ClearML/dropbear
1
0
Fork 0
mirror of https://github.com/clearml/dropbear synced 2025-01-31 02:46:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,725 Commits 5 Branches 63 Tags 14 MiB
19cfb22d30
Commit Graph

63 Commits

Author SHA1 Message Date
Matt Johnston
9124997602 Avoid unused argument warning when reexec is unused 2022-02-03 22:12:11 +08:00
Matt Johnston
3939321750 Make re-exec work with "dropbearmulti dropbear" 
The re-exec needs to know to use the dropbearmulti binary instead.
Add a test for this case.
 2022-02-01 22:19:49 +08:00
Matt Johnston
e93b03cb00 Fix missing NULL terminator for re-exec 
Also fixes fallback, sockets were not kept open
 2022-01-31 11:12:58 +08:00
Matt Johnston
c7b7c9a99d Add re-exec for server 
This allows ASLR to re-randomize the address
space for every connection, preventing some
vulnerabilities from being exploitable by
repeated probing.

Overhead (memory and time) is yet to be confirmed.

At present this is only enabled on Linux. Other BSD platforms
with fexecve() would probably also work though have not been tested.
 2022-01-30 10:14:56 +08:00
Matt Johnston
78c5daee52 Delay seedrandom until connections 2020-06-15 22:24:34 +08:00
Matt Johnston
846b8cdbf7 Remove unused DEBUG_FORKGPROF 2020-05-29 23:32:19 +08:00
Matt Johnston
2a81289ed3 Make DEBUG_NOFORK a #if not #ifdef 2020-05-21 22:58:56 +08:00
Matt Johnston
a60725740b workaround memory sanitizer FD_ZERO false positives 2018-03-06 21:51:51 +08:00
François Perrad
f042eb41ab more linting (#55) 
* dropbear_exit: remove priority parameter

confusion with dropbear_log()

* const parameter
 2018-02-17 11:27:37 +08:00
Matt Johnston
c218af6ea7 merge 2018-02-16 23:17:48 +08:00
Michael Witten
3ee685ad1c options: Complete the transition to numeric toggles (`#if') 
For the sake of review, this commit alters only the code; the affiliated
comments within the source files also need to be updated, but doing so
now would obscure the operational changes that have been made here.

* All on/off options have been switched to the numeric `#if' variant;
  that is the only way to make this `default_options.h.in' thing work
  in a reasonable manner.

* There is now some very minor compile-time checking of the user's
  choice of options.

* NO_FAST_EXPTMOD doesn't seem to be used, so it has been removed.

* ENABLE_USER_ALGO_LIST was supposed to be renamed DROPBEAR_USER_ALGO_LIST,
  and this commit completes that work.

* DROPBEAR_FUZZ seems to be a relatively new, as-yet undocumented option,
  which was added by the following commit:

    commit 6e0b539e9c
    Author: Matt Johnston <matt@ucc.asn.au>
    Date:   Tue May 23 22:29:21 2017 +0800

        split out checkpubkey_line() separately

  It has now been added to `sysoptions.h' and defined as `0' by default.

* The configuration option `DROPBEAR_PASSWORD_ENV' is no longer listed in
  `default_options.h.in'; it is no longer meant to be set by the user, and
  is instead left to be defined in `sysoptions.h' (where it was already being
  defined) as merely the name of the environment variable in question:

    DROPBEAR_PASSWORD

  To enable or disable use of that environment variable, the user must now
  toggle `DROPBEAR_USE_DROPBEAR_PASSWORD'.

* The sFTP support is now toggled by setting `DROPBEAR_SFTPSERVER', and the
  path of the sFTP server program is set independently through the usual
  SFTPSERVER_PATH.
 2018-02-16 23:13:47 +08:00
Matt Johnston
17be46e229 disallow inetd -v 2018-02-15 23:30:54 +08:00
Matt Johnston
a1aa161527 make signal flags volatile, simplify handling 2018-02-14 23:06:01 +08:00
Matt Johnston
32a28d0d9c Convert #ifdef to #if, other build changes 2016-05-04 15:33:40 +02:00
Francois Perrad
3e20c442de fix empty C prototypes 2016-03-16 22:41:20 +08:00
Francois Perrad
af87369cb3 add static in function definition 
like in function declaration
 2016-03-16 22:41:19 +08:00
Francois Perrad
a5e5bab74b Suspicious use of ; 2016-03-16 22:41:19 +08:00
Francois Perrad
8f96b8908e rename loop variable 
2 nested loops with the same variable 'i',
line 219 and line 309
 2016-03-16 22:41:19 +08:00
Francois Perrad
9bda22e702 more hard tab 2016-01-01 15:02:09 +01:00
Konstantin Tokarev
c59827334c Allow setting syslog identifier via startsyslog(). 2015-12-15 16:43:29 +03:00
Konstantin Tokarev
2d6bbf341d Moved usingsyslog from svr_runopts to runopts. 2015-12-15 16:43:29 +03:00
Matt Johnston
2a431cab03 separate client/server fastopen options 2015-05-29 23:19:11 +08:00
Matt Johnston
28f61c8b3a tcp fastopen for the server 
--HG--
branch : fastopen
 2015-02-15 22:34:05 +08:00
Matt Johnston
d5c8ba1690 Initialise sa_mask 2015-01-28 22:33:34 +08:00
Matt Johnston
6d2d3669f3 Make keepalive handling more robust, this should now match what OpenSSH does 2014-08-19 23:08:56 +08:00
Matt Johnston
1dc5312f00 - Save errno in signal handlers 
- Use _exit() in segv handler
 2014-02-15 21:13:57 +08:00
Matt Johnston
998d6cdfc4 - Sockets are set to lowdelay priority initially to improve conneciton setup 
time
- Set non-pty connections to bulk for client and server
 2013-12-03 00:04:48 +08:00
Matt Johnston
cbe63bbabe rename random.h to dbrandom.h since some OSes have a system random.h 
--HG--
rename : random.c => dbrandom.c
rename : random.h => dbrandom.h
 2013-11-14 22:05:47 +08:00
Matt Johnston
95a21c8fd7 ecdsa is working 
--HG--
branch : ecc
 2013-05-03 23:07:48 +08:00
Matt Johnston
c4861340e9 Fix a few compile warnings 2013-03-23 23:17:01 +08:00
Matt Johnston
d5ccc32b4d Improve RNG seeding. 
Try to read from /dev/urandom multiple times, take input from extra sources,
and use /dev/random when generating private keys
 2012-06-29 23:19:43 +08:00
Matt Johnston
a15fc009da - Initialise sa_mask properly 2011-12-04 05:41:46 +08:00
Matt Johnston
a3188b44f0 - Make sure sa_mask is set 2012-02-21 22:57:19 +08:00
Matt Johnston
38ed870ffe Improve capitalisation for all logged strings 
--HG--
extra : convert_revision : 997e53cec7a9efb7413ac6e17b6be60a5597bd2e
 2011-02-23 15:50:30 +00:00
Matt Johnston
f88bed7a30 Rearrange getaddrstring() etc 
--HG--
extra : convert_revision : 8a18c4a60aeaec085923d13d98fa0f93c506ceba
 2009-09-01 16:38:26 +00:00
Matt Johnston
6e78eca7c8 use memset() rather than bzero() 
--HG--
extra : convert_revision : d44b31a46d0fdfcc92bf4f16e7c49fd49eb40aa1
 2009-06-08 14:40:29 +00:00
Matt Johnston
31fa5e605b - Rework pubkey options to be more careful about buffer lengths. Needs review. 
--HG--
branch : pubkey-options
extra : convert_revision : 537a6ebebb46424b967ffe787f0f8560e5f447e8
 2008-09-12 17:23:56 +00:00
Matt Johnston
75ec4d6510 - Add -K keepalive flag for dropbear and dbclient 
- Try to reduce the frequency of select() timeouts
- Add a max receive window size of 1MB

