summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* gssapi: Fix support of delegated credentialsgssfixesSimo Sorce2013-11-151-23/+37
| | | | | | | | | | | In a previous refactoring patch, the code underpinning the ssh_gssapi_set_creds() API was inadvertently removed. This patch fixes the problem. Also clarify what variable holds which credentials and insure that credentials created within the library are propelry freed. Signed-off-by: Simo Sorce <simo@redhat.com>
* gssapi: Add support for GSSAPIDelegateCredentials config option.Simo Sorce2013-11-152-1/+12
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* options: Add SSH_OPTIONS_GSSAPI_DELEGATE_CREDENTIALS option.Simo Sorce2013-11-153-1/+18
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* gssapi: Add error checks and cleanup the code in ssh_gssapi_auth_mic().Andreas Schneider2013-11-151-2/+13
|
* gssapi: Use GSSAPIClientIdentity to acquire credsSimo Sorce2013-11-151-3/+23
| | | | | Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* gssapi: Add support for GSSAPIClientIdentity config option.Andreas Schneider2013-11-151-1/+9
|
* options: Add SSH_OPTIONS_GSSAPI_CLIENT_IDENTITY option.Andreas Schneider2013-11-154-1/+22
|
* gssapi: Add support for GSSAPIServerIdentity config option.Andreas Schneider2013-11-151-1/+9
|
* gssapi: Add suppport to set GSSAPI server identity.Andreas Schneider2013-11-155-2/+28
|
* Fix gssapi credential handling.Simo Sorce2013-11-151-105/+65
| | | | | | | | | | | - Properly acquire and inquitre credentials to get the list of available credentials. - Avoid enforcing a specific username it breaks some use cases (k5login). - Remove confusing references to delegated credentials as there is no code that actually uses delegated credentials in the initialization case. Signed-off-by: Siom Sorce <simo@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* socket: Fix connect if we pass in a fd.Andreas Schneider2013-11-151-9/+13
| | | | | | BUG: https://red.libssh.org/issues/106 Thanks to Saju Panikulam.
* packet: Remove dead code.Andreas Schneider2013-11-141-6/+0
|
* packet: Set the packet to the processed data position.Andreas Schneider2013-11-141-1/+1
| | | | Else we could end up with packet - current_macsize if to_be_read is 0.
* dh: Fix wrong assignment.Andreas Schneider2013-11-141-1/+1
| | | | Ups, sorry.
* poll: Fix realloc in ssh_poll_ctx_resize().Andreas Schneider2013-11-091-2/+6
|
* dh: Avoid possible memory leaks with realloc.Andreas Schneider2013-11-091-4/+13
|
* packet: Refactor ssh_packet_socket_callback().Andreas Schneider2013-11-091-156/+201
| | | | Make error checking more readable and add additional NULL checks.
* server: Fix malloc call.Andreas Schneider2013-11-091-1/+1
|
* session: Always request POLLINColin Walters2013-11-091-3/+1
| | | | | | | The assumption is that if libssh functions are being invoked, we want to read data. Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* Add ssh_get_poll_flags()Colin Walters2013-11-094-0/+32
| | | | | | | | | | For integration with an external mainloop, we need to know how to replicate libssh's internal poll() calls. We originally through ssh_get_status() was that API, but it's not really - those flags only get updated from the *result* of a poll(), where what we really need is to know how libssh would *start* a poll(). Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* client: If we have a pre-connected FD, set state to SOCKET_CONNECTEDColin Walters2013-11-091-0/+1
| | | | | | | Otherwise applications providing their own fd end up tripping an assertion, since the session is just in _CONNECTING. Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* example: Use ssh_get_publickey_hash().Andreas Schneider2013-11-061-4/+16
|
* dh: Move ssh_get_hexa() and ssh_print_hexa() down.Andreas Schneider2013-11-061-57/+57
| | | | | This way they are in the documentation block for the session and we get documentation for them.
