mirror of
https://github.com/clearml/dropbear
synced 2025-06-16 03:09:09 +00:00
Improve capitalisation for all logged strings
--HG-- extra : convert_revision : 997e53cec7a9efb7413ac6e17b6be60a5597bd2e
This commit is contained in:
Matt Johnston
parent
1e4ed404c5
commit
38ed870ffe
6
bignum.c
6
bignum.c
@ -31,7 +31,7 @@
|
|||||||
void m_mp_init(mp_int *mp) {
|
void m_mp_init(mp_int *mp) {
|
||||||
|
|
||||||
if (mp_init(mp) != MP_OKAY) {
|
if (mp_init(mp) != MP_OKAY) {
|
||||||
dropbear_exit("mem alloc error");
|
dropbear_exit("Mem alloc error");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -45,7 +45,7 @@ void m_mp_init_multi(mp_int *mp, ...)
|
|||||||
va_start(args, mp); /* init args to next argument from caller */
|
va_start(args, mp); /* init args to next argument from caller */
|
||||||
while (cur_arg != NULL) {
|
while (cur_arg != NULL) {
|
||||||
if (mp_init(cur_arg) != MP_OKAY) {
|
if (mp_init(cur_arg) != MP_OKAY) {
|
||||||
dropbear_exit("mem alloc error");
|
dropbear_exit("Mem alloc error");
|
||||||
}
|
}
|
||||||
cur_arg = va_arg(args, mp_int*);
|
cur_arg = va_arg(args, mp_int*);
|
||||||
}
|
}
|
||||||
@ -55,7 +55,7 @@ void m_mp_init_multi(mp_int *mp, ...)
|
|||||||
void bytes_to_mp(mp_int *mp, const unsigned char* bytes, unsigned int len) {
|
void bytes_to_mp(mp_int *mp, const unsigned char* bytes, unsigned int len) {
|
||||||
|
|
||||||
if (mp_read_unsigned_bin(mp, (unsigned char*)bytes, len) != MP_OKAY) {
|
if (mp_read_unsigned_bin(mp, (unsigned char*)bytes, len) != MP_OKAY) {
|
||||||
dropbear_exit("mem alloc error");
|
dropbear_exit("Mem alloc error");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
18
buffer.c
18
buffer.c
@ -106,7 +106,7 @@ buffer* buf_newcopy(buffer* buf) {
|
|||||||
/* Set the length of the buffer */
|
/* Set the length of the buffer */
|
||||||
void buf_setlen(buffer* buf, unsigned int len) {
|
void buf_setlen(buffer* buf, unsigned int len) {
|
||||||
if (len > buf->size) {
|
if (len > buf->size) {
|
||||||
dropbear_exit("bad buf_setlen");
|
dropbear_exit("Bad buf_setlen");
|
||||||
}
|
}
|
||||||
buf->len = len;
|
buf->len = len;
|
||||||
}
|
}
|
||||||
@ -114,7 +114,7 @@ void buf_setlen(buffer* buf, unsigned int len) {
|
|||||||
/* Increment the length of the buffer */
|
/* Increment the length of the buffer */
|
||||||
void buf_incrlen(buffer* buf, unsigned int incr) {
|
void buf_incrlen(buffer* buf, unsigned int incr) {
|
||||||
if (incr > BUF_MAX_INCR || buf->len + incr > buf->size) {
|
if (incr > BUF_MAX_INCR || buf->len + incr > buf->size) {
|
||||||
dropbear_exit("bad buf_incrlen");
|
dropbear_exit("Bad buf_incrlen");
|
||||||
}
|
}
|
||||||
buf->len += incr;
|
buf->len += incr;
|
||||||
}
|
}
|
||||||
@ -122,7 +122,7 @@ void buf_incrlen(buffer* buf, unsigned int incr) {
|
|||||||
void buf_setpos(buffer* buf, unsigned int pos) {
|
void buf_setpos(buffer* buf, unsigned int pos) {
|
||||||
|
|
||||||
if (pos > buf->len) {
|
if (pos > buf->len) {
|
||||||
dropbear_exit("bad buf_setpos");
|
dropbear_exit("Bad buf_setpos");
|
||||||
}
|
}
|
||||||
buf->pos = pos;
|
buf->pos = pos;
|
||||||
}
|
}
|
||||||
@ -130,7 +130,7 @@ void buf_setpos(buffer* buf, unsigned int pos) {
|
|||||||
/* increment the postion by incr, increasing the buffer length if required */
|
/* increment the postion by incr, increasing the buffer length if required */
|
||||||
void buf_incrwritepos(buffer* buf, unsigned int incr) {
|
void buf_incrwritepos(buffer* buf, unsigned int incr) {
|
||||||
if (incr > BUF_MAX_INCR || buf->pos + incr > buf->size) {
|
if (incr > BUF_MAX_INCR || buf->pos + incr > buf->size) {
|
||||||
dropbear_exit("bad buf_incrwritepos");
|
dropbear_exit("Bad buf_incrwritepos");
|
||||||
}
|
}
|
||||||
buf->pos += incr;
|
buf->pos += incr;
|
||||||
if (buf->pos > buf->len) {
|
if (buf->pos > buf->len) {
|
||||||
@ -144,7 +144,7 @@ void buf_incrpos(buffer* buf, int incr) {
|
|||||||
if (incr > BUF_MAX_INCR ||
|
if (incr > BUF_MAX_INCR ||
|
||||||
(unsigned int)((int)buf->pos + incr) > buf->len
|
(unsigned int)((int)buf->pos + incr) > buf->len
|
||||||
|| ((int)buf->pos + incr) < 0) {
|
|| ((int)buf->pos + incr) < 0) {
|
||||||
dropbear_exit("bad buf_incrpos");
|
dropbear_exit("Bad buf_incrpos");
|
||||||
}
|
}
|
||||||
buf->pos += incr;
|
buf->pos += incr;
|
||||||
}
|
}
|
||||||
@ -155,7 +155,7 @@ unsigned char buf_getbyte(buffer* buf) {
|
|||||||
/* This check is really just ==, but the >= allows us to check for the
|
/* This check is really just ==, but the >= allows us to check for the
|
||||||
* bad case of pos > len, which should _never_ happen. */
|
* bad case of pos > len, which should _never_ happen. */
|
||||||
if (buf->pos >= buf->len) {
|
if (buf->pos >= buf->len) {
|
||||||
dropbear_exit("bad buf_getbyte");
|
dropbear_exit("Bad buf_getbyte");
|
||||||
}
|
}
|
||||||
return buf->data[buf->pos++];
|
return buf->data[buf->pos++];
|
||||||
}
|
}
|
||||||
@ -185,7 +185,7 @@ void buf_putbyte(buffer* buf, unsigned char val) {
|
|||||||
unsigned char* buf_getptr(buffer* buf, unsigned int len) {
|
unsigned char* buf_getptr(buffer* buf, unsigned int len) {
|
||||||
|
|
||||||
if (buf->pos + len > buf->len) {
|
if (buf->pos + len > buf->len) {
|
||||||
dropbear_exit("bad buf_getptr");
|
dropbear_exit("Bad buf_getptr");
|
||||||
}
|
}
|
||||||
return &buf->data[buf->pos];
|
return &buf->data[buf->pos];
|
||||||
}
|
}
|
||||||
@ -195,7 +195,7 @@ unsigned char* buf_getptr(buffer* buf, unsigned int len) {
|
|||||||
unsigned char* buf_getwriteptr(buffer* buf, unsigned int len) {
|
unsigned char* buf_getwriteptr(buffer* buf, unsigned int len) {
|
||||||
|
|
||||||
if (buf->pos + len > buf->size) {
|
if (buf->pos + len > buf->size) {
|
||||||
dropbear_exit("bad buf_getwriteptr");
|
dropbear_exit("Bad buf_getwriteptr");
|
||||||
}
|
}
|
||||||
return &buf->data[buf->pos];
|
return &buf->data[buf->pos];
|
||||||
}
|
}
|
||||||
@ -209,7 +209,7 @@ unsigned char* buf_getstring(buffer* buf, unsigned int *retlen) {
|
|||||||
unsigned char* ret;
|
unsigned char* ret;
|
||||||
len = buf_getint(buf);
|
len = buf_getint(buf);
|
||||||
if (len > MAX_STRING_LEN) {
|
if (len > MAX_STRING_LEN) {
|
||||||
dropbear_exit("string too long");
|
dropbear_exit("String too long");
|
||||||
}
|
}
|
||||||
|
|
||||||
if (retlen != NULL) {
|
if (retlen != NULL) {
|
||||||
|
|||||||
10
circbuffer.c
10
circbuffer.c
@ -33,7 +33,7 @@ circbuffer * cbuf_new(unsigned int size) {
|
|||||||
circbuffer *cbuf = NULL;
|
circbuffer *cbuf = NULL;
|
||||||
|
|
||||||
if (size > MAX_CBUF_SIZE) {
|
if (size > MAX_CBUF_SIZE) {
|
||||||
dropbear_exit("bad cbuf size");
|
dropbear_exit("Bad cbuf size");
|
||||||
}
|
}
|
||||||
|
|
||||||
cbuf = (circbuffer*)m_malloc(sizeof(circbuffer));
|
cbuf = (circbuffer*)m_malloc(sizeof(circbuffer));
|
||||||
@ -101,7 +101,7 @@ unsigned int cbuf_writelen(circbuffer *cbuf) {
|
|||||||
|
|
||||||
unsigned char* cbuf_readptr(circbuffer *cbuf, unsigned int len) {
|
unsigned char* cbuf_readptr(circbuffer *cbuf, unsigned int len) {
|
||||||
if (len > cbuf_readlen(cbuf)) {
|
if (len > cbuf_readlen(cbuf)) {
|
||||||
dropbear_exit("bad cbuf read");
|
dropbear_exit("Bad cbuf read");
|
||||||
}
|
}
|
||||||
|
|
||||||
return &cbuf->data[cbuf->readpos];
|
return &cbuf->data[cbuf->readpos];
|
||||||
@ -110,7 +110,7 @@ unsigned char* cbuf_readptr(circbuffer *cbuf, unsigned int len) {
|
|||||||
unsigned char* cbuf_writeptr(circbuffer *cbuf, unsigned int len) {
|
unsigned char* cbuf_writeptr(circbuffer *cbuf, unsigned int len) {
|
||||||
|
|
||||||
if (len > cbuf_writelen(cbuf)) {
|
if (len > cbuf_writelen(cbuf)) {
|
||||||
dropbear_exit("bad cbuf write");
|
dropbear_exit("Bad cbuf write");
|
||||||
}
|
}
|
||||||
|
|
||||||
return &cbuf->data[cbuf->writepos];
|
return &cbuf->data[cbuf->writepos];
|
||||||
@ -118,7 +118,7 @@ unsigned char* cbuf_writeptr(circbuffer *cbuf, unsigned int len) {
|
|||||||
|
|
||||||
void cbuf_incrwrite(circbuffer *cbuf, unsigned int len) {
|
void cbuf_incrwrite(circbuffer *cbuf, unsigned int len) {
|
||||||
if (len > cbuf_writelen(cbuf)) {
|
if (len > cbuf_writelen(cbuf)) {
|
||||||
dropbear_exit("bad cbuf write");
|
dropbear_exit("Bad cbuf write");
|
||||||
}
|
}
|
||||||
|
|
||||||
cbuf->used += len;
|
cbuf->used += len;
|
||||||
@ -129,7 +129,7 @@ void cbuf_incrwrite(circbuffer *cbuf, unsigned int len) {
