diff --git a/libssh.spec b/libssh.spec index cd33a0d..0fa8237 100644 --- a/libssh.spec +++ b/libssh.spec @@ -1,6 +1,6 @@ Name: libssh Version: 0.10.4 -Release: 5%{?dist} +Release: 6%{?dist} Summary: A library implementing the SSH protocol License: LGPLv2+ URL: http://www.libssh.org @@ -137,6 +137,11 @@ popd %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/libssh/libssh_server.config %changelog +* Thu Dec 1 2022 Norbert Pocs - 0.10.4-6 +- Fix covscan error +- Remove unwanted test with yet unimplemented feature +- Related: rhbz#2137839, rhbz#2136824 + * Thu Dec 01 2022 Stanislav Zidek - 0.10.4-5 + libssh-0.10.4-5 - Fixed CI configuration due to TMT changes diff --git a/options_apply.patch b/options_apply.patch index 7abcc0f..957aa92 100644 --- a/options_apply.patch +++ b/options_apply.patch @@ -1,4 +1,4 @@ -From e7dd88167b68cbee7c603e8cd5fbb96ef3040c85 Mon Sep 17 00:00:00 2001 +From 11c0d687a081fe64501e21c95def7f893611d029 Mon Sep 17 00:00:00 2001 From: Norbert Pocs Date: Wed, 16 Nov 2022 10:40:38 +0100 Subject: [PATCH 1/5] Add a placehohlder for non-expanded identities @@ -56,10 +56,10 @@ index 56e09c65..bb085384 100644 + struct ssh_list *list = NULL; char *id = NULL; int i; - + @@ -105,14 +106,15 @@ int ssh_options_copy(ssh_session src, ssh_session *dest) } - + /* Remove the default identities */ - for (id = ssh_list_pop_head(char *, new->opts.identity); + for (id = ssh_list_pop_head(char *, new->opts.identity_non_exp); @@ -76,11 +76,11 @@ index 56e09c65..bb085384 100644 + for (i = 0; i < 2; i++) { while (it) { int rc; - + @@ -122,7 +124,7 @@ int ssh_options_copy(ssh_session src, ssh_session *dest) return -1; } - + - rc = ssh_list_append(new->opts.identity, id); + rc = ssh_list_append(list, id); if (rc < 0) { @@ -95,7 +95,7 @@ index 56e09c65..bb085384 100644 + list = new->opts.identity; + it = ssh_list_get_iterator(src->opts.identity); } - + if (src->opts.sshdir != NULL) { @@ -331,7 +337,7 @@ int ssh_options_set_algo(ssh_session session, * Add a new identity file (const char *, format string) to @@ -142,17 +142,17 @@ index 56e09c65..bb085384 100644 return SSH_ERROR; } @@ -1541,7 +1555,6 @@ out: - + int ssh_options_apply(ssh_session session) { - struct ssh_iterator *it; char *tmp; int rc; - + @@ -1586,15 +1599,17 @@ int ssh_options_apply(ssh_session session) size_t plen = strlen(session->opts.ProxyCommand) + 5 /* strlen("exec ") */; - + - p = malloc(plen + 1 /* \0 */); - if (p == NULL) { - return -1; @@ -162,7 +162,7 @@ index 56e09c65..bb085384 100644 + if (p == NULL) { + return -1; + } - + - rc = snprintf(p, plen + 1, "exec %s", session->opts.ProxyCommand); - if ((size_t)rc != plen) { - free(p); @@ -173,12 +173,12 @@ index 56e09c65..bb085384 100644 + return -1; + } } - + tmp = ssh_path_expand_escape(session, p); @@ -1606,24 +1621,33 @@ int ssh_options_apply(ssh_session session) session->opts.ProxyCommand = tmp; } - + - for (it = ssh_list_get_iterator(session->opts.identity); - it != NULL; - it = it->next) { @@ -217,7 +217,7 @@ index 