ClearML/dropbear
1
0
Fork 0
mirror of https://github.com/clearml/dropbear synced 2025-06-26 01:56:49 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

merge

Browse Source
This commit is contained in:
Matt Johnston 2013-05-26 18:42:17 +08:00
commit c2b1327deb
9 changed files with 49 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.hgsigs
View File

@ -3,3 +3,4 @@ aa2f51a6b81d33de5e9898a7f27c792a173d9b26 0 iD8DBQBOuADmjPn4sExkf7wRAv/fAJ9FJFvjD
85f835f2fe0ac2c503c50a414de127222fb0a57c 0 iD8DBQBPRkMUjPn4sExkf7wRAvM4AJ9mw2OAkyjhSbamM1MizlEJUX18HACgoFKQkYf6BnYxN34Nv2HhM0cmzUc= 85f835f2fe0ac2c503c50a414de127222fb0a57c 0 iD8DBQBPRkMUjPn4sExkf7wRAvM4AJ9mw2OAkyjhSbamM1MizlEJUX18HACgoFKQkYf6BnYxN34Nv2HhM0cmzUc=
9b80981212fe6c01b7c16b3ca7c4e66af56f12f1 0 iEYEABECAAYFAlFLKKcACgkQjPn4sExkf7xK7wCfcioCmJPsysSbQO6+4qZMVe0mmLwAn2/o+wRf4MrUXlohrr7aXEF9vdSB 9b80981212fe6c01b7c16b3ca7c4e66af56f12f1 0 iEYEABECAAYFAlFLKKcACgkQjPn4sExkf7xK7wCfcioCmJPsysSbQO6+4qZMVe0mmLwAn2/o+wRf4MrUXlohrr7aXEF9vdSB
095b46180bbc412b029420587736a6185afc17e1 0 iEYEABECAAYFAlFsCnkACgkQjPn4sExkf7xLrwCfeMWjUaSmfU/fvseT5TdrYRqBEVQAoLz5SFLEA40C5f8zE8Ma/vgVJVIC 095b46180bbc412b029420587736a6185afc17e1 0 iEYEABECAAYFAlFsCnkACgkQjPn4sExkf7xLrwCfeMWjUaSmfU/fvseT5TdrYRqBEVQAoLz5SFLEA40C5f8zE8Ma/vgVJVIC
f168962bab857ca030829e4cd73d9b32c868c874 0 iEYEABECAAYFAlFwDNwACgkQjPn4sExkf7wJ6QCePVovn/avKXUyNwNBYCcov6JLYqkAnRCPQdkXgv20N3t10r6PRMBBo1/S

1
.hgtags
View File

@ -37,3 +37,4 @@ d7da3b1e15401eb234ec866d5eac992fc4cd5878 t:ltc-0.95-db-merge1
0000000000000000000000000000000000000000 t:ltc-0.95-db-merge1 0000000000000000000000000000000000000000 t:ltc-0.95-db-merge1
1b8b2b9d6e94bc3cc5e61b620476ea36cc466e1b DROPBEAR_2013.56 1b8b2b9d6e94bc3cc5e61b620476ea36cc466e1b DROPBEAR_2013.56
96b8bcb88017815040949a417caa55686271e8a9 DROPBEAR_2013.57 96b8bcb88017815040949a417caa55686271e8a9 DROPBEAR_2013.57
e76614145aea67f66e4a4257685c771efba21aa1 DROPBEAR_2013.58

