ClearML/dropbear
1
0
Fork 0
mirror of https://github.com/clearml/dropbear synced 2025-01-31 10:57:01 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,683 Commits 5 Branches 63 Tags 14 MiB
8b0d31ab20
Commit Graph

71 Commits

Author SHA1 Message Date
Matt Johnston
03481aba06 Define _GNU_SOURCE properly, other header fixes 
This lets -std=c89 build for gcc 8.4.0
 2021-03-04 21:03:02 +08:00
Kevin Darbyshire-Bryant
fa4c4646d8
Improve address logging on early exit messages (#83) 
Change 'Early exit' and 'Exit before auth' messages to include the IP
address & port as part of the message.

This allows log scanning utilities such as 'fail2ban' to obtain the
offending IP address as part of the failure event instead of extracting
the PID from the message and then scanning the log again for match
'child connection from' messages

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
 2020-03-18 23:28:56 +08:00
Patrick Stewart
0af22aa8e4 Support servers without multiple user support (#76) 2019-03-20 22:44:49 +08:00
Matt Johnston
02ffdd09dc - Add adaptive authentication failure delay 
- Rework monotonic_now/gettime_wrapper and use clock_gettime on more platforms
 2018-11-05 23:36:34 +08:00
Matt Johnston
ad3eacf3d6 Merge bugfix delay invalid users 2018-08-23 23:43:45 +08:00
Matt Johnston
52adbb34c3 Wait to fail invalid usernames 2018-08-23 23:43:12 +08:00
Matt Johnston
78e17f6ee9 merge from main 
--HG--
branch : fuzz
 2018-02-28 22:11:39 +08:00
Matt Johnston
5ebc48b3f2 clean some fuzzing conditionals 
--HG--
branch : fuzz
 2018-02-28 22:10:43 +08:00
François Perrad
1ae4237920 fix #endif (#59) 2018-02-28 15:10:14 +01:00
François Perrad
7f8702d3d6 fix #endif (#59) 2018-02-28 22:10:14 +08:00
Matt Johnston
c658b275fd - #if not #ifdef for DROPBEAR_FUZZ 
- fix some unused variables

--HG--
branch : fuzz
 2018-02-28 21:40:08 +08:00
Matt Johnston
9bbce01e1b merge from main 
--HG--
branch : fuzz
 2018-02-28 21:28:59 +08:00
Matt Johnston
6eabc0fe87 add guard HAVE_GETGROUPLIST 2018-02-27 21:49:10 +08:00
Matt Johnston
5df73215f8 merge from main 
--HG--
branch : fuzz
 2018-02-26 22:44:48 +08:00
Matt Johnston
7435369615 - Don't try to handle changed usernames 
- Avoid logging repeated failed username messages
 2018-02-26 22:07:18 +08:00
François Perrad
2e836bb553 more linting (#58) 
* const parameter

* fix indentation
 2018-02-26 21:31:15 +08:00
Matt Johnston
36ccfd21e7 Fix restricted group code for BSDs, move to separate function 2018-02-26 21:17:13 +08:00
stellarpower
d17dedfa4f Added the -G option to allow logins only for users that are members of a certain group. This allows finer control of an instance on who can and cannot login over a certain instance (e.g. password and not key). Needs double-checking and ensuring it meets platform requirements. 2018-02-20 02:11:55 +00:00
Matt Johnston
7e8094d53a merge from main 
--HG--
branch : fuzz
 2018-02-17 19:29:51 +08:00
Matt Johnston
597f7eb5e9 merge up to date 
--HG--
branch : fuzz
 2018-01-23 22:46:07 +08:00
Francois Perrad
89e64c631e Pointer parameter could be declared as pointing to const 2017-08-19 17:16:13 +02:00
Matt Johnston
4b7105dfea fix DROBPEAR_FUZZ auth delay 
--HG--
branch : fuzz
 2017-06-30 21:10:57 +08:00
Kevin Darbyshire-Bryant
e255101299 dropbear server: support -T max auth tries 
Add support for '-T n' for a run-time specification for maximum number
of authentication attempts where 'n' is between 1 and compile time
option MAX_AUTH_TRIES.

