mirror of
https://github.com/clearml/dropbear
synced 2025-04-02 12:06:15 +00:00
set the isserver flag (oops)
fix password auth for the server --HG-- extra : convert_revision : 234eb604aabaef9ed0dd496ff8db8ecc212ca18c
This commit is contained in:
parent
2d82f73484
commit
e1491b8ec6
25
cli-auth.c
25
cli-auth.c
@ -13,27 +13,6 @@ void cli_authinitialise() {
|
||||
}
|
||||
|
||||
|
||||
void cli_get_user() {
|
||||
|
||||
uid_t uid;
|
||||
struct passwd *pw;
|
||||
|
||||
TRACE(("enter cli_get_user"));
|
||||
if (cli_opts.username != NULL) {
|
||||
ses.authstate.username = cli_opts.username;
|
||||
} else {
|
||||
uid = getuid();
|
||||
|
||||
pw = getpwuid(uid);
|
||||
if (pw == NULL || pw->pw_name == NULL) {
|
||||
dropbear_exit("Couldn't find username for current user");
|
||||
}
|
||||
|
||||
ses.authstate.username = m_strdup(pw->pw_name);
|
||||
}
|
||||
TRACE(("leave cli_get_user: %s", ses.authstate.username));
|
||||
}
|
||||
|
||||
/* Send a "none" auth request to get available methods */
|
||||
void cli_auth_getmethods() {
|
||||
|
||||
@ -42,8 +21,8 @@ void cli_auth_getmethods() {
|
||||
CHECKCLEARTOWRITE();
|
||||
|
||||
buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_REQUEST);
|
||||
buf_putstring(ses.writepayload, ses.authstate.username,
|
||||
strlen(ses.authstate.username));
|
||||
buf_putstring(ses.writepayload, cli_opts.username,
|
||||
strlen(cli_opts.username));
|
||||
buf_putstring(ses.writepayload, SSH_SERVICE_CONNECTION,
|
||||
SSH_SERVICE_CONNECTION_LEN);
|
||||
buf_putstring(ses.writepayload, "none", 4); /* 'none' method */
|
||||
|
@ -3,6 +3,7 @@
|
||||
#include "dbutil.h"
|
||||
#include "session.h"
|
||||
#include "ssh.h"
|
||||
#include "runopts.h"
|
||||
|
||||
int cli_auth_password() {
|
||||
|
||||
@ -14,8 +15,8 @@ int cli_auth_password() {
|
||||
|
||||
buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_REQUEST);
|
||||
|
||||
buf_putstring(ses.writepayload, ses.authstate.username,
|
||||
strlen(ses.authstate.username));
|
||||
buf_putstring(ses.writepayload, cli_opts.username,
|
||||
strlen(cli_opts.username));
|
||||
|
||||
buf_putstring(ses.writepayload, SSH_SERVICE_CONNECTION,
|
||||
SSH_SERVICE_CONNECTION_LEN);
|
||||
|
@ -83,6 +83,8 @@ static void cli_session_init() {
|
||||
|
||||
/* packet handlers */
|
||||
ses.packettypes = cli_packettypes;
|
||||
|
||||
ses.isserver = 0;
|
||||
}
|
||||
|
||||
/* This function drives the progress of the session - it initiates KEX,
|
||||
@ -136,7 +138,6 @@ static void cli_sessionloop() {
|
||||
|
||||
/* userauth code */
|
||||
case SERVICE_AUTH_ACCEPT_RCVD:
|
||||
cli_get_user();
|
||||
cli_auth_getmethods();
|
||||
cli_ses.state = USERAUTH_METHODS_SENT;
|
||||
TRACE(("leave cli_sessionloop: sent userauth methods req"));
|
||||
|
11
common-kex.c
11
common-kex.c
@ -55,7 +55,7 @@ const unsigned char dh_p_val[] = {
|
||||
const int DH_G_VAL = 2;
|
||||
|
||||
static void kexinitialise();
|
||||
static void gen_new_keys();
|
||||
void gen_new_keys();
|
||||
#ifndef DISABLE_ZLIB
|
||||
