From 066a44edb1d07d6d4f5694e5301910178c5c3b37 Mon Sep 17 00:00:00 2001 From: Fredrik Gustafsson Date: Fri, 8 Mar 2013 09:34:35 +0100 Subject: Fixed rekeying initiation and secured testcase --- lib/ssh/src/ssh_connection_handler.erl | 31 ++++++++++++++++++++++++++++--- lib/ssh/test/ssh_basic_SUITE.erl | 2 +- 2 files changed, 29 insertions(+), 4 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl index 74a6ac7d19..1c4477aeb3 100644 --- a/lib/ssh/src/ssh_connection_handler.erl +++ b/lib/ssh/src/ssh_connection_handler.erl @@ -213,6 +213,29 @@ key_exchange(#ssh_msg_kexdh_init{} = Msg, description = Desc, language = "en"}, State) end; + +key_exchange({#ssh_msg_kexinit{} = Kex, Payload}, + #state{ssh_params = #ssh{role = Role} = Ssh0, + key_exchange_init_msg = OwnKex} = + State) -> + Ssh1 = ssh_transport:key_init(opposite_role(Role), Ssh0, Payload), + try ssh_transport:handle_kexinit_msg(Kex, OwnKex, Ssh1) of + {ok, NextKexMsg, Ssh} when Role == client -> + send_msg(NextKexMsg, State), + {next_state, key_exchange, + next_packet(State#state{ssh_params = Ssh})}; + {ok, Ssh} when Role == server -> + {next_state, key_exchange, + next_packet(State#state{ssh_params = Ssh})} + catch + #ssh_msg_disconnect{} = DisconnectMsg -> + handle_disconnect(DisconnectMsg, State); + _:Error -> + Desc = log_error(Error), + handle_disconnect(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED, + description = Desc, + language = "en"}, State) + end; key_exchange(#ssh_msg_kexdh_reply{} = Msg, #state{ssh_params = #ssh{role = client} = Ssh0} = State) -> @@ -456,7 +479,9 @@ userauth(#ssh_msg_userauth_banner{message = Msg}, {next_state, userauth, next_packet(State)}. connected({#ssh_msg_kexinit{}, _Payload} = Event, State) -> - kexinit(Event, State#state{renegotiate = true}). + kexinit(Event, State#state{renegotiate = true}); +connected({#ssh_msg_kexdh_init{}, _Payload} = Event, State) -> + key_exchange(Event, State#state{renegotiate = true}). %%-------------------------------------------------------------------- %% Function: @@ -510,7 +535,7 @@ handle_event({info, From, Options}, StateName, #state{ssh_params = Ssh} = State spawn(?MODULE, ssh_info_handler, [Options, Ssh, From]), {next_state, StateName, State}; handle_event(data_size, connected, #state{ssh_params = Ssh0} = State) -> - Sent = inet:getstat(State#state.socket, [send_oct]), + {ok, [{send_oct,Sent}]} = inet:getstat(State#state.socket, [send_oct]), MaxSent = proplists:get_value(rekey_limit, State#state.opts, 1024000000), case Sent >= MaxSent of true -> @@ -518,7 +543,7 @@ handle_event(data_size, connected, #state{ssh_params = Ssh0} = State) -> send_msg(SshPacket, State), {next_state, connected, next_packet(State#state{ssh_params = Ssh, - key_exchange_init_msg = KeyInitMsg, + key_exchange_init_msg = KeyInitMsg, renegotiate = true})}; _ -> {next_state, connected, next_packet(State)} diff --git a/lib/ssh/test/ssh_basic_SUITE.erl b/lib/ssh/test/ssh_basic_SUITE.erl index efcb11f88f..80273420d9 100644 --- a/lib/ssh/test/ssh_basic_SUITE.erl +++ b/lib/ssh/test/ssh_basic_SUITE.erl @@ -272,7 +272,7 @@ rekey(Config) -> {user_interaction, false}, {rekey_limit, 0}]), receive - after 15000 -> + after 200000 -> %%By this time rekeying would have been done ssh:close(ConnectionRef), ssh:stop_daemon(Pid) -- cgit v1.2.3 From 1de4f9f6565438777dd461bd9fa1c9c560f69ed1 Mon Sep 17 00:00:00 2001 From: Erlang/OTP Date: Fri, 8 Mar 2013 09:35:37 +0100 Subject: Prepare release --- lib/ssh/doc/src/notes.xml | 28 ++++++++++++++++++++++++++++ lib/ssh/vsn.mk | 2 +- 2 files changed, 29 insertions(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/notes.xml b/lib/ssh/doc/src/notes.xml index 12175d9a29..dead764700 100644 --- a/lib/ssh/doc/src/notes.xml +++ b/lib/ssh/doc/src/notes.xml @@ -29,6 +29,34 @@ notes.xml +
Ssh 2.1.5 + +
Fixed Bugs and Malfunctions + + +

+ Bug in rekeying for daemon fixed.

