ClearML/dropbear
1
0
Fork 0
mirror of https://github.com/clearml/dropbear synced 2025-04-03 12:30:55 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

cleaning up the pubkey defines

Browse Source 
--HG--
extra : convert_revision : 149ce7a9a9cc5fe670994d6789b40be49895c595
This commit is contained in:
Matt Johnston 2004-08-12 14:56:22 +00:00
parent 96a0f77bb4
commit d7575f95f0
16 changed files with 38 additions and 105 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Makefile.in
View File

@ -43,9 +43,9 @@ CONVERTOBJS=dropbearconvert.o keyimport.o
SCPOBJS=scp.o progressmeter.o atomicio.o scpmisc.o SCPOBJS=scp.o progressmeter.o atomicio.o scpmisc.o
HEADERS=options.h dbutil.h session.h packet.h algo.h ssh.h buffer.h kex.h \ HEADERS=options.h dbutil.h session.h packet.h algo.h ssh.h buffer.h kex.h \
dss.h bignum.h signkey.h rsa.h random.h service.h auth.h authpasswd.h \ dss.h bignum.h signkey.h rsa.h random.h service.h auth.h \
debug.h channel.h chansession.h config.h queue.h sshpty.h \ debug.h channel.h chansession.h config.h queue.h sshpty.h \
termcodes.h gendss.h genrsa.h authpubkey.h runopts.h includes.h \ termcodes.h gendss.h genrsa.h runopts.h includes.h \
loginrec.h atomicio.h x11fwd.h agentfwd.h tcpfwd.h compat.h \ loginrec.h atomicio.h x11fwd.h agentfwd.h tcpfwd.h compat.h \
listener.h fake-rfc2553.h listener.h fake-rfc2553.h

33
authpasswd.h
View File

@ -1,33 +0,0 @@
/*
* Dropbear - a SSH2 server
*
* Copyright (c) 2002,2003 Matt Johnston
* All rights reserved.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE. */
#ifndef _AUTH_PASSWD_
#define _AUTH_PASSWD_
#ifdef DROPBEAR_PASSWORD_AUTH
void passwordauth();
#endif /* DROPBEAR_PASSWORD_AUTH */
#endif /* _AUTH_PASSWD_ */

33
authpubkey.h
View File

@ -1,33 +0,0 @@
/*
* Dropbear - a SSH2 server
*
* Copyright (c) 2002,2003 Matt Johnston
* All rights reserved.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE. */
#ifndef _PUBKEY_AUTH_
#define _PUBKEY_AUTH_
#ifdef DROPBEAR_PUBKEY_AUTH
void pubkeyauth();
#endif /* DROPBEAR_PUBKEY_AUTH */
#endif /* _PUBKEY_AUTH_ */