static void gen_new_zstreams();
|
||||
#endif
|
||||
@ -253,7 +253,7 @@ static void hashkeys(unsigned char *out, int outlen,
|
||||
* taken into use after both sides have sent a newkeys message */
|
||||
|
||||
/* Originally from kex.c, generalized for cli/svr mode --mihnea */
|
||||
static void gen_new_keys() {
|
||||
void gen_new_keys() {
|
||||
|
||||
unsigned char C2S_IV[MAX_IV_LEN];
|
||||
unsigned char C2S_key[MAX_KEY_LEN];
|
||||
@ -276,9 +276,6 @@ static void gen_new_keys() {
|
||||
sha1_process(&hs, ses.hash, SHA1_HASH_SIZE);
|
||||
m_burn(ses.hash, SHA1_HASH_SIZE);
|
||||
|
||||
hashkeys(C2S_IV, SHA1_HASH_SIZE, &hs, 'A');
|
||||
hashkeys(S2C_IV, SHA1_HASH_SIZE, &hs, 'B');
|
||||
|
||||
if (IS_DROPBEAR_CLIENT) {
|
||||
trans_IV = C2S_IV;
|
||||
recv_IV = S2C_IV;
|
||||
@ -299,6 +296,8 @@ static void gen_new_keys() {
|
||||
macrecvletter = 'E';
|
||||
}
|
||||
|
||||
hashkeys(C2S_IV, SHA1_HASH_SIZE, &hs, 'A');
|
||||
hashkeys(S2C_IV, SHA1_HASH_SIZE, &hs, 'B');
|
||||
hashkeys(C2S_key, C2S_keysize, &hs, 'C');
|
||||
hashkeys(S2C_key, S2C_keysize, &hs, 'D');
|
||||
|
||||
@ -580,6 +579,8 @@ void kexdh_comb_key(mp_int *dh_pub_us, mp_int *dh_priv, mp_int *dh_pub_them,
|
||||
sha1_process(&hs, buf_getptr(ses.kexhashbuf, ses.kexhashbuf->len),
|
||||
ses.kexhashbuf->len);
|
||||
sha1_done(&hs, ses.hash);
|
||||
|
||||
buf_burn(ses.kexhashbuf);
|
||||
buf_free(ses.kexhashbuf);
|
||||
ses.kexhashbuf = NULL;
|
||||
|
||||
|
@ -58,7 +58,7 @@ static void authclear() {
|
||||
ses.authstate.authtypes |= AUTH_TYPE_PUBKEY;
|
||||
#endif
|
||||
#ifdef DROPBEAR_PASSWORD_AUTH
|
||||
if (svr_opts.noauthpass) {
|
||||
if (!svr_opts.noauthpass) {
|
||||
ses.authstate.authtypes |= AUTH_TYPE_PASSWORD;
|
||||
}
|
||||
#endif
|
||||
@ -100,6 +100,7 @@ void recv_msg_userauth_request() {
|
||||
|
||||
/* ignore packets if auth is already done */
|
||||
if (ses.authstate.authdone == 1) {
|
||||
TRACE(("leave recv_msg_userauth_request: authdone already"));
|
||||
return;
|
||||
}
|
||||
|
||||
@ -129,6 +130,7 @@ void recv_msg_userauth_request() {
|
||||
if (methodlen == AUTH_METHOD_NONE_LEN &&
|
||||
strncmp(methodname, AUTH_METHOD_NONE,
|
||||
AUTH_METHOD_NONE_LEN) == 0) {
|
||||
TRACE(("recv_msg_userauth_request: 'none' request"));
|
||||
send_msg_userauth_failure(0, 0);
|
||||
goto out;
|
||||
}
|
||||
@ -305,6 +307,9 @@ void send_msg_userauth_failure(int partial, int incrfail) {
|
||||
buf_putbyte(ses.writepayload, partial ? 1 : 0);
|
||||
encrypt_packet();
|
||||
|
||||
TRACE(("auth fail: methods %d, '%s'", ses.authstate.authtypes,
|
||||
buf_getptr(typebuf, typebuf->len)));
|
||||
|
||||
if (incrfail) {
|
||||
usleep(300000); /* XXX improve this */
|
||||
ses.authstate.failcount++;
|
||||
|
@ -96,6 +96,8 @@ void svr_session(int sock, int childpipe, char* remotehost) {
|
||||
ses.packettypes = svr_packettypes;
|
||||
ses.buf_match_algo = svr_buf_match_algo;
|
||||
|
||||
ses.isserver = 1;
|
||||
|
||||
/* We're ready to go now */
|
||||
sessinitdone = 1;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user