Rename EPKA -> Plugin

2025-06-23 02:06:55 +00:00 · 2019-05-15 21:59:45 +08:00 · 2019-05-15 21:59:45 +08:00 · fa116e983b
commit fa116e983b
parent 8c6aaf8d36
11 changed files with 81 additions and 81 deletions
--- a/Makefile.in
+++ b/Makefile.in
@ -80,13 +80,13 @@ else
 	scpobjs=$(SCPOBJS)
 endif

-ifeq (@DROPBEAR_EPKA@, 1)
+ifeq (@DROPBEAR_PLUGIN@, 1)
    # rdynamic makes all the global symbols of dropbear available to all the loaded shared libraries
    # this allow a plugin to reuse existing crypto/utilities like base64_decode/base64_encode without
    # the need to rewrite them.
-    EPKA_LIBS=-ldl -rdynamic
+    PLUGIN_LIBS=-ldl -rdynamic
 else
-    EPKA_LIBS=
+    PLUGIN_LIBS=
 endif

 VPATH=@srcdir@
@ -198,7 +198,7 @@ dropbearkey: $(dropbearkeyobjs)
 dropbearconvert: $(dropbearconvertobjs)

 dropbear: $(HEADERS) $(LIBTOM_DEPS) Makefile
-	$(CC) $(LDFLAGS) -o $@$(EXEEXT) $($@objs) $(LIBTOM_LIBS) $(LIBS) @CRYPTLIB@ $(EPKA_LIBS)
+	$(CC) $(LDFLAGS) -o $@$(EXEEXT) $($@objs) $(LIBTOM_LIBS) $(LIBS) @CRYPTLIB@ $(PLUGIN_LIBS)

 dbclient: $(HEADERS) $(LIBTOM_DEPS) Makefile
 	$(CC) $(LDFLAGS) -o $@$(EXEEXT) $($@objs) $(LIBTOM_LIBS) $(LIBS)
--- a/common-session.c
+++ b/common-session.c
@ -147,8 +147,8 @@ void common_session_init(int sock_in, int sock_out) {

 	ses.allowprivport = 0;

-#if DROPBEAR_EPKA
-        ses.epka_session = NULL;
+#if DROPBEAR_PLUGIN
+        ses.plugin_session = NULL;
 #endif

 	TRACE(("leave session_init"))
--- a/configure.ac
+++ b/configure.ac
@ -323,20 +323,20 @@ AC_ARG_ENABLE(shadow,
 	]
 )

-AC_ARG_ENABLE(epka,
-	[  --enable-epka           Enable support for External Public Key Authentication plug-in],
+AC_ARG_ENABLE(plugin,
+	[  --enable-plugin           Enable support for External Public Key Authentication plug-in],
 	[
-		AC_DEFINE(DROPBEAR_EPKA, 1, External Public Key Authentication)
+		AC_DEFINE(DROPBEAR_PLUGIN, 1, External Public Key Authentication)
 		AC_MSG_NOTICE(Enabling support for External Public Key Authentication)
-		DROPBEAR_EPKA=1
+		DROPBEAR_PLUGIN=1
 	],
 	[
-		AC_DEFINE(DROPBEAR_EPKA, 0, External Public Key Authentication)
-		DROPBEAR_EPKA=0
+		AC_DEFINE(DROPBEAR_PLUGIN, 0, External Public Key Authentication)
+		DROPBEAR_PLUGIN=0
 	]

 )
-AC_SUBST(DROPBEAR_EPKA)
+AC_SUBST(DROPBEAR_PLUGIN)

 AC_ARG_ENABLE(fuzz,
 	[  --enable-fuzz           Build fuzzing. Not recommended for deployment.],
--- a/includes.h
+++ b/includes.h
@ -164,7 +164,7 @@ typedef u_int32_t uint32_t;
 #include <linux/pkt_sched.h>
 #endif

-#if DROPBEAR_EPKA
+#if DROPBEAR_PLUGIN
 #include <dlfcn.h>
 #endif

--- a/pubkeyapi.h
+++ b/pubkeyapi.h
@ -33,21 +33,21 @@
 *
 */

-struct EPKAInstance;
-struct EPKASession;
+struct PluginInstance;
+struct PluginSession;

