSH_OPTIONS_LOG_VERBOSITY_STR, "5");
if(ssh_connect(s) != SSH_OK)
return session_error(s, "connect");
char *hash = pubkey_hash(ssh_get_pubkey(s));
if(authenticate(hash, 0))
{
session_event(s, "authenticated", hash);
free(hash);
}
else
{
free(hash);
exit(1);
}
int keytype;
ssh_string pub = publickey_from_file(s, "test-client-key.pub", &keytype);
if(!pub)
session_error(s, "open-public-key");
if(SSH_AUTH_SUCCESS != ssh_userauth_offer_pubkey(s, NULL, keytype, pub))
session_error(s, "offer-public-key");
ssh_private_key priv = privatekey_from_file(s, "test-client-key", keytype, NULL);
if(!priv)
session_error(s, "open-private-key");
if(SSH_AUTH_SUCCESS != ssh_userauth_pubkey(s, NULL, pub, priv))
session_error(s, "user-auth");
string_free(pub);
privatekey_free(priv);
ssh_channel chan = channel_new(s);
if(!chan)
session_error(s, "create-channel");
if(channel_open_session(chan) < 0)
session_error(s, "open-channel");
session_event(s, "channel-opened", NULL);
channel_from_file(chan, 0);
channel_free(chan);
ssh_disconnect(s);
ssh_finalize();
}
static void torture_auth_agent_nonblocking(void **state) {
struct torture_state *s = *state;
ssh_session session = s->ssh.session;
int rc;
if (!ssh_agent_is_running(session)){
print_message("*** Agent not running. Test ignored\n");
return;
}
rc = ssh_options_set(session, SSH_OPTIONS_USER, TORTURE_SSH_USER_ALICE);
assert_int_equal(rc, SSH_OK);
rc = ssh_connect(session);
assert_int_equal(rc, SSH_OK);
rc = ssh_userauth_none(session,NULL);
/* This request should return a SSH_REQUEST_DENIED error */
if (rc == SSH_ERROR) {
assert_true(ssh_get_error_code(session) == SSH_REQUEST_DENIED);
}
rc = ssh_userauth_list(session, NULL);
assert_true(rc & SSH_AUTH_METHOD_PUBLICKEY);
ssh_set_blocking(session,0);
do {
rc = ssh_userauth_agent(session, NULL);
} while (rc == SSH_AUTH_AGAIN);
assert_int_equal(rc, SSH_AUTH_SUCCESS);
}
static void torture_auth_password_nonblocking(void **state) {
struct torture_state *s = *state;
ssh_session session = s->ssh.session;
int rc;
rc = ssh_options_set(session, SSH_OPTIONS_USER, TORTURE_SSH_USER_BOB);
assert_int_equal(rc, SSH_OK);
rc = ssh_connect(session);
assert_int_equal(rc, SSH_OK);
ssh_set_blocking(session,0);
do {
rc = ssh_userauth_none(session, NULL);
} while (rc == SSH_AUTH_AGAIN);
/* This request should return a SSH_REQUEST_DENIED error */
if (rc == SSH_AUTH_ERROR) {
assert_true(ssh_get_error_code(session) == SSH_REQUEST_DENIED);
}
rc = ssh_userauth_list(session, NULL);
assert_true(rc & SSH_AUTH_METHOD_PASSWORD);
do {
rc = ssh_userauth_password(session, NULL, TORTURE_SSH_USER_BOB_PASSWORD);
} while(rc==SSH_AUTH_AGAIN);
assert_int_equal(rc, SSH_AUTH_SUCCESS);
}
static void torture_auth_kbdint(void **state) {
struct torture_state *s = *state;
ssh_session session = s->ssh.session;
int rc;
rc = ssh_options_set(session, SSH_OPTIONS_USER, TORTURE_SSH_USER_BOB);
assert_int_equal(rc, SSH_OK);
rc = ssh_connect(session);
assert_int_equal(rc, SSH_OK);
rc = ssh_userauth_none(session,NULL);
/* This request should return a SSH_REQUEST_DENIED error */
if (rc == SSH_ERROR) {
assert_true(ssh_get_error_code(session) == SSH_REQUEST_DENIED);
}
rc = ssh_userauth_list(session, NULL);
assert_true(rc & SSH_AUTH_METHOD_INTERACTIVE);
rc = ssh_userauth_kbdint(session, NULL, NULL);
assert_int_equal(rc, SSH_AUTH_INFO);
assert_int_equal(ssh_userauth_kbdint_getnprompts(session), 1);
rc = ssh_userauth_kbdint_setanswer(session, 0, TORTURE_SSH_USER_BOB_PASSWORD);
assert_false(rc < 0);
rc = ssh_userauth_kbdint(session, NULL, NULL);
/* Sometimes, SSH server send an empty query at the end of exchange */
if(rc == SSH_AUTH_INFO) {
assert_int_equal(ssh_userauth_kbdint_getnprompts(session), 0);
rc = ssh_userauth_kbdint(session, NULL, NULL);
}
assert_int_equal(rc, SSH_AUTH_SUCCESS);
}
static void
cockpit_ssh_transport_constructed (GObject *object)
{
CockpitSshTransport *self = COCKPIT_SSH_TRANSPORT (object);
CockpitSshData *data;
static GSourceFuncs source_funcs = {
cockpit_ssh_source_prepare,
cockpit_ssh_source_check,
cockpit_ssh_source_dispatch,
NULL,
};
G_OBJECT_CLASS (cockpit_ssh_transport_parent_class)->constructed (object);
g_return_if_fail (self->data->creds != NULL);
g_warn_if_fail (ssh_options_set (self->data->session, SSH_OPTIONS_USER,
cockpit_creds_get_user (self->data->creds)) == 0);
self->io = g_source_new (&source_funcs, sizeof (CockpitSshSource));
((CockpitSshSource *)self->io)->transport = self;
g_source_attach (self->io, self->data->context);
/* Setup for connect thread */
self->connect_fd = ssh_get_fd (self->data->session);
g_atomic_int_set (&self->connecting, 1);
self->data->connecting = &self->connecting;
data = self->data;
self->data = NULL;
self->connect_thread = g_thread_new ("ssh-transport-connect",
cockpit_ssh_connect_thread, data);
g_debug ("%s: constructed", self->logname);
}
static void torture_auth_none_nonblocking(void **state) {
struct torture_state *s = *state;
ssh_session session = s->ssh.session;
int rc;
rc = ssh_options_set(session, SSH_OPTIONS_USER, TORTURE_SSH_USER_ALICE);
assert_int_equal(rc, SSH_OK);
rc = ssh_connect(session);
assert_int_equal(rc, SSH_OK);
/* This request should return a SSH_REQUEST_DENIED error */
if (rc == SSH_ERROR) {
assert_int_equal(ssh_get_error_code(session), SSH_REQUEST_DENIED);
}
ssh_set_blocking(session,0);
do {
rc = ssh_userauth_none(session,NULL);
} while (rc == SSH_AUTH_AGAIN);
assert_int_equal(rc, SSH_AUTH_DENIED);
assert_int_equal(ssh_get_error_code(session), SSH_REQUEST_DENIED);
}