mirror of
https://github.com/clearml/dropbear
synced 2025-04-02 12:06:15 +00:00
cleaning up the pubkey defines
--HG-- extra : convert_revision : 149ce7a9a9cc5fe670994d6789b40be49895c595
This commit is contained in:
parent
96a0f77bb4
commit
d7575f95f0
@ -43,9 +43,9 @@ CONVERTOBJS=dropbearconvert.o keyimport.o
|
||||
SCPOBJS=scp.o progressmeter.o atomicio.o scpmisc.o
|
||||
|
||||
HEADERS=options.h dbutil.h session.h packet.h algo.h ssh.h buffer.h kex.h \
|
||||
dss.h bignum.h signkey.h rsa.h random.h service.h auth.h authpasswd.h \
|
||||
dss.h bignum.h signkey.h rsa.h random.h service.h auth.h \
|
||||
debug.h channel.h chansession.h config.h queue.h sshpty.h \
|
||||
termcodes.h gendss.h genrsa.h authpubkey.h runopts.h includes.h \
|
||||
termcodes.h gendss.h genrsa.h runopts.h includes.h \
|
||||
loginrec.h atomicio.h x11fwd.h agentfwd.h tcpfwd.h compat.h \
|
||||
listener.h fake-rfc2553.h
|
||||
|
||||
|
33
authpasswd.h
33
authpasswd.h
@ -1,33 +0,0 @@
|
||||
/*
|
||||
* Dropbear - a SSH2 server
|
||||
*
|
||||
* Copyright (c) 2002,2003 Matt Johnston
|
||||
* All rights reserved.
|
||||
*
|
||||
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
* of this software and associated documentation files (the "Software"), to deal
|
||||
* in the Software without restriction, including without limitation the rights
|
||||
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
* copies of the Software, and to permit persons to whom the Software is
|
||||
* furnished to do so, subject to the following conditions:
|
||||
*
|
||||
* The above copyright notice and this permission notice shall be included in
|
||||
* all copies or substantial portions of the Software.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
* SOFTWARE. */
|
||||
|
||||
#ifndef _AUTH_PASSWD_
|
||||
#define _AUTH_PASSWD_
|
||||
|
||||
#ifdef DROPBEAR_PASSWORD_AUTH
|
||||
|
||||
void passwordauth();
|
||||
|
||||
#endif /* DROPBEAR_PASSWORD_AUTH */
|
||||
#endif /* _AUTH_PASSWD_ */
|
33
authpubkey.h
33
authpubkey.h
@ -1,33 +0,0 @@
|
||||
/*
|
||||
* Dropbear - a SSH2 server
|
||||
*
|
||||
* Copyright (c) 2002,2003 Matt Johnston
|
||||
* All rights reserved.
|
||||
*
|
||||
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
* of this software and associated documentation files (the "Software"), to deal
|
||||
* in the Software without restriction, including without limitation the rights
|
||||
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
* copies of the Software, and to permit persons to whom the Software is
|
||||
* furnished to do so, subject to the following conditions:
|
||||
*
|
||||