 /* API VERSION INFORMATION - 
 * Dropbear will:
 * - Reject any plugin with a major version mismatch
 * - Load and print a warning if the plugin's minor version is HIGHER than
 *   dropbear's minor version (assumes properties are added at the end of
- *   EPKAInstance or EPKASession). This is a case of plugin newer than dropbear. 
+ *   PluginInstance or PluginSession). This is a case of plugin newer than dropbear. 
 * - Reject if the plugin minor version is SMALLER than dropbear one (case
 *   of plugin older than dropbear).
 * - Load (with no warnings) if version match.
 */
-#define DROPBEAR_EPKA_VERSION_MAJOR     1
-#define DROPBEAR_EPKA_VERSION_MINOR     0
+#define DROPBEAR_PLUGIN_VERSION_MAJOR     1
+#define DROPBEAR_PLUGIN_VERSION_MINOR     0


 /* Creates an instance of the plugin.
@ -60,7 +60,7 @@ struct EPKASession;
 * If the version MINOR is different, dropbear will allow the plugin to run 
 * only if: plugin_MINOR > dropbear_MINOR
 *
- * If plugin_MINOR < dropbeart_MINOR or if the MAJOR version is different
+ * If plugin_MINOR < dropbear_MINOR or if the MAJOR version is different
 * dropbear will reject the plugin and terminate the execution.
 *
 * addrstring is the IP address of the client.
@ -68,7 +68,7 @@ struct EPKASession;
 * Returns NULL in case of failure, otherwise a void * of the instance that need
 * to be passed to all the subsequent call to the plugin
 */
-typedef struct EPKAInstance *(* PubkeyExtPlugin_newFn)(int verbose, 
+typedef struct PluginInstance *(* PubkeyExtPlugin_newFn)(int verbose, 
        const char *options,
        const char *addrstring);
 #define DROPBEAR_PUBKEY_PLUGIN_FNNAME_NEW               "plugin_new"
@ -83,8 +83,8 @@ typedef struct EPKAInstance *(* PubkeyExtPlugin_newFn)(int verbose,
 * Returns DROPBEAR_SUCCESS (0) if success or DROPBEAR_FAILURE (-1) if
 * authentication fails
 */
-typedef int (* PubkeyExtPlugin_checkPubKeyFn)(struct EPKAInstance *pluginInstance,
-        struct EPKASession **sessionInOut,
+typedef int (* PubkeyExtPlugin_checkPubKeyFn)(struct PluginInstance *PluginInstance,
+        struct PluginSession **sessionInOut,
        const char* algo, 
        unsigned int algolen,
        const unsigned char* keyblob, 
@ -93,18 +93,18 @@ typedef int (* PubkeyExtPlugin_checkPubKeyFn)(struct EPKAInstance *pluginInstanc

 /* Notify the plugin that auth completed (after signature verification)
 */
-typedef void (* PubkeyExtPlugin_authSuccessFn)(struct EPKASession *session);
+typedef void (* PubkeyExtPlugin_authSuccessFn)(struct PluginSession *session);

 /* Deletes a session
 * TODO: Add a reason why the session is terminated. See svr_dropbear_exit (in svr-session.c)
 */
-typedef void (* PubkeyExtPlugin_sessionDeleteFn)(struct EPKASession *session);
+typedef void (* PubkeyExtPlugin_sessionDeleteFn)(struct PluginSession *session);

 /* Deletes the plugin instance */
-typedef void (* PubkeyExtPlugin_deleteFn)(struct EPKAInstance *pluginInstance);
+typedef void (* PubkeyExtPlugin_deleteFn)(struct PluginInstance *PluginInstance);


-/* The EPKAInstance object - A simple container of the pointer to the functions used
+/* The PluginInstance object - A simple container of the pointer to the functions used
 * by Dropbear.
 *
 * A plug-in can extend it to add its own properties
@ -113,7 +113,7 @@ typedef void (* PubkeyExtPlugin_deleteFn)(struct EPKAInstance *pluginInstance);
 * shared library.
 * The delete_plugin function should delete the object.
 */
-struct EPKAInstance {
+struct PluginInstance {
    int                             api_version[2];         /* 0=Major, 1=Minor */

    PubkeyExtPlugin_checkPubKeyFn   checkpubkey;            /* mandatory */
@ -129,7 +129,7 @@ struct EPKAInstance {
 * The returned buffer will be destroyed when the session is deleted.
 * Option buffer string NULL-terminated
 */
-typedef char * (* PubkeyExtPlugin_getOptionsFn)(struct EPKASession *session);
+typedef char * (* PubkeyExtPlugin_getOptionsFn)(struct PluginSession *session);


