cleaning up the pubkey defines

--HG--
extra : convert_revision : 149ce7a9a9cc5fe670994d6789b40be49895c595
This commit is contained in:
Matt Johnston 2004-08-12 14:56:22 +00:00
parent 96a0f77bb4
commit d7575f95f0
16 changed files with 38 additions and 105 deletions

View File

@ -43,9 +43,9 @@ CONVERTOBJS=dropbearconvert.o keyimport.o
SCPOBJS=scp.o progressmeter.o atomicio.o scpmisc.o
HEADERS=options.h dbutil.h session.h packet.h algo.h ssh.h buffer.h kex.h \
dss.h bignum.h signkey.h rsa.h random.h service.h auth.h authpasswd.h \
dss.h bignum.h signkey.h rsa.h random.h service.h auth.h \
debug.h channel.h chansession.h config.h queue.h sshpty.h \
termcodes.h gendss.h genrsa.h authpubkey.h runopts.h includes.h \
termcodes.h gendss.h genrsa.h runopts.h includes.h \
loginrec.h atomicio.h x11fwd.h agentfwd.h tcpfwd.h compat.h \
listener.h fake-rfc2553.h

View File

@ -1,33 +0,0 @@
/*
* Dropbear - a SSH2 server
*
* Copyright (c) 2002,2003 Matt Johnston
* All rights reserved.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE. */
#ifndef _AUTH_PASSWD_
#define _AUTH_PASSWD_
#ifdef DROPBEAR_PASSWORD_AUTH
void passwordauth();
#endif /* DROPBEAR_PASSWORD_AUTH */
#endif /* _AUTH_PASSWD_ */

View File

@ -1,33 +0,0 @@
/*
* Dropbear - a SSH2 server
*
* Copyright (c) 2002,2003 Matt Johnston
* All rights reserved.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE. */
#ifndef _PUBKEY_AUTH_
#define _PUBKEY_AUTH_
#ifdef DROPBEAR_PUBKEY_AUTH
void pubkeyauth();
#endif /* DROPBEAR_PUBKEY_AUTH */
#endif /* _PUBKEY_AUTH_ */

View File

@ -92,7 +92,7 @@ void recv_msg_userauth_failure() {
return;
}
#ifdef DROPBEAR_PUBKEY_AUTH
#ifdef ENABLE_CLI_PUBKEY_AUTH
/* If it was a pubkey auth request, we should cross that key
* off the list. */
if (cli_ses.lastauthtype == AUTH_TYPE_PUBKEY) {
@ -126,13 +126,13 @@ void recv_msg_userauth_failure() {
for (i = 0; i <= methlen; i++) {
if (methods[i] == '\0') {
TRACE(("auth method '%s'", tok));
#ifdef DROPBEAR_PUBKEY_AUTH
#ifdef ENABLE_CLI_PUBKEY_AUTH
if (strncmp(AUTH_METHOD_PUBKEY, tok,
AUTH_METHOD_PUBKEY_LEN) == 0) {
ses.authstate.authtypes |= AUTH_TYPE_PUBKEY;
}
#endif
#ifdef DROPBEAR_PASSWORD_AUTH
#ifdef ENABLE_CLI_PASSWORD_AUTH
if (strncmp(AUTH_METHOD_PASSWORD, tok,
AUTH_METHOD_PASSWORD_LEN) == 0) {
ses.authstate.authtypes |= AUTH_TYPE_PASSWORD;
@ -163,14 +163,14 @@ void cli_auth_try() {
CHECKCLEARTOWRITE();
/* XXX We hardcode that we try a pubkey first */
#ifdef DROPBEAR_PUBKEY_AUTH
#ifdef ENABLE_CLI_PUBKEY_AUTH
if (ses.authstate.authtypes & AUTH_TYPE_PUBKEY) {
finished = cli_auth_pubkey();
cli_ses.lastauthtype = AUTH_TYPE_PUBKEY;
}
#endif
#ifdef DROPBEAR_PASSWORD_AUTH
#ifdef ENABLE_CLI_PASSWORD_AUTH
if (!finished && ses.authstate.authtypes & AUTH_TYPE_PASSWORD) {
finished = cli_auth_password();
cli_ses.lastauthtype = AUTH_TYPE_PASSWORD;

View File

@ -5,6 +5,7 @@
#include "ssh.h"
#include "runopts.h"
#ifdef ENABLE_CLI_PASSWORD_AUTH
int cli_auth_password() {
char* password = NULL;
@ -35,3 +36,4 @@ int cli_auth_password() {
return 1; /* Password auth can always be tried */
}
#endif

View File

@ -6,6 +6,7 @@
#include "runopts.h"
#include "auth.h"
#ifdef ENABLE_CLI_PUBKEY_AUTH
static void send_msg_userauth_pubkey(sign_key *key, int type, int realsign);
/* Called when we receive a SSH_MSG_USERAUTH_FAILURE for a pubkey request.
@ -158,3 +159,4 @@ int cli_auth_pubkey() {
return 0;
}
}
#endif /* Pubkey auth */