* The above copyright notice and this permission notice shall be included in
|
||||
* all copies or substantial portions of the Software.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
* SOFTWARE. */
|
||||
|
||||
#ifndef _PUBKEY_AUTH_
|
||||
#define _PUBKEY_AUTH_
|
||||
|
||||
#ifdef DROPBEAR_PUBKEY_AUTH
|
||||
|
||||
void pubkeyauth();
|
||||
|
||||
#endif /* DROPBEAR_PUBKEY_AUTH */
|
||||
#endif /* _PUBKEY_AUTH_ */
|
10
cli-auth.c
10
cli-auth.c
@ -92,7 +92,7 @@ void recv_msg_userauth_failure() {
|
||||
return;
|
||||
}
|
||||
|
||||
#ifdef DROPBEAR_PUBKEY_AUTH
|
||||
#ifdef ENABLE_CLI_PUBKEY_AUTH
|
||||
/* If it was a pubkey auth request, we should cross that key
|
||||
* off the list. */
|
||||
if (cli_ses.lastauthtype == AUTH_TYPE_PUBKEY) {
|
||||
@ -126,13 +126,13 @@ void recv_msg_userauth_failure() {
|
||||
for (i = 0; i <= methlen; i++) {
|
||||
if (methods[i] == '\0') {
|
||||
TRACE(("auth method '%s'", tok));
|
||||
#ifdef DROPBEAR_PUBKEY_AUTH
|
||||
#ifdef ENABLE_CLI_PUBKEY_AUTH
|
||||
if (strncmp(AUTH_METHOD_PUBKEY, tok,
|
||||
AUTH_METHOD_PUBKEY_LEN) == 0) {
|
||||
ses.authstate.authtypes |= AUTH_TYPE_PUBKEY;
|
||||
}
|
||||
#endif
|
||||
#ifdef DROPBEAR_PASSWORD_AUTH
|
||||
#ifdef ENABLE_CLI_PASSWORD_AUTH
|
||||
if (strncmp(AUTH_METHOD_PASSWORD, tok,
|
||||
AUTH_METHOD_PASSWORD_LEN) == 0) {
|
||||
ses.authstate.authtypes |= AUTH_TYPE_PASSWORD;
|
||||
@ -163,14 +163,14 @@ void cli_auth_try() {
|
||||
CHECKCLEARTOWRITE();
|
||||
|
||||
/* XXX We hardcode that we try a pubkey first */
|
||||
#ifdef DROPBEAR_PUBKEY_AUTH
|
||||
#ifdef ENABLE_CLI_PUBKEY_AUTH
|
||||
if (ses.authstate.authtypes & AUTH_TYPE_PUBKEY) {
|
||||
finished = cli_auth_pubkey();
|
||||
cli_ses.lastauthtype = AUTH_TYPE_PUBKEY;
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef DROPBEAR_PASSWORD_AUTH
|
||||
#ifdef ENABLE_CLI_PASSWORD_AUTH
|
||||
if (!finished && ses.authstate.authtypes & AUTH_TYPE_PASSWORD) {
|
||||
finished = cli_auth_password();
|
||||
cli_ses.lastauthtype = AUTH_TYPE_PASSWORD;
|
||||
|
@ -5,6 +5,7 @@
|
||||
#include "ssh.h"
|
||||
#include "runopts.h"
|
||||
|
||||
#ifdef ENABLE_CLI_PASSWORD_AUTH
|
||||
int cli_auth_password() {
|
||||
|
||||
char* password = NULL;
|
||||
@ -35,3 +36,4 @@ int cli_auth_password() {
|
||||
return 1; /* Password auth can always be tried */
|
||||
|
||||
}
|
||||
#endif
|
||||
|
@ -6,6 +6,7 @@
|
||||
#include "runopts.h"
|
||||
#include "auth.h"
|
||||
|
||||
#ifdef ENABLE_CLI_PUBKEY_AUTH
|
||||
static void send_msg_userauth_pubkey(sign_key *key, int type, int realsign);
|
||||
|
||||
/* Called when we receive a SSH_MSG_USERAUTH_FAILURE for a pubkey request.
