Changeset 6dce755701391df148a6d93e5c9cb138d73ee5c1

Timestamp:

09/26/09 15:51:57 (4 years ago)

Author:

Theo Schlossnagle <jesus@omniti.com>

git-committer:

Theo Schlossnagle <jesus@omniti.com> 1253980317 +0000

git-parent:

[4a67d452816c39b086e4f2ba5be9d12cf51aa81b]

git-author:

Theo Schlossnagle <jesus@omniti.com> 1253980317 +0000

Message:

think this should cover it, needs testing. refs #176

Files:

• src/modules/ssh2.c (modified) (4 diffs)
• src/modules/ssh2.xml (modified) (1 diff)

src/modules/ssh2.c

@@ -55 +55 @@
-  noit_module_t *self;
-  noit_check_t *check;
+  struct {
+    char *kex;
+    char *hostkey;
+    char *crypt_cs;
+    char *crypt_sc;
+    char *mac_cs;
+    char *mac_sc;
+    char *comp_cs;
+    char *comp_sc;
+  } methods;
-  enum {
-    WANT_CONNECT = 0,
@@ -82 +92 @@
-      libssh2_session_free(ci->session);
-    }
+    if(ci->methods.kex) free(ci->methods.kex);
+    if(ci->methods.hostkey) free(ci->methods.hostkey);
+    if(ci->methods.crypt_cs) free(ci->methods.crypt_cs);
+    if(ci->methods.crypt_sc) free(ci->methods.crypt_sc);
+    if(ci->methods.mac_cs) free(ci->methods.mac_cs);
+    if(ci->methods.mac_sc) free(ci->methods.mac_sc);
+    if(ci->methods.comp_cs) free(ci->methods.comp_cs);
+    if(ci->methods.comp_sc) free(ci->methods.comp_sc);
-    if(ci->error) free(ci->error);
-    memset(ci, 0, sizeof(*ci));
@@ -137 +155 @@
-      }
-      ci->session = libssh2_session_init();
+#define set_method(a,b) do { \
+  int rv; \
+  if(ci->methods.a && \
+     (rv = libssh2_session_method_pref(ci->session, b, ci->methods.a)) != 0) { \
+    ci->timed_out = 0; \
+    ci->error = strdup((rv == LIBSSH2_ERROR_METHOD_NOT_SUPPORTED) ? \
+                         #a " method not supported" : "error setting " #a); \
+    return 0; \
+  } \
+} while(0)
+      set_method(kex, LIBSSH2_METHOD_KEX);
+      set_method(hostkey, LIBSSH2_METHOD_HOSTKEY);
+      set_method(crypt_cs, LIBSSH2_METHOD_CRYPT_CS);
+      set_method(crypt_sc, LIBSSH2_METHOD_CRYPT_SC);
+      set_method(mac_cs, LIBSSH2_METHOD_MAC_CS);
+      set_method(mac_sc, LIBSSH2_METHOD_MAC_SC);
+      set_method(comp_cs, LIBSSH2_METHOD_COMP_CS);
+      set_method(comp_sc, LIBSSH2_METHOD_COMP_SC);
-      if (libssh2_session_startup(ci->session, e->fd)) {
-        ci->timed_out = 0;
@@ -260 +296 @@
-    ssh_port = (unsigned short)atoi(port_str);
-  }
+#define config_method(a) do { \
+  const char *v; \
+  if(noit_hash_retr_str(check->config, "method_" #a, strlen("method_" #a), \
+                        &v)) \
+    ci->methods.a = strdup(v); \
+} while(0)
+  config_method(kex);
+  config_method(hostkey);
+  config_method(crypt_cs);
+  config_method(crypt_sc);
+  config_method(mac_cs);
+  config_method(mac_sc);
+  config_method(comp_cs);
+  config_method(comp_sc);
-  memset(&sockaddr, 0, sizeof(sockaddr));
-  sockaddr.sin6.sin6_family = check->target_family;

src/modules/ssh2.xml

@@ -10 +10 @@
-               default="22"
-               allowed="\d+">The TCP port on which the remote server's ssh service is running.</parameter>
+    <parameter name="method_kex"
+               required="optional"
+               default=""
+               allowed="^diffie-hellman-(?:group1-sha1|group14-sha1|group-exchange-sha1)$">The key exchange method to use.</parameter>
+    <parameter name="method_hostkey"
+               required="optional"
+               default=""
+               allowed="^(?:ssh-dss|ssh-rsa)$">The host key algorithm supported.</parameter>
+    <parameter name="method_crypt_cs"
+               required="optional"
+               default=""
+               allowed="^(?:aes256-cbc|aes192-cbc|aes128-cbc|blowfish-cbc|arcfour|cast128-cbc|3des-cbc|none)$">The encryption algorithm used from client to server.</parameter>
+    <parameter name="method_crypt_sc"
+               required="optional"
+               default=""
+               allowed="^(?:aes256-cbc|aes192-cbc|aes128-cbc|blowfish-cbc|arcfour|cast128-cbc|3des-cbc|none)$">The encryption algorithm used from server to client.</parameter>
+    <parameter name="method_mac_cs"
+               required="optional"
+               default=""
+               allowed="^(?:hmac-sha1|hmac-sha1-96|hmac-md5|hmac-md5-96|hmac-ripemd160|none)$">The message authentication code algorithm used from client to server.</parameter>
+    <parameter name="method_mac_sc"
+               required="optional"
+               default=""
+               allowed="^(?:hmac-sha1|hmac-sha1-96|hmac-md5|hmac-md5-96|hmac-ripemd160|none)$">The message authentication code algorithm used from server to client.</parameter>
+    <parameter name="method_comp_cs"
+               required="optional"
+               default="none"
+               allowed="^(?:zlib|none)$">The compress algorithm used from client to server.</parameter>
+    <parameter name="method_comp_sc"
+               required="optional"
+               default="none"
+               allowed="^(?:zlib|none)$">The compress algorithm used from server to client.</parameter>
-  </checkconfig>
-  <examples>