View File

@ -34,7 +34,7 @@ cli_runopts cli_opts; /* GLOBAL */
static void printhelp();
static void parsehostname(char* userhostarg);
#ifdef DROPBEAR_PUBKEY_AUTH
#ifdef ENABLE_CLI_PUBKEY_AUTH
static void loadidentityfile(const char* filename);
#endif
#ifdef ENABLE_CLI_ANYTCPFWD
@ -49,7 +49,7 @@ static void printhelp() {
"-p <remoteport>\n"
"-t Allocate a pty\n"
"-T Don't allocate a pty\n"
#ifdef DROPBEAR_PUBKEY_AUTH
#ifdef ENABLE_CLI_PUBKEY_AUTH
"-i <identityfile> (multiple allowed)\n"
#endif
#ifdef ENABLE_CLI_LOCALTCPFWD
@ -67,7 +67,7 @@ void cli_getopts(int argc, char ** argv) {
unsigned int i, j;
char ** next = 0;
unsigned int cmdlen;
#ifdef DROPBEAR_PUBKEY_AUTH
#ifdef ENABLE_CLI_PUBKEY_AUTH
int nextiskey = 0; /* A flag if the next argument is a keyfile */
#endif
#ifdef ENABLE_CLI_LOCALTCPFWD
@ -85,7 +85,7 @@ void cli_getopts(int argc, char ** argv) {
cli_opts.username = NULL;
cli_opts.cmd = NULL;
cli_opts.wantpty = 9; /* 9 means "it hasn't been touched", gets set later */
#ifdef DROPBEAR_PUBKEY_AUTH
#ifdef ENABLE_CLI_PUBKEY_AUTH
cli_opts.pubkeys = NULL;
#endif
#ifdef ENABLE_CLI_LOCALTCPFWD
@ -103,7 +103,7 @@ void cli_getopts(int argc, char ** argv) {
/* Iterate all the arguments */
for (i = 1; i < (unsigned int)argc; i++) {
#ifdef DROPBEAR_PUBKEY_AUTH
#ifdef ENABLE_CLI_PUBKEY_AUTH
if (nextiskey) {
/* Load a hostkey since the previous argument was "-i" */
loadidentityfile(argv[i]);
@ -150,7 +150,7 @@ void cli_getopts(int argc, char ** argv) {
case 'p': /* remoteport */
next = &cli_opts.remoteport;
break;
#ifdef DROPBEAR_PUBKEY_AUTH
#ifdef ENABLE_CLI_PUBKEY_AUTH
case 'i': /* an identityfile */
nextiskey = 1;
break;
@ -255,7 +255,7 @@ void cli_getopts(int argc, char ** argv) {
}
}
#ifdef DROPBEAR_PUBKEY_AUTH
#ifdef ENABLE_CLI_PUBKEY_AUTH
static void loadidentityfile(const char* filename) {
struct PubkeyList * nextkey;

View File

@ -37,7 +37,7 @@ static const packettype cli_packettypes[] = {
{SSH_MSG_CHANNEL_OPEN_CONFIRMATION, recv_msg_channel_open_confirmation},
{SSH_MSG_CHANNEL_OPEN_FAILURE, recv_msg_channel_open_failure},
{SSH_MSG_USERAUTH_BANNER, recv_msg_userauth_banner}, /* client */
#ifdef DROPBEAR_PUBKEY_AUTH
#ifdef ENABLE_CLI_PUBKEY_AUTH
{SSH_MSG_USERAUTH_PK_OK, recv_msg_userauth_pk_ok}, /* client */
#endif
{0, 0} /* End */

View File

@ -442,7 +442,7 @@ int buf_readfile(buffer* buf, const char* filename) {
* authkeys file.
* Will return DROPBEAR_SUCCESS if data is read, or DROPBEAR_FAILURE on EOF.*/
/* Only used for ~/.ssh/known_hosts and ~/.ssh/authorized_keys */
#if defined(DROPBEAR_CLIENT) || defined(DROPBEAR_PUBKEY_AUTH)
#if defined(DROPBEAR_CLIENT) || defined(ENABLE_SVR_PUBKEY_AUTH)
int buf_getline(buffer * line, FILE * authfile) {
int c = EOF;

View File

@ -114,11 +114,11 @@
/* Authentication types to enable, at least one required.
RFC Draft requires pubkey auth, and recommends password */
#define DROPBEAR_SVR_PASSWORD_AUTH
#define DROPBEAR_SVR_PUBKEY_AUTH
#define ENABLE_SVR_PASSWORD_AUTH
#define ENABLE_SVR_PUBKEY_AUTH
#define DROPBEAR_CLI_PASSWORD_AUTH
#define DROPBEAR_CLI_PUBKEY_AUTH
#define ENABLE_CLI_PASSWORD_AUTH
#define ENABLE_CLI_PUBKEY_AUTH
/* Random device to use - you must specify _one only_.
* DEV_RANDOM is recommended on hosts with a good /dev/urandom, otherwise use
@ -241,7 +241,7 @@
#define DROPBEAR_COMP_ZLIB 1
/* Required for pubkey auth */
#if defined(DROPBEAR_PUBKEY_AUTH) || defined(DROPBEAR_CLIENT)
#if defined(ENABLE_SVR_PUBKEY_AUTH) || defined(DROPBEAR_CLIENT)
#define DROPBEAR_SIGNKEY_VERIFY
#endif
@ -320,7 +320,7 @@
#define USING_LISTENERS
#endif
#if defined(DROPBEAR_CLIENT) || defined(DROPBEAR_PUBKEY_AUTH)
#if defined(DROPBEAR_CLIENT) || defined(ENABLE_SVR_PUBKEY_AUTH)
#define DROPBEAR_KEY_LINES /* ie we're using authorized_keys or known_hosts */
#endif