|
||||
@ -158,3 +159,4 @@ int cli_auth_pubkey() {
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
#endif /* Pubkey auth */
|
||||
|
@ -34,7 +34,7 @@ cli_runopts cli_opts; /* GLOBAL */
|
||||
|
||||
static void printhelp();
|
||||
static void parsehostname(char* userhostarg);
|
||||
#ifdef DROPBEAR_PUBKEY_AUTH
|
||||
#ifdef ENABLE_CLI_PUBKEY_AUTH
|
||||
static void loadidentityfile(const char* filename);
|
||||
#endif
|
||||
#ifdef ENABLE_CLI_ANYTCPFWD
|
||||
@ -49,7 +49,7 @@ static void printhelp() {
|
||||
"-p <remoteport>\n"
|
||||
"-t Allocate a pty\n"
|
||||
"-T Don't allocate a pty\n"
|
||||
#ifdef DROPBEAR_PUBKEY_AUTH
|
||||
#ifdef ENABLE_CLI_PUBKEY_AUTH
|
||||
"-i <identityfile> (multiple allowed)\n"
|
||||
#endif
|
||||
#ifdef ENABLE_CLI_LOCALTCPFWD
|
||||
@ -67,7 +67,7 @@ void cli_getopts(int argc, char ** argv) {
|
||||
unsigned int i, j;
|
||||
char ** next = 0;
|
||||
unsigned int cmdlen;
|
||||
#ifdef DROPBEAR_PUBKEY_AUTH
|
||||
#ifdef ENABLE_CLI_PUBKEY_AUTH
|
||||
int nextiskey = 0; /* A flag if the next argument is a keyfile */
|
||||
#endif
|
||||
#ifdef ENABLE_CLI_LOCALTCPFWD
|
||||
@ -85,7 +85,7 @@ void cli_getopts(int argc, char ** argv) {
|
||||
cli_opts.username = NULL;
|
||||
cli_opts.cmd = NULL;
|
||||
cli_opts.wantpty = 9; /* 9 means "it hasn't been touched", gets set later */
|
||||
#ifdef DROPBEAR_PUBKEY_AUTH
|
||||
#ifdef ENABLE_CLI_PUBKEY_AUTH
|
||||
cli_opts.pubkeys = NULL;
|
||||
#endif
|
||||
#ifdef ENABLE_CLI_LOCALTCPFWD
|
||||
@ -103,7 +103,7 @@ void cli_getopts(int argc, char ** argv) {
|
||||
|
||||
/* Iterate all the arguments */
|
||||
for (i = 1; i < (unsigned int)argc; i++) {
|
||||
#ifdef DROPBEAR_PUBKEY_AUTH
|
||||
#ifdef ENABLE_CLI_PUBKEY_AUTH
|
||||
if (nextiskey) {
|
||||
/* Load a hostkey since the previous argument was "-i" */
|
||||
loadidentityfile(argv[i]);
|
||||
@ -150,7 +150,7 @@ void cli_getopts(int argc, char ** argv) {
|
||||
case 'p': /* remoteport */
|
||||
next = &cli_opts.remoteport;
|
||||
break;
|
||||
#ifdef DROPBEAR_PUBKEY_AUTH
|
||||
#ifdef ENABLE_CLI_PUBKEY_AUTH
|
||||
case 'i': /* an identityfile */
|
||||
nextiskey = 1;
|
||||
break;
|
||||
@ -255,7 +255,7 @@ void cli_getopts(int argc, char ** argv) {
|
||||
}
|
||||
}
|
||||
|
||||
#ifdef DROPBEAR_PUBKEY_AUTH
|
||||
#ifdef ENABLE_CLI_PUBKEY_AUTH
|
||||
static void loadidentityfile(const char* filename) {
|
||||
|
||||
struct PubkeyList * nextkey;
|
||||
|
@ -37,7 +37,7 @@ static const packettype cli_packettypes[] = {
|
||||
{SSH_MSG_CHANNEL_OPEN_CONFIRMATION, recv_msg_channel_open_confirmation},
|
||||
{SSH_MSG_CHANNEL_OPEN_FAILURE, recv_msg_channel_open_failure},
|
||||
{SSH_MSG_USERAUTH_BANNER, recv_msg_userauth_banner}, /* client */
|
||||
#ifdef DROPBEAR_PUBKEY_AUTH
|
||||
#ifdef ENABLE_CLI_PUBKEY_AUTH
|
||||
{SSH_MSG_USERAUTH_PK_OK, recv_msg_userauth_pk_ok}, /* client */
|
||||
#endif
|
||||
{0, 0} /* End */
|
||||
|
2
dbutil.c
2
dbutil.c
@ -442,7 +442,7 @@ int buf_readfile(buffer* buf, const char* filename) {
|
||||
* authkeys file.