--HG--
extra : convert_revision : 9aa22036cb511cddb35fbc0e09ad05acb39b64d1
 2007-08-08 15:12:06 +00:00
Matt Johnston
762e9973ff Patch from Nicolai Ehemann to try binding before going to the background, 
so that if it exits early (because something's already listening etc)
then it will return an exitcode of 1.

--HG--
extra : convert_revision : 4e68851f89a773bc502b30dec2b8f6edaa36d473
 2007-07-19 15:54:18 +00:00
Matt Johnston
456b500902 "backgrounding" is more user-understandable than "forking" 
--HG--
extra : convert_revision : 53a3f244adf908dac18f2fa7e1d94309497da790
 2007-07-19 14:08:24 +00:00
Matt Johnston
b01a74a9d7 merge of 'a9b0496634cdd25647b65e585cc3240f3fa699ee' 
and 'c22be8b8f570b48e9662dac32c7b3e7148a42206'

--HG--
extra : convert_revision : 066f6aef2791d54b9ec6a0c3033fd28fa946251f
 2007-02-22 14:53:49 +00:00
Matt Johnston
66643fa5c7 Add -p [address:]port option for binding to addresses, patch from 
Max-Gerd Retzlaff

--HG--
extra : convert_revision : a9b0496634cdd25647b65e585cc3240f3fa699ee
 2007-02-22 14:52:46 +00:00
Matt Johnston
7f12251fbb Fix for -pedantic -ansi compilation, change // to /**/, plus some signedness 
and trailing-comma-in-array issues

--HG--
extra : convert_revision : c22be8b8f570b48e9662dac32c7b3e7148a42206
 2007-02-16 14:42:08 +00:00
Matt Johnston
47e76de56a Disable core dumps 
--HG--
extra : convert_revision : ba8ebf724630561c6b9285247be7574a33853a17
 2007-02-12 10:43:44 +00:00
Matt Johnston
692d737a82 Load hostkeys before daemon(), since daemon()'s chdir("/") will prevent us 
finding keys in $PWD.

--HG--
extra : convert_revision : 02c413252c90e9de8e03d91e9939dde3029f5c0a
 2007-01-04 02:01:09 +00:00
Matt Johnston
4aafeb0da2 Add -P pidfile patch from Swen Schillig 
--HG--
extra : convert_revision : 2dd1bf9162d8fc4c14b33c5b3c6ca3cbe2ecd587
 2006-06-07 14:10:21 +00:00
Matt Johnston
dde673f8d7 minor cleanups for some warnings 
--HG--
extra : convert_revision : 6ace12c71fc2773210f2f3d374c96622ca54fe48
 2006-03-22 05:12:18 +00:00
Matt Johnston
94b28e420c 0.48 progress 
--HG--
extra : convert_revision : 23abf9a27f91b8191c12b24a8b2557e5e8750c21
 2006-03-09 12:37:38 +00:00
Matt Johnston
882a9ced90 merge of 4c883eb469d2d251ee8abddbc11ae4005db6da17 
and bed6155e95a293c9fce7e889d283b5958f3035dc

--HG--
extra : convert_revision : fff0894a0399405a9410ea1c6d118f342cf2aa64
 2006-03-08 12:53:11 +00:00
Matt Johnston
422f4f2b41 * Per-IP connection unauthed connection limits 
* m_close() exits fatally on failure
* other cleanups

--HG--
extra : convert_revision : bed6155e95a293c9fce7e889d283b5958f3035dc
 2006-03-08 12:41:27 +00:00