ClearML/dropbear
1
0
Fork 0
mirror of https://github.com/clearml/dropbear synced 2025-04-23 15:44:35 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,509 Commits 5 Branches 63 Tags 14 MiB
e35d0784a8
Commit Graph

104 Commits

Author SHA1 Message Date
Matt Johnston
fa116e983b Rename EPKA -> Plugin 2019-05-15 21:59:45 +08:00
fabriziobertocci
8c6aaf8d36 External Public-Key Authentication API () 
* Implemented dynamic loading of an external plug-in shared library to delegate public key authentication

* Moved conditional compilation of the plugin infrastructure into the configure.ac script to be able to add -ldl to dropbear build only when the flag is enabled

* Added tags file to the ignore list

* Updated API to have the constructor to return function pointers in the pliugin instance. Added support for passing user name to the checkpubkey function. Added options to the session returned by the plugin and have dropbear to parse and process them

* Added -rdynamic to the linker flags when EPKA is enabled

* Changed the API to pass a previously created session to the checkPubKey function (created during preauth)

* Added documentation to the API

* Added parameter addrstring to plugin creation function

* Modified the API to retrieve the auth options. Instead of having them as field of the EPKASession struct, they are stored internally (plugin-dependent) in the plugin/session and retrieved through a pointer to a function (in the session)

* Changed option string to be a simple char * instead of unsigned char *
 2019-05-15 21:43:57 +08:00
François Perrad
7efe873d73 use a full prototype () 2018-02-20 23:13:42 +08:00
Matt Johnston
802dace05e include config.h for options.h. don't need to include options.h when 
includes.h brings it in
 2018-02-18 11:22:13 +08:00
Matt Johnston
a1aa161527 make signal flags volatile, simplify handling 2018-02-14 23:06:01 +08:00
Matt Johnston
4b021ae6f0 Remove none cipher 2018-02-09 23:40:23 +08:00
Matt Johnston
32a28d0d9c Convert #ifdef to #if, other build changes 2016-05-04 15:33:40 +02:00
Francois Perrad
3e20c442de fix empty C prototypes 2016-03-16 22:41:20 +08:00
Matt Johnston
79b43270a7 A few minor style fixes 2015-12-15 22:09:55 +08:00
Konstantin Tokarev
960364d953 Client: kill proxy command when exiting application. 2015-12-03 16:22:29 +03:00
Mike Frysinger
5f97d0fbbc fix build when ENABLE_CLI_INTERACT_AUTH is disabled 
The session.h defines clientsession.cipher_none_after_auth only when
ENABLE_CLI_INTERACT_AUTH is defined, but cli-session.c will always
try to set that member.  export cipher_none_after_auth all the time.
 2015-10-21 22:39:31 +08:00
Matt Johnston
ce59260ee9 Fix problem where auth timeout wasn't checked when waiting for ident 2015-08-03 21:59:40 +08:00
Gaël PORTAY
947d2697cf Turn sshsession's remoteident attribute into char * 2015-05-05 20:39:14 +02:00
Gaël PORTAY
7928d83b02 Turn cleantext()'s dirtytext argument into char * 2015-05-05 20:39:13 +02:00
Matt Johnston
275611fbaa Make main socket nonblocking. Limit writequeue size. 2015-03-20 23:36:42 +08:00
Matt Johnston
f782cf375a Fix pubkey auth after change to reuse ses.readbuf as ses.payload 
(4d7b4c5526c5)

