ClearML/dropbear
1
0
Fork 0
mirror of https://github.com/clearml/dropbear synced 2025-04-05 05:09:39 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

set the isserver flag (oops)

Browse Source 
fix password auth for the server

--HG--
extra : convert_revision : 234eb604aabaef9ed0dd496ff8db8ecc212ca18c
This commit is contained in:
Matt Johnston 2004-07-29 02:19:03 +00:00
parent 2d82f73484
commit e1491b8ec6
6 changed files with 21 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
cli-auth.c
View File

@ -13,27 +13,6 @@ void cli_authinitialise() {
} }
void cli_get_user() {
uid_t uid;
struct passwd *pw;
TRACE(("enter cli_get_user"));
if (cli_opts.username != NULL) {
ses.authstate.username = cli_opts.username;
} else {
uid = getuid();
pw = getpwuid(uid);
if (pw == NULL || pw->pw_name == NULL) {
dropbear_exit("Couldn't find username for current user");
}
ses.authstate.username = m_strdup(pw->pw_name);
}
TRACE(("leave cli_get_user: %s", ses.authstate.username));
}
/* Send a "none" auth request to get available methods */ /* Send a "none" auth request to get available methods */
void cli_auth_getmethods() { void cli_auth_getmethods() {
@ -42,8 +21,8 @@ void cli_auth_getmethods() {
CHECKCLEARTOWRITE(); CHECKCLEARTOWRITE();
buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_REQUEST); buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_REQUEST);
buf_putstring(ses.writepayload, ses.authstate.username, buf_putstring(ses.writepayload, cli_opts.username,
strlen(ses.authstate.username)); strlen(cli_opts.username));
buf_putstring(ses.writepayload, SSH_SERVICE_CONNECTION, buf_putstring(ses.writepayload, SSH_SERVICE_CONNECTION,
SSH_SERVICE_CONNECTION_LEN); SSH_SERVICE_CONNECTION_LEN);
buf_putstring(ses.writepayload, "none", 4); /* 'none' method */ buf_putstring(ses.writepayload, "none", 4); /* 'none' method */

5
cli-authpasswd.c
View File

@ -3,6 +3,7 @@
#include "dbutil.h" #include "dbutil.h"
#include "session.h" #include "session.h"
#include "ssh.h" #include "ssh.h"
#include "runopts.h"
int cli_auth_password() { int cli_auth_password() {
@ -14,8 +15,8 @@ int cli_auth_password() {
buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_REQUEST); buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_REQUEST);
buf_putstring(ses.writepayload, ses.authstate.username, buf_putstring(ses.writepayload, cli_opts.username,
strlen(ses.authstate.username)); strlen(cli_opts.username));
buf_putstring(ses.writepayload, SSH_SERVICE_CONNECTION, buf_putstring(ses.writepayload, SSH_SERVICE_CONNECTION,
SSH_SERVICE_CONNECTION_LEN); SSH_SERVICE_CONNECTION_LEN);

3
cli-session.c
View File

@ -83,6 +83,8 @@ static void cli_session_init() {
/* packet handlers */ /* packet handlers */
ses.packettypes = cli_packettypes; ses.packettypes = cli_packettypes;
ses.isserver = 0;
} }
/* This function drives the progress of the session - it initiates KEX, /* This function drives the progress of the session - it initiates KEX,
@ -136,7 +138,6 @@ static void cli_sessionloop() {
/* userauth code */ /* userauth code */
case SERVICE_AUTH_ACCEPT_RCVD: case SERVICE_AUTH_ACCEPT_RCVD:
cli_get_user();
cli_auth_getmethods(); cli_auth_getmethods();
cli_ses.state = USERAUTH_METHODS_SENT; cli_ses.state = USERAUTH_METHODS_SENT;
TRACE(("leave cli_sessionloop: sent userauth methods req")); TRACE(("leave cli_sessionloop: sent userauth methods req"));

