| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
| |
In a previous refactoring patch, the code underpinning the
ssh_gssapi_set_creds() API was inadvertently removed. This patch
fixes the problem.
Also clarify what variable holds which credentials and insure that
credentials created within the library are propelry freed.
Signed-off-by: Simo Sorce <simo@redhat.com>
|
|
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
|
|
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
- Properly acquire and inquitre credentials to get the list of available
credentials.
- Avoid enforcing a specific username it breaks some use cases (k5login).
- Remove confusing references to delegated credentials as there is no code
that actually uses delegated credentials in the initialization case.
Signed-off-by: Siom Sorce <simo@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
|
|
|
|
|
| |
BUG: https://red.libssh.org/issues/106
Thanks to Saju Panikulam.
|
| |
|
|
|
|
| |
Else we could end up with packet - current_macsize if to_be_read is 0.
|
|
|
|
| |
Ups, sorry.
|
| |
|
| |
|
|
|
|
| |
Make error checking more readable and add additional NULL checks.
|
| |
|
|
|
|
|
|
|
| |
The assumption is that if libssh functions are being invoked, we want
to read data.
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
|
|
|
|
|
|
|
|
|
| |
For integration with an external mainloop, we need to know how to
replicate libssh's internal poll() calls. We originally through
ssh_get_status() was that API, but it's not really - those flags only
get updated from the *result* of a poll(), where what we really need
is to know how libssh would *start* a poll().
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
|
|
|
|
|
|
| |
Otherwise applications providing their own fd end up tripping an
assertion, since the session is just in _CONNECTING.
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
| |
|
|
|
|
|
| |
This way they are in the documentation block for the session and we get
documentation for them.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
Conflicts:
DefineOptions.cmake
|
|
|
|
|
|
| |
BUG: https://red.libssh.org/issues/119
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
|
|
|
|
|
|
|
|
|
| |
When the public key auth handler is executed and returns SSH_OK,
ssh_execute_server_callbacks() still runs some client callbacks,
which may set rc to SSH_AGAIN, which triggers a default reply on
auth, denying auth.
Signed-off-by: Nicolas Viennot <nicolas@viennot.biz>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
|
|
|
|
|
|
| |
The code is careful to reenable compression when rekeying.
Signed-off-by: Nicolas Viennot <nicolas@viennot.biz>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Per RFC 4252, it is required to send back only one of either
SSH_MSG_USERAUTH_PK_OK or SSH_MSG_USERAUTH_FAILURE for public
key probes.
Update the handling of 'auth_pubkey_function' to send back PK_OK
instead of SSH_MSG_USERAUTH_SUCCESS for the case that the state
of the message at hand is SSH_PUBLICKEY_STATE_NONE.
With this change, it is now possible to process an initial key probe
and then subsequent signature validation using the server callbacks.
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
|
|
|
| |
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
|
|
|
|
|
|
|
| |
Balance 'ssh_event_add_fd' with 'ssh_event_remove_fd' in 'ssh_select'.
BUG: https://red.libssh.org/issues/128
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Fix a memory leak in 'ssh_poll_ctx_free': issue 'ssh_poll_free'
to remove the poll handle from its context and free it.
BUG: https://red.libssh.org/issues/128
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
|
|
|
|
|
|
|
| |
A few callback descriptions refer to a non-existent value SSH_AUTH_OK,
which should be SSH_AUTH_SUCCESS. This commit fixes these.
Signed-off-by: Alan Dunn <amdunn@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
| |
|
|
|
|
|
| |
Use 'ssh_socket_free' to cleanup if 'ssh_bind_accept_fd'
fails, to be sure to free the ssh_socket in/out buffers.
|
| |
|
|
|
|
|
|
| |
I'm just getting my feet wet with this codebase.
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|