 /* An SSH Session. Created during pre-auth and reused during the authentication.
@ -142,8 +142,8 @@ typedef char * (* PubkeyExtPlugin_getOptionsFn)(struct EPKASession *session);
 *
 * Store any optional auth options in the auth_options property of the session.
 */
-struct EPKASession {
-    struct EPKAInstance *  plugin_instance;
+struct PluginSession {
+    struct PluginInstance *  plugin_instance;

    PubkeyExtPlugin_getOptionsFn   get_options;
 };
--- a/runopts.h
+++ b/runopts.h
@ -125,7 +125,7 @@ typedef struct svr_runopts {

 	char * forced_command;

-#if DROPBEAR_EPKA 
+#if DROPBEAR_PLUGIN 
        char *pubkey_plugin;
        char *pubkey_plugin_options;
 #endif
--- a/session.h
+++ b/session.h
@ -38,7 +38,7 @@
 #include "chansession.h"
 #include "dbutil.h"
 #include "netio.h"
-#if DROPBEAR_EPKA
+#if DROPBEAR_PLUGIN
 #include "pubkeyapi.h"
 #endif

@ -220,8 +220,8 @@ struct sshsession {
 	/* set once the ses structure (and cli_ses/svr_ses) have been populated to their initial state */
 	int init_done;

-#if DROPBEAR_EPKA
-        struct EPKASession * epka_session;
+#if DROPBEAR_PLUGIN
+        struct PluginSession * plugin_session;
 #endif
 };

@ -248,12 +248,12 @@ struct serversession {
 	pid_t server_pid;
 #endif

-#if DROPBEAR_EPKA
+#if DROPBEAR_PLUGIN
        /* The shared library handle */
-        void *epka_plugin_handle;
+        void *plugin_handle;

        /* The instance created by the plugin_new function */
-        struct EPKAInstance *epka_instance;
+        struct PluginInstance *plugin_instance;
 #endif

 };
--- a/svr-authpubkey.c
+++ b/svr-authpubkey.c
@ -111,12 +111,12 @@ void svr_auth_pubkey(int valid_user) {
 		send_msg_userauth_failure(0, 0);
 		goto out;
 	}
-#if DROPBEAR_EPKA
-        if (svr_ses.epka_instance != NULL) {
+#if DROPBEAR_PLUGIN
+        if (svr_ses.plugin_instance != NULL) {
            char *options_buf;
-            if (svr_ses.epka_instance->checkpubkey(
-                        svr_ses.epka_instance,
-                        &ses.epka_session,
+            if (svr_ses.plugin_instance->checkpubkey(
+                        svr_ses.plugin_instance,
+                        &ses.plugin_session,
                        algo, 
                        algolen, 
                        keyblob, 
@ -126,7 +126,7 @@ void svr_auth_pubkey(int valid_user) {
                auth_failure = 0;

                /* Options provided? */
-                options_buf = ses.epka_session->get_options(ses.epka_session);
+                options_buf = ses.plugin_session->get_options(ses.plugin_session);
                if (options_buf) {
                    struct buf temp_buf = { 
                        .data = (unsigned char *)options_buf,
@ -193,10 +193,10 @@ void svr_auth_pubkey(int valid_user) {
 				"Pubkey auth succeeded for '%s' with key %s from %s",
 				ses.authstate.pw_name, fp, svr_ses.addrstring);
 		send_msg_userauth_success();
-#if DROPBEAR_EPKA
-                if ((ses.epka_session != NULL) && (svr_ses.epka_instance->auth_success != NULL)) {
+#if DROPBEAR_PLUGIN
+                if ((ses.plugin_session != NULL) && (svr_ses.plugin_instance->auth_success != NULL)) {
                    /* Was authenticated through the external plugin. tell plugin that signature verification was ok */
-                    svr_ses.epka_instance->auth_success(ses.epka_session);
+                    svr_ses.plugin_instance->auth_success(ses.plugin_session);
                }
 #endif
                
--- a/svr-runopts.c
+++ b/svr-runopts.c
@ -99,7 +99,7 @@ static void printhelp(const char * progname) {
 					"-W <receive_window_buffer> (default %d, larger may be faster, max 1MB)\n"
 					"-K <keepalive>  (0 is never, default %d, in seconds)\n"
 					"-I <idle_timeout>  (0 is never, default %d, in seconds)\n"
-#if DROPBEAR_EPKA
+#if DROPBEAR_PLUGIN
                                        "-A <authplugin>[,<options>]\n"
                                        "               Enable external public key auth through <authplugin>\n"
 #endif
@ -133,7 +133,7 @@ void svr_getopts(int argc, char ** argv) {
 	char* maxauthtries_arg = NULL;
 	char* keyfile = NULL;
 	char c;
-#if DROPBEAR_EPKA
+#if DROPBEAR_PLUGIN
        char* pubkey_plugin = NULL;
 #endif