10
cli-auth.c
View File

@ -92,7 +92,7 @@ void recv_msg_userauth_failure() {
return; return;
} }
#ifdef DROPBEAR_PUBKEY_AUTH #ifdef ENABLE_CLI_PUBKEY_AUTH
/* If it was a pubkey auth request, we should cross that key /* If it was a pubkey auth request, we should cross that key
* off the list. */ * off the list. */
if (cli_ses.lastauthtype == AUTH_TYPE_PUBKEY) { if (cli_ses.lastauthtype == AUTH_TYPE_PUBKEY) {
@ -126,13 +126,13 @@ void recv_msg_userauth_failure() {
for (i = 0; i <= methlen; i++) { for (i = 0; i <= methlen; i++) {
if (methods[i] == '\0') { if (methods[i] == '\0') {
TRACE(("auth method '%s'", tok)); TRACE(("auth method '%s'", tok));
#ifdef DROPBEAR_PUBKEY_AUTH #ifdef ENABLE_CLI_PUBKEY_AUTH
if (strncmp(AUTH_METHOD_PUBKEY, tok, if (strncmp(AUTH_METHOD_PUBKEY, tok,
AUTH_METHOD_PUBKEY_LEN) == 0) { AUTH_METHOD_PUBKEY_LEN) == 0) {
ses.authstate.authtypes |= AUTH_TYPE_PUBKEY; ses.authstate.authtypes |= AUTH_TYPE_PUBKEY;
} }
#endif #endif
#ifdef DROPBEAR_PASSWORD_AUTH #ifdef ENABLE_CLI_PASSWORD_AUTH
if (strncmp(AUTH_METHOD_PASSWORD, tok, if (strncmp(AUTH_METHOD_PASSWORD, tok,
AUTH_METHOD_PASSWORD_LEN) == 0) { AUTH_METHOD_PASSWORD_LEN) == 0) {
ses.authstate.authtypes |= AUTH_TYPE_PASSWORD; ses.authstate.authtypes |= AUTH_TYPE_PASSWORD;
@ -163,14 +163,14 @@ void cli_auth_try() {
CHECKCLEARTOWRITE(); CHECKCLEARTOWRITE();
/* XXX We hardcode that we try a pubkey first */ /* XXX We hardcode that we try a pubkey first */
#ifdef DROPBEAR_PUBKEY_AUTH #ifdef ENABLE_CLI_PUBKEY_AUTH
if (ses.authstate.authtypes & AUTH_TYPE_PUBKEY) { if (ses.authstate.authtypes & AUTH_TYPE_PUBKEY) {
finished = cli_auth_pubkey(); finished = cli_auth_pubkey();
cli_ses.lastauthtype = AUTH_TYPE_PUBKEY; cli_ses.lastauthtype = AUTH_TYPE_PUBKEY;
} }
#endif #endif
#ifdef DROPBEAR_PASSWORD_AUTH #ifdef ENABLE_CLI_PASSWORD_AUTH
if (!finished && ses.authstate.authtypes & AUTH_TYPE_PASSWORD) { if (!finished && ses.authstate.authtypes & AUTH_TYPE_PASSWORD) {
finished = cli_auth_password(); finished = cli_auth_password();
cli_ses.lastauthtype = AUTH_TYPE_PASSWORD; cli_ses.lastauthtype = AUTH_TYPE_PASSWORD;

2
cli-authpasswd.c
View File

@ -5,6 +5,7 @@
#include "ssh.h" #include "ssh.h"
#include "runopts.h" #include "runopts.h"
#ifdef ENABLE_CLI_PASSWORD_AUTH
int cli_auth_password() { int cli_auth_password() {
char* password = NULL; char* password = NULL;
@ -35,3 +36,4 @@ int cli_auth_password() {
return 1; /* Password auth can always be tried */ return 1; /* Password auth can always be tried */
} }
#endif

2
cli-authpubkey.c
View File

@ -6,6 +6,7 @@
#include "runopts.h" #include "runopts.h"
#include "auth.h" #include "auth.h"
#ifdef ENABLE_CLI_PUBKEY_AUTH
static void send_msg_userauth_pubkey(sign_key *key, int type, int realsign); static void send_msg_userauth_pubkey(sign_key *key, int type, int realsign);
/* Called when we receive a SSH_MSG_USERAUTH_FAILURE for a pubkey request. /* Called when we receive a SSH_MSG_USERAUTH_FAILURE for a pubkey request.
@ -158,3 +159,4 @@ int cli_auth_pubkey() {
return 0; return 0;
} }
} }
#endif /* Pubkey auth */