21
CHANGES
View File

@ -1,3 +1,14 @@
2013.58 - Thursday 18 April 2013
- Fix building with Zlib disabled, thanks to Hans Harder and cuma@freetz
- Use % as a separator for ports, fixes scp in multihop mode, from Hans Harder
- Reject logins for other users when running as non-root, from Hans Harder
- Disable client immediate authentication request by default, it prevents
passwordless logins from working
2013.57 - Monday 15 April 2013 2013.57 - Monday 15 April 2013
- Decreased connection setup time particularly with high latency connections, - Decreased connection setup time particularly with high latency connections,
@ -20,7 +31,7 @@
~^Z (background session) ~^Z (background session)
- Server will more reliably clean up utmp when connection is closed, reported by - Server will more reliably clean up utmp when connection is closed, reported by
Mattias Walström Mattias Walström
- Don't crash if /dev/urandom isn't writable (RHEL5), thanks to Scott Case - Don't crash if /dev/urandom isn't writable (RHEL5), thanks to Scott Case
@ -60,10 +71,10 @@ though probably will be soon
- Allow using IPv6 bracket notation for addresses in server "-p" option, from Ben Jencks - Allow using IPv6 bracket notation for addresses in server "-p" option, from Ben Jencks
- A few improvements for Android from Reimar Döffinger - A few improvements for Android from Reimar Döffinger
- Fix memory leak for TCP forwarded connections to hosts that timed out, - Fix memory leak for TCP forwarded connections to hosts that timed out,
reported by Norbert Benczúr. Appears to be a very long-standing bug. reported by Norbert Benczúr. Appears to be a very long-standing bug.
- Fix "make clean" for out of tree builds - Fix "make clean" for out of tree builds
@ -689,7 +700,7 @@ https://secure.ucc.asn.au/hg/dropbear/graph/default
Lobenstock and Mihnea Stoenescu Lobenstock and Mihnea Stoenescu
- Use daemon() function if available (or our own copy) rather than separate - Use daemon() function if available (or our own copy) rather than separate
code (thanks to Frédéric Lavernhe for the report and debugging, and Bernard code (thanks to Frédéric Lavernhe for the report and debugging, and Bernard
Blackham for his suggestion on what to look at) Blackham for his suggestion on what to look at)
- Fixed up support for first_kex_packet_follows, required to talk to ssh.com - Fixed up support for first_kex_packet_follows, required to talk to ssh.com
@ -808,7 +819,7 @@ https://secure.ucc.asn.au/hg/dropbear/graph/default
- Various signedness fixes - Various signedness fixes
- Can listen on multiple ports - Can listen on multiple ports
- added option to disable openpty with configure script, - added option to disable openpty with configure script,
(from K.-P. Kirchdörfer <kapeka at epost.de>) (from K.-P. Kirchdörfer <kapeka at epost.de>)
- Various cleanups to bignum code - Various cleanups to bignum code
(thanks to Tom St Denis <tomstdenis at iahu.ca>) (thanks to Tom St Denis <tomstdenis at iahu.ca>)
- Fix compile error when disabling RSA - Fix compile error when disabling RSA

6
cli-runopts.c
View File

@ -610,7 +610,11 @@ static void parse_hostname(const char* orighostarg) {
cli_opts.username = m_strdup(cli_opts.own_user); cli_opts.username = m_strdup(cli_opts.own_user);
} }
port = strchr(cli_opts.remotehost, '/'); port = strchr(cli_opts.remotehost, '%');
if (!port) {
// legacy separator
port = strchr(cli_opts.remotehost, '/');
}
if (port) { if (port) {
*port = '\0'; *port = '\0';
cli_opts.remoteport = port+1; cli_opts.remoteport = port+1;

9
dbclient.1
View File

@ -15,7 +15,7 @@ dbclient \- lightweight SSH2 client
.B dbclient .B dbclient
[ [
.I args ] .I args ]
.I [user1]@host1[/port1],[user2]@host2[/port2],... .I [user1]@host1[%port1],[user2]@host2[%port2],...
.SH DESCRIPTION .SH DESCRIPTION
.B dbclient .B dbclient
@ -24,10 +24,9 @@ environments, while still being functional and secure enough for general use.
.SH OPTIONS .SH OPTIONS
.TP .TP
.B \-p \fIport .B \-p \fIport
Remote port. Connect to
Connect to port
.I port .I port
on the remote host. on the remote host. Alternatively a port can be specified as hostname%port.
Default is 22. Default is 22.
.TP .TP
.B \-i \fIidfile .B \-i \fIidfile
@ -127,7 +126,7 @@ Dropbear will also allow multiple "hops" to be specified, separated by commas. I
this case a connection will be made to the first host, then a TCP forwarded this case a connection will be made to the first host, then a TCP forwarded
connection will be made through that to the second host, and so on. Hosts other than connection will be made through that to the second host, and so on. Hosts other than
the final destination will not see anything other than the encrypted SSH stream. the final destination will not see anything other than the encrypted SSH stream.
A port for a host can be specified with a slash (eg matt@martello/44 ). A port for a host can be specified with a hash (eg matt@martello%44 ).
This syntax can also be used with scp or rsync (specifying dbclient as the This syntax can also be used with scp or rsync (specifying dbclient as the
ssh/rsh command). A file can be "bounced" through multiple SSH hops, eg ssh/rsh command). A file can be "bounced" through multiple SSH hops, eg