|
|||||||
|
|
||||||
void cbuf_incrread(circbuffer *cbuf, unsigned int len) {
|
void cbuf_incrread(circbuffer *cbuf, unsigned int len) {
|
||||||
if (len > cbuf_readlen(cbuf)) {
|
if (len > cbuf_readlen(cbuf)) {
|
||||||
dropbear_exit("bad cbuf read");
|
dropbear_exit("Bad cbuf read");
|
||||||
}
|
}
|
||||||
|
|
||||||
dropbear_assert(cbuf->used >= len);
|
dropbear_assert(cbuf->used >= len);
|
||||||
|
|||||||
@ -308,7 +308,7 @@ static void send_chansess_pty_req(struct Channel *channel) {
|
|||||||
|
|
||||||
/* Set up a window-change handler */
|
/* Set up a window-change handler */
|
||||||
if (signal(SIGWINCH, sigwinch_handler) == SIG_ERR) {
|
if (signal(SIGWINCH, sigwinch_handler) == SIG_ERR) {
|
||||||
dropbear_exit("signal error");
|
dropbear_exit("Signal error");
|
||||||
}
|
}
|
||||||
TRACE(("leave send_chansess_pty_req"))
|
TRACE(("leave send_chansess_pty_req"))
|
||||||
}
|
}
|
||||||
|
|||||||
@ -88,11 +88,11 @@ static void cli_dropbear_exit(int exitcode, const char* format, va_list param) {
|
|||||||
char fmtbuf[300];
|
char fmtbuf[300];
|
||||||
|
|
||||||
if (!sessinitdone) {
|
if (!sessinitdone) {
|
||||||
snprintf(fmtbuf, sizeof(fmtbuf), "exited: %s",
|
snprintf(fmtbuf, sizeof(fmtbuf), "Exited: %s",
|
||||||
format);
|
format);
|
||||||
} else {
|
} else {
|
||||||
snprintf(fmtbuf, sizeof(fmtbuf),
|
snprintf(fmtbuf, sizeof(fmtbuf),
|
||||||
"connection to %s@%s:%s exited: %s",
|
"Connection to %s@%s:%s exited: %s",
|
||||||
cli_opts.username, cli_opts.remotehost,
|
cli_opts.username, cli_opts.remotehost,
|
||||||
cli_opts.remoteport, format);
|
cli_opts.remoteport, format);
|
||||||
}
|
}
|
||||||
|
|||||||
@ -371,7 +371,7 @@ void cli_getopts(int argc, char ** argv) {
|
|||||||
|
|
||||||
if (cli_opts.backgrounded && cli_opts.cmd == NULL
|
if (cli_opts.backgrounded && cli_opts.cmd == NULL
|
||||||
&& cli_opts.no_cmd == 0) {
|
&& cli_opts.no_cmd == 0) {
|
||||||
dropbear_exit("command required for -f");
|
dropbear_exit("Command required for -f");
|
||||||
}
|
}
|
||||||
|
|
||||||
if (recv_window_arg) {
|
if (recv_window_arg) {
|
||||||
|
|||||||
@ -72,7 +72,7 @@ void recv_msg_service_accept() {
|
|||||||
&& strncmp(SSH_SERVICE_CONNECTION, servicename, len) == 0) {
|
&& strncmp(SSH_SERVICE_CONNECTION, servicename, len) == 0) {
|
||||||
|
|
||||||
if (ses.authstate.authdone != 1) {
|
if (ses.authstate.authdone != 1) {
|
||||||
dropbear_exit("request for connection before auth");
|
dropbear_exit("Request for connection before auth");
|
||||||
}
|
}
|
||||||
|
|
||||||
cli_ses.state = SERVICE_CONN_ACCEPT_RCVD;
|
cli_ses.state = SERVICE_CONN_ACCEPT_RCVD;
|
||||||
@ -81,5 +81,5 @@ void recv_msg_service_accept() {
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
dropbear_exit("unrecognised service accept");
|
dropbear_exit("Unrecognised service accept");
|
||||||
}
|
}
|
||||||
|
|||||||
@ -213,7 +213,7 @@ static void cli_sessionloop() {
|
|||||||
is confusing, though stdout/stderr could be useful. */
|
is confusing, though stdout/stderr could be useful. */
|
||||||
devnull = open(_PATH_DEVNULL, O_RDONLY);
|
devnull = open(_PATH_DEVNULL, O_RDONLY);
|
||||||
if (devnull < 0) {
|
if (devnull < 0) {
|
||||||
dropbear_exit("opening /dev/null: %d %s",
|
dropbear_exit("Opening /dev/null: %d %s",
|
||||||
errno, strerror(errno));
|
errno, strerror(errno));
|
||||||
}
|
}
|
||||||
dup2(devnull, STDIN_FILENO);
|
dup2(devnull, STDIN_FILENO);
|
||||||
@ -298,7 +298,7 @@ static void cli_remoteclosed() {
|
|||||||
m_close(ses.sock_out);
|
m_close(ses.sock_out);
|
||||||
ses.sock_in = -1;
|
ses.sock_in = -1;
|
||||||
ses.sock_out = -1;
|
ses.sock_out = -1;
|
||||||
dropbear_exit("remote closed the connection");
|
dropbear_exit("Remote closed the connection");
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Operates in-place turning dirty (untrusted potentially containing control
|
/* Operates in-place turning dirty (untrusted potentially containing control
|
||||||
|
|||||||
@ -230,13 +230,13 @@ void crypto_init() {
|
|||||||
|
|
||||||
for (i = 0; regciphers[i] != NULL; i++) {
|
for (i = 0; regciphers[i] != NULL; i++) {
|
||||||
if (register_cipher(regciphers[i]) == -1) {
|
if (register_cipher(regciphers[i]) == -1) {
|
||||||
dropbear_exit("error registering crypto");
|
dropbear_exit("Error registering crypto");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
for (i = 0; reghashes[i] != NULL; i++) {
|
for (i = 0; reghashes[i] != NULL; i++) {
|
||||||
if (register_hash(reghashes[i]) == -1) {
|
if (register_hash(reghashes[i]) == -1) {
|
||||||
dropbear_exit("error registering crypto");
|
dropbear_exit("Error registering crypto");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -688,7 +688,7 @@ void common_recv_msg_channel_data(struct Channel *channel, int fd,
|
|||||||
TRACE(("enter recv_msg_channel_data"))
|
TRACE(("enter recv_msg_channel_data"))
|
||||||
|
|
||||||
if (channel->recv_eof) {
|
if (channel->recv_eof) {
|
||||||
dropbear_exit("received data after eof");
|
dropbear_exit("Received data after eof");
|
||||||
}
|
}
|
||||||
|
|
||||||
if (fd < 0) {
|
if (fd < 0) {
|
||||||
@ -1006,7 +1006,7 @@ void recv_msg_channel_open_confirmation() {
|
|||||||
channel = getchannel();
|
channel = getchannel();
|
||||||
|
|
||||||
if (!channel->await_open) {
|
if (!channel->await_open) {
|
||||||
dropbear_exit("unexpected channel reply");
|
dropbear_exit("Unexpected channel reply");
|
||||||
}
|
}
|
||||||
channel->await_open = 0;
|
channel->await_open = 0;
|
||||||
|
|
||||||
@ -1038,7 +1038,7 @@ void recv_msg_channel_open_failure() {
|
|||||||
channel = getchannel();
|
channel = getchannel();
|
||||||
|
|
||||||
if (!channel->await_open) {
|
if (!channel->await_open) {
|
||||||
dropbear_exit("unexpected channel reply");
|
dropbear_exit("Unexpected channel reply");
|
||||||
}
|
}
|
||||||
channel->await_open = 0;
|
channel->await_open = 0;
|
||||||
|
|
||||||
|
|||||||
14
common-kex.c
14
common-kex.c
@ -303,22 +303,22 @@ void gen_new_keys() {
|
|||||||
|
|
||||||
recv_cipher = find_cipher(ses.newkeys->recv.algo_crypt->cipherdesc->name);
|
recv_cipher = find_cipher(ses.newkeys->recv.algo_crypt->cipherdesc->name);
|
||||||
if (recv_cipher < 0)
|
if (recv_cipher < 0)
|
||||||
dropbear_exit("crypto error");
|
dropbear_exit("Crypto error");
|
||||||
if (ses.newkeys->recv.crypt_mode->start(recv_cipher,
|
if (ses.newkeys->recv.crypt_mode->start(recv_cipher,
|
||||||
recv_IV, recv_key,
|
recv_IV, recv_key,
|
||||||
ses.newkeys->recv.algo_crypt->keysize, 0,
|
ses.newkeys->recv.algo_crypt->keysize, 0,
|
||||||
&ses.newkeys->recv.cipher_state) != CRYPT_OK) {
|
&ses.newkeys->recv.cipher_state) != CRYPT_OK) {
|
||||||
dropbear_exit("crypto error");
|
dropbear_exit("Crypto error");
|
||||||
}
|
}
|
||||||
|
|
||||||
trans_cipher = find_cipher(ses.newkeys->trans.algo_crypt->cipherdesc->name);
|
trans_cipher = find_cipher(ses.newkeys->trans.algo_crypt->cipherdesc->name);
|
||||||
if (trans_cipher < 0)
|
if (trans_cipher < 0)
|
||||||
dropbear_exit("crypto error");
|
dropbear_exit("Crypto error");
|
||||||
if (ses.newkeys->trans.crypt_mode->start(trans_cipher,
|
if (ses.newkeys->trans.crypt_mode->start(trans_cipher,
|
||||||
trans_IV, trans_key,
|
trans_IV, trans_key,
|
||||||
ses.newkeys->trans.algo_crypt->keysize, 0,
|
ses.newkeys->trans.algo_crypt->keysize, 0,
|
||||||
&ses.newkeys->trans.cipher_state) != CRYPT_OK) {
|
&ses.newkeys->trans.cipher_state) != CRYPT_OK) {
|
||||||
dropbear_exit("crypto error");
|
dropbear_exit("Crypto error");
|
||||||
}
|
}
|
||||||
|
|
||||||
/* MAC keys */
|
/* MAC keys */
|
||||||
@ -394,14 +394,14 @@ static void gen_new_zstreams() {
|
|||||||
if (ses.keys->recv.zstream != NULL) {
|
if (ses.keys->recv.zstream != NULL) {
|
||||||
if (inflateEnd(ses.keys->recv.zstream) == Z_STREAM_ERROR) {
|
if (inflateEnd(ses.keys->recv.zstream) == Z_STREAM_ERROR) {
|
||||||
/* Z_DATA_ERROR is ok, just means that stream isn't ended */
|
/* Z_DATA_ERROR is ok, just means that stream isn't ended */
|
||||||
dropbear_exit("crypto error");
|
dropbear_exit("Crypto error");
|
||||||
}
|
}
|
||||||
m_free(ses.keys->recv.zstream);
|
m_free(ses.keys->recv.zstream);
|
||||||
}
|
}
|
||||||
if (ses.keys->trans.zstream != NULL) {
|
if (ses.keys->trans.zstream != NULL) {
|
||||||
if (deflateEnd(ses.keys->trans.zstream) == Z_STREAM_ERROR) {