A default number of tries can be specified at compile time using
'DEFAULT_AUTH_TRIES' which itself defaults to MAX_AUTH_TRIES for
backwards compatibility.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
 2017-06-25 11:53:58 +01:00
Matt Johnston
4dae8edb76 merge main to fuzz 
--HG--
branch : fuzz
 2017-05-18 23:45:10 +08:00
Matt Johnston
fb719e3d0b fuzz harness 
--HG--
branch : fuzz
 2017-05-13 22:50:54 +08:00
Matt Johnston
9f24cdf74c copy over some fuzzing code from AFL branch 
--HG--
branch : fuzz
 2017-05-12 23:14:54 +08:00
Matt Johnston
32a28d0d9c Convert #ifdef to #if, other build changes 2016-05-04 15:33:40 +02:00
Francois Perrad
3e20c442de fix empty C prototypes 2016-03-16 22:41:20 +08:00
Matt Johnston
ce59260ee9 Fix problem where auth timeout wasn't checked when waiting for ident 2015-08-03 21:59:40 +08:00
Matt Johnston
1a4db21fe4 buf_getstring and buf_putstring now use non-unsigned char* 2015-06-04 23:08:50 +08:00
Gaël PORTAY
d680a9e3fb Turn username, servicename and methodname local variables into char * 
Changing checkusername()'s username argument into char * as well.
 2015-05-05 20:39:13 +02:00
Gaël PORTAY
224b16b247 Fix pointer differ in signess warnings [-Werror=pointer-sign] 2015-05-05 20:39:13 +02:00
Matt Johnston
f1826ea389 Fix auth timeout regression 2014-07-09 22:02:22 +08:00
Matt Johnston
cbe63bbabe rename random.h to dbrandom.h since some OSes have a system random.h 
--HG--
rename : random.c => dbrandom.c
rename : random.h => dbrandom.h
 2013-11-14 22:05:47 +08:00
Matt Johnston
e60a84d0ed Various cleanups and fixes for warnings 
--HG--
branch : ecc
 2013-11-12 23:02:32 +08:00
Matt Johnston
45bd0edae5 Merge in changes from the past couple of releases 
--HG--
branch : ecc
 2013-10-18 21:38:01 +08:00
Matt Johnston
142a0f8a83 Send PAM error messages as a banner messages 
Patch from Martin Donnelly, modified.
 2013-10-03 23:04:11 +08:00
Matt Johnston
f7ba7444e8 improve auth failure delays to avoid indicating which users exist 2013-05-26 18:39:24 +08:00
Matt Johnston
04518e9e80 merge in HEAD 
--HG--
branch : ecc
 2013-05-21 12:09:35 +08:00
Matt Johnston
54a76342f5 If running as non-root only allow that user to log in 2013-04-17 22:29:18 +08:00
Matt Johnston
c797c1750c - Fix various hardcoded uses of SHA1 
- rename curves to nistp256 etc
- fix svr-auth.c TRACE problem

--HG--
branch : ecc
 2013-04-08 00:10:57 +08:00
Matt Johnston
c6bdc810ab ecc kind of works, needs fixing/testing 
--HG--
branch : ecc
 2013-04-07 01:36:42 +08:00
Paul Eggleton
1205fa68df Allow configuring "allow blank password option" at runtime 
Changes this from a compile-time switch to a command-line option.

Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
 2013-02-12 15:52:57 +00:00
Matt Johnston
10d7a35841 Don't TRACE() the pw_passwd 2012-05-09 22:52:58 +08:00
Matt Johnston
6b4105ffe6 Fix empty password immediate login 2012-05-09 22:51:59 +08:00
Matt Johnston
2713445e91 Return immediate success for blank passwords if allowed 2012-05-09 22:37:04 +08:00
Matt Johnston
29e68e9d79 - Add ALLOW_BLANK_PASSWORD option 
- Don't reject blank-password logins via public key

--HG--
extra : convert_revision : 2d4bb3ecb013a7be47a7b470fc6b23e653a43dfb
 2011-10-26 15:49:47 +00:00
Matt Johnston
38ed870ffe Improve capitalisation for all logged strings 
--HG--
extra : convert_revision : 997e53cec7a9efb7413ac6e17b6be60a5597bd2e
 2011-02-23 15:50:30 +00:00
Matt Johnston
52551cb771 - Test for pam_fail_delay() function in configure 
- Recognise "username:" as a PAM prompt
- Add some randomness to the auth-failure delay
- Fix wrongly committed options.h/debug.h

--HG--
extra : convert_revision : f242f0e66fb0ea5d3b374995d2f548d37dd8f3a3
 2009-09-08 14:53:53 +00:00
Matt Johnston
049fcf1ac5 Add support for zlib@openssh.com delayed compression. 
Are still advertising 'zlib' for the server, need to allow
delayed-only as an option

--HG--
extra : convert_revision : 319df675cc3c9b35a10b7d8357c94f33fdab1a46
 2008-09-29 02:23:04 +00:00