* dh: Add new ssh_get_publickey_hash() function.Andreas Schneider2013-11-062-20/+115
|
* doc: Add curve25519 to features list.Andreas Schneider2013-11-051-1/+1
|
* doc: Fix doxygen warnings.Andreas Schneider2013-11-042-6/+7
|
* Fix cast warnings on 64bitsAris Adamantiadis2013-11-042-3/+3
|
* remove warnings on OSX (workaround)Aris Adamantiadis2013-11-042-2/+12
|
* logging: fix wordingAris Adamantiadis2013-11-041-2/+2
|
* curve25519: include reference implementationAris Adamantiadis2013-11-034-9/+293
|
* examples: fix forktty() warning on OSXAris Adamantiadis2013-11-033-1/+7
|
* Fix examples compilation on OSX (libargp)Aris Adamantiadis2013-11-033-3/+9
|
* Compile libssh with nacl if possibleAris Adamantiadis2013-11-034-2/+77
| | | | | Conflicts: DefineOptions.cmake
* socket: Fix check for pending data.Aris Adamantiadis2013-11-032-4/+8
| | | | | | BUG: https://red.libssh.org/issues/119 Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* server: Fix ssh_execute_server_callbacks() client executionNicolas Viennot2013-11-031-4/+2
| | | | | | | | | | When the public key auth handler is executed and returns SSH_OK, ssh_execute_server_callbacks() still runs some client callbacks, which may set rc to SSH_AGAIN, which triggers a default reply on auth, denying auth. Signed-off-by: Nicolas Viennot <nicolas@viennot.biz> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* server kex: enable delayed compressionNicolas Viennot2013-11-031-4/+14
| | | | | | | The code is careful to reenable compression when rekeying. Signed-off-by: Nicolas Viennot <nicolas@viennot.biz> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* session: Make sure we correctly burn the buffer.Andreas Schneider2013-11-031-1/+1
|
* wrapper: Make sure we really burn the buffer.Andreas Schneider2013-11-031-1/+1
|
* priv: Fix brackets of burn macros.Andreas Schneider2013-11-031-2/+2
|
* doc: Add missing RFCs.Andreas Schneider2013-11-031-0/+8
|
* server: fix pubkey reply for key probesJon Simons2013-11-021-1/+9
| | | | | | | | | | | | | | | Per RFC 4252, it is required to send back only one of either SSH_MSG_USERAUTH_PK_OK or SSH_MSG_USERAUTH_FAILURE for public key probes. Update the handling of 'auth_pubkey_function' to send back PK_OK instead of SSH_MSG_USERAUTH_SUCCESS for the case that the state of the message at hand is SSH_PUBLICKEY_STATE_NONE. With this change, it is now possible to process an initial key probe and then subsequent signature validation using the server callbacks. Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* ssh_options_get can now return ProxyCommandWilliam Orr2013-11-021-0/+9
| | | | Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* connect: fix memory leak in ssh_selectJon Simons2013-10-311-2/+9
| | | | | | | | Balance 'ssh_event_add_fd' with 'ssh_event_remove_fd' in 'ssh_select'. BUG: https://red.libssh.org/issues/128 Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* tests: Add a test for ssh_channel().Andreas Schneider2013-10-312-0/+50
|
* poll: fix leak in ssh_poll_ctx_freeJon Simons2013-10-311-1/+5
| | | | | | | | | Fix a memory leak in 'ssh_poll_ctx_free': issue 'ssh_poll_free' to remove the poll handle from its context and free it. BUG: https://red.libssh.org/issues/128 Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* SSH_AUTH_OK -> SSH_AUTH_SUCCESS in commentsAlan Dunn2013-10-311-4/+4
| | | | | | | | A few callback descriptions refer to a non-existent value SSH_AUTH_OK, which should be SSH_AUTH_SUCCESS. This commit fixes these. Signed-off-by: Alan Dunn <amdunn@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* cmake: Check for isblank().Andreas Schneider2013-10-303-1/+7
|
* bind: fix leak in ssh_bind_accept error pathJon Simons2013-10-241-2/+1
| | | | | Use 'ssh_socket_free' to cleanup if 'ssh_bind_accept_fd' fails, to be sure to free the ssh_socket in/out buffers.
* tests: Add a sftp_read blocking test.Andreas Schneider2013-10-232-0/+84
|
* auth: docs: Fix typo optoins -> optionsColin Walters2013-10-231-6/+6
| | | | | | I'm just getting my feet wet with this codebase. Reviewed-by: Andreas Schneider <asn@cryptomilk.org>