|
if (deflateEnd(ses.keys->trans.zstream) == Z_STREAM_ERROR) {
|
||||||
/* Z_DATA_ERROR is ok, just means that stream isn't ended */
|
/* Z_DATA_ERROR is ok, just means that stream isn't ended */
|
||||||
dropbear_exit("crypto error");
|
dropbear_exit("Crypto error");
|
||||||
}
|
}
|
||||||
m_free(ses.keys->trans.zstream);
|
m_free(ses.keys->trans.zstream);
|
||||||
}
|
}
|
||||||
@ -748,5 +748,5 @@ static void read_kex_algos() {
|
|||||||
return;
|
return;
|
||||||
|
|
||||||
error:
|
error:
|
||||||
dropbear_exit("no matching algo %s", erralgo);
|
dropbear_exit("No matching algo %s", erralgo);
|
||||||
}
|
}
|
||||||
|
|||||||
@ -65,7 +65,7 @@ void common_session_init(int sock_in, int sock_out) {
|
|||||||
ses.last_packet_time = 0;
|
ses.last_packet_time = 0;
|
||||||
|
|
||||||
if (pipe(ses.signal_pipe) < 0) {
|
if (pipe(ses.signal_pipe) < 0) {
|
||||||
dropbear_exit("signal pipe failed");
|
dropbear_exit("Signal pipe failed");
|
||||||
}
|
}
|
||||||
setnonblocking(ses.signal_pipe[0]);
|
setnonblocking(ses.signal_pipe[0]);
|
||||||
setnonblocking(ses.signal_pipe[1]);
|
setnonblocking(ses.signal_pipe[1]);
|
||||||
|
|||||||
4
dbutil.c
4
dbutil.c
@ -111,7 +111,7 @@ static void generic_dropbear_exit(int exitcode, const char* format,
|
|||||||
}
|
}
|
||||||
|
|
||||||
void fail_assert(const char* expr, const char* file, int line) {
|
void fail_assert(const char* expr, const char* file, int line) {
|
||||||
dropbear_exit("failed assertion (%s:%d): `%s'", file, line, expr);
|
dropbear_exit("Failed assertion (%s:%d): `%s'", file, line, expr);
|
||||||
}
|
}
|
||||||
|
|
||||||
static void generic_dropbear_log(int UNUSED(priority), const char* format,
|
static void generic_dropbear_log(int UNUSED(priority), const char* format,
|
||||||
@ -455,7 +455,7 @@ int spawn_command(void(*exec_fn)(void *user_data), void *exec_data,
|
|||||||
(dup2(outfds[FDOUT], STDOUT_FILENO) < 0) ||
|
(dup2(outfds[FDOUT], STDOUT_FILENO) < 0) ||
|
||||||
(ret_errfd && dup2(errfds[FDOUT], STDERR_FILENO) < 0)) {
|
(ret_errfd && dup2(errfds[FDOUT], STDERR_FILENO) < 0)) {
|
||||||
TRACE(("leave noptycommand: error redirecting FDs"))
|
TRACE(("leave noptycommand: error redirecting FDs"))
|
||||||
dropbear_exit("child dup2() failure");
|
dropbear_exit("Child dup2() failure");
|
||||||
}
|
}
|
||||||
|
|
||||||
close(infds[FDOUT]);
|
close(infds[FDOUT]);
|
||||||
|
|||||||
20
dss.c
20
dss.c
@ -270,7 +270,7 @@ static unsigned char* mptobytes(mp_int *mp, int *len) {
|
|||||||
size = mp_unsigned_bin_size(mp);
|
size = mp_unsigned_bin_size(mp);
|
||||||
ret = m_malloc(size);
|
ret = m_malloc(size);
|
||||||
if (mp_to_unsigned_bin(mp, ret) != MP_OKAY) {
|
if (mp_to_unsigned_bin(mp, ret) != MP_OKAY) {
|
||||||
dropbear_exit("mem alloc error");
|
dropbear_exit("Mem alloc error");
|
||||||
}
|
}
|
||||||
if (len != NULL) {
|
if (len != NULL) {
|
||||||
*len = size;
|
*len = size;
|
||||||
@ -342,7 +342,7 @@ void buf_put_dss_sign(buffer* buf, dropbear_dss_key *key, const unsigned char* d
|
|||||||
m_mp_init(&dss_protok);
|
m_mp_init(&dss_protok);
|
||||||
bytes_to_mp(&dss_protok, proto_k, SHA512_HASH_SIZE);
|
bytes_to_mp(&dss_protok, proto_k, SHA512_HASH_SIZE);
|
||||||
if (mp_mod(&dss_protok, key->q, &dss_k) != MP_OKAY) {
|
if (mp_mod(&dss_protok, key->q, &dss_k) != MP_OKAY) {
|
||||||
dropbear_exit("dss error");
|
dropbear_exit("DSS error");
|
||||||
}
|
}
|
||||||
mp_clear(&dss_protok);
|
mp_clear(&dss_protok);
|
||||||
m_burn(proto_k, SHA512_HASH_SIZE);
|
m_burn(proto_k, SHA512_HASH_SIZE);
|
||||||
@ -355,30 +355,30 @@ void buf_put_dss_sign(buffer* buf, dropbear_dss_key *key, const unsigned char* d
|
|||||||
|
|
||||||
/* g^k mod p */
|
/* g^k mod p */
|
||||||
if (mp_exptmod(key->g, &dss_k, key->p, &dss_temp1) != MP_OKAY) {
|
if (mp_exptmod(key->g, &dss_k, key->p, &dss_temp1) != MP_OKAY) {
|
||||||
dropbear_exit("dss error");
|
dropbear_exit("DSS error");
|
||||||
}
|
}
|
||||||
/* r = (g^k mod p) mod q */
|
/* r = (g^k mod p) mod q */
|
||||||
if (mp_mod(&dss_temp1, key->q, &dss_r) != MP_OKAY) {
|
if (mp_mod(&dss_temp1, key->q, &dss_r) != MP_OKAY) {
|
||||||
dropbear_exit("dss error");
|
dropbear_exit("DSS error");
|
||||||
}
|
}
|
||||||
|
|
||||||
/* x*r mod q */
|
/* x*r mod q */
|
||||||
if (mp_mulmod(&dss_r, key->x, key->q, &dss_temp1) != MP_OKAY) {
|
if (mp_mulmod(&dss_r, key->x, key->q, &dss_temp1) != MP_OKAY) {
|
||||||
dropbear_exit("dss error");
|
dropbear_exit("DSS error");
|
||||||
}
|
}
|
||||||
/* (SHA1(M) + xr) mod q) */
|
/* (SHA1(M) + xr) mod q) */
|
||||||
if (mp_addmod(&dss_m, &dss_temp1, key->q, &dss_temp2) != MP_OKAY) {
|
if (mp_addmod(&dss_m, &dss_temp1, key->q, &dss_temp2) != MP_OKAY) {
|
||||||
dropbear_exit("dss error");
|
dropbear_exit("DSS error");
|
||||||
}
|
}
|
||||||
|
|
||||||
/* (k^-1) mod q */
|
/* (k^-1) mod q */
|
||||||
if (mp_invmod(&dss_k, key->q, &dss_temp1) != MP_OKAY) {
|
if (mp_invmod(&dss_k, key->q, &dss_temp1) != MP_OKAY) {
|
||||||
dropbear_exit("dss error");
|
dropbear_exit("DSS error");
|
||||||
}
|
}
|
||||||
|
|
||||||
/* s = (k^-1(SHA1(M) + xr)) mod q */
|
/* s = (k^-1(SHA1(M) + xr)) mod q */
|
||||||
if (mp_mulmod(&dss_temp1, &dss_temp2, key->q, &dss_s) != MP_OKAY) {
|
if (mp_mulmod(&dss_temp1, &dss_temp2, key->q, &dss_s) != MP_OKAY) {
|
||||||
dropbear_exit("dss error");
|
dropbear_exit("DSS error");
|
||||||
}
|
}
|
||||||
|
|
||||||
buf_putstring(buf, SSH_SIGNKEY_DSS, SSH_SIGNKEY_DSS_LEN);
|
buf_putstring(buf, SSH_SIGNKEY_DSS, SSH_SIGNKEY_DSS_LEN);
|
||||||
@ -392,7 +392,7 @@ void buf_put_dss_sign(buffer* buf, dropbear_dss_key *key, const unsigned char* d
|
|||||||
}
|
}
|
||||||
if (mp_to_unsigned_bin(&dss_r, buf_getwriteptr(buf, writelen))
|
if (mp_to_unsigned_bin(&dss_r, buf_getwriteptr(buf, writelen))
|
||||||
!= MP_OKAY) {
|
!= MP_OKAY) {
|
||||||
dropbear_exit("dss error");
|
dropbear_exit("DSS error");
|
||||||
}
|
}
|
||||||
mp_clear(&dss_r);
|
mp_clear(&dss_r);
|
||||||
buf_incrwritepos(buf, writelen);
|
buf_incrwritepos(buf, writelen);
|
||||||
@ -405,7 +405,7 @@ void buf_put_dss_sign(buffer* buf, dropbear_dss_key *key, const unsigned char* d
|
|||||||
}
|
}
|
||||||
if (mp_to_unsigned_bin(&dss_s, buf_getwriteptr(buf, writelen))
|
if (mp_to_unsigned_bin(&dss_s, buf_getwriteptr(buf, writelen))
|
||||||
!= MP_OKAY) {
|
!= MP_OKAY) {
|
||||||
dropbear_exit("dss error");
|
dropbear_exit("DSS error");
|
||||||
}
|
}
|
||||||
mp_clear(&dss_s);
|
mp_clear(&dss_s);
|
||||||
buf_incrwritepos(buf, writelen);
|
buf_incrwritepos(buf, writelen);
|
||||||
|
|||||||
22
gendss.c
22
gendss.c
@ -81,7 +81,7 @@ static void getq(dropbear_dss_key *key) {
|
|||||||
|
|
||||||
/* 18 rounds are required according to HAC */
|
/* 18 rounds are required according to HAC */
|
||||||
if (mp_prime_next_prime(key->q, 18, 0) != MP_OKAY) {
|
if (mp_prime_next_prime(key->q, 18, 0) != MP_OKAY) {
|
||||||
fprintf(stderr, "dss key generation failed\n");
|
fprintf(stderr, "DSS key generation failed\n");
|
||||||
exit(1);
|
exit(1);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -100,7 +100,7 @@ static void getp(dropbear_dss_key *key, unsigned int size) {
|
|||||||
|
|
||||||
/* 2*q */
|
/* 2*q */
|
||||||
if (mp_mul_d(key->q, 2, &temp2q) != MP_OKAY) {
|
if (mp_mul_d(key->q, 2, &temp2q) != MP_OKAY) {
|
||||||
fprintf(stderr, "dss key generation failed\n");
|
fprintf(stderr, "DSS key generation failed\n");
|
||||||
exit(1);
|
exit(1);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -117,25 +117,25 @@ static void getp(dropbear_dss_key *key, unsigned int size) {
|
|||||||
|
|
||||||
/* C = X mod 2q */
|
/* C = X mod 2q */
|
||||||
if (mp_mod(&tempX, &temp2q, &tempC) != MP_OKAY) {
|
if (mp_mod(&tempX, &temp2q, &tempC) != MP_OKAY) {
|
||||||
fprintf(stderr, "dss key generation failed\n");
|
fprintf(stderr, "DSS key generation failed\n");
|
||||||
exit(1);
|
exit(1);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* P = X - (C - 1) = X - C + 1*/
|
/* P = X - (C - 1) = X - C + 1*/
|
||||||
if (mp_sub(&tempX, &tempC, &tempP) != MP_OKAY) {
|
if (mp_sub(&tempX, &tempC, &tempP) != MP_OKAY) {
|
||||||
fprintf(stderr, "dss key generation failed\n");
|
fprintf(stderr, "DSS key generation failed\n");
|
||||||
exit(1);
|
exit(1);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (mp_add_d(&tempP, 1, key->p) != MP_OKAY) {
|
