int ssh_bind_accept_fd(ssh_bind sshbind, ssh_session session, socket_t fd){
int i;
if (session == NULL){
ssh_set_error(sshbind, SSH_FATAL,"session is null");
return SSH_ERROR;
}
session->server = 1;
session->version = 2;
/* copy options */
for (i = 0; i < 10; ++i) {
if (sshbind->wanted_methods[i]) {
session->wanted_methods[i] = strdup(sshbind->wanted_methods[i]);
if (session->wanted_methods[i] == NULL) {
return SSH_ERROR;
}
}
}
if (sshbind->bindaddr == NULL)
session->bindaddr = NULL;
else {
SAFE_FREE(session->bindaddr);
session->bindaddr = strdup(sshbind->bindaddr);
if (session->bindaddr == NULL) {
return SSH_ERROR;
}
}
session->common.log_verbosity = sshbind->common.log_verbosity;
ssh_socket_free(session->socket);
session->socket = ssh_socket_new(session);
if (session->socket == NULL) {
/* perhaps it may be better to copy the error from session to sshbind */
ssh_set_error_oom(sshbind);
return SSH_ERROR;
}
ssh_socket_set_fd(session->socket, fd);
ssh_socket_get_poll_handle_out(session->socket);
if (sshbind->dsa) {
session->srv.dsa_key = ssh_key_dup(sshbind->dsa);
if (session->srv.dsa_key == NULL) {
ssh_set_error_oom(sshbind);
return SSH_ERROR;
}
}
if (sshbind->rsa) {
session->srv.rsa_key = ssh_key_dup(sshbind->rsa);
if (session->srv.rsa_key == NULL) {
ssh_set_error_oom(sshbind);
return SSH_ERROR;
}
}
return SSH_OK;
}
/* temporary function to migrate seemlessly to ssh_key */
ssh_public_key ssh_pki_convert_key_to_publickey(const ssh_key key) {
ssh_public_key pub;
ssh_key tmp;
if(key == NULL) {
return NULL;
}
tmp = ssh_key_dup(key);
if (tmp == NULL) {
return NULL;
}
pub = malloc(sizeof(struct ssh_public_key_struct));
if (pub == NULL) {
ssh_key_free(tmp);
return NULL;
}
ZERO_STRUCTP(pub);
pub->type = tmp->type;
pub->type_c = tmp->type_c;
pub->dsa_pub = tmp->dsa;
tmp->dsa = NULL;
pub->rsa_pub = tmp->rsa;
tmp->rsa = NULL;
ssh_key_free(tmp);
return pub;
}
/* Test case for bug #147: Private ECDSA key duplication did not carry
* over parts of the key that then caused subsequent key demotion to
* fail.
*/
static void torture_pki_ecdsa_duplicate_then_demote(void **state)
{
ssh_key pubkey;
ssh_key privkey;
ssh_key privkey_dup;
int rc;
(void) state;
rc = ssh_pki_import_privkey_file(LIBSSH_ECDSA_TESTKEY,
NULL,
NULL,
NULL,
&privkey);
assert_true(rc == 0);
privkey_dup = ssh_key_dup(privkey);
assert_true(privkey_dup != NULL);
assert_int_equal(privkey->ecdsa_nid, privkey_dup->ecdsa_nid);
rc = ssh_pki_export_privkey_to_pubkey(privkey_dup, &pubkey);
assert_true(rc == 0);
assert_int_equal(pubkey->ecdsa_nid, privkey->ecdsa_nid);
ssh_key_free(pubkey);
ssh_key_free(privkey);
ssh_key_free(privkey_dup);
}
static void torture_pki_duplicate_key_ecdsa(void **state)
{
int rc;
char *b64_key;
char *b64_key_gen;
ssh_key pubkey;
ssh_key privkey;
ssh_key privkey_dup;
(void) state;
rc = ssh_pki_import_pubkey_file(LIBSSH_ECDSA_TESTKEY ".pub", &pubkey);
assert_true(rc == 0);
