rpms/libssh
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix covscan an remove unwanted test

Browse Source 
Related: rhbz#2137839, rhbz#2136824

Signed-off-by: Norbert Pocs <npocs@redhat.com>
This commit is contained in:
Norbert Pocs 2022-12-01 09:51:17 +01:00
parent c60d1b2ad7
commit 748f26f4b5
3 changed files with 66 additions and 187 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
libssh.spec
View File

@ -1,6 +1,6 @@
Name: libssh
Version: 0.10.4
Release: 5%{?dist}
Release: 6%{?dist}
Summary: A library implementing the SSH protocol
License: LGPLv2+
URL: http://www.libssh.org
@ -137,6 +137,11 @@ popd
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/libssh/libssh_server.config
%changelog
* Thu Dec 1 2022 Norbert Pocs <npocs@redhat.com> - 0.10.4-6
- Fix covscan error
- Remove unwanted test with yet unimplemented feature
- Related: rhbz#2137839, rhbz#2136824
* Thu Dec 01 2022 Stanislav Zidek <szidek@redhat.com> - 0.10.4-5
+ libssh-0.10.4-5
- Fixed CI configuration due to TMT changes

142
options_apply.patch
View File

@ -1,4 +1,4 @@
From e7dd88167b68cbee7c603e8cd5fbb96ef3040c85 Mon Sep 17 00:00:00 2001
From 11c0d687a081fe64501e21c95def7f893611d029 Mon Sep 17 00:00:00 2001
From: Norbert Pocs <npocs@redhat.com>
Date: Wed, 16 Nov 2022 10:40:38 +0100
Subject: [PATCH 1/5] Add a placehohlder for non-expanded identities
@ -292,7 +292,7 @@ index 64e54957..34a492e4 100644
2.38.1
From 364b4102d3056832d22753c73b37eabce50a6161 Mon Sep 17 00:00:00 2001
From 4cb84b99fdb1ffd26c0241f5809e4f67ddd407c6 Mon Sep 17 00:00:00 2001
From: Norbert Pocs <npocs@redhat.com>
Date: Wed, 16 Nov 2022 11:03:30 +0100
Subject: [PATCH 2/5] tests: Use opts.identites_non_exp not opts.identities
@ -304,137 +304,11 @@ the identity strings. These tests are testing against the proper configuration
Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
---
tests/client/torture_auth.c | 114 +++++++++++++++++++++++++++++
tests/client/torture_auth_pkcs11.c | 2 +-
tests/unittests/torture_config.c | 3 +-
tests/unittests/torture_options.c | 14 ++--
4 files changed, 124 insertions(+), 9 deletions(-)
tests/unittests/torture_config.c | 3 ++-
tests/unittests/torture_options.c | 14 +++++++-------
3 files changed, 10 insertions(+), 9 deletions(-)
diff --git a/tests/client/torture_auth.c b/tests/client/torture_auth.c
index 79dbd4a7..deb095ef 100644
--- a/tests/client/torture_auth.c
+++ b/tests/client/torture_auth.c
@@ -686,6 +686,120 @@ static void torture_auth_agent_nonblocking(void **state) {
assert_ssh_return_code(session, rc);
}
+static void torture_auth_agent_identities_only(void **state)
+{
+ struct torture_state *s = *state;
+ ssh_session session = s->ssh.session;
+ char bob_ssh_key[1024];
+ struct passwd *pwd;
+ int rc;
+ int identities_only = 1;
+ char *id;
+
+ pwd = getpwnam("bob");
+ assert_non_null(pwd);
+
+ snprintf(bob_ssh_key,
+ sizeof(bob_ssh_key),
+ "%s/.ssh/id_rsa",
+ pwd->pw_dir);
+
+ if (!ssh_agent_is_running(session)){
+ print_message("*** Agent not running. Test ignored\n");
+ return;
+ }
+ rc = ssh_options_set(session, SSH_OPTIONS_USER, TORTURE_SSH_USER_ALICE);
+ assert_int_equal(rc, SSH_OK);
+
+ rc = ssh_options_set(session, SSH_OPTIONS_IDENTITY, &identities_only);
+ assert_int_equal(rc, SSH_OK);
+
+ /* Remove the default identities */
+ while ((id = ssh_list_pop_head(char *, session->opts.identity_non_exp)) != NULL) {
+ SAFE_FREE(id);
+ }
+
+ rc = ssh_connect(session);
+ assert_int_equal(rc, SSH_OK);
+
+ rc = ssh_userauth_none(session, NULL);
+ /* This request should return a SSH_REQUEST_DENIED error */