if (mp_add_d(&tempP, 1, key->p) != MP_OKAY) {
|
||||||
fprintf(stderr, "dss key generation failed\n");
|
fprintf(stderr, "DSS key generation failed\n");
|
||||||
exit(1);
|
exit(1);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* now check for prime, 5 rounds is enough according to HAC */
|
/* now check for prime, 5 rounds is enough according to HAC */
|
||||||
/* result == 1 => p is prime */
|
/* result == 1 => p is prime */
|
||||||
if (mp_prime_is_prime(key->p, 5, &result) != MP_OKAY) {
|
if (mp_prime_is_prime(key->p, 5, &result) != MP_OKAY) {
|
||||||
fprintf(stderr, "dss key generation failed\n");
|
fprintf(stderr, "DSS key generation failed\n");
|
||||||
exit(1);
|
exit(1);
|
||||||
}
|
}
|
||||||
} while (!result);
|
} while (!result);
|
||||||
@ -155,11 +155,11 @@ static void getg(dropbear_dss_key * key) {
|
|||||||
|
|
||||||
/* get div=(p-1)/q */
|
/* get div=(p-1)/q */
|
||||||
if (mp_sub_d(key->p, 1, &val) != MP_OKAY) {
|
if (mp_sub_d(key->p, 1, &val) != MP_OKAY) {
|
||||||
fprintf(stderr, "dss key generation failed\n");
|
fprintf(stderr, "DSS key generation failed\n");
|
||||||
exit(1);
|
exit(1);
|
||||||
}
|
}
|
||||||
if (mp_div(&val, key->q, &div, NULL) != MP_OKAY) {
|
if (mp_div(&val, key->q, &div, NULL) != MP_OKAY) {
|
||||||
fprintf(stderr, "dss key generation failed\n");
|
fprintf(stderr, "DSS key generation failed\n");
|
||||||
exit(1);
|
exit(1);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -168,12 +168,12 @@ static void getg(dropbear_dss_key * key) {
|
|||||||
do {
|
do {
|
||||||
/* now keep going with g=h^div mod p, until g > 1 */
|
/* now keep going with g=h^div mod p, until g > 1 */
|
||||||
if (mp_exptmod(&h, &div, key->p, key->g) != MP_OKAY) {
|
if (mp_exptmod(&h, &div, key->p, key->g) != MP_OKAY) {
|
||||||
fprintf(stderr, "dss key generation failed\n");
|
fprintf(stderr, "DSS key generation failed\n");
|
||||||
exit(1);
|
exit(1);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (mp_add_d(&h, 1, &h) != MP_OKAY) {
|
if (mp_add_d(&h, 1, &h) != MP_OKAY) {
|
||||||
fprintf(stderr, "dss key generation failed\n");
|
fprintf(stderr, "DSS key generation failed\n");
|
||||||
exit(1);
|
exit(1);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -190,7 +190,7 @@ static void getx(dropbear_dss_key *key) {
|
|||||||
static void gety(dropbear_dss_key *key) {
|
static void gety(dropbear_dss_key *key) {
|
||||||
|
|
||||||
if (mp_exptmod(key->g, key->x, key->p, key->y) != MP_OKAY) {
|
if (mp_exptmod(key->g, key->x, key->p, key->y) != MP_OKAY) {
|
||||||
fprintf(stderr, "dss key generation failed\n");
|
fprintf(stderr, "DSS key generation failed\n");
|
||||||
exit(1);
|
exit(1);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
14
genrsa.c
14
genrsa.c
@ -58,7 +58,7 @@ dropbear_rsa_key * gen_rsa_priv_key(unsigned int size) {
|
|||||||
seedrandom();
|
seedrandom();
|
||||||
|
|
||||||
if (mp_set_int(key->e, RSA_E) != MP_OKAY) {
|
if (mp_set_int(key->e, RSA_E) != MP_OKAY) {
|
||||||
fprintf(stderr, "rsa generation failed\n");
|
fprintf(stderr, "RSA generation failed\n");
|
||||||
exit(1);
|
exit(1);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -66,20 +66,20 @@ dropbear_rsa_key * gen_rsa_priv_key(unsigned int size) {
|
|||||||
getrsaprime(key->q, &qminus, key->e, size/2);
|
getrsaprime(key->q, &qminus, key->e, size/2);
|
||||||
|
|
||||||
if (mp_mul(key->p, key->q, key->n) != MP_OKAY) {
|
if (mp_mul(key->p, key->q, key->n) != MP_OKAY) {
|
||||||
fprintf(stderr, "rsa generation failed\n");
|
fprintf(stderr, "RSA generation failed\n");
|
||||||
exit(1);
|
exit(1);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* lcm(p-1, q-1) */
|
/* lcm(p-1, q-1) */
|
||||||
if (mp_lcm(&pminus, &qminus, &lcm) != MP_OKAY) {
|
if (mp_lcm(&pminus, &qminus, &lcm) != MP_OKAY) {
|
||||||
fprintf(stderr, "rsa generation failed\n");
|
fprintf(stderr, "RSA generation failed\n");
|
||||||
exit(1);
|
exit(1);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* de = 1 mod lcm(p-1,q-1) */
|
/* de = 1 mod lcm(p-1,q-1) */
|
||||||
/* therefore d = (e^-1) mod lcm(p-1,q-1) */
|
/* therefore d = (e^-1) mod lcm(p-1,q-1) */
|
||||||
if (mp_invmod(key->e, &lcm, key->d) != MP_OKAY) {
|
if (mp_invmod(key->e, &lcm, key->d) != MP_OKAY) {
|
||||||
fprintf(stderr, "rsa generation failed\n");
|
fprintf(stderr, "RSA generation failed\n");
|
||||||
exit(1);
|
exit(1);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -108,18 +108,18 @@ static void getrsaprime(mp_int* prime, mp_int *primeminus,
|
|||||||
|
|
||||||
/* find the next integer which is prime, 8 round of miller-rabin */
|
/* find the next integer which is prime, 8 round of miller-rabin */
|
||||||
if (mp_prime_next_prime(prime, 8, 0) != MP_OKAY) {
|
if (mp_prime_next_prime(prime, 8, 0) != MP_OKAY) {
|
||||||
fprintf(stderr, "rsa generation failed\n");
|
fprintf(stderr, "RSA generation failed\n");
|
||||||
exit(1);
|
exit(1);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* subtract one to get p-1 */
|
/* subtract one to get p-1 */
|
||||||
if (mp_sub_d(prime, 1, primeminus) != MP_OKAY) {
|
if (mp_sub_d(prime, 1, primeminus) != MP_OKAY) {
|
||||||
fprintf(stderr, "rsa generation failed\n");
|
fprintf(stderr, "RSA generation failed\n");
|
||||||
exit(1);
|
exit(1);
|
||||||
}
|
}
|
||||||
/* check relative primality to e */
|
/* check relative primality to e */
|
||||||
if (mp_gcd(primeminus, rsa_e, &temp_gcd) != MP_OKAY) {
|
if (mp_gcd(primeminus, rsa_e, &temp_gcd) != MP_OKAY) {
|
||||||
fprintf(stderr, "rsa generation failed\n");
|
fprintf(stderr, "RSA generation failed\n");
|
||||||
exit(1);
|
exit(1);
|
||||||
}
|
}
|
||||||
} while (mp_cmp_d(&temp_gcd, 1) != MP_EQ); /* while gcd(p-1, e) != 1 */
|
} while (mp_cmp_d(&temp_gcd, 1) != MP_EQ); /* while gcd(p-1, e) != 1 */
|
||||||
|
|||||||
16
packet.c
16
packet.c
@ -75,7 +75,7 @@ void write_packet() {
|
|||||||
TRACE(("leave writepacket: EINTR"))
|
TRACE(("leave writepacket: EINTR"))
|
||||||
return;
|
return;
|
||||||
} else {
|
} else {
|
||||||
dropbear_exit("error writing");
|
dropbear_exit("Error writing");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -144,7 +144,7 @@ void read_packet() {
|
|||||||
TRACE(("leave read_packet: EINTR or EAGAIN"))
|
TRACE(("leave read_packet: EINTR or EAGAIN"))
|
||||||
return;
|
return;
|
||||||
} else {
|
} else {
|
||||||
dropbear_exit("error reading: %s", strerror(errno));
|
dropbear_exit("Error reading: %s", strerror(errno));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -193,7 +193,7 @@ static int read_packet_init() {
|
|||||||
TRACE(("leave read_packet_init: EINTR"))
|
TRACE(("leave read_packet_init: EINTR"))
|
||||||
return DROPBEAR_FAILURE;
|
return DROPBEAR_FAILURE;
|
||||||
}
|
}
|
||||||
dropbear_exit("error reading: %s", strerror(errno));
|
dropbear_exit("Error reading: %s", strerror(errno));
|
||||||
}
|
}
|
||||||
|
|
||||||
buf_incrwritepos(ses.readbuf, slen);
|
buf_incrwritepos(ses.readbuf, slen);
|
||||||
@ -210,7 +210,7 @@ static int read_packet_init() {
|
|||||||
buf_getwriteptr(ses.readbuf, blocksize),
|
buf_getwriteptr(ses.readbuf, blocksize),
|
||||||
blocksize,
|
blocksize,
|
||||||
&ses.keys->recv.cipher_state) != CRYPT_OK) {
|
&ses.keys->recv.cipher_state) != CRYPT_OK) {
|
||||||
dropbear_exit("error decrypting");
|
dropbear_exit("Error decrypting");
|
||||||
}
|
}
|
||||||
len = buf_getint(ses.readbuf) + 4 + macsize;
|
len = buf_getint(ses.readbuf) + 4 + macsize;
|
||||||
|
|
||||||
@ -221,7 +221,7 @@ static int read_packet_init() {
|
|||||||
if ((len > RECV_MAX_PACKET_LEN) ||
|
if ((len > RECV_MAX_PACKET_LEN) ||
|
||||||
(len < MIN_PACKET_LEN + macsize) ||
|
(len < MIN_PACKET_LEN + macsize) ||
|
||||||
((len - macsize) % blocksize != 0)) {
|
((len - macsize) % blocksize != 0)) {
|
||||||
dropbear_exit("bad packet size %d", len);
|
dropbear_exit("Integrity error (bad packet size %d)", len);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (len > ses.readbuf->size) {
|
if (len > ses.readbuf->size) {
|
||||||
@ -256,7 +256,7 @@ void decrypt_packet() {
|
|||||||
buf_getwriteptr(ses.readbuf, len),
|
buf_getwriteptr(ses.readbuf, len),
|
||||||
len,
|
len,
|
||||||
&ses.keys->recv.cipher_state) != CRYPT_OK) {
|
&ses.keys->recv.cipher_state) != CRYPT_OK) {
|
||||||
dropbear_exit("error decrypting");
|
dropbear_exit("Error decrypting");
|
||||||
}
|
}
|
||||||
