diff options
| author | Alan Dunn <amdunn@gmail.com> | 2014-03-27 08:18:47 -0500 |
|---|---|---|
| committer | Andreas Schneider <asn@cryptomilk.org> | 2014-04-09 10:57:16 +0200 |
| commit | acb7161c813759ecb5fc8050fc112137e25fb870 (patch) | |
| tree | bca72b200d189d9a5bcc083b2f98e153d29289b0 | |
| parent | 437a39c7988ae157e2171f57d8c0cfdcc99584f6 (diff) | |
| download | libssh-acb7161c813759ecb5fc8050fc112137e25fb870.tar.gz libssh-acb7161c813759ecb5fc8050fc112137e25fb870.tar.xz libssh-acb7161c813759ecb5fc8050fc112137e25fb870.zip | |
options: Repurpose SSH_BIND_OPTIONS_HOSTKEY to load host keys
SSH_BIND_OPTIONS_HOSTKEY will now load host keys of any supported type
rather than set the algorithms that the server permits (which seems
like an unhelpful option anyway; it seems you can always control this
by just loading the right keys).
This option has slightly different semantics than the
SSH_BIND_OPTIONS_<x>KEY options because it requires the key file to
exist immediately rather than on ssh_bind_listen or
ssh_bind_accept_fd. The semantics of this option makes more sense to
me.
We also eliminate ssh_bind_options_set_algo, since it is no longer
used.
Signed-off-by: Alan Dunn <amdunn@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
| -rw-r--r-- | src/options.c | 72 |
1 files changed, 51 insertions, 21 deletions
diff --git a/src/options.c b/src/options.c index 1e441f3e..196015de 100644 --- a/src/options.c +++ b/src/options.c @@ -1284,25 +1284,6 @@ int ssh_options_apply(ssh_session session) { * @addtogroup libssh_server * @{ */ -static int ssh_bind_options_set_algo(ssh_bind sshbind, int algo, - const char *list) { - if (!verify_existing_algo(algo, list)) { - ssh_set_error(sshbind, SSH_REQUEST_DENIED, - "Setting method: no algorithm for method \"%s\" (%s)\n", - ssh_kex_get_description(algo), list); - return -1; - } - - SAFE_FREE(sshbind->wanted_methods[algo]); - sshbind->wanted_methods[algo] = strdup(list); - if (sshbind->wanted_methods[algo] == NULL) { - ssh_set_error_oom(sshbind); - return -1; - } - - return 0; -} - static int ssh_bind_set_key(ssh_bind sshbind, char **key_loc, const void *value) { if (value == NULL) { @@ -1397,8 +1378,57 @@ int ssh_bind_options_set(ssh_bind sshbind, enum ssh_bind_options_e type, ssh_set_error_invalid(sshbind); return -1; } else { - if (ssh_bind_options_set_algo(sshbind, SSH_HOSTKEYS, value) < 0) - return -1; + int key_type; + ssh_key key; + ssh_key *bind_key_loc = NULL; + char **bind_key_path_loc; + + rc = ssh_pki_import_privkey_file(value, NULL, NULL, NULL, &key); + if (rc != SSH_OK) { + return -1; + } + key_type = ssh_key_type(key); + switch (key_type) { + case SSH_KEYTYPE_DSS: + bind_key_loc = &sshbind->dsa; + bind_key_path_loc = &sshbind->dsakey; + break; + case SSH_KEYTYPE_ECDSA: +#ifdef HAVE_ECC + bind_key_loc = &sshbind->ecdsa; + bind_key_path_loc = &sshbind->ecdsakey; +#else + ssh_set_error(sshbind, + SSH_FATAL, + "ECDSA key used and libssh compiled " + "without ECDSA support"); +#endif + break; + case SSH_KEYTYPE_RSA: + case SSH_KEYTYPE_RSA1: + bind_key_loc = &sshbind->rsa; + bind_key_path_loc = &sshbind->rsakey; + break; + default: + ssh_set_error(sshbind, + SSH_FATAL, + "Unsupported key type %d", key_type); + } + + if (bind_key_loc == NULL) { + ssh_key_free(key); + return -1; + } + + /* Set the location of the key on disk even though we don't + need it in case some other function wants it */ + rc = ssh_bind_set_key(sshbind, bind_key_path_loc, value); + if (rc < 0) { + ssh_key_free(key); + return -1; + } + ssh_key_free(*bind_key_loc); + *bind_key_loc = key; } break; case SSH_BIND_OPTIONS_BINDADDR: |