14
cli-runopts.c
View File

@ -34,7 +34,7 @@ cli_runopts cli_opts; /* GLOBAL */
static void printhelp(); static void printhelp();
static void parsehostname(char* userhostarg); static void parsehostname(char* userhostarg);
#ifdef DROPBEAR_PUBKEY_AUTH #ifdef ENABLE_CLI_PUBKEY_AUTH
static void loadidentityfile(const char* filename); static void loadidentityfile(const char* filename);
#endif #endif
#ifdef ENABLE_CLI_ANYTCPFWD #ifdef ENABLE_CLI_ANYTCPFWD
@ -49,7 +49,7 @@ static void printhelp() {
"-p <remoteport>\n" "-p <remoteport>\n"
"-t Allocate a pty\n" "-t Allocate a pty\n"
"-T Don't allocate a pty\n" "-T Don't allocate a pty\n"
#ifdef DROPBEAR_PUBKEY_AUTH #ifdef ENABLE_CLI_PUBKEY_AUTH
"-i <identityfile> (multiple allowed)\n" "-i <identityfile> (multiple allowed)\n"
#endif #endif
#ifdef ENABLE_CLI_LOCALTCPFWD #ifdef ENABLE_CLI_LOCALTCPFWD
@ -67,7 +67,7 @@ void cli_getopts(int argc, char ** argv) {
unsigned int i, j; unsigned int i, j;
char ** next = 0; char ** next = 0;
unsigned int cmdlen; unsigned int cmdlen;
#ifdef DROPBEAR_PUBKEY_AUTH #ifdef ENABLE_CLI_PUBKEY_AUTH
int nextiskey = 0; /* A flag if the next argument is a keyfile */ int nextiskey = 0; /* A flag if the next argument is a keyfile */
#endif #endif
#ifdef ENABLE_CLI_LOCALTCPFWD #ifdef ENABLE_CLI_LOCALTCPFWD
@ -85,7 +85,7 @@ void cli_getopts(int argc, char ** argv) {
cli_opts.username = NULL; cli_opts.username = NULL;
cli_opts.cmd = NULL; cli_opts.cmd = NULL;
cli_opts.wantpty = 9; /* 9 means "it hasn't been touched", gets set later */ cli_opts.wantpty = 9; /* 9 means "it hasn't been touched", gets set later */
#ifdef DROPBEAR_PUBKEY_AUTH #ifdef ENABLE_CLI_PUBKEY_AUTH
cli_opts.pubkeys = NULL; cli_opts.pubkeys = NULL;
#endif #endif
#ifdef ENABLE_CLI_LOCALTCPFWD #ifdef ENABLE_CLI_LOCALTCPFWD
@ -103,7 +103,7 @@ void cli_getopts(int argc, char ** argv) {
/* Iterate all the arguments */ /* Iterate all the arguments */
for (i = 1; i < (unsigned int)argc; i++) { for (i = 1; i < (unsigned int)argc; i++) {
#ifdef DROPBEAR_PUBKEY_AUTH #ifdef ENABLE_CLI_PUBKEY_AUTH
if (nextiskey) { if (nextiskey) {
/* Load a hostkey since the previous argument was "-i" */ /* Load a hostkey since the previous argument was "-i" */
loadidentityfile(argv[i]); loadidentityfile(argv[i]);
@ -150,7 +150,7 @@ void cli_getopts(int argc, char ** argv) {
case 'p': /* remoteport */ case 'p': /* remoteport */
next = &cli_opts.remoteport; next = &cli_opts.remoteport;
break; break;
#ifdef DROPBEAR_PUBKEY_AUTH #ifdef ENABLE_CLI_PUBKEY_AUTH
case 'i': /* an identityfile */ case 'i': /* an identityfile */
nextiskey = 1; nextiskey = 1;
break; break;
@ -255,7 +255,7 @@ void cli_getopts(int argc, char ** argv) {
} }
} }
#ifdef DROPBEAR_PUBKEY_AUTH #ifdef ENABLE_CLI_PUBKEY_AUTH
static void loadidentityfile(const char* filename) { static void loadidentityfile(const char* filename) {
struct PubkeyList * nextkey; struct PubkeyList * nextkey;

2
cli-session.c
View File

@ -37,7 +37,7 @@ static const packettype cli_packettypes[] = {
{SSH_MSG_CHANNEL_OPEN_CONFIRMATION, recv_msg_channel_open_confirmation}, {SSH_MSG_CHANNEL_OPEN_CONFIRMATION, recv_msg_channel_open_confirmation},
{SSH_MSG_CHANNEL_OPEN_FAILURE, recv_msg_channel_open_failure}, {SSH_MSG_CHANNEL_OPEN_FAILURE, recv_msg_channel_open_failure},
{SSH_MSG_USERAUTH_BANNER, recv_msg_userauth_banner}, /* client */ {SSH_MSG_USERAUTH_BANNER, recv_msg_userauth_banner}, /* client */
#ifdef DROPBEAR_PUBKEY_AUTH #ifdef ENABLE_CLI_PUBKEY_AUTH
{SSH_MSG_USERAUTH_PK_OK, recv_msg_userauth_pk_ok}, /* client */ {SSH_MSG_USERAUTH_PK_OK, recv_msg_userauth_pk_ok}, /* client */
#endif #endif
{0, 0} /* End */ {0, 0} /* End */