buf_incrpos(ses.readbuf, len);
|
buf_incrpos(ses.readbuf, len);
|
||||||
|
|
||||||
@ -273,7 +273,7 @@ void decrypt_packet() {
|
|||||||
/* - 4 - 1 is for LEN and PADLEN values */
|
/* - 4 - 1 is for LEN and PADLEN values */
|
||||||
len = ses.readbuf->len - padlen - 4 - 1 - macsize;
|
len = ses.readbuf->len - padlen - 4 - 1 - macsize;
|
||||||
if ((len > RECV_MAX_PAYLOAD_LEN) || (len < 1)) {
|
if ((len > RECV_MAX_PAYLOAD_LEN) || (len < 1)) {
|
||||||
dropbear_exit("bad packet size");
|
dropbear_exit("Bad packet size %d", len);
|
||||||
}
|
}
|
||||||
|
|
||||||
buf_setpos(ses.readbuf, PACKET_PAYLOAD_OFF);
|
buf_setpos(ses.readbuf, PACKET_PAYLOAD_OFF);
|
||||||
@ -520,7 +520,7 @@ void encrypt_packet() {
|
|||||||
buf_getwriteptr(writebuf, len),
|
buf_getwriteptr(writebuf, len),
|
||||||
len,
|
len,
|
||||||
&ses.keys->trans.cipher_state) != CRYPT_OK) {
|
&ses.keys->trans.cipher_state) != CRYPT_OK) {
|
||||||
dropbear_exit("error encrypting");
|
dropbear_exit("Error encrypting");
|
||||||
}
|
}
|
||||||
buf_incrpos(writebuf, len);
|
buf_incrpos(writebuf, len);
|
||||||
|
|
||||||
|
|||||||
@ -65,7 +65,7 @@ void process_packet() {
|
|||||||
case SSH_MSG_UNIMPLEMENTED:
|
case SSH_MSG_UNIMPLEMENTED:
|
||||||
/* debugging XXX */
|
/* debugging XXX */
|
||||||
TRACE(("SSH_MSG_UNIMPLEMENTED"))
|
TRACE(("SSH_MSG_UNIMPLEMENTED"))
|
||||||
dropbear_exit("received SSH_MSG_UNIMPLEMENTED");
|
dropbear_exit("Received SSH_MSG_UNIMPLEMENTED");
|
||||||
|
|
||||||
case SSH_MSG_DISCONNECT:
|
case SSH_MSG_DISCONNECT:
|
||||||
/* TODO cleanup? */
|
/* TODO cleanup? */
|
||||||
@ -77,7 +77,7 @@ void process_packet() {
|
|||||||
if (ses.requirenext != 0) {
|
if (ses.requirenext != 0) {
|
||||||
if (ses.requirenext != type) {
|
if (ses.requirenext != type) {
|
||||||
/* TODO send disconnect? */
|
/* TODO send disconnect? */
|
||||||
dropbear_exit("unexpected packet type %d, expected %d", type,
|
dropbear_exit("Unexpected packet type %d, expected %d", type,
|
||||||
ses.requirenext);
|
ses.requirenext);
|
||||||
} else {
|
} else {
|
||||||
/* Got what we expected */
|
/* Got what we expected */
|
||||||
@ -99,7 +99,7 @@ void process_packet() {
|
|||||||
* NOTE: if the protocol changes and new types are added, revisit this
|
* NOTE: if the protocol changes and new types are added, revisit this
|
||||||
* assumption */
|
* assumption */
|
||||||
if ( !ses.authstate.authdone && type > MAX_UNAUTH_PACKET_TYPE ) {
|
if ( !ses.authstate.authdone && type > MAX_UNAUTH_PACKET_TYPE ) {
|
||||||
dropbear_exit("received message %d before userauth", type);
|
dropbear_exit("Received message %d before userauth", type);
|
||||||
}
|
}
|
||||||
|
|
||||||
for (i = 0; ; i++) {
|
for (i = 0; ; i++) {
|
||||||
|
|||||||
12
random.c
12
random.c
@ -64,7 +64,7 @@ static void readrand(unsigned char* buf, unsigned int buflen) {
|
|||||||
#ifdef DROPBEAR_RANDOM_DEV
|
#ifdef DROPBEAR_RANDOM_DEV
|
||||||
readfd = open(DROPBEAR_RANDOM_DEV, O_RDONLY);
|
readfd = open(DROPBEAR_RANDOM_DEV, O_RDONLY);
|
||||||
if (readfd < 0) {
|
if (readfd < 0) {
|
||||||
dropbear_exit("couldn't open random device");
|
dropbear_exit("Couldn't open random device");
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@ -72,20 +72,20 @@ static void readrand(unsigned char* buf, unsigned int buflen) {
|
|||||||
readfd = connect_unix(DROPBEAR_PRNGD_SOCKET);
|
readfd = connect_unix(DROPBEAR_PRNGD_SOCKET);
|
||||||
|
|
||||||
if (readfd < 0) {
|
if (readfd < 0) {
|
||||||
dropbear_exit("couldn't open random device");
|
dropbear_exit("Couldn't open random device");
|
||||||
}
|
}
|
||||||
/* todo - try various common locations */
|
/* todo - try various common locations */
|
||||||
if (connect(readfd, (struct sockaddr*)&egdsock,
|
if (connect(readfd, (struct sockaddr*)&egdsock,
|
||||||
sizeof(struct sockaddr_un)) < 0) {
|
sizeof(struct sockaddr_un)) < 0) {
|
||||||
dropbear_exit("couldn't open random device");
|
dropbear_exit("Couldn't open random device");
|
||||||
}
|
}
|
||||||
|
|
||||||
if (buflen > 255)
|
if (buflen > 255)
|
||||||
dropbear_exit("can't request more than 255 bytes from egd");
|
dropbear_exit("Can't request more than 255 bytes from egd");
|
||||||
egdcmd[0] = 0x02; /* blocking read */
|
egdcmd[0] = 0x02; /* blocking read */
|
||||||
egdcmd[1] = (unsigned char)buflen;
|
egdcmd[1] = (unsigned char)buflen;
|
||||||
if (write(readfd, egdcmd, 2) < 0)
|
if (write(readfd, egdcmd, 2) < 0)
|
||||||
dropbear_exit("can't send command to egd");
|
dropbear_exit("Can't send command to egd");
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/* read the actual random data */
|
/* read the actual random data */
|
||||||
@ -114,7 +114,7 @@ static void readrand(unsigned char* buf, unsigned int buflen) {
|
|||||||
if (readlen < 0 && errno == EINTR) {
|
if (readlen < 0 && errno == EINTR) {
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
dropbear_exit("error reading random source");
|
dropbear_exit("Error reading random source");
|
||||||
}
|
}
|
||||||
readpos += readlen;
|
readpos += readlen;
|
||||||
} while (readpos < buflen);
|
} while (readpos < buflen);
|
||||||
|
|||||||
16
rsa.c
16
rsa.c
@ -67,7 +67,7 @@ int buf_get_rsa_pub_key(buffer* buf, dropbear_rsa_key *key) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (mp_count_bits(key->n) < MIN_RSA_KEYLEN) {
|
if (mp_count_bits(key->n) < MIN_RSA_KEYLEN) {
|
||||||
dropbear_log(LOG_WARNING, "rsa key too short");
|
dropbear_log(LOG_WARNING, "RSA key too short");
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -302,26 +302,26 @@ void buf_put_rsa_sign(buffer* buf, dropbear_rsa_key *key, const unsigned char* d
|
|||||||
|
|
||||||
/* rsa_s used as a temp var*/
|
/* rsa_s used as a temp var*/
|
||||||
if (mp_exptmod(&rsa_tmp2, key->e, key->n, &rsa_s) != MP_OKAY) {
|
if (mp_exptmod(&rsa_tmp2, key->e, key->n, &rsa_s) != MP_OKAY) {
|
||||||
dropbear_exit("rsa error");
|
dropbear_exit("RSA error");
|
||||||
}
|
}
|
||||||
if (mp_invmod(&rsa_tmp2, key->n, &rsa_tmp3) != MP_OKAY) {
|
if (mp_invmod(&rsa_tmp2, key->n, &rsa_tmp3) != MP_OKAY) {
|
||||||
dropbear_exit("rsa error");
|
dropbear_exit("RSA error");
|
||||||
}
|
}
|
||||||
if (mp_mulmod(&rsa_tmp1, &rsa_s, key->n, &rsa_tmp2) != MP_OKAY) {
|
if (mp_mulmod(&rsa_tmp1, &rsa_s, key->n, &rsa_tmp2) != MP_OKAY) {
|
||||||
dropbear_exit("rsa error");
|
dropbear_exit("RSA error");
|
||||||
}
|
}
|
||||||
|
|
||||||
/* rsa_tmp2 is em' */
|
/* rsa_tmp2 is em' */
|
||||||
/* s' = (em')^d mod n */
|
/* s' = (em')^d mod n */
|
||||||
if (mp_exptmod(&rsa_tmp2, key->d, key->n, &rsa_tmp1) != MP_OKAY) {
|
if (mp_exptmod(&rsa_tmp2, key->d, key->n, &rsa_tmp1) != MP_OKAY) {
|
||||||
dropbear_exit("rsa error");
|
dropbear_exit("RSA error");
|
||||||
}
|
}
|
||||||
|
|
||||||
/* rsa_tmp1 is s' */
|
/* rsa_tmp1 is s' */
|
||||||
/* rsa_tmp3 is r^(-1) mod n */
|
/* rsa_tmp3 is r^(-1) mod n */
|
||||||
/* s = (s')r^(-1) mod n */
|
/* s = (s')r^(-1) mod n */
|
||||||
if (mp_mulmod(&rsa_tmp1, &rsa_tmp3, key->n, &rsa_s) != MP_OKAY) {
|
if (mp_mulmod(&rsa_tmp1, &rsa_tmp3, key->n, &rsa_s) != MP_OKAY) {
|
||||||
dropbear_exit("rsa error");
|
dropbear_exit("RSA error");
|
||||||
}
|
}
|
||||||
|
|
||||||
#else
|
#else
|
||||||
@ -329,7 +329,7 @@ void buf_put_rsa_sign(buffer* buf, dropbear_rsa_key *key, const unsigned char* d
|
|||||||
/* s = em^d mod n */
|
/* s = em^d mod n */
|
||||||
/* rsa_tmp1 is em */
|
/* rsa_tmp1 is em */
|
||||||
if (mp_exptmod(&rsa_tmp1, key->d, key->n, &rsa_s) != MP_OKAY) {
|
if (mp_exptmod(&rsa_tmp1, key->d, key->n, &rsa_s) != MP_OKAY) {
|
||||||
dropbear_exit("rsa error");
|
dropbear_exit("RSA error");
|
||||||
}
|
}
|
||||||
|
|
||||||
#endif /* RSA_BLINDING */
|
#endif /* RSA_BLINDING */
|
||||||
@ -351,7 +351,7 @@ void buf_put_rsa_sign(buffer* buf, dropbear_rsa_key *key, const unsigned char* d
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (mp_to_unsigned_bin(&rsa_s, buf_getwriteptr(buf, ssize)) != MP_OKAY) {
|
if (mp_to_unsigned_bin(&rsa_s, buf_getwriteptr(buf, ssize)) != MP_OKAY) {
|
||||||
dropbear_exit("rsa error");
|
dropbear_exit("RSA error");
|
||||||
}
|
}
|
||||||
buf_incrwritepos(buf, ssize);
|
buf_incrwritepos(buf, ssize);
|
||||||
mp_clear(&rsa_s);
|
mp_clear(&rsa_s);
|
||||||
|
|||||||
14
signkey.c
14
signkey.c
@ -62,7 +62,7 @@ const char* signkey_name_from_type(int type, int *namelen) {