rc = ssh_pki_export_pubkey_base64(pubkey, &b64_key);
assert_true(rc == 0);
ssh_key_free(pubkey);
rc = ssh_pki_import_privkey_file(LIBSSH_ECDSA_TESTKEY,
NULL,
NULL,
NULL,
&privkey);
assert_true(rc == 0);
privkey_dup = ssh_key_dup(privkey);
assert_true(privkey_dup != NULL);
rc = ssh_pki_export_privkey_to_pubkey(privkey, &pubkey);
assert_true(rc == SSH_OK);
rc = ssh_pki_export_pubkey_base64(pubkey, &b64_key_gen);
assert_true(rc == 0);
assert_string_equal(b64_key, b64_key_gen);
rc = ssh_key_cmp(privkey, privkey_dup, SSH_KEY_CMP_PRIVATE);
assert_true(rc == 0);
ssh_key_free(pubkey);
ssh_key_free(privkey);
ssh_key_free(privkey_dup);
ssh_string_free_char(b64_key);
ssh_string_free_char(b64_key_gen);
}
int ssh_bind_accept_fd(ssh_bind sshbind, ssh_session session, socket_t fd){
int i, rc;
if (session == NULL){
ssh_set_error(sshbind, SSH_FATAL,"session is null");
return SSH_ERROR;
}
session->server = 1;
session->version = 2;
/* copy options */
for (i = 0; i < 10; i++) {
if (sshbind->wanted_methods[i]) {
session->opts.wanted_methods[i] = strdup(sshbind->wanted_methods[i]);
if (session->opts.wanted_methods[i] == NULL) {
return SSH_ERROR;
}
}
}
if (sshbind->bindaddr == NULL)
session->opts.bindaddr = NULL;
else {
SAFE_FREE(session->opts.bindaddr);
session->opts.bindaddr = strdup(sshbind->bindaddr);
if (session->opts.bindaddr == NULL) {
return SSH_ERROR;
}
}
session->common.log_verbosity = sshbind->common.log_verbosity;
if(sshbind->banner != NULL)
session->opts.custombanner = strdup(sshbind->banner);
ssh_socket_free(session->socket);
session->socket = ssh_socket_new(session);
if (session->socket == NULL) {
/* perhaps it may be better to copy the error from session to sshbind */
ssh_set_error_oom(sshbind);
return SSH_ERROR;
}
ssh_socket_set_fd(session->socket, fd);
ssh_socket_get_poll_handle_out(session->socket);
/* We must try to import any keys that could be imported in case
* we are not using ssh_bind_listen (which is the other place
* where keys can be imported) on this ssh_bind and are instead
* only using ssh_bind_accept_fd to manage sockets ourselves.
*/
rc = ssh_bind_import_keys(sshbind);
if (rc != SSH_OK) {
return SSH_ERROR;
}
#ifdef HAVE_ECC
if (sshbind->ecdsa) {
session->srv.ecdsa_key = ssh_key_dup(sshbind->ecdsa);
if (session->srv.ecdsa_key == NULL) {
ssh_set_error_oom(sshbind);
return SSH_ERROR;
}
}
#endif
if (sshbind->dsa) {
session->srv.dsa_key = ssh_key_dup(sshbind->dsa);
if (session->srv.dsa_key == NULL) {
ssh_set_error_oom(sshbind);
return SSH_ERROR;
}
}
if (sshbind->rsa) {
session->srv.rsa_key = ssh_key_dup(sshbind->rsa);
if (session->srv.rsa_key == NULL) {
ssh_set_error_oom(sshbind);
return SSH_ERROR;
}
}
if (sshbind->ed25519 != NULL) {
session->srv.ed25519_key = ssh_key_dup(sshbind->ed25519);
if (session->srv.ed25519_key == NULL){
ssh_set_error_oom(sshbind);
return SSH_ERROR;
}
}
/* force PRNG to change state in case we fork after ssh_bind_accept */
ssh_reseed();
return SSH_OK;
}