2
dbutil.c
View File

@ -442,7 +442,7 @@ int buf_readfile(buffer* buf, const char* filename) {
* authkeys file. * authkeys file.
* Will return DROPBEAR_SUCCESS if data is read, or DROPBEAR_FAILURE on EOF.*/ * Will return DROPBEAR_SUCCESS if data is read, or DROPBEAR_FAILURE on EOF.*/
/* Only used for ~/.ssh/known_hosts and ~/.ssh/authorized_keys */ /* Only used for ~/.ssh/known_hosts and ~/.ssh/authorized_keys */
#if defined(DROPBEAR_CLIENT) || defined(DROPBEAR_PUBKEY_AUTH) #if defined(DROPBEAR_CLIENT) || defined(ENABLE_SVR_PUBKEY_AUTH)
int buf_getline(buffer * line, FILE * authfile) { int buf_getline(buffer * line, FILE * authfile) {
int c = EOF; int c = EOF;

12
options.h
View File

@ -114,11 +114,11 @@
/* Authentication types to enable, at least one required. /* Authentication types to enable, at least one required.
RFC Draft requires pubkey auth, and recommends password */ RFC Draft requires pubkey auth, and recommends password */
#define DROPBEAR_SVR_PASSWORD_AUTH #define ENABLE_SVR_PASSWORD_AUTH
#define DROPBEAR_SVR_PUBKEY_AUTH #define ENABLE_SVR_PUBKEY_AUTH
#define DROPBEAR_CLI_PASSWORD_AUTH #define ENABLE_CLI_PASSWORD_AUTH
#define DROPBEAR_CLI_PUBKEY_AUTH #define ENABLE_CLI_PUBKEY_AUTH
/* Random device to use - you must specify _one only_. /* Random device to use - you must specify _one only_.
* DEV_RANDOM is recommended on hosts with a good /dev/urandom, otherwise use * DEV_RANDOM is recommended on hosts with a good /dev/urandom, otherwise use
@ -241,7 +241,7 @@
#define DROPBEAR_COMP_ZLIB 1 #define DROPBEAR_COMP_ZLIB 1
/* Required for pubkey auth */ /* Required for pubkey auth */
#if defined(DROPBEAR_PUBKEY_AUTH) || defined(DROPBEAR_CLIENT) #if defined(ENABLE_SVR_PUBKEY_AUTH) || defined(DROPBEAR_CLIENT)
#define DROPBEAR_SIGNKEY_VERIFY #define DROPBEAR_SIGNKEY_VERIFY
#endif #endif
@ -320,7 +320,7 @@
#define USING_LISTENERS #define USING_LISTENERS
#endif #endif
#if defined(DROPBEAR_CLIENT) || defined(DROPBEAR_PUBKEY_AUTH) #if defined(DROPBEAR_CLIENT) || defined(ENABLE_SVR_PUBKEY_AUTH)
#define DROPBEAR_KEY_LINES /* ie we're using authorized_keys or known_hosts */ #define DROPBEAR_KEY_LINES /* ie we're using authorized_keys or known_hosts */
#endif #endif

2
runopts.h
View File

@ -91,7 +91,7 @@ typedef struct cli_runopts {
char *cmd; char *cmd;
int wantpty; int wantpty;
#ifdef DROPBEAR_PUBKEY_AUTH #ifdef ENABLE_CLI_PUBKEY_AUTH
struct PubkeyList *pubkeys; /* Keys to use for public-key auth */ struct PubkeyList *pubkeys; /* Keys to use for public-key auth */
#endif #endif
#ifdef ENABLE_CLI_REMOTETCPFWD #ifdef ENABLE_CLI_REMOTETCPFWD