|
|||||||
return SSH_SIGNKEY_DSS;
|
return SSH_SIGNKEY_DSS;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
dropbear_exit("bad key type %d", type);
|
dropbear_exit("Bad key type %d", type);
|
||||||
return NULL; /* notreached */
|
return NULL; /* notreached */
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -215,7 +215,7 @@ void buf_put_pub_key(buffer* buf, sign_key *key, int type) {
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
if (pubkeys->len == 0) {
|
if (pubkeys->len == 0) {
|
||||||
dropbear_exit("bad key types in buf_put_pub_key");
|
dropbear_exit("Bad key types in buf_put_pub_key");
|
||||||
}
|
}
|
||||||
|
|
||||||
buf_setpos(pubkeys, 0);
|
buf_setpos(pubkeys, 0);
|
||||||
@ -246,7 +246,7 @@ void buf_put_priv_key(buffer* buf, sign_key *key, int type) {
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
dropbear_exit("bad key types in put pub key");
|
dropbear_exit("Bad key types in put pub key");
|
||||||
}
|
}
|
||||||
|
|
||||||
void sign_key_free(sign_key *key) {
|
void sign_key_free(sign_key *key) {
|
||||||
@ -380,7 +380,7 @@ void buf_put_sign(buffer* buf, sign_key *key, int type,
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
if (sigblob->len == 0) {
|
if (sigblob->len == 0) {
|
||||||
dropbear_exit("non-matching signing type");
|
dropbear_exit("Non-matching signing type");
|
||||||
}
|
}
|
||||||
buf_setpos(sigblob, 0);
|
buf_setpos(sigblob, 0);
|
||||||
buf_putstring(buf, buf_getptr(sigblob, sigblob->len),
|
buf_putstring(buf, buf_getptr(sigblob, sigblob->len),
|
||||||
@ -412,7 +412,7 @@ int buf_verify(buffer * buf, sign_key *key, const unsigned char *data,
|
|||||||
memcmp(ident, SSH_SIGNKEY_DSS, identlen) == 0) {
|
memcmp(ident, SSH_SIGNKEY_DSS, identlen) == 0) {
|
||||||
m_free(ident);
|
m_free(ident);
|
||||||
if (key->dsskey == NULL) {
|
if (key->dsskey == NULL) {
|
||||||
dropbear_exit("no dss key to verify signature");
|
dropbear_exit("No DSS key to verify signature");
|
||||||
}
|
}
|
||||||
return buf_dss_verify(buf, key->dsskey, data, len);
|
return buf_dss_verify(buf, key->dsskey, data, len);
|
||||||
}
|
}
|
||||||
@ -422,14 +422,14 @@ int buf_verify(buffer * buf, sign_key *key, const unsigned char *data,
|
|||||||
if (memcmp(ident, SSH_SIGNKEY_RSA, identlen) == 0) {
|
if (memcmp(ident, SSH_SIGNKEY_RSA, identlen) == 0) {
|
||||||
m_free(ident);
|
m_free(ident);
|
||||||
if (key->rsakey == NULL) {
|
if (key->rsakey == NULL) {
|
||||||
dropbear_exit("no rsa key to verify signature");
|
dropbear_exit("No RSA key to verify signature");
|
||||||
}
|
}
|
||||||
return buf_rsa_verify(buf, key->rsakey, data, len);
|
return buf_rsa_verify(buf, key->rsakey, data, len);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
m_free(ident);
|
m_free(ident);
|
||||||
dropbear_exit("non-matching signing type");
|
dropbear_exit("Non-matching signing type");
|
||||||
return DROPBEAR_FAILURE;
|
return DROPBEAR_FAILURE;
|
||||||
}
|
}
|
||||||
#endif /* DROPBEAR_SIGNKEY_VERIFY */
|
#endif /* DROPBEAR_SIGNKEY_VERIFY */
|
||||||
|
|||||||
2
sshpty.c
2
sshpty.c
@ -234,7 +234,7 @@ pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, int namebuflen)
|
|||||||
|
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
dropbear_log(LOG_WARNING, "failed to open any /dev/pty?? devices");
|
dropbear_log(LOG_WARNING, "Failed to open any /dev/pty?? devices");
|
||||||
return 0;
|
return 0;
|
||||||
#endif /* HAVE_DEV_PTS_AND_PTC */
|
#endif /* HAVE_DEV_PTS_AND_PTC */
|
||||||
#endif /* USE_DEV_PTMX */
|
#endif /* USE_DEV_PTMX */
|
||||||
|
|||||||
@ -161,7 +161,7 @@ void svr_agentcleanup(struct ChanSess * chansess) {
|
|||||||
gid = getgid();
|
gid = getgid();
|
||||||
if ((setegid(ses.authstate.pw_gid)) < 0 ||
|
if ((setegid(ses.authstate.pw_gid)) < 0 ||
|
||||||
(seteuid(ses.authstate.pw_uid)) < 0) {
|
(seteuid(ses.authstate.pw_uid)) < 0) {
|
||||||
dropbear_exit("failed to set euid");
|
dropbear_exit("Failed to set euid");
|
||||||
}
|
}
|
||||||
|
|
||||||
/* 2 for "/" and "\0" */
|
/* 2 for "/" and "\0" */
|
||||||
@ -176,7 +176,7 @@ void svr_agentcleanup(struct ChanSess * chansess) {
|
|||||||
|
|
||||||
if ((seteuid(uid)) < 0 ||
|
if ((seteuid(uid)) < 0 ||
|
||||||
(setegid(gid)) < 0) {
|
(setegid(gid)) < 0) {
|
||||||
dropbear_exit("failed to revert euid");
|
dropbear_exit("Failed to revert euid");
|
||||||
}
|
}
|
||||||
|
|
||||||
m_free(chansess->agentfile);
|
m_free(chansess->agentfile);
|
||||||
@ -224,7 +224,7 @@ static int bindagent(int fd, struct ChanSess * chansess) {
|
|||||||
gid = getgid();
|
gid = getgid();
|
||||||
if ((setegid(ses.authstate.pw_gid)) < 0 ||
|
if ((setegid(ses.authstate.pw_gid)) < 0 ||
|
||||||
(seteuid(ses.authstate.pw_uid)) < 0) {
|
(seteuid(ses.authstate.pw_uid)) < 0) {
|
||||||
dropbear_exit("failed to set euid");
|
dropbear_exit("Failed to set euid");
|
||||||
}
|
}
|
||||||
|
|
||||||
memset((void*)&addr, 0x0, sizeof(addr));
|
memset((void*)&addr, 0x0, sizeof(addr));
|
||||||
@ -267,7 +267,7 @@ bindsocket:
|
|||||||
out:
|
out:
|
||||||
if ((seteuid(uid)) < 0 ||
|
if ((seteuid(uid)) < 0 ||
|
||||||
(setegid(gid)) < 0) {
|
(setegid(gid)) < 0) {
|
||||||
dropbear_exit("failed to revert euid");
|
dropbear_exit("Failed to revert euid");
|
||||||
}
|
}
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -222,7 +222,7 @@ static int checkusername(unsigned char *username, unsigned int userlen) {
|
|||||||
strcmp(username, ses.authstate.username) != 0) {
|
strcmp(username, ses.authstate.username) != 0) {
|
||||||
/* the username needs resetting */
|
/* the username needs resetting */
|
||||||
if (ses.authstate.username != NULL) {
|
if (ses.authstate.username != NULL) {
|
||||||
dropbear_log(LOG_WARNING, "client trying multiple usernames from %s",
|
dropbear_log(LOG_WARNING, "Client trying multiple usernames from %s",
|
||||||
svr_ses.addrstring);
|
svr_ses.addrstring);
|
||||||
m_free(ses.authstate.username);
|
m_free(ses.authstate.username);
|
||||||
}
|
}
|
||||||
@ -235,7 +235,7 @@ static int checkusername(unsigned char *username, unsigned int userlen) {
|
|||||||
if (!ses.authstate.pw_name) {
|
if (!ses.authstate.pw_name) {
|
||||||
TRACE(("leave checkusername: user '%s' doesn't exist", username))
|
TRACE(("leave checkusername: user '%s' doesn't exist", username))
|
||||||
dropbear_log(LOG_WARNING,
|
dropbear_log(LOG_WARNING,
|
||||||
"login attempt for nonexistent user from %s",
|
"Login attempt for nonexistent user from %s",
|
||||||
svr_ses.addrstring);
|
svr_ses.addrstring);
|
||||||
send_msg_userauth_failure(0, 1);
|
send_msg_userauth_failure(0, 1);
|
||||||
return DROPBEAR_FAILURE;
|
return DROPBEAR_FAILURE;
|
||||||
@ -252,7 +252,7 @@ static int checkusername(unsigned char *username, unsigned int userlen) {
|
|||||||
/* check for an empty password */
|
/* check for an empty password */
|
||||||
if (ses.authstate.pw_passwd[0] == '\0') {
|
if (ses.authstate.pw_passwd[0] == '\0') {
|
||||||
TRACE(("leave checkusername: empty pword"))
|
TRACE(("leave checkusername: empty pword"))
|
||||||
dropbear_log(LOG_WARNING, "user '%s' has blank password, rejected",
|
dropbear_log(LOG_WARNING, "User '%s' has blank password, rejected",
|
||||||
ses.authstate.pw_name);
|
ses.authstate.pw_name);
|
||||||
send_msg_userauth_failure(0, 1);
|
send_msg_userauth_failure(0, 1);
|
||||||
return DROPBEAR_FAILURE;
|
return DROPBEAR_FAILURE;
|
||||||
@ -281,7 +281,7 @@ static int checkusername(unsigned char *username, unsigned int userlen) {
|
|||||||
/* no matching shell */
|
/* no matching shell */
|
||||||
endusershell();
|
endusershell();
|
||||||
TRACE(("no matching shell"))
|
TRACE(("no matching shell"))
|
||||||
dropbear_log(LOG_WARNING, "user '%s' has invalid shell, rejected",
|
dropbear_log(LOG_WARNING, "User '%s' has invalid shell, rejected",
|
||||||
ses.authstate.pw_name);
|
ses.authstate.pw_name);
|
||||||
send_msg_userauth_failure(0, 1);
|
send_msg_userauth_failure(0, 1);
|
||||||
return DROPBEAR_FAILURE;
|
return DROPBEAR_FAILURE;
|
||||||
@ -343,7 +343,6 @@ void send_msg_userauth_failure(int partial, int incrfail) {
|
|||||||
/* We delay for 300ms +- 50ms, 0.1ms granularity */
|
/* We delay for 300ms +- 50ms, 0.1ms granularity */
|
||||||
delay = 250000 + (delay % 1000)*100;
|
delay = 250000 + (delay % 1000)*100;
|
||||||
usleep(delay);
|
usleep(delay);
|
||||||
