From e815e974407b734f62058a4a834e6af21a937883 Mon Sep 17 00:00:00 2001 From: iquaba Date: Wed, 6 Aug 2014 08:48:43 -0500 Subject: [PATCH 1/5] Try without identifying current user Small change that warns the user if the current user cannot be identified rather than aborting. This came in handy when I put dropbear on a dlink that did not have a true user environment. Falling back on the "-l" option and user@ options works just fine as a client. The only implication I found is that the -J option will fail ungracefully without a known own_user. --- cli-runopts.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cli-runopts.c b/cli-runopts.c index 5f36f7c..8c9bc8e 100644 --- a/cli-runopts.c +++ b/cli-runopts.c @@ -684,7 +684,7 @@ static void fill_own_user() { pw = getpwuid(uid); if (pw == NULL || pw->pw_name == NULL) { - dropbear_exit("Unknown own user"); + dropbear_log(LOG_INFO, "Warning: failed to identify current user. Trying anyway."); } cli_opts.own_user = m_strdup(pw->pw_name); From 628a3f5ccad5e92116934ad31d224b018dcad15f Mon Sep 17 00:00:00 2001 From: Matt Johnston Date: Wed, 6 Aug 2014 21:55:43 +0800 Subject: [PATCH 2/5] Test for EAGAIN too --- packet.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/packet.c b/packet.c index 42d4229..add3203 100644 --- a/packet.c +++ b/packet.c @@ -93,9 +93,12 @@ void write_packet() { iov[i].iov_base = buf_getptr(writebuf, len); iov[i].iov_len = len; } + /* This may return EAGAIN. The main loop sometimes + calls write_packet() without bothering to test with select() since + it's likely to be necessary */ written = writev(ses.sock_out, iov, iov_max_count); if (written < 0) { - if (errno == EINTR) { + if (errno == EINTR || errno == EAGAIN) { m_free(iov); TRACE2(("leave write_packet: EINTR")) return; @@ -136,7 +139,7 @@ void write_packet() { written = write(ses.sock_out, buf_getptr(writebuf, len), len); if (written < 0) { - if (errno == EINTR) { + if (errno == EINTR || errno == EAGAIN) { TRACE2(("leave writepacket: EINTR")) return; } else { @@ -255,7 +258,7 @@ static int read_packet_init() { ses.remoteclosed(); } if (slen < 0) { - if (errno == EINTR) { + if (errno == EINTR || errno == EAGAIN) { TRACE2(("leave read_packet_init: EINTR")) return DROPBEAR_FAILURE; } From b969101b332e143109ef374e3b13872b6544656a Mon Sep 17 00:00:00 2001 From: Matt Johnston Date: Wed, 6 Aug 2014 22:10:57 +0800 Subject: [PATCH 3/5] Be a bit safer in case pw_name doesn't exist --- cli-runopts.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/cli-runopts.c b/cli-runopts.c index 8c9bc8e..bad991f 100644 --- a/cli-runopts.c +++ b/cli-runopts.c @@ -683,11 +683,13 @@ static void fill_own_user() { uid = getuid(); pw = getpwuid(uid); - if (pw == NULL || pw->pw_name == NULL) { + if (pw && pw->pw_name != NULL) { + cli_opts.own_user = m_strdup(pw->pw_name); + } else { dropbear_log(LOG_INFO, "Warning: failed to identify current user. Trying anyway."); + cli_opts.own_user = m_strdup("unknown"); } - cli_opts.own_user = m_strdup(pw->pw_name); } #ifdef ENABLE_CLI_ANYTCPFWD From 12a020aa6201430a864aec74e0bac1ed44e807f0 Mon Sep 17 00:00:00 2001 From: Matt Johnston Date: Wed, 6 Aug 2014 22:16:38 +0800 Subject: [PATCH 4/5] Don't warn about ENOTSOCK when setting priority --- dbutil.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/dbutil.c b/dbutil.c index a5616ac..2acc53b 100644 --- a/dbutil.c +++ b/dbutil.c @@ -202,6 +202,9 @@ void set_sock_priority(int sock, enum dropbear_prio prio) { int iptos_val = 0, so_prio_val = 0, rc; + /* Don't log ENOTSOCK errors so that this can harmlessly be called + * on a client '-J' proxy pipe */ + /* set the TOS bit for either ipv4 or ipv6 */ #ifdef IPTOS_LOWDELAY if (prio == DROPBEAR_PRIO_LOWDELAY) { @@ -211,12 +214,12 @@ void set_sock_priority(int sock, enum dropbear_prio prio) { } #if defined(IPPROTO_IPV6) && defined(IPV6_TCLASS) rc = setsockopt(sock, IPPROTO_IPV6, IPV6_TCLASS, (void*)&iptos_val, sizeof(iptos_val)); - if (rc < 0) { + if (rc < 0 && errno != ENOTSOCK) { TRACE(("Couldn't set IPV6_TCLASS (%s)", strerror(errno))); } #endif rc = setsockopt(sock, IPPROTO_IP, IP_TOS, (void*)&iptos_val, sizeof(iptos_val)); - if (rc < 0) { + if (rc < 0 && errno != ENOTSOCK) { TRACE(("Couldn't set IP_TOS (%s)", strerror(errno))); } #endif @@ -229,7 +232,7 @@ void set_sock_priority(int sock, enum dropbear_prio prio) { } /* linux specific, sets QoS class. see tc-prio(8) */ rc = setsockopt(sock, SOL_SOCKET, SO_PRIORITY, (void*) &so_prio_val, sizeof(so_prio_val)); - if (rc < 0) + if (rc < 0 && errno != ENOTSOCK) dropbear_log(LOG_WARNING, "Couldn't set SO_PRIORITY (%s)", strerror(errno)); #endif From ed2e276b3a140924997cd6f995f22566472d972e Mon Sep 17 00:00:00 2001 From: Mike Frysinger Date: Fri, 1 Aug 2014 06:14:19 -0400 Subject: [PATCH 5/5] use xauth in /usr/bin Since the x.org rework, X has been installed into standard paths and not its own random prefixes. I think it's time we update the default paths accordingly. --- options.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/options.h b/options.h index ab6abea..56b6370 100644 --- a/options.h +++ b/options.h @@ -264,7 +264,7 @@ much traffic. */ /* The command to invoke for xauth when using X11 forwarding. * "-q" for quiet */ #ifndef XAUTH_COMMAND -#define XAUTH_COMMAND "/usr/bin/X11/xauth -q" +#define XAUTH_COMMAND "/usr/bin/xauth -q" #endif /* if you want to enable running an sftp server (such as the one included with