+ if (rc == SSH_ERROR) {
+ assert_int_equal(ssh_get_error_code(session), SSH_REQUEST_DENIED);
+ }
+ rc = ssh_userauth_list(session, NULL);
+ assert_true(rc & SSH_AUTH_METHOD_PUBLICKEY);
+
+ /* Should fail as key is not in config */
+ rc = ssh_userauth_agent(session, NULL);
+ assert_ssh_return_code_equal(session, rc, SSH_AUTH_DENIED);
+
+ /* Re-add a key */
+ rc = ssh_list_append(session->opts.identity, strdup(bob_ssh_key));
+ assert_int_equal(rc, SSH_OK);
+
+ /* Should succeed as key now in config */
+ rc = ssh_userauth_agent(session, NULL);
+ assert_ssh_return_code(session, rc);
+}
+
+static void torture_auth_agent_identities_only_protected(void **state)
+{
+ struct torture_state *s = *state;
+ ssh_session session = s->ssh.session;
+ char bob_ssh_key[1024];
+ struct passwd *pwd;
+ int rc;
+ int identities_only = 1;
+ char *id;
+
+ pwd = getpwnam("bob");
+ assert_non_null(pwd);
+
+ snprintf(bob_ssh_key,
+ sizeof(bob_ssh_key),
+ "%s/.ssh/id_rsa_protected",
+ pwd->pw_dir);
+
+ if (!ssh_agent_is_running(session)){
+ print_message("*** Agent not running. Test ignored\n");
+ return;
+ }
+ rc = ssh_options_set(session, SSH_OPTIONS_USER, TORTURE_SSH_USER_ALICE);
+ assert_int_equal(rc, SSH_OK);
+
+ rc = ssh_options_set(session, SSH_OPTIONS_IDENTITY, &identities_only);
+ assert_int_equal(rc, SSH_OK);
+
+ /* Remove the default identities */
+ while ((id = ssh_list_pop_head(char *, session->opts.identity_non_exp)) != NULL) {
+ SAFE_FREE(id);
+ }
+
+ rc = ssh_connect(session);
+ assert_int_equal(rc, SSH_OK);
+
+ rc = ssh_userauth_none(session, NULL);
+ /* This request should return a SSH_REQUEST_DENIED error */
+ if (rc == SSH_ERROR) {
+ assert_int_equal(ssh_get_error_code(session), SSH_REQUEST_DENIED);
+ }
+ rc = ssh_userauth_list(session, NULL);
+ assert_true(rc & SSH_AUTH_METHOD_PUBLICKEY);
+
+ /* Should fail as key is not in config */
+ rc = ssh_userauth_agent(session, NULL);
+ assert_ssh_return_code_equal(session, rc, SSH_AUTH_DENIED);
+
+ /* Re-add a key */
+ rc = ssh_list_append(session->opts.identity, strdup(bob_ssh_key));
+ assert_int_equal(rc, SSH_OK);
+
+ /* Should succeed as key now in config */
+ rc = ssh_userauth_agent(session, NULL);
+ assert_ssh_return_code(session, rc);
+}
+
static void torture_auth_cert(void **state) {
struct torture_state *s = *state;
ssh_session session = s->ssh.session;
diff --git a/tests/client/torture_auth_pkcs11.c b/tests/client/torture_auth_pkcs11.c
index ee97bff4..e75fea0e 100644
--- a/tests/client/torture_auth_pkcs11.c
@ -516,7 +390,7 @@ index dc4df383..3be2de8a 100644
2.38.1
From 868e2d7c28b914b3d6f516cfc1e31d79aaddec1c Mon Sep 17 00:00:00 2001
From cd30217c9032419ebcf722c0bfc6b5ebfa3518d0 Mon Sep 17 00:00:00 2001
From: Norbert Pocs <npocs@redhat.com>
Date: Wed, 16 Nov 2022 16:51:02 +0100
Subject: [PATCH 3/5] Add flags for escape expand operation
@ -708,7 +582,7 @@ index 34a492e4..06f6a26f 100644
2.38.1
From 8849d0d89de7151a1e516ec373f570ba4678dde9 Mon Sep 17 00:00:00 2001
From ed58082f9706f2ab3bdeca24f632356b9bc325e6 Mon Sep 17 00:00:00 2001
From: Norbert Pocs <npocs@redhat.com>
Date: Wed, 16 Nov 2022 17:17:14 +0100
Subject: [PATCH 4/5] torture_options.c: Add identity test for ssh_options_copy
@ -765,7 +639,7 @@ index 3be2de8a..907cc8df 100644
2.38.1
From 88ef38bd1d95b07be4fa818462fb56fcca84cc5a Mon Sep 17 00:00:00 2001
From 89dd4a927b946d4df5c48073ca25cd843e0acde0 Mon Sep 17 00:00:00 2001
From: Norbert Pocs <npocs@redhat.com>
Date: Wed, 16 Nov 2022 17:18:49 +0100
Subject: [PATCH 5/5] torture_options.c: Add test for ssh_options_apply