--HG--
branch : nocircbuffer
 2015-03-01 23:02:06 +08:00
Matt Johnston
579463933b A bit of a bodge to avoid memcpy if zlib is disabled 
--HG--
branch : nocircbuffer
 2015-03-01 00:57:21 +08:00
Matt Johnston
31e379c300 merge from default 
--HG--
branch : fastopen
 2015-02-28 09:06:40 +08:00
Matt Johnston
1809f741cb Add more ATTRIB_NORETURN annotations, from Thorsten Horstmann 2015-02-24 22:36:20 +08:00
Thorsten Horstmann
fdb7ffa864 DROPBEAR_ prefix for include guards to avoid collisions 2015-02-24 20:43:01 +08:00
Matt Johnston
364a53577e Move generic network routines to netio.c 
--HG--
branch : fastopen
 2015-02-20 23:16:38 +08:00
Matt Johnston
76a3eb393c In theory TFO should work. Needs platform cleanup and testing 
--HG--
branch : fastopen
 2015-02-19 00:32:00 +08:00
Matt Johnston
755c1458f0 async connections working 
--HG--
branch : fastopen
 2015-02-18 22:46:15 +08:00
Matt Johnston
8795d733ec work in progress for async connect 
--HG--
branch : fastopen
 2015-02-18 00:05:27 +08:00
Matt Johnston
6d2d3669f3 Make keepalive handling more robust, this should now match what OpenSSH does 2014-08-19 23:08:56 +08:00
Matt Johnston
10eb218fb0 Don't send SSH_MSG_UNIMPLEMENTED for keepalive responses 2014-08-13 21:48:47 +08:00
Matt Johnston
0e7409c7ff Make sure the check_close() handler runs when a server child process exits 2014-07-28 23:23:49 +08:00
Matt Johnston
da57dd13c5 Set tcp priority as follows: 
if (connecting || ptys || x11) tos = LOWDELAY;
else if (tcp_forwards) tos = 0;
else tos = BULK;

TCP forwards could be either lowdelay or bulk, hence the default priority.
 2014-07-16 22:53:32 +08:00
Matt Johnston
f1826ea389 Fix auth timeout regression 2014-07-09 22:02:22 +08:00
Matt Johnston
c884e5000e Make -K keepalive behave like OpenSSH's ServerAliveInterval 2014-07-09 00:15:20 +08:00
Matt Johnston
e767bbb41f Add new monotonic_now() wrapper so that timeouts are unaffected by 
system clock changes
 2014-03-13 23:50:09 +08:00
Matt Johnston
55a0c5068f requirenext doesn't need two values 2014-01-23 22:25:52 +08:00
Matt Johnston
61cecbb337 DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default 2014-01-17 21:39:27 +08:00
Matt Johnston
de1deaf0bd use oldstyle comments 2013-11-14 22:03:30 +08:00
Matt Johnston
0162c116da curve25519 
--HG--
branch : ecc
 2013-11-08 23:11:43 +08:00
Matt Johnston
04518e9e80 merge in HEAD 
--HG--
branch : ecc
 2013-05-21 12:09:35 +08:00
Matt Johnston
ef151888fb requirenext fixup for firstkexfollows 2013-04-14 23:16:16 +08:00
Matt Johnston
c6bdc810ab ecc kind of works, needs fixing/testing 
--HG--
branch : ecc
 2013-04-07 01:36:42 +08:00
Matt Johnston
7f42096d0f Take transmit and receive keys into use separately 2013-04-04 00:18:50 +08:00
Matt Johnston
1a16da38d5 merge kexguess branch 2013-04-03 00:49:24 +08:00
Matt Johnston
78fbed8c3e Don't usually need to recalculate dh_e for the repeated kexdh_init packet 
--HG--
branch : kexguess
 2013-04-03 00:32:55 +08:00
Matt Johnston
90b5691183 Run the cleanup handler also when we close due to TCP connection being closed 2013-04-01 22:26:55 +08:00
Matt Johnston
e5072c6b12 merge from head roundtrip changes 
--HG--
branch : kexguess
 2013-04-01 00:13:41 +08:00
Matt Johnston
36526700a9 Don't bother waiting for a ssh-connection service reply - the server 
will disconnect if it wasn't accepted
 2013-03-31 21:38:17 +08:00
Matt Johnston
32294978a3 merge 
--HG--
branch : kexguess
 2013-03-31 00:41:15 +08:00
Matt Johnston
a0e931005b send out our kexinit packet before blocking to read the SSH version string 2013-03-31 00:40:00 +08:00
Matt Johnston
9c7485331a Get rid of client/server specific buf_match_algo, use single 
function with a couple of if statements instead

--HG--
branch : kexguess
 2013-03-30 23:55:05 +08:00
Matt Johnston
99d9cf500b Add kexguess2 behaviour 
--HG--
branch : kexguess
 2013-03-29 23:29:48 +08:00
Matt Johnston
4f62da0f0d first_kex_packet_follows working, needs tidying 
--HG--
branch : kexguess
 2013-03-29 20:44:13 +08:00
Matt Johnston
b4bcc60657 More changes for KEX and ECDH. Set up hash descriptors, make ECC code work, 
ses.hash and ses.session_id are now buffers (doesn't compile)

--HG--
branch : ecc
 2013-03-29 00:28:09 +08:00