56e09c65..bb085384 100644 - it->data = tmp; } + session->opts.exp_flags |= SSH_OPT_EXP_FLAG_IDENTITY; - + return 0; } diff --git a/src/session.c b/src/session.c @@ -232,12 +232,12 @@ index 64e54957..34a492e4 100644 + if (session->opts.identity_non_exp == NULL) { + goto err; + } - + id = strdup("%d/id_ed25519"); if (id == NULL) { goto err; } - + - rc = ssh_list_append(session->opts.identity, id); + rc = ssh_list_append(session->opts.identity_non_exp, id); if (rc == SSH_ERROR) { @@ -273,7 +273,7 @@ index 64e54957..34a492e4 100644 @@ -284,6 +288,17 @@ void ssh_free(ssh_session session) ssh_list_free(session->opts.identity); } - + + if (session->opts.identity_non_exp) { + char *id; + @@ -288,11 +288,11 @@ index 64e54957..34a492e4 100644 while ((b = ssh_list_pop_head(struct ssh_buffer_struct *, session->out_queue)) != NULL) { SSH_BUFFER_FREE(b); --- +-- 2.38.1 -From 364b4102d3056832d22753c73b37eabce50a6161 Mon Sep 17 00:00:00 2001 +From 4cb84b99fdb1ffd26c0241f5809e4f67ddd407c6 Mon Sep 17 00:00:00 2001 From: Norbert Pocs Date: Wed, 16 Nov 2022 11:03:30 +0100 Subject: [PATCH 2/5] tests: Use opts.identites_non_exp not opts.identities @@ -304,148 +304,22 @@ the identity strings. These tests are testing against the proper configuration Signed-off-by: Norbert Pocs Reviewed-by: Jakub Jelen --- - tests/client/torture_auth.c | 114 +++++++++++++++++++++++++++++ - tests/client/torture_auth_pkcs11.c | 2 +- - tests/unittests/torture_config.c | 3 +- - tests/unittests/torture_options.c | 14 ++-- - 4 files changed, 124 insertions(+), 9 deletions(-) + tests/client/torture_auth_pkcs11.c | 2 +- + tests/unittests/torture_config.c | 3 ++- + tests/unittests/torture_options.c | 14 +++++++------- + 3 files changed, 10 insertions(+), 9 deletions(-) -diff --git a/tests/client/torture_auth.c b/tests/client/torture_auth.c -index 79dbd4a7..deb095ef 100644 ---- a/tests/client/torture_auth.c -+++ b/tests/client/torture_auth.c -@@ -686,6 +686,120 @@ static void torture_auth_agent_nonblocking(void **state) { - assert_ssh_return_code(session, rc); - } - -+static void torture_auth_agent_identities_only(void **state) -+{ -+ struct torture_state *s = *state; -+ ssh_session session = s->ssh.session; -+ char bob_ssh_key[1024]; -+ struct passwd *pwd; -+ int rc; -+ int identities_only = 1; -+ char *id; -+ -+ pwd = getpwnam("bob"); -+ assert_non_null(pwd); -+ -+ snprintf(bob_ssh_key, -+ sizeof(bob_ssh_key), -+ "%s/.ssh/id_rsa", -+ pwd->pw_dir); -+ -+ if (!ssh_agent_is_running(session)){ -+ print_message("*** Agent not running. Test ignored\n"); -+ return; -+ } -+ rc = ssh_options_set(session, SSH_OPTIONS_USER, TORTURE_SSH_USER_ALICE); -+ assert_int_equal(rc, SSH_OK); -+ -+ rc = ssh_options_set(session, SSH_OPTIONS_IDENTITY, &identities_only); -+ assert_int_equal(rc, SSH_OK); -+ -+ /* Remove the default identities */ -+ while ((id = ssh_list_pop_head(char *, session->opts.identity_non_exp)) != NULL) { -+ SAFE_FREE(id); -+ } -+ -+ rc = ssh_connect(session); -+ assert_int_equal(rc, SSH_OK); -+ -+ rc = ssh_userauth_none(session, NULL); -+ /* This request should return a SSH_REQUEST_DENIED error */ -+ if (rc == SSH_ERROR) { -+ assert_int_equal(ssh_get_error_code(session), SSH_REQUEST_DENIED); -+ } -+ rc = ssh_userauth_list(session, NULL); -+ assert_true(rc & SSH_AUTH_METHOD_PUBLICKEY); -+ -+ /* Should fail as key is not in config */ -+ rc = ssh_userauth_agent(session, NULL); -+ assert_ssh_return_code_equal(session, rc, SSH_AUTH_DENIED); -+ -+ /* Re-add a key */ -+ rc = ssh_list_append(session->opts.identity, strdup(bob_ssh_key)); -+ assert_int_equal(rc, SSH_OK); -+ -+ /* Should succeed as key now in config */ -+ rc = ssh_userauth_agent(session, NULL); -+ assert_ssh_return_code(session, rc); -+} -+ -+static void torture_auth_agent_identities_only_protected(void **state) -+{ -+ struct torture_state *s = *state; -+ ssh_session session = s->ssh.session; -+ char bob_ssh_key[1024]; -+ struct passwd *pwd; -+ int rc; -+ int identities_only = 1; -+ char *id; -+ -+ pwd = getpwnam("bob"); -+ assert_non_null(pwd); -+ -+ snprintf(bob_ssh_key, -+ sizeof(bob_ssh_key), -+ "%s/.ssh/id_rsa_protected", -+ pwd->pw_dir); -+ -+ if (!ssh_agent_is_running(session)){ -+ print_message("*** Agent not running. Test ignored\n"); -+ return; -+ } -+ rc = ssh_options_set(session, SSH_OPTIONS_USER, TORTURE_SSH_USER_ALICE); -+ assert_int_equal(rc, SSH_OK); -+ -+ rc = ssh_options_set(session, SSH_OPTIONS_IDENTITY, &identities_only); -+ assert_int_equal(rc, SSH_OK); -+ -+ /* Remove the default identities */ -+ while ((id = ssh_list_pop_head(char *, session->opts.identity_non_exp)) != NULL) { -+ SAFE_FREE(id); -+ } -+ -+ rc = ssh_connect(session); -+ assert_int_equal(rc, SSH_OK); -+ -+ rc = ssh_userauth_none(session, NULL); -+ /* This request should return a SSH_REQUEST_DENIED error */ -+ if (rc == SSH_ERROR) { -+ assert_int_equal(ssh_get_error_code(session), SSH_REQUEST_DENIED); -+ } -+ rc = ssh_userauth_list(session, NULL); -+ assert_true(rc & SSH_AUTH_METHOD_PUBLICKEY); -+ -+ /* Should fail as key is not in config */ -+ rc = ssh_userauth_agent(session, NULL); -+ assert_ssh_return_code_equal(session, rc, SSH_AUTH_DENIED); -+ -+ /* Re-add a key */ -+ rc = ssh_list_append(session->opts.identity, strdup(bob_ssh_key)); -+ assert_int_equal(rc, SSH_OK); -+ -+ /* Should succeed as key now in config */ -+ rc = ssh_userauth_agent(session, NULL); -+ assert_ssh_return_code(session, rc); -+} -+ - static void torture_auth_cert(void **state) { - struct torture_state *s = *state; - ssh_session session = s->ssh.session; diff --git a/tests/client/torture_auth_pkcs11.c b/tests/client/torture_auth_pkcs11.c index ee97bff4..e75fea0e 100644 --- a/tests/client/torture_auth_pkcs11.c +++ b/tests/client/torture_auth_pkcs11.c @@ -196,7 +196,7 @@ static void torture_auth_autopubkey(void **state, const char *obj_name, const ch - + rc = ssh_options_set(session, SSH_OPTIONS_IDENTITY, priv_uri); assert_int_equal(rc, SSH_OK); - assert_string_equal(session->opts.identity->root->data, priv_uri); + assert_string_equal(session->opts.identity_non_exp->root->data, priv_uri); - + rc = ssh_connect(session); assert_int_equal(rc, SSH_OK); diff --git a/tests/unittests/torture_config.c b/tests/unittests/torture_config.c @@ -453,9 +327,9 @@ index 354adc2f..100e68f6 100644 --- a/tests/unittests/torture_config.c +++ b/tests/unittests/torture_config.c @@ -2078,7 +2078,8 @@ static void torture_config_identity(void **state) - + _parse_config(session, NULL, LIBSSH_TESTCONFIG_STRING13, SSH_OK); - + - it = ssh_list_get_iterator(session->opts.identity); + /* The identities are first added to this temporary list before expanding */ + it = ssh_list_get_iterator(session->opts.identity_non_exp); @@ -467,12 +341,12 @@ index dc4df383..3be2de8a 100644 --- a/tests/unittests/torture_options.c +++ b/tests/unittests/torture_options.c @@ -406,12 +406,12 @@ static void torture_options_set_identity(void **state) { - + rc = ssh_options_set(session, SSH_OPTIONS_ADD_IDENTITY, "identity1"); assert_true(rc == 0); - assert_string_equal(session->opts.identity->root->data, "identity1"); + assert_string_equal(session->opts.identity_non_exp->root->data, "identity1"); - + rc = ssh_options_set(session, SSH_OPTIONS_IDENTITY, "identity2"); assert_true(rc == 0); - assert_string_equal(session->opts.identity->root->data, "identity2"); @@ -480,10 +354,10 @@ index dc4df383..3be2de8a 100644 + assert_string_equal(session->opts.identity_non_exp->root->data, "identity2"); + assert_string_equal(session->opts.identity_non_exp->root->next->data, "identity1"); } - + static void torture_options_get_identity(void **state) { @@ -429,7 +429,7 @@ static void torture_options_get_identity(void **state) { - + rc = ssh_options_set(session, SSH_OPTIONS_IDENTITY, "identity2"); assert_int_equal(rc, SSH_OK); - assert_string_equal(session->opts.identity->root->data, "identity2"); @@ -493,7 +367,7 @@ index dc4df383..3be2de8a 100644 assert_non_null(identity); @@ -867,9 +867,9 @@ static void torture_options_copy(void **state) assert_non_null(new); - + /* Check the identities match */ - it = ssh_list_get_iterator(session->opts.identity); + it = ssh_list_get_iterator(session->opts.identity_non_exp); @@ -512,11 +386,11 @@ index dc4df383..3be2de8a 100644 #ifdef WITH_ZLIB assert_string_equal(session->opts.wanted_methods[SSH_COMP_C_S], "zlib@openssh.com,zlib,none"); --- +-- 2.38.1 -From 868e2d7c28b914b3d6f516cfc1e31d79aaddec1c Mon Sep 17 00:00:00 2001 +From cd30217c9032419ebcf722c0bfc6b5ebfa3518d0 Mon Sep 17 00:00:00 2001 From: Norbert Pocs Date: Wed, 16 Nov 2022 16:51:02 +0100 Subject: [PATCH 3/5] Add flags for escape expand operation @@ -540,7 +414,7 @@ index e22b0d67..cf219c2a 100644 @@ -93,6 +93,12 @@ enum ssh_pending_call_e { #define SSH_OPT_FLAG_KBDINT_AUTH 0x4 #define SSH_OPT_FLAG_GSSAPI_AUTH 0x8 - + +/* Escape expansion of different variables */ +#define SSH_OPT_EXP_FLAG_KNOWNHOSTS 0x1 +#define SSH_OPT_EXP_FLAG_GLOBAL_KNOWNHOSTS 0x2 @@ -589,7 +463,7 @@ index bb085384..c566244b 100644 @@ -1572,53 +1575,67 @@ int ssh_options_apply(ssh_session session) } } - + - if (session->opts.knownhosts == NULL) { - tmp = ssh_path_expand_escape(session, "%d/known_hosts"); - } else { @@ -612,7 +486,7 @@ index bb085384..c566244b 100644 } - free(session->opts.knownhosts); - session->opts.knownhosts = tmp; - + - if (session->opts.global_knownhosts == NULL) { - tmp = strdup("/etc/ssh/ssh_known_hosts"); - } else { @@ -636,12 +510,12 @@ index bb085384..c566244b 100644 } - free(session->opts.global_knownhosts); - session->opts.global_knownhosts = tmp; - + - if (session->opts.ProxyCommand != NULL) { - char *p = NULL; - size_t plen = strlen(session->opts.ProxyCommand) + - 5 /* strlen("exec ") */; - + - if (strncmp(session->opts.ProxyCommand, "exec ", 5) != 0) { - p = malloc(plen + 1 /* \0 */); - if (p == NULL) { @@ -658,7 +532,7 @@ index bb085384..c566244b 100644 + if (p == NULL) { + return -1; + } - + - rc = snprintf(p, plen + 1, "exec %s", session->opts.ProxyCommand); - if ((size_t)rc != plen) { + rc = snprintf(p, plen + 1, "exec %s", session->opts.ProxyCommand); @@ -674,7 +548,7 @@ index bb085384..c566244b 100644 + session->opts.ProxyCommand); } - } - + - tmp = ssh_path_expand_escape(session, p); - free(p); - if (tmp == NULL) { @@ -689,7 +563,7 @@ index bb085384..c566244b 100644 - free(session->opts.ProxyCommand); - session->opts.ProxyCommand = tmp; } - + for (tmp = ssh_list_pop_head(char *, session->opts.identity_non_exp); diff --git a/src/session.c b/src/session.c index 34a492e4..06f6a26f 100644 @@ -698,17 +572,17 @@ index 34a492e4..06f6a26f 100644 @@ -114,6 +114,8 @@ ssh_session ssh_new(void) SSH_OPT_FLAG_KBDINT_AUTH | SSH_OPT_FLAG_GSSAPI_AUTH; - + + session->opts.exp_flags = 0; + session->opts.identity = ssh_list_new(); if (session->opts.identity == NULL) { goto err; --- +-- 2.38.1 -From 8849d0d89de7151a1e516ec373f570ba4678dde9 Mon Sep 17 00:00:00 2001 +From ed58082f9706f2ab3bdeca24f632356b9bc325e6 Mon Sep 17 00:00:00 2001 From: Norbert Pocs Date: Wed, 16 Nov 2022 17:17:14 +0100 Subject: [PATCH 4/5] torture_options.c: Add identity test for ssh_options_copy @@ -728,7 +602,7 @@ index 3be2de8a..907cc8df 100644 +++ b/tests/unittests/torture_options.c @@ -918,6 +918,34 @@ static void torture_options_copy(void **state) sizeof(session->opts.options_seen)); - + ssh_free(new); + + /* test if ssh_options_apply was called before ssh_options_copy @@ -759,13 +633,13 @@ index 3be2de8a..907cc8df 100644 + + ssh_free(new); } - + #define EXECUTABLE_NAME "test-exec" --- +-- 2.38.1 -From 88ef38bd1d95b07be4fa818462fb56fcca84cc5a Mon Sep 17 00:00:00 2001 +From 89dd4a927b946d4df5c48073ca25cd843e0acde0 Mon Sep 17 00:00:00 2001 From: Norbert Pocs Date: Wed, 16 Nov 2022 17:18:49 +0100 Subject: [PATCH 5/5] torture_options.c: Add test for ssh_options_apply @@ -787,7 +661,7 @@ index 907cc8df..ea63b45e 100644 @@ -1332,6 +1332,170 @@ static void torture_options_caret_sign(void **state) free(awaited); } - + +static void torture_options_apply (void **state) { + ssh_session