View File

@ -91,7 +91,7 @@ typedef struct cli_runopts {
char *cmd;
int wantpty;
#ifdef DROPBEAR_PUBKEY_AUTH
#ifdef ENABLE_CLI_PUBKEY_AUTH
struct PubkeyList *pubkeys; /* Keys to use for public-key auth */
#endif
#ifdef ENABLE_CLI_REMOTETCPFWD

View File

@ -32,8 +32,6 @@
#include "ssh.h"
#include "packet.h"
#include "auth.h"
#include "authpasswd.h"
#include "authpubkey.h"
#include "runopts.h"
static void authclear();
@ -54,10 +52,10 @@ void svr_authinitialise() {
static void authclear() {
memset(&ses.authstate, 0, sizeof(ses.authstate));
#ifdef DROPBEAR_PUBKEY_AUTH
#ifdef ENABLE_SVR_PUBKEY_AUTH
ses.authstate.authtypes |= AUTH_TYPE_PUBKEY;
#endif
#ifdef DROPBEAR_PASSWORD_AUTH
#ifdef ENABLE_SVR_PASSWORD_AUTH
if (!svr_opts.noauthpass) {
ses.authstate.authtypes |= AUTH_TYPE_PASSWORD;
}
@ -143,7 +141,7 @@ void recv_msg_userauth_request() {
goto out;
}
#ifdef DROPBEAR_PASSWORD_AUTH
#ifdef ENABLE_SVR_PASSWORD_AUTH
if (!svr_opts.noauthpass &&
!(svr_opts.norootpass && ses.authstate.pw->pw_uid == 0) ) {
/* user wants to try password auth */
@ -156,7 +154,7 @@ void recv_msg_userauth_request() {
}
#endif
#ifdef DROPBEAR_PUBKEY_AUTH
#ifdef ENABLE_SVR_PUBKEY_AUTH
/* user wants to try pubkey auth */
if (methodlen == AUTH_METHOD_PUBKEY_LEN &&
strncmp(methodname, AUTH_METHOD_PUBKEY,

View File

@ -29,9 +29,8 @@
#include "buffer.h"
#include "dbutil.h"
#include "auth.h"
#include "authpasswd.h"
#ifdef DROPBEAR_PASSWORD_AUTH
#ifdef ENABLE_SVR_PASSWORD_AUTH
/* Process a password auth request, sending success or failure messages as
* appropriate */
@ -105,4 +104,4 @@ void svr_auth_password() {
}
#endif /* DROPBEAR_PASSWORD_AUTH */
#endif

View File

@ -30,12 +30,11 @@
#include "buffer.h"
#include "signkey.h"
#include "auth.h"
#include "authpubkey.h"
#include "ssh.h"
#include "packet.h"
#include "algo.h"
#ifdef DROPBEAR_PUBKEY_AUTH
#ifdef ENABLE_SVR_PUBKEY_AUTH
#define MIN_AUTHKEYS_LINE 10 /* "ssh-rsa AB" - short but doesn't matter */
#define MAX_AUTHKEYS_LINE 4200 /* max length of a line in authkeys */
@ -336,4 +335,4 @@ static int checkfileperm(char * filename) {
}
#endif /* DROPBEAR_PUBKEY_AUTH */
#endif

View File

@ -61,7 +61,7 @@ static void printhelp(const char * progname) {
"-m Don't display the motd on login\n"
#endif
"-w Disallow root logins\n"
#ifdef DROPBEAR_PASSWORD_AUTH
#ifdef ENABLE_SVR_PASSWORD_AUTH
"-s Disable password logins\n"
"-g Disable password logins for root\n"
#endif
@ -174,7 +174,7 @@ void svr_getopts(int argc, char ** argv) {
case 'w':
svr_opts.norootlogin = 1;
break;
#ifdef DROPBEAR_PASSWORD_AUTH
#ifdef ENABLE_SVR_PASSWORD_AUTH
case 's':
svr_opts.noauthpass = 1;
break;

View File

@ -35,8 +35,7 @@
#include "channel.h"
#include "chansession.h"
#include "atomicio.h"
#include "tcp-accept.h"
#include "tcp-connect.h"
#include "tcpfwd.h"
#include "service.h"
#include "auth.h"
#include "runopts.h"