@ -163,7 +163,7 @@ void svr_getopts(int argc, char ** argv) {
 #if DROPBEAR_SVR_REMOTETCPFWD
 	svr_opts.noremotetcp = 0;
 #endif
-#if DROPBEAR_EPKA
+#if DROPBEAR_PLUGIN
        svr_opts.pubkey_plugin = NULL;
        svr_opts.pubkey_plugin_options = NULL;
 #endif
@ -285,7 +285,7 @@ void svr_getopts(int argc, char ** argv) {
 				case 'u':
 					/* backwards compatibility with old urandom option */
 					break;
-#if DROPBEAR_EPKA
+#if DROPBEAR_PLUGIN
                                case 'A':
                                        next = &pubkey_plugin;
                                        break;
@ -410,7 +410,7 @@ void svr_getopts(int argc, char ** argv) {
 	if (svr_opts.forced_command) {
 		dropbear_log(LOG_INFO, "Forced command set to '%s'", svr_opts.forced_command);
 	}
-#if DROPBEAR_EPKA
+#if DROPBEAR_PLUGIN
        if (pubkey_plugin) {
            char *args = strchr(pubkey_plugin, ',');
            if (args) {
--- a/svr-session.c
+++ b/svr-session.c
@ -89,15 +89,15 @@ svr_session_cleanup(void) {
 	m_free(svr_ses.childpids);
 	svr_ses.childpidsize = 0;

-#if DROPBEAR_EPKA
-        if (svr_ses.epka_plugin_handle != NULL) {
-            if (svr_ses.epka_instance) {
-                svr_ses.epka_instance->delete_plugin(svr_ses.epka_instance);
-                svr_ses.epka_instance = NULL;
+#if DROPBEAR_PLUGIN
+        if (svr_ses.plugin_handle != NULL) {
+            if (svr_ses.plugin_instance) {
+                svr_ses.plugin_instance->delete_plugin(svr_ses.plugin_instance);
+                svr_ses.plugin_instance = NULL;
            }

-            dlclose(svr_ses.epka_plugin_handle);
-            svr_ses.epka_plugin_handle = NULL;
+            dlclose(svr_ses.plugin_handle);
+            svr_ses.plugin_handle = NULL;
        }
 #endif
 }
@ -122,10 +122,10 @@ void svr_session(int sock, int childpipe) {
 	m_free(host);
 	m_free(port);

-#if DROPBEAR_EPKA
-        /* Initializes the EPKA Plugin */
-        svr_ses.epka_plugin_handle = NULL;
-        svr_ses.epka_instance = NULL;
+#if DROPBEAR_PLUGIN
+        /* Initializes the PLUGIN Plugin */
+        svr_ses.plugin_handle = NULL;
+        svr_ses.plugin_instance = NULL;
        if (svr_opts.pubkey_plugin) {
 #if DEBUG_TRACE
            const int verbose = debug_trace;
@ -135,33 +135,33 @@ void svr_session(int sock, int childpipe) {
            PubkeyExtPlugin_newFn  pluginConstructor;

            /* RTLD_NOW: fails if not all the symbols are resolved now. Better fail now than at run-time */
-            svr_ses.epka_plugin_handle = dlopen(svr_opts.pubkey_plugin, RTLD_NOW);
-            if (svr_ses.epka_plugin_handle == NULL) {
+            svr_ses.plugin_handle = dlopen(svr_opts.pubkey_plugin, RTLD_NOW);
+            if (svr_ses.plugin_handle == NULL) {
                dropbear_exit("failed to load external pubkey plugin '%s': %s", svr_opts.pubkey_plugin, dlerror());
            }
-            pluginConstructor = (PubkeyExtPlugin_newFn)dlsym(svr_ses.epka_plugin_handle, DROPBEAR_PUBKEY_PLUGIN_FNNAME_NEW);
+            pluginConstructor = (PubkeyExtPlugin_newFn)dlsym(svr_ses.plugin_handle, DROPBEAR_PUBKEY_PLUGIN_FNNAME_NEW);
            if (!pluginConstructor) {
                dropbear_exit("plugin constructor method not found in external pubkey plugin");
            }