|
||||
* Will return DROPBEAR_SUCCESS if data is read, or DROPBEAR_FAILURE on EOF.*/
|
||||
/* Only used for ~/.ssh/known_hosts and ~/.ssh/authorized_keys */
|
||||
#if defined(DROPBEAR_CLIENT) || defined(DROPBEAR_PUBKEY_AUTH)
|
||||
#if defined(DROPBEAR_CLIENT) || defined(ENABLE_SVR_PUBKEY_AUTH)
|
||||
int buf_getline(buffer * line, FILE * authfile) {
|
||||
|
||||
int c = EOF;
|
||||
|
12
options.h
12
options.h
@ -114,11 +114,11 @@
|
||||
|
||||
/* Authentication types to enable, at least one required.
|
||||
RFC Draft requires pubkey auth, and recommends password */
|
||||
#define DROPBEAR_SVR_PASSWORD_AUTH
|
||||
#define DROPBEAR_SVR_PUBKEY_AUTH
|
||||
#define ENABLE_SVR_PASSWORD_AUTH
|
||||
#define ENABLE_SVR_PUBKEY_AUTH
|
||||
|
||||
#define DROPBEAR_CLI_PASSWORD_AUTH
|
||||
#define DROPBEAR_CLI_PUBKEY_AUTH
|
||||
#define ENABLE_CLI_PASSWORD_AUTH
|
||||
#define ENABLE_CLI_PUBKEY_AUTH
|
||||
|
||||
/* Random device to use - you must specify _one only_.
|
||||
* DEV_RANDOM is recommended on hosts with a good /dev/urandom, otherwise use
|
||||
@ -241,7 +241,7 @@
|
||||
#define DROPBEAR_COMP_ZLIB 1
|
||||
|
||||
/* Required for pubkey auth */
|
||||
#if defined(DROPBEAR_PUBKEY_AUTH) || defined(DROPBEAR_CLIENT)
|
||||
#if defined(ENABLE_SVR_PUBKEY_AUTH) || defined(DROPBEAR_CLIENT)
|
||||
#define DROPBEAR_SIGNKEY_VERIFY
|
||||
#endif
|
||||
|
||||
@ -320,7 +320,7 @@
|
||||
#define USING_LISTENERS
|
||||
#endif
|
||||
|
||||
#if defined(DROPBEAR_CLIENT) || defined(DROPBEAR_PUBKEY_AUTH)
|
||||
#if defined(DROPBEAR_CLIENT) || defined(ENABLE_SVR_PUBKEY_AUTH)
|
||||
#define DROPBEAR_KEY_LINES /* ie we're using authorized_keys or known_hosts */
|
||||
#endif
|
||||
|
||||
|
@ -91,7 +91,7 @@ typedef struct cli_runopts {
|
||||
|
||||
char *cmd;
|
||||
int wantpty;
|
||||
#ifdef DROPBEAR_PUBKEY_AUTH
|
||||
#ifdef ENABLE_CLI_PUBKEY_AUTH
|
||||
struct PubkeyList *pubkeys; /* Keys to use for public-key auth */
|
||||
#endif
|
||||
#ifdef ENABLE_CLI_REMOTETCPFWD
|
||||
|
10
svr-auth.c
10
svr-auth.c
@ -32,8 +32,6 @@
|
||||
#include "ssh.h"
|
||||
#include "packet.h"
|
||||
#include "auth.h"
|
||||
#include "authpasswd.h"
|
||||
#include "authpubkey.h"
|
||||
#include "runopts.h"
|
||||
|
||||
static void authclear();
|
||||
@ -54,10 +52,10 @@ void svr_authinitialise() {
|
||||
static void authclear() {
|
||||
|
||||
memset(&ses.authstate, 0, sizeof(ses.authstate));
|
||||
#ifdef DROPBEAR_PUBKEY_AUTH
|
||||
#ifdef ENABLE_SVR_PUBKEY_AUTH
|
||||
ses.authstate.authtypes |= AUTH_TYPE_PUBKEY;
|
||||
#endif
|
||||
#ifdef DROPBEAR_PASSWORD_AUTH
|
||||
#ifdef ENABLE_SVR_PASSWORD_AUTH
|
||||
if (!svr_opts.noauthpass) {
|
||||
ses.authstate.authtypes |= AUTH_TYPE_PASSWORD;