session = *state; + struct ssh_list *awaited_list = NULL; @@ -954,15 +828,15 @@ index 907cc8df..ea63b45e 100644 + #ifdef WITH_SERVER const char template[] = "temp_dir_XXXXXX"; - + @@ -2132,6 +2296,7 @@ int torture_run_tests(void) { setup, teardown), cmocka_unit_test_setup_teardown(torture_options_caret_sign, setup, teardown), + cmocka_unit_test_setup_teardown(torture_options_apply, setup, teardown), }; - + #ifdef WITH_SERVER --- +-- 2.38.1 diff --git a/plus_sign.patch b/plus_sign.patch index 7f01208..143a067 100644 --- a/plus_sign.patch +++ b/plus_sign.patch @@ -1,4 +1,4 @@ -From 02d98a940fe82da29dc2e88cbd1609dc873d249f Mon Sep 17 00:00:00 2001 +From d1315bf155f5541e769bac58bdbb1cf343a70952 Mon Sep 17 00:00:00 2001 From: Norbert Pocs Date: Mon, 7 Nov 2022 13:08:02 +0100 Subject: [PATCH 1/6] tokens: Add low-level function to exlclude, prepend lists @@ -30,7 +30,7 @@ index 9896fb06..2d07f8c4 100644 +#endif #endif /* TOKEN_H_ */ diff --git a/src/token.c b/src/token.c -index 0924d3bd..2e26c562 100644 +index 0924d3bd..58befe1d 100644 --- a/src/token.c +++ b/src/token.c @@ -376,6 +376,7 @@ char *ssh_append_without_duplicates(const char *list, @@ -102,7 +102,7 @@ index 0924d3bd..2e26c562 100644 + + ret = calloc(1, strlen(list) + 1); + if (ret == NULL) { -+ return NULL; ++ goto out; + } + + for (i = 0; l_tok->tokens[i]; i++) { @@ -194,7 +194,7 @@ index 0924d3bd..2e26c562 100644 2.38.1 -From 2b33a46804ee76d7f7c651aad71fd26160d4a3cf Mon Sep 17 00:00:00 2001 +From f4516b9d43c4730ca5f60d73567596d65a672e16 Mon Sep 17 00:00:00 2001 From: Norbert Pocs Date: Fri, 11 Nov 2022 17:47:22 +0100 Subject: [PATCH 2/6] torture_tokens.c: Add tests for new token functions @@ -294,7 +294,7 @@ index 6b52b847..438538de 100644 2.38.1 -From 9c228badc727a95f893b7a9a166a12684eb38d4d Mon Sep 17 00:00:00 2001 +From be50b4296574ba59537415b9903e8e4aa94cce53 Mon Sep 17 00:00:00 2001 From: Norbert Pocs Date: Mon, 7 Nov 2022 08:23:30 +0100 Subject: [PATCH 3/6] kex: Add functions for openssh +,-,^ features @@ -446,7 +446,7 @@ index 64083997..1155b9c7 100644 2.38.1 -From 0386dd995a70d7cc33292315f670fa08dea6c8b2 Mon Sep 17 00:00:00 2001 +From 0d5d6e750a0c25700a47a760cb066b6027a54b09 Mon Sep 17 00:00:00 2001 From: Norbert Pocs Date: Mon, 7 Nov 2022 13:13:20 +0100 Subject: [PATCH 4/6] options.c: Add support for openssh config +,-,^ @@ -932,7 +932,7 @@ index 3fc25bd9..1b423fd0 100644 2.38.1 -From d96bffca5980496649e03b38eb85bd676ecc1d68 Mon Sep 17 00:00:00 2001 +From b6cc8f643624231a583bd7972e9503b3fa434caa Mon Sep 17 00:00:00 2001 From: Norbert Pocs Date: Mon, 7 Nov 2022 08:28:31 +0100 Subject: [PATCH 5/6] torture_options.c: Add test for config +,-,^ feature @@ -1188,7 +1188,7 @@ index e1d16f02..dc4df383 100644 2.38.1 -From 535425e6ebebae5e3a1f1117ae1fd687633df1ae Mon Sep 17 00:00:00 2001 +From c73996c4e747a9e28f919d660411c804bc748324 Mon Sep 17 00:00:00 2001 From: Norbert Pocs Date: Thu, 10 Nov 2022 10:50:52 +0100 Subject: [PATCH 6/6] torture_config.c: Add test for +,-,^ config feature