dropbear_log(LOG_INFO, "delay is %d", delay);
|
|
||||||
ses.authstate.failcount++;
|
ses.authstate.failcount++;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -101,7 +101,8 @@ pamConvFunc(int num_msg,
|
|||||||
if (!(strcmp(compare_message, "password:") == 0)) {
|
if (!(strcmp(compare_message, "password:") == 0)) {
|
||||||
/* We don't recognise the prompt as asking for a password,
|
/* We don't recognise the prompt as asking for a password,
|
||||||
so can't handle it. Add more above as required for
|
so can't handle it. Add more above as required for
|
||||||
different pam modules/implementations */
|
different pam modules/implementations. If you need
|
||||||
|
to add an entry here please mail the Dropbear developer */
|
||||||
dropbear_log(LOG_NOTICE, "PAM unknown prompt '%s' (no echo)",
|
dropbear_log(LOG_NOTICE, "PAM unknown prompt '%s' (no echo)",
|
||||||
compare_message);
|
compare_message);
|
||||||
rc = PAM_CONV_ERR;
|
rc = PAM_CONV_ERR;
|
||||||
@ -130,7 +131,8 @@ pamConvFunc(int num_msg,
|
|||||||
)) {
|
)) {
|
||||||
/* We don't recognise the prompt as asking for a username,
|
/* We don't recognise the prompt as asking for a username,
|
||||||
so can't handle it. Add more above as required for
|
so can't handle it. Add more above as required for
|
||||||
different pam modules/implementations */
|
different pam modules/implementations. If you need
|
||||||
|
to add an entry here please mail the Dropbear developer */
|
||||||
dropbear_log(LOG_NOTICE, "PAM unknown prompt '%s' (with echo)",
|
dropbear_log(LOG_NOTICE, "PAM unknown prompt '%s' (with echo)",
|
||||||
compare_message);
|
compare_message);
|
||||||
rc = PAM_CONV_ERR;
|
rc = PAM_CONV_ERR;
|
||||||
@ -226,7 +228,7 @@ void svr_auth_pam() {
|
|||||||
dropbear_log(LOG_WARNING, "pam_authenticate() failed, rc=%d, %s\n",
|
dropbear_log(LOG_WARNING, "pam_authenticate() failed, rc=%d, %s\n",
|
||||||
rc, pam_strerror(pamHandlep, rc));
|
rc, pam_strerror(pamHandlep, rc));
|
||||||
dropbear_log(LOG_WARNING,
|
dropbear_log(LOG_WARNING,
|
||||||
"bad PAM password attempt for '%s' from %s",
|
"Bad PAM password attempt for '%s' from %s",
|
||||||
ses.authstate.pw_name,
|
ses.authstate.pw_name,
|
||||||
svr_ses.addrstring);
|
svr_ses.addrstring);
|
||||||
send_msg_userauth_failure(0, 1);
|
send_msg_userauth_failure(0, 1);
|
||||||
@ -237,7 +239,7 @@ void svr_auth_pam() {
|
|||||||
dropbear_log(LOG_WARNING, "pam_acct_mgmt() failed, rc=%d, %s\n",
|
dropbear_log(LOG_WARNING, "pam_acct_mgmt() failed, rc=%d, %s\n",
|
||||||
rc, pam_strerror(pamHandlep, rc));
|
rc, pam_strerror(pamHandlep, rc));
|
||||||
dropbear_log(LOG_WARNING,
|
dropbear_log(LOG_WARNING,
|
||||||
"bad PAM password attempt for '%s' from %s",
|
"Bad PAM password attempt for '%s' from %s",
|
||||||
ses.authstate.pw_name,
|
ses.authstate.pw_name,
|
||||||
svr_ses.addrstring);
|
svr_ses.addrstring);
|
||||||
send_msg_userauth_failure(0, 1);
|
send_msg_userauth_failure(0, 1);
|
||||||
|
|||||||
@ -64,7 +64,7 @@ void svr_auth_password() {
|
|||||||
* since the shadow password may differ to that tested
|
* since the shadow password may differ to that tested
|
||||||
* in auth.c */
|
* in auth.c */
|
||||||
if (passwdcrypt[0] == '\0') {
|
if (passwdcrypt[0] == '\0') {
|
||||||
dropbear_log(LOG_WARNING, "user '%s' has blank password, rejected",
|
dropbear_log(LOG_WARNING, "User '%s' has blank password, rejected",
|
||||||
ses.authstate.pw_name);
|
ses.authstate.pw_name);
|
||||||
send_msg_userauth_failure(0, 1);
|
send_msg_userauth_failure(0, 1);
|
||||||
return;
|
return;
|
||||||
@ -88,13 +88,13 @@ void svr_auth_password() {
|
|||||||
if (strcmp(testcrypt, passwdcrypt) == 0) {
|
if (strcmp(testcrypt, passwdcrypt) == 0) {
|
||||||
/* successful authentication */
|
/* successful authentication */
|
||||||
dropbear_log(LOG_NOTICE,
|
dropbear_log(LOG_NOTICE,
|
||||||
"password auth succeeded for '%s' from %s",
|
"Password auth succeeded for '%s' from %s",
|
||||||
ses.authstate.pw_name,
|
ses.authstate.pw_name,
|
||||||
svr_ses.addrstring);
|
svr_ses.addrstring);
|
||||||
send_msg_userauth_success();
|
send_msg_userauth_success();
|
||||||
} else {
|
} else {
|
||||||
dropbear_log(LOG_WARNING,
|
dropbear_log(LOG_WARNING,
|
||||||
"bad password attempt for '%s' from %s",
|
"Bad password attempt for '%s' from %s",
|
||||||
ses.authstate.pw_name,
|
ses.authstate.pw_name,
|
||||||
svr_ses.addrstring);
|
svr_ses.addrstring);
|
||||||
send_msg_userauth_failure(0, 1);
|
send_msg_userauth_failure(0, 1);
|
||||||
|
|||||||
@ -135,12 +135,12 @@ void svr_auth_pubkey() {
|
|||||||
if (buf_verify(ses.payload, key, buf_getptr(signbuf, signbuf->len),
|
if (buf_verify(ses.payload, key, buf_getptr(signbuf, signbuf->len),
|
||||||
signbuf->len) == DROPBEAR_SUCCESS) {
|
signbuf->len) == DROPBEAR_SUCCESS) {
|
||||||
dropbear_log(LOG_NOTICE,
|
dropbear_log(LOG_NOTICE,
|
||||||
"pubkey auth succeeded for '%s' with key %s from %s",
|
"Pubkey auth succeeded for '%s' with key %s from %s",
|
||||||
ses.authstate.pw_name, fp, svr_ses.addrstring);
|
ses.authstate.pw_name, fp, svr_ses.addrstring);
|
||||||
send_msg_userauth_success();
|
send_msg_userauth_success();
|
||||||
} else {
|
} else {
|
||||||
dropbear_log(LOG_WARNING,
|
dropbear_log(LOG_WARNING,
|
||||||
"pubkey auth bad signature for '%s' with key %s from %s",
|
"Pubkey auth bad signature for '%s' with key %s from %s",
|
||||||
ses.authstate.pw_name, fp, svr_ses.addrstring);
|
ses.authstate.pw_name, fp, svr_ses.addrstring);
|
||||||
send_msg_userauth_failure(0, 1);
|
send_msg_userauth_failure(0, 1);
|
||||||
}
|
}
|
||||||
@ -198,7 +198,7 @@ static int checkpubkey(unsigned char* algo, unsigned int algolen,
|
|||||||
/* check that we can use the algo */
|
/* check that we can use the algo */
|
||||||
if (have_algo(algo, algolen, sshhostkey) == DROPBEAR_FAILURE) {
|
if (have_algo(algo, algolen, sshhostkey) == DROPBEAR_FAILURE) {
|
||||||
dropbear_log(LOG_WARNING,
|
dropbear_log(LOG_WARNING,
|
||||||
"pubkey auth attempt with unknown algo for '%s' from %s",
|
"Pubkey auth attempt with unknown algo for '%s' from %s",
|
||||||
ses.authstate.pw_name, svr_ses.addrstring);
|
ses.authstate.pw_name, svr_ses.addrstring);
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -99,7 +99,7 @@ void svr_pubkey_set_forced_command(struct ChanSess *chansess) {
|
|||||||
}
|
}
|
||||||
chansess->cmd = ses.authstate.pubkey_options->forced_command;
|
chansess->cmd = ses.authstate.pubkey_options->forced_command;
|
||||||
#ifdef LOG_COMMANDS
|
#ifdef LOG_COMMANDS
|
||||||
dropbear_log(LOG_INFO, "command forced to '%s'", ses.authstate.pubkey_options->original_command);
|
dropbear_log(LOG_INFO, "Command forced to '%s'", ses.authstate.pubkey_options->original_command);
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -455,7 +455,7 @@ static void get_termmodes(struct ChanSess *chansess) {
|
|||||||
TRACE(("term mode str %d p->l %d p->p %d",
|
TRACE(("term mode str %d p->l %d p->p %d",
|
||||||
len, ses.payload->len , ses.payload->pos));
|
len, ses.payload->len , ses.payload->pos));
|
||||||
if (len != ses.payload->len - ses.payload->pos) {
|
if (len != ses.payload->len - ses.payload->pos) {
|
||||||
dropbear_exit("bad term mode string");
|
dropbear_exit("Bad term mode string");
|
||||||
}
|
}
|
||||||
|
|
||||||
if (len == 0) {
|
if (len == 0) {
|
||||||
@ -520,7 +520,7 @@ static void get_termmodes(struct ChanSess *chansess) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (tcsetattr(chansess->master, TCSANOW, &termio) < 0) {
|
if (tcsetattr(chansess->master, TCSANOW, &termio) < 0) {
|
||||||
dropbear_log(LOG_INFO, "error setting terminal attributes");
|
dropbear_log(LOG_INFO, "Error setting terminal attributes");
|
||||||
}
|
}
|
||||||
TRACE(("leave get_termmodes"))
|
TRACE(("leave get_termmodes"))
|
||||||
}
|
}
|
||||||
@ -550,7 +550,7 @@ static int sessionpty(struct ChanSess * chansess) {
|
|||||||
|
|
||||||
/* allocate the pty */
|
/* allocate the pty */
|
||||||
if (chansess->master != -1) {
|
if (chansess->master != -1) {
|
||||||
dropbear_exit("multiple pty requests");
|
dropbear_exit("Multiple pty requests");
|
||||||
}
|
}
|
||||||
if (pty_allocate(&chansess->master, &chansess->slave, namebuf, 64) == 0) {
|
if (pty_allocate(&chansess->master, &chansess->slave, namebuf, 64) == 0) {
|
||||||