11
common-kex.c
View File

@ -55,7 +55,7 @@ const unsigned char dh_p_val[] = {
const int DH_G_VAL = 2; const int DH_G_VAL = 2;
static void kexinitialise(); static void kexinitialise();
static void gen_new_keys(); void gen_new_keys();
#ifndef DISABLE_ZLIB #ifndef DISABLE_ZLIB
static void gen_new_zstreams(); static void gen_new_zstreams();
#endif #endif
@ -253,7 +253,7 @@ static void hashkeys(unsigned char *out, int outlen,
* taken into use after both sides have sent a newkeys message */ * taken into use after both sides have sent a newkeys message */
/* Originally from kex.c, generalized for cli/svr mode --mihnea */ /* Originally from kex.c, generalized for cli/svr mode --mihnea */
static void gen_new_keys() { void gen_new_keys() {
unsigned char C2S_IV[MAX_IV_LEN]; unsigned char C2S_IV[MAX_IV_LEN];
unsigned char C2S_key[MAX_KEY_LEN]; unsigned char C2S_key[MAX_KEY_LEN];
@ -276,9 +276,6 @@ static void gen_new_keys() {
sha1_process(&hs, ses.hash, SHA1_HASH_SIZE); sha1_process(&hs, ses.hash, SHA1_HASH_SIZE);
m_burn(ses.hash, SHA1_HASH_SIZE); m_burn(ses.hash, SHA1_HASH_SIZE);
hashkeys(C2S_IV, SHA1_HASH_SIZE, &hs, 'A');
hashkeys(S2C_IV, SHA1_HASH_SIZE, &hs, 'B');
if (IS_DROPBEAR_CLIENT) { if (IS_DROPBEAR_CLIENT) {
trans_IV = C2S_IV; trans_IV = C2S_IV;
recv_IV = S2C_IV; recv_IV = S2C_IV;
@ -299,6 +296,8 @@ static void gen_new_keys() {
macrecvletter = 'E'; macrecvletter = 'E';
} }
hashkeys(C2S_IV, SHA1_HASH_SIZE, &hs, 'A');
hashkeys(S2C_IV, SHA1_HASH_SIZE, &hs, 'B');
hashkeys(C2S_key, C2S_keysize, &hs, 'C'); hashkeys(C2S_key, C2S_keysize, &hs, 'C');
hashkeys(S2C_key, S2C_keysize, &hs, 'D'); hashkeys(S2C_key, S2C_keysize, &hs, 'D');
@ -580,6 +579,8 @@ void kexdh_comb_key(mp_int *dh_pub_us, mp_int *dh_priv, mp_int *dh_pub_them,
sha1_process(&hs, buf_getptr(ses.kexhashbuf, ses.kexhashbuf->len), sha1_process(&hs, buf_getptr(ses.kexhashbuf, ses.kexhashbuf->len),
ses.kexhashbuf->len); ses.kexhashbuf->len);
sha1_done(&hs, ses.hash); sha1_done(&hs, ses.hash);
buf_burn(ses.kexhashbuf);
buf_free(ses.kexhashbuf); buf_free(ses.kexhashbuf);
ses.kexhashbuf = NULL; ses.kexhashbuf = NULL;

7
svr-auth.c
View File

@ -58,7 +58,7 @@ static void authclear() {
ses.authstate.authtypes |= AUTH_TYPE_PUBKEY; ses.authstate.authtypes |= AUTH_TYPE_PUBKEY;
#endif #endif
#ifdef DROPBEAR_PASSWORD_AUTH #ifdef DROPBEAR_PASSWORD_AUTH
if (svr_opts.noauthpass) { if (!svr_opts.noauthpass) {
ses.authstate.authtypes |= AUTH_TYPE_PASSWORD; ses.authstate.authtypes |= AUTH_TYPE_PASSWORD;
} }
#endif #endif
@ -100,6 +100,7 @@ void recv_msg_userauth_request() {
/* ignore packets if auth is already done */ /* ignore packets if auth is already done */
if (ses.authstate.authdone == 1) { if (ses.authstate.authdone == 1) {
TRACE(("leave recv_msg_userauth_request: authdone already"));
return; return;
} }
@ -129,6 +130,7 @@ void recv_msg_userauth_request() {
if (methodlen == AUTH_METHOD_NONE_LEN && if (methodlen == AUTH_METHOD_NONE_LEN &&
strncmp(methodname, AUTH_METHOD_NONE, strncmp(methodname, AUTH_METHOD_NONE,
AUTH_METHOD_NONE_LEN) == 0) { AUTH_METHOD_NONE_LEN) == 0) {
TRACE(("recv_msg_userauth_request: 'none' request"));
send_msg_userauth_failure(0, 0); send_msg_userauth_failure(0, 0);
goto out; goto out;
} }
@ -305,6 +307,9 @@ void send_msg_userauth_failure(int partial, int incrfail) {
buf_putbyte(ses.writepayload, partial ? 1 : 0); buf_putbyte(ses.writepayload, partial ? 1 : 0);
encrypt_packet(); encrypt_packet();
TRACE(("auth fail: methods %d, '%s'", ses.authstate.authtypes,
buf_getptr(typebuf, typebuf->len)));
if (incrfail) { if (incrfail) {
usleep(300000); /* XXX improve this */ usleep(300000); /* XXX improve this */
ses.authstate.failcount++; ses.authstate.failcount++;

2
svr-session.c
View File

@ -96,6 +96,8 @@ void svr_session(int sock, int childpipe, char* remotehost) {
ses.packettypes = svr_packettypes; ses.packettypes = svr_packettypes;
ses.buf_match_algo = svr_buf_match_algo; ses.buf_match_algo = svr_buf_match_algo;
ses.isserver = 1;
/* We're ready to go now */ /* We're ready to go now */
sessinitdone = 1; sessinitdone = 1;