16
plus_sign.patch
View File

@ -1,4 +1,4 @@
From 02d98a940fe82da29dc2e88cbd1609dc873d249f Mon Sep 17 00:00:00 2001
From d1315bf155f5541e769bac58bdbb1cf343a70952 Mon Sep 17 00:00:00 2001
From: Norbert Pocs <npocs@redhat.com>
Date: Mon, 7 Nov 2022 13:08:02 +0100
Subject: [PATCH 1/6] tokens: Add low-level function to exlclude, prepend lists
@ -30,7 +30,7 @@ index 9896fb06..2d07f8c4 100644
+#endif
#endif /* TOKEN_H_ */
diff --git a/src/token.c b/src/token.c
index 0924d3bd..2e26c562 100644
index 0924d3bd..58befe1d 100644
--- a/src/token.c
+++ b/src/token.c
@@ -376,6 +376,7 @@ char *ssh_append_without_duplicates(const char *list,
@ -102,7 +102,7 @@ index 0924d3bd..2e26c562 100644
+
+ ret = calloc(1, strlen(list) + 1);
+ if (ret == NULL) {
+ return NULL;
+ goto out;
+ }
+
+ for (i = 0; l_tok->tokens[i]; i++) {
@ -194,7 +194,7 @@ index 0924d3bd..2e26c562 100644
2.38.1
From 2b33a46804ee76d7f7c651aad71fd26160d4a3cf Mon Sep 17 00:00:00 2001
From f4516b9d43c4730ca5f60d73567596d65a672e16 Mon Sep 17 00:00:00 2001
From: Norbert Pocs <npocs@redhat.com>
Date: Fri, 11 Nov 2022 17:47:22 +0100
Subject: [PATCH 2/6] torture_tokens.c: Add tests for new token functions
@ -294,7 +294,7 @@ index 6b52b847..438538de 100644
2.38.1
From 9c228badc727a95f893b7a9a166a12684eb38d4d Mon Sep 17 00:00:00 2001
From be50b4296574ba59537415b9903e8e4aa94cce53 Mon Sep 17 00:00:00 2001
From: Norbert Pocs <npocs@redhat.com>
Date: Mon, 7 Nov 2022 08:23:30 +0100
Subject: [PATCH 3/6] kex: Add functions for openssh +,-,^ features
@ -446,7 +446,7 @@ index 64083997..1155b9c7 100644
2.38.1
From 0386dd995a70d7cc33292315f670fa08dea6c8b2 Mon Sep 17 00:00:00 2001
From 0d5d6e750a0c25700a47a760cb066b6027a54b09 Mon Sep 17 00:00:00 2001
From: Norbert Pocs <npocs@redhat.com>
Date: Mon, 7 Nov 2022 13:13:20 +0100
Subject: [PATCH 4/6] options.c: Add support for openssh config +,-,^
@ -932,7 +932,7 @@ index 3fc25bd9..1b423fd0 100644
2.38.1
From d96bffca5980496649e03b38eb85bd676ecc1d68 Mon Sep 17 00:00:00 2001
From b6cc8f643624231a583bd7972e9503b3fa434caa Mon Sep 17 00:00:00 2001
From: Norbert Pocs <npocs@redhat.com>
Date: Mon, 7 Nov 2022 08:28:31 +0100
Subject: [PATCH 5/6] torture_options.c: Add test for config +,-,^ feature
@ -1188,7 +1188,7 @@ index e1d16f02..dc4df383 100644
2.38.1
From 535425e6ebebae5e3a1f1117ae1fd687633df1ae Mon Sep 17 00:00:00 2001
From c73996c4e747a9e28f919d660411c804bc748324 Mon Sep 17 00:00:00 2001
From: Norbert Pocs <npocs@redhat.com>
Date: Thu, 10 Nov 2022 10:50:52 +0100
Subject: [PATCH 6/6] torture_config.c: Add test for +,-,^ config feature