[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH v2 1/3] options: Repurpose SSH_BIND_OPTIONS_HOSTKEY to load host keys


SSH_BIND_OPTIONS_HOSTKEY will now load host keys of any supported type
rather than set the algorithms that the server permits (which seems
like an unhelpful option anyway; it seems you can always control this
by just loading the right keys).

This option has slightly different semantics than the
SSH_BIND_OPTIONS_<x>KEY options because it requires the key file to
exist immediately rather than on ssh_bind_listen or
ssh_bind_accept_fd.  The semantics of this option makes more sense to
me.

We also eliminate ssh_bind_options_set_algo, since it is no longer
used.

Signed-off-by: Alan Dunn <amdunn@xxxxxxxxx>
---
 src/options.c |   72 ++++++++++++++++++++++++++++++++++++++++-----------------
 1 file changed, 51 insertions(+), 21 deletions(-)

diff --git a/src/options.c b/src/options.c
index 1e441f3..196015d 100644
--- a/src/options.c
+++ b/src/options.c
@@ -1284,25 +1284,6 @@ int ssh_options_apply(ssh_session session) {
  * @addtogroup libssh_server
  * @{
  */
-static int ssh_bind_options_set_algo(ssh_bind sshbind, int algo,
-    const char *list) {
-  if (!verify_existing_algo(algo, list)) {
-    ssh_set_error(sshbind, SSH_REQUEST_DENIED,
-        "Setting method: no algorithm for method \"%s\" (%s)\n",
-        ssh_kex_get_description(algo), list);
-    return -1;
-  }
-
-  SAFE_FREE(sshbind->wanted_methods[algo]);
-  sshbind->wanted_methods[algo] = strdup(list);
-  if (sshbind->wanted_methods[algo] == NULL) {
-    ssh_set_error_oom(sshbind);
-    return -1;
-  }
-
-  return 0;
-}
-
 static int ssh_bind_set_key(ssh_bind sshbind, char **key_loc,
                             const void *value) {
     if (value == NULL) {
@@ -1397,8 +1378,57 @@ int ssh_bind_options_set(ssh_bind sshbind, enum ssh_bind_options_e type,
         ssh_set_error_invalid(sshbind);
         return -1;
       } else {
-        if (ssh_bind_options_set_algo(sshbind, SSH_HOSTKEYS, value) < 0)
-          return -1;
+          int key_type;
+          ssh_key key;
+          ssh_key *bind_key_loc = NULL;
+          char **bind_key_path_loc;
+
+          rc = ssh_pki_import_privkey_file(value, NULL, NULL, NULL, &key);
+          if (rc != SSH_OK) {
+              return -1;
+          }
+          key_type = ssh_key_type(key);
+          switch (key_type) {
+          case SSH_KEYTYPE_DSS:
+              bind_key_loc = &sshbind->dsa;
+              bind_key_path_loc = &sshbind->dsakey;
+              break;
+          case SSH_KEYTYPE_ECDSA:
+#ifdef HAVE_ECC
+              bind_key_loc = &sshbind->ecdsa;
+              bind_key_path_loc = &sshbind->ecdsakey;
+#else
+              ssh_set_error(sshbind,
+                            SSH_FATAL,
+                            "ECDSA key used and libssh compiled "
+                            "without ECDSA support");
+#endif
+              break;
+          case SSH_KEYTYPE_RSA:
+          case SSH_KEYTYPE_RSA1:
+              bind_key_loc = &sshbind->rsa;
+              bind_key_path_loc = &sshbind->rsakey;
+              break;
+          default:
+              ssh_set_error(sshbind,
+                            SSH_FATAL,
+                            "Unsupported key type %d", key_type);
+          }
+
+          if (bind_key_loc == NULL) {
+              ssh_key_free(key);
+              return -1;
+          }
+
+          /* Set the location of the key on disk even though we don't
+             need it in case some other function wants it */
+          rc = ssh_bind_set_key(sshbind, bind_key_path_loc, value);
+          if (rc < 0) {
+              ssh_key_free(key);
+              return -1;
+          }
+          ssh_key_free(*bind_key_loc);
+          *bind_key_loc = key;
       }
       break;
     case SSH_BIND_OPTIONS_BINDADDR:
-- 
1.7.9.5


References:
Re: [PATCH 2/3] doc: Document new meaning of SSH_BIND_OPTIONS_HOSTKEYAndreas Schneider <asn@xxxxxxxxxxxxxx>
[PATCH v2 0/3] Add generic host key loadingAlan Dunn <amdunn@xxxxxxxxx>
Archive administrator: postmaster@lists.cynapses.org