6
debian/changelog vendored
View File

@ -1,3 +1,9 @@
dropbear (2013.58-0.1) unstable; urgency=low
* New upstream release.
-- Matt Johnston <matt@ucc.asn.au> Thu, 18 Apr 2013 22:54:00 +0800
dropbear (2013.57-0.1) unstable; urgency=low dropbear (2013.57-0.1) unstable; urgency=low
* New upstream release. * New upstream release.

7
options.h
View File

@ -204,6 +204,13 @@ much traffic. */
* return the password on standard output */ * return the password on standard output */
/*#define ENABLE_CLI_ASKPASS_HELPER*/ /*#define ENABLE_CLI_ASKPASS_HELPER*/
/* Send a real auth request first rather than requesting a list of available methods.
* It saves a network round trip at login but prevents immediate login to
* accounts with no password, and might be rejected by some strict servers (none
* encountered yet) - hence it isn't enabled by default. */
/* #define CLI_IMMEDIATE_AUTH */
/* Source for randomness. This must be able to provide hundreds of bytes per SSH /* Source for randomness. This must be able to provide hundreds of bytes per SSH
* connection without blocking. In addition /dev/random is used for seeding * connection without blocking. In addition /dev/random is used for seeding
* rsa/dss key generation */ * rsa/dss key generation */

8
svr-authpasswd.c
View File

@ -66,6 +66,14 @@ void svr_auth_password() {
m_burn(password, passwordlen); m_burn(password, passwordlen);
m_free(password); m_free(password);
if (testcrypt == NULL) {
/* crypt() with an invalid salt like "!!" */
dropbear_log(LOG_WARNING, "User account '%s' is locked",
ses.authstate.pw_name);
send_msg_userauth_failure(0, 1);
return;
}
/* check for empty password */ /* check for empty password */
if (passwdcrypt[0] == '\0') { if (passwdcrypt[0] == '\0') {
dropbear_log(LOG_WARNING, "User '%s' has blank password, rejected", dropbear_log(LOG_WARNING, "User '%s' has blank password, rejected",

5
sysoptions.h
View File

@ -4,7 +4,7 @@
*******************************************************************/ *******************************************************************/
#ifndef DROPBEAR_VERSION #ifndef DROPBEAR_VERSION
#define DROPBEAR_VERSION "2013.57" #define DROPBEAR_VERSION "2013.58"
#endif #endif
#define LOCAL_IDENT "SSH-2.0-dropbear_" DROPBEAR_VERSION #define LOCAL_IDENT "SSH-2.0-dropbear_" DROPBEAR_VERSION
@ -198,9 +198,6 @@
#define DROPBEAR_KEY_LINES /* ie we're using authorized_keys or known_hosts */ #define DROPBEAR_KEY_LINES /* ie we're using authorized_keys or known_hosts */
#endif #endif
/* Send an auth request straight away rather than trying "none" type to get a list */
#define CLI_IMMEDIATE_AUTH
/* Changing this is inadvisable, it appears to have problems /* Changing this is inadvisable, it appears to have problems
* with flushing compressed data */ * with flushing compressed data */
#define DROPBEAR_ZLIB_MEM_LEVEL 8 #define DROPBEAR_ZLIB_MEM_LEVEL 8