[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
ssh_bind_options_set problem
[Thread Prev] | [Thread Next]
[Date Prev] | [Date Next]
- Subject: ssh_bind_options_set problem
- From: keeves0508 <keeves0508@xxxxxxx>
- Reply-to: libssh@xxxxxxxxxx
- Date: Sun, 8 Sep 2019 23:09:02 +0800 (CST)
- To: libssh@xxxxxxxxxx
Hi,
I found that when setting bind options hostkey use privkey file in libssh-0.7.6, I can't pass the passprase of privkey file to function " ssh_pki_import_privkey_file" in function "ssh_bind_options_set" . It may cause safe problem for users.I found that this problem not solve in libssh-0.9.0.
I tried to give solution patch in a simple way.It may not a good method.Do you have any good idea to solve this problem?
From dbe715a714e52b4a6c9a76b26e03882e23345e62 Mon Sep 17 00:00:00 2001
From: keeves <keeves0508@xxxxxxx>
Date: Sun, 8 Sep 2019 22:03:52 +0800
Subject: [PATCH] Add passprase when setting option hostkey can only use
privkey file.
---
include/libssh/server.h | 12 ++++++++++++
src/options.c | 22 +++++++++++++++++++++-
2 files changed, 33 insertions(+), 1 deletion(-)
diff --git a/include/libssh/server.h b/include/libssh/server.h
index 385a10a..2b082ef 100644
--- a/include/libssh/server.h
+++ b/include/libssh/server.h
@@ -52,6 +52,14 @@ typedef struct ssh_bind_struct* ssh_bind;
/* Callback functions */
+typedef char *(*ssh_bind_option_get_passprase_callback) (void);
+typedef void (*ssh_bind_option_free_callback) (char *passprase);
+
+typedef struct ssh_bind_option_passprase_struct {
+ ssh_bind_option_get_passprase_callback get_passprase;
+ ssh_bind_option_free_callback free_passprase;
+} ssh_bind_option_passprase_callbacks;
+
/**
* @brief Incoming connection callback. This callback is called when a ssh_bind
* has a new incoming connection.
@@ -74,6 +82,10 @@ struct ssh_bind_callbacks_struct {
};
typedef struct ssh_bind_callbacks_struct *ssh_bind_callbacks;
+LIBSSH_API void ssh_bind_options_passprase_set(
+ ssh_bind_option_get_passprase_callback get_option_passprase,
+ ssh_bind_option_free_callback free_option_passprase);
+
/**
* @brief Creates a new SSH server bind.
*
diff --git a/src/options.c b/src/options.c
index aed2dda..e2df035 100644
--- a/src/options.c
+++ b/src/options.c
@@ -41,6 +41,15 @@
#include "libssh/bind.h"
#endif
+ssh_bind_option_passprase_callbacks option_passprase_callbacks = {NULL, NULL};
+
+void ssh_bind_options_passprase_set(
+ ssh_bind_option_get_passprase_callback get_option_passprase,
+ ssh_bind_option_free_callback free_option_passprase)
+{
+ option_passprase_callbacks.get_passprase = get_option_passprase;
+ option_passprase_callbacks.free_passprase = free_option_passprase;
+}
/**
* @addtogroup libssh_session
* @{
@@ -1387,6 +1396,7 @@ static int ssh_bind_set_key(ssh_bind sshbind, char **key_loc,
int ssh_bind_options_set(ssh_bind sshbind, enum ssh_bind_options_e type,
const void *value) {
char *p, *q;
+ char *passprase;
int i, rc;
if (sshbind == NULL) {
@@ -1404,7 +1414,17 @@ int ssh_bind_options_set(ssh_bind sshbind, enum ssh_bind_options_e type,
ssh_key *bind_key_loc = NULL;
char **bind_key_path_loc;
- rc = ssh_pki_import_privkey_file(value, NULL, NULL, NULL, &key);
+ if (option_passprase_callbacks.get_passprase == NULL) {
+ rc = ssh_pki_import_privkey_file(value, NULL, NULL, NULL, &key);
+ } else {
+ passprase = option_passprase_callbacks.get_passprase();
+ rc = ssh_pki_import_privkey_file(value, (const char *)passprase,
+ NULL, NULL, &key);
+ if (option_passprase_callbacks.free_passprase != NULL) {
+ option_passprase_callbacks.free_passprase(passprase);
+ }
+
+ }
if (rc != SSH_OK) {
return -1;
}
--
2.23.0
Keeves
Attachment:
0001-Add-passprase-when-setting-option-hostkey-can-only-u.patch
Description: Binary data
Archive administrator: postmaster@lists.cynapses.org