10
svr-auth.c
View File

@ -32,8 +32,6 @@
#include "ssh.h" #include "ssh.h"
#include "packet.h" #include "packet.h"
#include "auth.h" #include "auth.h"
#include "authpasswd.h"
#include "authpubkey.h"
#include "runopts.h" #include "runopts.h"
static void authclear(); static void authclear();
@ -54,10 +52,10 @@ void svr_authinitialise() {
static void authclear() { static void authclear() {
memset(&ses.authstate, 0, sizeof(ses.authstate)); memset(&ses.authstate, 0, sizeof(ses.authstate));
#ifdef DROPBEAR_PUBKEY_AUTH #ifdef ENABLE_SVR_PUBKEY_AUTH
ses.authstate.authtypes |= AUTH_TYPE_PUBKEY; ses.authstate.authtypes |= AUTH_TYPE_PUBKEY;
#endif #endif
#ifdef DROPBEAR_PASSWORD_AUTH #ifdef ENABLE_SVR_PASSWORD_AUTH
if (!svr_opts.noauthpass) { if (!svr_opts.noauthpass) {
ses.authstate.authtypes |= AUTH_TYPE_PASSWORD; ses.authstate.authtypes |= AUTH_TYPE_PASSWORD;
} }
@ -143,7 +141,7 @@ void recv_msg_userauth_request() {
goto out; goto out;
} }
#ifdef DROPBEAR_PASSWORD_AUTH #ifdef ENABLE_SVR_PASSWORD_AUTH
if (!svr_opts.noauthpass && if (!svr_opts.noauthpass &&
!(svr_opts.norootpass && ses.authstate.pw->pw_uid == 0) ) { !(svr_opts.norootpass && ses.authstate.pw->pw_uid == 0) ) {
/* user wants to try password auth */ /* user wants to try password auth */
@ -156,7 +154,7 @@ void recv_msg_userauth_request() {
} }
#endif #endif
#ifdef DROPBEAR_PUBKEY_AUTH #ifdef ENABLE_SVR_PUBKEY_AUTH
/* user wants to try pubkey auth */ /* user wants to try pubkey auth */
if (methodlen == AUTH_METHOD_PUBKEY_LEN && if (methodlen == AUTH_METHOD_PUBKEY_LEN &&
strncmp(methodname, AUTH_METHOD_PUBKEY, strncmp(methodname, AUTH_METHOD_PUBKEY,

5
svr-authpasswd.c
View File

@ -29,9 +29,8 @@
#include "buffer.h" #include "buffer.h"
#include "dbutil.h" #include "dbutil.h"
#include "auth.h" #include "auth.h"
#include "authpasswd.h"
#ifdef DROPBEAR_PASSWORD_AUTH #ifdef ENABLE_SVR_PASSWORD_AUTH
/* Process a password auth request, sending success or failure messages as /* Process a password auth request, sending success or failure messages as
* appropriate */ * appropriate */
@ -105,4 +104,4 @@ void svr_auth_password() {
} }
#endif /* DROPBEAR_PASSWORD_AUTH */ #endif

5
svr-authpubkey.c
View File

@ -30,12 +30,11 @@
#include "buffer.h" #include "buffer.h"
#include "signkey.h" #include "signkey.h"
#include "auth.h" #include "auth.h"
#include "authpubkey.h"
#include "ssh.h" #include "ssh.h"
#include "packet.h" #include "packet.h"
#include "algo.h" #include "algo.h"
#ifdef DROPBEAR_PUBKEY_AUTH #ifdef ENABLE_SVR_PUBKEY_AUTH
#define MIN_AUTHKEYS_LINE 10 /* "ssh-rsa AB" - short but doesn't matter */ #define MIN_AUTHKEYS_LINE 10 /* "ssh-rsa AB" - short but doesn't matter */
#define MAX_AUTHKEYS_LINE 4200 /* max length of a line in authkeys */ #define MAX_AUTHKEYS_LINE 4200 /* max length of a line in authkeys */
@ -336,4 +335,4 @@ static int checkfileperm(char * filename) {
} }
#endif /* DROPBEAR_PUBKEY_AUTH */ #endif

4
svr-runopts.c
View File

@ -61,7 +61,7 @@ static void printhelp(const char * progname) {
"-m Don't display the motd on login\n" "-m Don't display the motd on login\n"
#endif #endif
"-w Disallow root logins\n" "-w Disallow root logins\n"
#ifdef DROPBEAR_PASSWORD_AUTH #ifdef ENABLE_SVR_PASSWORD_AUTH
"-s Disable password logins\n" "-s Disable password logins\n"
"-g Disable password logins for root\n" "-g Disable password logins for root\n"
#endif #endif
@ -174,7 +174,7 @@ void svr_getopts(int argc, char ** argv) {
case 'w': case 'w':
svr_opts.norootlogin = 1; svr_opts.norootlogin = 1;
break; break;
#ifdef DROPBEAR_PASSWORD_AUTH #ifdef ENABLE_SVR_PASSWORD_AUTH
case 's': case 's':
svr_opts.noauthpass = 1; svr_opts.noauthpass = 1;
break; break;

3
svr-session.c
View File

@ -35,8 +35,7 @@
#include "channel.h" #include "channel.h"
#include "chansession.h" #include "chansession.h"
#include "atomicio.h" #include "atomicio.h"
#include "tcp-accept.h" #include "tcpfwd.h"
#include "tcp-connect.h"
#include "service.h" #include "service.h"
#include "auth.h" #include "auth.h"
#include "runopts.h" #include "runopts.h"