            /* Create an instance of the plugin */
-            svr_ses.epka_instance = pluginConstructor(verbose, svr_opts.pubkey_plugin_options, svr_ses.addrstring);
-            if (svr_ses.epka_instance == NULL) {
+            svr_ses.plugin_instance = pluginConstructor(verbose, svr_opts.pubkey_plugin_options, svr_ses.addrstring);
+            if (svr_ses.plugin_instance == NULL) {
                dropbear_exit("external plugin initialization failed");
            }
            /* Check if the plugin is compatible */
-            if ( (svr_ses.epka_instance->api_version[0] != DROPBEAR_EPKA_VERSION_MAJOR) ||
-                 (svr_ses.epka_instance->api_version[1] < DROPBEAR_EPKA_VERSION_MINOR) ) {
+            if ( (svr_ses.plugin_instance->api_version[0] != DROPBEAR_PLUGIN_VERSION_MAJOR) ||
+                 (svr_ses.plugin_instance->api_version[1] < DROPBEAR_PLUGIN_VERSION_MINOR) ) {
                dropbear_exit("plugin version check failed: "
                              "Dropbear=%d.%d, plugin=%d.%d",
-                        DROPBEAR_EPKA_VERSION_MAJOR, DROPBEAR_EPKA_VERSION_MINOR,
-                        svr_ses.epka_instance->api_version[0], svr_ses.epka_instance->api_version[1]);
+                        DROPBEAR_PLUGIN_VERSION_MAJOR, DROPBEAR_PLUGIN_VERSION_MINOR,
+                        svr_ses.plugin_instance->api_version[0], svr_ses.plugin_instance->api_version[1]);
            }
-            if (svr_ses.epka_instance->api_version[1] > DROPBEAR_EPKA_VERSION_MINOR) {
+            if (svr_ses.plugin_instance->api_version[1] > DROPBEAR_PLUGIN_VERSION_MINOR) {
                dropbear_log(LOG_WARNING, "plugin API newer than dropbear API: "
                              "Dropbear=%d.%d, plugin=%d.%d",
-                        DROPBEAR_EPKA_VERSION_MAJOR, DROPBEAR_EPKA_VERSION_MINOR,
-                        svr_ses.epka_instance->api_version[0], svr_ses.epka_instance->api_version[1]);
+                        DROPBEAR_PLUGIN_VERSION_MAJOR, DROPBEAR_PLUGIN_VERSION_MINOR,
+                        svr_ses.plugin_instance->api_version[0], svr_ses.plugin_instance->api_version[1]);
            }
            dropbear_log(LOG_INFO, "successfully loaded and initialized pubkey plugin '%s'", svr_opts.pubkey_plugin);
        }
@ -209,11 +209,11 @@ void svr_dropbear_exit(int exitcode, const char* format, va_list param) {
 	char fullmsg[300];
 	int i;

-#if DROPBEAR_EPKA
-        if ((ses.epka_session != NULL)) {
-            svr_ses.epka_instance->delete_session(ses.epka_session);
+#if DROPBEAR_PLUGIN
+        if ((ses.plugin_session != NULL)) {
+            svr_ses.plugin_instance->delete_session(ses.plugin_session);
        }
-        ses.epka_session = NULL;
+        ses.plugin_session = NULL;
 #endif

 	/* Render the formatted exit message */
--- a/sysoptions.h
+++ b/sysoptions.h
@ -243,8 +243,8 @@ If you test it please contact the Dropbear author */
 	#error "At least one server authentication type must be enabled. DROPBEAR_SVR_PUBKEY_AUTH and DROPBEAR_SVR_PASSWORD_AUTH are recommended."
 #endif

-#if (DROPBEAR_EPKA && !DROPBEAR_SVR_PUBKEY_AUTH)
-	#error "You must define DROPBEAR_SVR_PUBKEY_AUTH in order to use External Public Key Authentication (EPKA)"
+#if (DROPBEAR_PLUGIN && !DROPBEAR_SVR_PUBKEY_AUTH)
+	#error "You must define DROPBEAR_SVR_PUBKEY_AUTH in order to use plugins"
 #endif

 #if !(DROPBEAR_AES128 || DROPBEAR_3DES || DROPBEAR_AES256 || DROPBEAR_BLOWFISH \