static void torture_algorithms_zlib(void **state) { ssh_session session = *state; int rc; rc = ssh_options_set(session,SSH_OPTIONS_HOST,"localhost"); assert_true(rc == SSH_OK); rc = ssh_options_set(session, SSH_OPTIONS_COMPRESSION_C_S, "zlib"); assert_true(rc == SSH_OK); rc = ssh_options_set(session, SSH_OPTIONS_COMPRESSION_S_C, "zlib"); assert_true(rc == SSH_OK); rc = ssh_connect(session); if (ssh_get_openssh_version(session)) { assert_false(rc == SSH_OK); } else { assert_true(rc == SSH_OK); rc = ssh_userauth_none(session, NULL); if (rc != SSH_OK) { rc = ssh_get_error_code(session); assert_true(rc == SSH_REQUEST_DENIED); } } ssh_disconnect(session); }
static void torture_algorithms_zlib_openssh(void **state) { struct torture_state *s = *state; ssh_session session = s->ssh.session; int rc; rc = ssh_options_set(session, SSH_OPTIONS_COMPRESSION_C_S, "*****@*****.**"); #ifdef WITH_ZLIB assert_int_equal(rc, SSH_OK); #else assert_int_equal(rc, SSH_ERROR); #endif rc = ssh_options_set(session, SSH_OPTIONS_COMPRESSION_S_C, "*****@*****.**"); #ifdef WITH_ZLIB assert_int_equal(rc, SSH_OK); #else assert_int_equal(rc, SSH_ERROR); #endif rc = ssh_connect(session); #ifdef WITH_ZLIB if (ssh_get_openssh_version(session)) { assert_true(rc==SSH_OK); rc = ssh_userauth_none(session, NULL); if (rc != SSH_OK) { rc = ssh_get_error_code(session); assert_int_equal(rc, SSH_REQUEST_DENIED); } ssh_disconnect(session); return; } assert_false(rc == SSH_OK); #else assert_int_equal(rc, SSH_OK); #endif ssh_disconnect(session); }
int ssh_connect_p (char *haddr, int hport, char *remote_version, char * remote_fingerprint) { struct timeval tv; double elapsed_time; ssh_session my_ssh_session; int version; int myversion; int hlen; int rc; int state; int i; unsigned char *hash = NULL; char * fingerprint; int in_known_host; int sshv1,sshv2,sshv3; gettimeofday(&tv, NULL); my_ssh_session = ssh_new(); if (my_ssh_session == NULL) return STATE_CRITICAL; ssh_options_set(my_ssh_session, SSH_OPTIONS_HOST, haddr); ssh_options_set(my_ssh_session, SSH_OPTIONS_PORT, &hport); rc = ssh_connect(my_ssh_session); if (rc != SSH_OK) { printf ("Connect to Server failed\n"); exit (STATE_CRITICAL); } in_known_host=-1; state = ssh_is_server_known(my_ssh_session); hlen = ssh_get_pubkey_hash(my_ssh_session, &hash); /* Get the finger print as a string */ fingerprint = ssh_get_hexa(hash, hlen); if(remote_fingerprint && strcmp(remote_fingerprint, "known_host") == NULL) { if(state != SSH_SERVER_KNOWN_OK) { printf ("SSH CRITICAL - Fingerprint (%s) checked in known_hosts failed\n", remote_fingerprint,fingerprint); exit(STATE_CRITICAL); } else { in_known_host=1; } } /* FIXME: This alwats eval to false... */ if(remote_fingerprint && strcmp(remote_fingerprint, "known_host") && strcmp(remote_fingerprint, fingerprint)) { printf ("SSH CRITICAL - Fingerprint (%s) mismatched %s\n", remote_fingerprint,fingerprint); free(fingerprint); exit(STATE_CRITICAL); } version = ssh_get_openssh_version(my_ssh_session); if(remote_version && sscanf(remote_version, "%d.%d.%d", &sshv1, &sshv2, &sshv3)) { myversion = SSH_VERSION_INT(sshv1, sshv2, sshv3); if(version < myversion) { printf ("SSH WARNING version on server is below %s\n", remote_version); exit(STATE_CRITICAL); } } elapsed_time = (double)deltime(tv) / 1.0e6; printf (_("SSH OK - fingerprint: %s (Version %d) known_host_check:%d | %s\n"), fingerprint, version,in_known_host, fperfdata("time", elapsed_time, "s", FALSE, 0, FALSE, 0, TRUE, 0, TRUE, (int)socket_timeout)); free(fingerprint); ssh_disconnect(my_ssh_session); ssh_free(my_ssh_session); exit(STATE_OK); }