+

+ Own Id: OTP-10911

+ + +
+ + +
Improvements and New Features + + +

+ Enhanced error message and added test for ssh clients + trying to start non existing subsystems.

+

+ Own Id: OTP-10714

+ + +
+ +
+
Ssh 2.1.4
Improvements and New Features diff --git a/lib/ssh/vsn.mk b/lib/ssh/vsn.mk index 9fc4b0522e..8f6aac1f5d 100644 --- a/lib/ssh/vsn.mk +++ b/lib/ssh/vsn.mk @@ -1,5 +1,5 @@ #-*-makefile-*- ; force emacs to enter makefile-mode -SSH_VSN = 2.1.4 +SSH_VSN = 2.1.5 APP_VSN = "ssh-$(SSH_VSN)" -- cgit v1.2.3 From 6b6d5b245bba849b84fdfb37dbbf88693c4ce97f Mon Sep 17 00:00:00 2001 From: Fredrik Gustafsson Date: Fri, 8 Mar 2013 14:31:33 +0100 Subject: Fixed appup for 2.1.5 --- lib/ssh/src/ssh.appup.src | 2 ++ 1 file changed, 2 insertions(+) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh.appup.src b/lib/ssh/src/ssh.appup.src index c4b5aa256b..54ab5d3f7d 100644 --- a/lib/ssh/src/ssh.appup.src +++ b/lib/ssh/src/ssh.appup.src @@ -19,6 +19,7 @@ {"%VSN%", [ + {<<"2.1.4">>, [{load_module, ssh_connection_handler, soft_purge, soft_purge, []}]}, {<<"2.1.3">>, [{restart_application, ssh}]}, {<<"2.1.2">>, [{restart_application, ssh}]}, {<<"2.1.1">>, [{restart_application, ssh}]}, @@ -27,6 +28,7 @@ {<<"1\\.*">>, [{restart_application, ssh}]} ], [ + {<<"2.1.4">>, [{load_module, ssh_connection_handler, soft_purge, soft_purge, []}]}, {<<"2.1.3">>, [{restart_application, ssh}]}, {<<"2.1.2">>, [{restart_application, ssh}]}, {<<"2.1.1">>, [{restart_application, ssh}]}, -- cgit v1.2.3 From 6555de9a5083aad4b56ba4dd6d70d05c41bc59b2 Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Mon, 25 Feb 2013 15:32:48 +0100 Subject: ssh: Test and enhance handling of nonexistent subsystem --- lib/ssh/src/ssh_sftp.erl | 2 +- lib/ssh/test/ssh_sftp_SUITE.erl | 32 ++++++++++++++++++++++++++++---- lib/ssh/test/ssh_to_openssh_SUITE.erl | 18 +++++++++++++++++- 3 files changed, 46 insertions(+), 6 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_sftp.erl b/lib/ssh/src/ssh_sftp.erl index f3afbe01bf..10167a9223 100644 --- a/lib/ssh/src/ssh_sftp.erl +++ b/lib/ssh/src/ssh_sftp.erl @@ -403,7 +403,7 @@ init([Cm, ChannelId, Timeout]) -> rep_buf = <<>>, inf = new_inf()}}; failure -> - {stop, {error, "server failed to start sftp subsystem"}}; + {stop, "server failed to start sftp subsystem"}; Error -> {stop, Error} end. diff --git a/lib/ssh/test/ssh_sftp_SUITE.erl b/lib/ssh/test/ssh_sftp_SUITE.erl index 232161d029..ac93db8f2e 100644 --- a/lib/ssh/test/ssh_sftp_SUITE.erl +++ b/lib/ssh/test/ssh_sftp_SUITE.erl @@ -41,7 +41,9 @@ suite() -> all() -> [{group, erlang_server}, - {group, openssh_server}]. + {group, openssh_server}, + sftp_nonexistent_subsystem + ]. init_per_suite(Config) -> @@ -76,9 +78,7 @@ init_per_group(erlang_server, Config) -> ssh_test_lib:daemon([{system_dir, SysDir}, {user_dir, PrivDir}, {user_passwords, - [{?USER, ?PASSWD}]}, - {failfun, - fun ssh_test_lib:failfun/2}]), + [{?USER, ?PASSWD}]}]), [{group, erlang_server}, {sftpd, Sftpd} | Config]; init_per_group(openssh_server, Config) -> @@ -100,6 +100,17 @@ end_per_group(_, Config) -> %%-------------------------------------------------------------------- +init_per_testcase(sftp_nonexistent_subsystem, Config) -> + PrivDir = ?config(priv_dir, Config), + SysDir = ?config(data_dir, Config), + Sftpd = ssh_test_lib:daemon([{system_dir, SysDir}, + {user_dir, PrivDir}, + {subsystems, []}, + {user_passwords, + [{?USER, ?PASSWD}]} + ]), + [{sftpd, Sftpd} | Config]; + init_per_testcase(Case, Config) -> prep(Config), TmpConfig0 = lists:keydelete(watchdog, 1, Config), @@ -129,6 +140,8 @@ init_per_testcase(Case, Config) -> [{sftp, Sftp}, {watchdog, Dog} | TmpConfig] end. +end_per_testcase(sftp_nonexistent_subsystem, Config) -> + Config; end_per_testcase(rename_file, Config) -> PrivDir = ?config(priv_dir, Config), NewFileName = filename:join(PrivDir, "test.txt"), @@ -422,6 +435,17 @@ pos_write(Config) when is_list(Config) -> NewData1 = list_to_binary("Bye, see you tomorrow!"), {ok, NewData1} = ssh_sftp:read_file(Sftp, FileName). +%%-------------------------------------------------------------------- +sftp_nonexistent_subsystem() -> + [""]. +sftp_nonexistent_subsystem(Config) when is_list(Config) -> + {_,Host, Port} = ?config(sftpd, Config), + {error,"server failed to start sftp subsystem"} = + ssh_sftp:start_channel(Host, Port, + [{user_interaction, false}, + {user, ?USER}, {password, ?PASSWD}, + {silently_accept_hosts, true}]). + %%-------------------------------------------------------------------- %% Internal functions ------------------------------------------------ %%-------------------------------------------------------------------- diff --git a/lib/ssh/test/ssh_to_openssh_SUITE.erl b/lib/ssh/test/ssh_to_openssh_SUITE.erl index 99dc76e12d..75e73712f1 100644 --- a/lib/ssh/test/ssh_to_openssh_SUITE.erl +++ b/lib/ssh/test/ssh_to_openssh_SUITE.erl @@ -49,7 +49,9 @@ groups() -> erlang_client_openssh_server_setenv, erlang_client_openssh_server_publickey_rsa, erlang_client_openssh_server_publickey_dsa, - erlang_client_openssh_server_password]}, + erlang_client_openssh_server_password, + erlang_client_openssh_server_nonexistent_subsystem + ]}, {erlang_server, [], [erlang_server_openssh_client_exec, erlang_server_openssh_client_exec_compressed, erlang_server_openssh_client_pulic_key_dsa]} @@ -401,6 +403,20 @@ erlang_client_openssh_server_password(Config) when is_list(Config) -> ct:pal("Whoami failed reason: ~n", []) end. +%%-------------------------------------------------------------------- + +erlang_client_openssh_server_nonexistent_subsystem() -> + [{doc, "Test client password option"}]. +erlang_client_openssh_server_nonexistent_subsystem(Config) when is_list(Config) -> + + ConnectionRef = ssh_test_lib:connect(?SSH_DEFAULT_PORT, + [{user_interaction, false}, + silently_accept_hosts]), + + {ok, ChannelId} = ssh_connection:session_channel(ConnectionRef, infinity), + + failure = ssh_connection:subsystem(ConnectionRef, ChannelId, "foo", infinity). + %%-------------------------------------------------------------------- % %% Not possible to send password with openssh without user interaction -- cgit v1.2.3 From 2a2fa47f14a69ea49709552196db61df971e0a2d Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Fri, 1 Mar 2013 14:42:32 +0100 Subject: ssh: Prepare for upcoming release Note: If more things are added before the next releas the appup will need more updates. --- lib/ssh/src/ssh.appup.src | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh.appup.src b/lib/ssh/src/ssh.appup.src index c4b5aa256b..f4986410ab 100644 --- a/lib/ssh/src/ssh.appup.src +++ b/lib/ssh/src/ssh.appup.src @@ -19,6 +19,7 @@ {"%VSN%", [ + {<<"2.1.4">>, [{load_module, ssh_sftp, soft_purge, soft_purge, []}]}, {<<"2.1.3">>, [{restart_application, ssh}]}, {<<"2.1.2">>, [{restart_application, ssh}]}, {<<"2.1.1">>, [{restart_application, ssh}]}, @@ -27,7 +28,7 @@ {<<"1\\.*">>, [{restart_application, ssh}]} ], [ - {<<"2.1.3">>, [{restart_application, ssh}]}, + {<<"2.1.4">>, [{load_module, ssh_sftp, soft_purge, soft_purge, []}]}, {<<"2.1.2">>, [{restart_application, ssh}]}, {<<"2.1.1">>, [{restart_application, ssh}]}, {<<"2.1">>,[{restart_application, ssh}]}, -- cgit v1.2.3