TRACE(("leave sessionpty: failed to allocate pty"))
|
TRACE(("leave sessionpty: failed to allocate pty"))
|
||||||
@ -559,7 +559,7 @@ static int sessionpty(struct ChanSess * chansess) {
|
|||||||
|
|
||||||
chansess->tty = (char*)m_strdup(namebuf);
|
chansess->tty = (char*)m_strdup(namebuf);
|
||||||
if (!chansess->tty) {
|
if (!chansess->tty) {
|
||||||
dropbear_exit("out of memory"); /* TODO disconnect */
|
dropbear_exit("Out of memory"); /* TODO disconnect */
|
||||||
}
|
}
|
||||||
|
|
||||||
pw = getpwnam(ses.authstate.pw_name);
|
pw = getpwnam(ses.authstate.pw_name);
|
||||||
@ -641,10 +641,10 @@ static int sessioncommand(struct Channel *channel, struct ChanSess *chansess,
|
|||||||
|
|
||||||
#ifdef LOG_COMMANDS
|
#ifdef LOG_COMMANDS
|
||||||
if (chansess->cmd) {
|
if (chansess->cmd) {
|
||||||
dropbear_log(LOG_INFO, "user %s executing '%s'",
|
dropbear_log(LOG_INFO, "User %s executing '%s'",
|
||||||
ses.authstate.pw_name, chansess->cmd);
|
ses.authstate.pw_name, chansess->cmd);
|
||||||
} else {
|
} else {
|
||||||
dropbear_log(LOG_INFO, "user %s executing login shell",
|
dropbear_log(LOG_INFO, "User %s executing login shell",
|
||||||
ses.authstate.pw_name);
|
ses.authstate.pw_name);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
@ -731,7 +731,7 @@ static int ptycommand(struct Channel *channel, struct ChanSess *chansess) {
|
|||||||
|
|
||||||
/* we need to have a pty allocated */
|
/* we need to have a pty allocated */
|
||||||
if (chansess->master == -1 || chansess->tty == NULL) {
|
if (chansess->master == -1 || chansess->tty == NULL) {
|
||||||
dropbear_log(LOG_WARNING, "no pty was allocated, couldn't execute");
|
dropbear_log(LOG_WARNING, "No pty was allocated, couldn't execute");
|
||||||
return DROPBEAR_FAILURE;
|
return DROPBEAR_FAILURE;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -884,10 +884,10 @@ static void execchild(void *user_data) {
|
|||||||
if ((setgid(ses.authstate.pw_gid) < 0) ||
|
if ((setgid(ses.authstate.pw_gid) < 0) ||
|
||||||
(initgroups(ses.authstate.pw_name,
|
(initgroups(ses.authstate.pw_name,
|
||||||
ses.authstate.pw_gid) < 0)) {
|
ses.authstate.pw_gid) < 0)) {
|
||||||
dropbear_exit("error changing user group");
|
dropbear_exit("Error changing user group");
|
||||||
}
|
}
|
||||||
if (setuid(ses.authstate.pw_uid) < 0) {
|
if (setuid(ses.authstate.pw_uid) < 0) {
|
||||||
dropbear_exit("error changing user");
|
dropbear_exit("Error changing user");
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
/* ... but if the daemon is the same uid as the requested uid, we don't
|
/* ... but if the daemon is the same uid as the requested uid, we don't
|
||||||
@ -898,7 +898,7 @@ static void execchild(void *user_data) {
|
|||||||
* differing groups won't be set (as with initgroups()). The solution
|
* differing groups won't be set (as with initgroups()). The solution
|
||||||
* is for the sysadmin not to give out the UID twice */
|
* is for the sysadmin not to give out the UID twice */
|
||||||
if (getuid() != ses.authstate.pw_uid) {
|
if (getuid() != ses.authstate.pw_uid) {
|
||||||
dropbear_exit("couldn't change user as non-root");
|
dropbear_exit("Couldn't change user as non-root");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -930,7 +930,7 @@ static void execchild(void *user_data) {
|
|||||||
|
|
||||||
/* change directory */
|
/* change directory */
|
||||||
if (chdir(ses.authstate.pw_dir) < 0) {
|
if (chdir(ses.authstate.pw_dir) < 0) {
|
||||||
dropbear_exit("error changing directory");
|
dropbear_exit("Error changing directory");
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifndef DISABLE_X11FWD
|
#ifndef DISABLE_X11FWD
|
||||||
@ -946,7 +946,7 @@ static void execchild(void *user_data) {
|
|||||||
run_shell_command(chansess->cmd, ses.maxfd, usershell);
|
run_shell_command(chansess->cmd, ses.maxfd, usershell);
|
||||||
|
|
||||||
/* only reached on error */
|
/* only reached on error */
|
||||||
dropbear_exit("child failed");
|
dropbear_exit("Child failed");
|
||||||
}
|
}
|
||||||
|
|
||||||
const struct ChanType svrchansess = {
|
const struct ChanType svrchansess = {
|
||||||
|
|||||||
@ -265,7 +265,7 @@ void main_noinetd() {
|
|||||||
fork_ret = fork();
|
fork_ret = fork();
|
||||||
#endif
|
#endif
|
||||||
if (fork_ret < 0) {
|
if (fork_ret < 0) {
|
||||||
dropbear_log(LOG_WARNING, "error forking: %s", strerror(errno));
|
dropbear_log(LOG_WARNING, "Error forking: %s", strerror(errno));
|
||||||
goto out;
|
goto out;
|
||||||
|
|
||||||
} else if (fork_ret > 0) {
|
} else if (fork_ret > 0) {
|
||||||
|
|||||||
@ -43,11 +43,11 @@ static void printhelp(const char * progname) {
|
|||||||
" before user login\n"
|
" before user login\n"
|
||||||
" (default: none)\n"
|
" (default: none)\n"
|
||||||
#ifdef DROPBEAR_DSS
|
#ifdef DROPBEAR_DSS
|
||||||
"-d dsskeyfile Use dsskeyfile for the dss host key\n"
|
"-d dsskeyfile Use dsskeyfile for the DSS host key\n"
|
||||||
" (default: %s)\n"
|
" (default: %s)\n"
|
||||||
#endif
|
#endif
|
||||||
#ifdef DROPBEAR_RSA
|
#ifdef DROPBEAR_RSA
|
||||||
"-r rsakeyfile Use rsakeyfile for the rsa host key\n"
|
"-r rsakeyfile Use rsakeyfile for the RSA host key\n"
|
||||||
" (default: %s)\n"
|
" (default: %s)\n"
|
||||||
#endif
|
#endif
|
||||||
"-F Don't fork into background\n"
|
"-F Don't fork into background\n"
|
||||||
|
|||||||
@ -57,7 +57,7 @@ void recv_msg_service_request() {
|
|||||||
if (len == SSH_SERVICE_CONNECTION_LEN &&
|
if (len == SSH_SERVICE_CONNECTION_LEN &&
|
||||||
(strncmp(SSH_SERVICE_CONNECTION, name, len) == 0)) {
|
(strncmp(SSH_SERVICE_CONNECTION, name, len) == 0)) {
|
||||||
if (ses.authstate.authdone != 1) {
|
if (ses.authstate.authdone != 1) {
|
||||||
dropbear_exit("request for connection before auth");
|
dropbear_exit("Request for connection before auth");
|
||||||
}
|
}
|
||||||
|
|
||||||
send_msg_service_accept(name, len);
|
send_msg_service_accept(name, len);
|
||||||
@ -68,7 +68,7 @@ void recv_msg_service_request() {
|
|||||||
|
|
||||||
m_free(name);
|
m_free(name);
|
||||||
/* TODO this should be a MSG_DISCONNECT */
|
/* TODO this should be a MSG_DISCONNECT */
|
||||||
dropbear_exit("unrecognised SSH_MSG_SERVICE_REQUEST");
|
dropbear_exit("Unrecognised SSH_MSG_SERVICE_REQUEST");
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@ -138,21 +138,21 @@ void svr_dropbear_exit(int exitcode, const char* format, va_list param) {
|
|||||||
if (!sessinitdone) {
|
if (!sessinitdone) {
|
||||||
/* before session init */
|
/* before session init */
|
||||||
snprintf(fmtbuf, sizeof(fmtbuf),
|
snprintf(fmtbuf, sizeof(fmtbuf),
|
||||||
"premature exit: %s", format);
|
"Premature exit: %s", format);
|
||||||
} else if (ses.authstate.authdone) {
|
} else if (ses.authstate.authdone) {
|
||||||
/* user has authenticated */
|
/* user has authenticated */
|
||||||
snprintf(fmtbuf, sizeof(fmtbuf),
|
snprintf(fmtbuf, sizeof(fmtbuf),
|
||||||
"exit after auth (%s): %s",
|
"Exit (%s): %s",
|
||||||
ses.authstate.pw_name, format);
|
ses.authstate.pw_name, format);
|
||||||
} else if (ses.authstate.pw_name) {
|
} else if (ses.authstate.pw_name) {
|
||||||
/* we have a potential user */
|
/* we have a potential user */
|
||||||
snprintf(fmtbuf, sizeof(fmtbuf),
|
snprintf(fmtbuf, sizeof(fmtbuf),
|
||||||
"exit before auth (user '%s', %d fails): %s",
|
"Exit before auth (user '%s', %d fails): %s",
|
||||||
ses.authstate.pw_name, ses.authstate.failcount, format);
|
ses.authstate.pw_name, ses.authstate.failcount, format);
|
||||||
} else {
|
} else {
|
||||||
/* before userauth */
|
/* before userauth */
|
||||||
snprintf(fmtbuf, sizeof(fmtbuf),
|
snprintf(fmtbuf, sizeof(fmtbuf),
|
||||||
"exit before auth: %s", format);
|
"Exit before auth: %s", format);
|
||||||
}
|
}
|
||||||
|
|
||||||
_dropbear_log(LOG_INFO, fmtbuf, param);
|
_dropbear_log(LOG_INFO, fmtbuf, param);
|
||||||
|
|||||||
@ -233,7 +233,7 @@ static int bindport(int fd) {
|
|||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
/* otherwise it was an error we don't know about */
|
/* otherwise it was an error we don't know about */
|
||||||
dropbear_log(LOG_DEBUG, "failed to bind x11 socket");
|
dropbear_log(LOG_DEBUG, "Failed to bind x11 socket");
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
return -1;
|
return -1;
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user