|
||||
}
|
||||
@ -143,7 +141,7 @@ void recv_msg_userauth_request() {
|
||||
goto out;
|
||||
}
|
||||
|
||||
#ifdef DROPBEAR_PASSWORD_AUTH
|
||||
#ifdef ENABLE_SVR_PASSWORD_AUTH
|
||||
if (!svr_opts.noauthpass &&
|
||||
!(svr_opts.norootpass && ses.authstate.pw->pw_uid == 0) ) {
|
||||
/* user wants to try password auth */
|
||||
@ -156,7 +154,7 @@ void recv_msg_userauth_request() {
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef DROPBEAR_PUBKEY_AUTH
|
||||
#ifdef ENABLE_SVR_PUBKEY_AUTH
|
||||
/* user wants to try pubkey auth */
|
||||
if (methodlen == AUTH_METHOD_PUBKEY_LEN &&
|
||||
strncmp(methodname, AUTH_METHOD_PUBKEY,
|
||||
|
@ -29,9 +29,8 @@
|
||||
#include "buffer.h"
|
||||
#include "dbutil.h"
|
||||
#include "auth.h"
|
||||
#include "authpasswd.h"
|
||||
|
||||
#ifdef DROPBEAR_PASSWORD_AUTH
|
||||
#ifdef ENABLE_SVR_PASSWORD_AUTH
|
||||
|
||||
/* Process a password auth request, sending success or failure messages as
|
||||
* appropriate */
|
||||
@ -105,4 +104,4 @@ void svr_auth_password() {
|
||||
|
||||
}
|
||||
|
||||
#endif /* DROPBEAR_PASSWORD_AUTH */
|
||||
#endif
|
||||
|
@ -30,12 +30,11 @@
|
||||
#include "buffer.h"
|
||||
#include "signkey.h"
|
||||
#include "auth.h"
|
||||
#include "authpubkey.h"
|
||||
#include "ssh.h"
|
||||
#include "packet.h"
|
||||
#include "algo.h"
|
||||
|
||||
#ifdef DROPBEAR_PUBKEY_AUTH
|
||||
#ifdef ENABLE_SVR_PUBKEY_AUTH
|
||||
|
||||
#define MIN_AUTHKEYS_LINE 10 /* "ssh-rsa AB" - short but doesn't matter */
|
||||
#define MAX_AUTHKEYS_LINE 4200 /* max length of a line in authkeys */
|
||||
@ -336,4 +335,4 @@ static int checkfileperm(char * filename) {
|
||||
}
|
||||
|
||||
|
||||
#endif /* DROPBEAR_PUBKEY_AUTH */
|
||||
#endif
|
||||
|
@ -61,7 +61,7 @@ static void printhelp(const char * progname) {
|
||||
"-m Don't display the motd on login\n"
|
||||
#endif
|
||||
"-w Disallow root logins\n"
|
||||
#ifdef DROPBEAR_PASSWORD_AUTH
|
||||
#ifdef ENABLE_SVR_PASSWORD_AUTH
|
||||
"-s Disable password logins\n"
|
||||
"-g Disable password logins for root\n"
|
||||
#endif
|
||||
@ -174,7 +174,7 @@ void svr_getopts(int argc, char ** argv) {
|
||||
case 'w':
|
||||
svr_opts.norootlogin = 1;
|
||||
break;
|
||||
#ifdef DROPBEAR_PASSWORD_AUTH
|
||||
#ifdef ENABLE_SVR_PASSWORD_AUTH
|
||||
case 's':
|
||||
svr_opts.noauthpass = 1;
|
||||
break;
|
||||
|
@ -35,8 +35,7 @@
|
||||
#include "channel.h"
|
||||
#include "chansession.h"
|
||||
#include "atomicio.h"
|
||||
#include "tcp-accept.h"
|
||||
#include "tcp-connect.h"
|
||||
#include "tcpfwd.h"
|
||||
#include "service.h"
|
||||
#include "auth.h"
|
||||
#include "runopts.h"
|
||||
|
Loading…
Reference in New Issue
Block a user