ClearML/dropbear
1
0
Fork 0
mirror of https://github.com/clearml/dropbear synced 2025-01-31 10:57:01 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,512 Commits 5 Branches 63 Tags 14 MiB
fa4c4646d8
Commit Graph

77 Commits

Author SHA1 Message Date
Kevin Darbyshire-Bryant
fa4c4646d8
Improve address logging on early exit messages (#83) 
Change 'Early exit' and 'Exit before auth' messages to include the IP
address & port as part of the message.

This allows log scanning utilities such as 'fail2ban' to obtain the
offending IP address as part of the failure event instead of extracting
the PID from the message and then scanning the log again for match
'child connection from' messages

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
 2020-03-18 23:28:56 +08:00
Matt Johnston
fa116e983b Rename EPKA -> Plugin 2019-05-15 21:59:45 +08:00
fabriziobertocci
8c6aaf8d36 External Public-Key Authentication API (#72) 
* Implemented dynamic loading of an external plug-in shared library to delegate public key authentication

* Moved conditional compilation of the plugin infrastructure into the configure.ac script to be able to add -ldl to dropbear build only when the flag is enabled

* Added tags file to the ignore list

* Updated API to have the constructor to return function pointers in the pliugin instance. Added support for passing user name to the checkpubkey function. Added options to the session returned by the plugin and have dropbear to parse and process them

* Added -rdynamic to the linker flags when EPKA is enabled

* Changed the API to pass a previously created session to the checkPubKey function (created during preauth)

* Added documentation to the API

* Added parameter addrstring to plugin creation function

* Modified the API to retrieve the auth options. Instead of having them as field of the EPKASession struct, they are stored internally (plugin-dependent) in the plugin/session and retrieved through a pointer to a function (in the session)

* Changed option string to be a simple char * instead of unsigned char *
 2019-05-15 21:43:57 +08:00
Matt Johnston
5f2447edbb Fix to be able to compile normal(ish) binaries with --enable-fuzz 
--HG--
branch : fuzz
 2018-02-28 22:02:12 +08:00
Matt Johnston
c658b275fd - #if not #ifdef for DROPBEAR_FUZZ 
- fix some unused variables

--HG--
branch : fuzz
 2018-02-28 21:40:08 +08:00
Matt Johnston
5df73215f8 merge from main 
--HG--
branch : fuzz
 2018-02-26 22:44:48 +08:00
Matt Johnston
3996e93a20 make group1 client-only 2018-02-26 22:42:53 +08:00
Matt Johnston
7e8094d53a merge from main 
--HG--
branch : fuzz
 2018-02-17 19:29:51 +08:00
Matt Johnston
a1aa161527 make signal flags volatile, simplify handling 2018-02-14 23:06:01 +08:00
Matt Johnston
88ce30beb6 merge from main 
--HG--
branch : fuzz
 2017-06-14 23:31:42 +08:00
Matt Johnston
81b64ea0b5 Add a flag whether to longjmp, missed that last commit 
--HG--
branch : fuzz
 2017-06-01 21:30:26 +08:00
Francois Perrad
5f76e4c1ed when pointer, use NULL instead of 0 2017-06-02 18:14:31 +02:00
Matt Johnston
c169423051 glaring wrapfd problems fixed 
--HG--
branch : fuzz
 2017-05-20 22:47:19 +08:00
Matt Johnston
4dae8edb76 merge main to fuzz 
--HG--
branch : fuzz
 2017-05-18 23:45:10 +08:00
Matt Johnston
fb719e3d0b fuzz harness 
--HG--
branch : fuzz
 2017-05-13 22:50:54 +08:00
Matt Johnston
9f24cdf74c copy over some fuzzing code from AFL branch 
--HG--
branch : fuzz
 2017-05-12 23:14:54 +08:00
Matt Johnston
c6e912f9e2 merge 2016.74 2016-07-21 23:38:42 +08:00
Matt Johnston
32a28d0d9c Convert #ifdef to #if, other build changes 2016-05-04 15:33:40 +02:00
Matt Johnston
8fd720c3e3 Improve exit message formatting 2016-07-11 23:09:33 +08:00
Francois Perrad
3e20c442de fix empty C prototypes 2016-03-16 22:41:20 +08:00
Chocobo1
9bcd5f3c0a Fix print format specifier 2016-01-05 12:37:48 +08:00
Matt Johnston
79b43270a7 A few minor style fixes 2015-12-15 22:09:55 +08:00
Konstantin Tokarev
2d6bbf341d Moved usingsyslog from svr_runopts to runopts. 2015-12-15 16:43:29 +03:00
Matt Johnston
ce59260ee9 Fix problem where auth timeout wasn't checked when waiting for ident 2015-08-03 21:59:40 +08:00
Matt Johnston
0e1dee828a Make sure kexfirstinitialise is called early enough 2015-05-03 00:00:35 +08:00
Matt Johnston
8008b595d3 Some additional cleanup functions 2015-02-24 22:17:04 +08:00
Matt Johnston
21bed0d21a Free memory before exiting. Based on patch from Thorsten Horstmann. 
Client side is not complete.
 2015-02-24 22:01:33 +08:00
Matt Johnston
6d2d3669f3 Make keepalive handling more robust, this should now match what OpenSSH does 2014-08-19 23:08:56 +08:00
Matt Johnston
10eb218fb0 Don't send SSH_MSG_UNIMPLEMENTED for keepalive responses 2014-08-13 21:48:47 +08:00
Matt Johnston
f1826ea389 Fix auth timeout regression 2014-07-09 22:02:22 +08:00
Matt Johnston
c884e5000e Make -K keepalive behave like OpenSSH's ServerAliveInterval 2014-07-09 00:15:20 +08:00
Matt Johnston
e767bbb41f Add new monotonic_now() wrapper so that timeouts are unaffected by 
system clock changes
 2014-03-13 23:50:09 +08:00
Matt Johnston
092a4d9a7e Fix disabling DSS key 2013-12-03 21:26:59 +08:00
Matt Johnston
cbe63bbabe rename random.h to dbrandom.h since some OSes have a system random.h 
--HG--
rename : random.c => dbrandom.c
rename : random.h => dbrandom.h
 2013-11-14 22:05:47 +08:00
Matt Johnston
04518e9e80 merge in HEAD 
--HG--
branch : ecc
 2013-05-21 12:09:35 +08:00
Matt Johnston
95a21c8fd7 ecdsa is working 
--HG--
branch : ecc
 2013-05-03 23:07:48 +08:00
Matt Johnston
7f091e7019 start on ecdsa keys 
--HG--
branch : ecc
 2013-04-09 00:36:04 +08:00
Matt Johnston
1a16da38d5 merge kexguess branch 2013-04-03 00:49:24 +08:00
Matt Johnston
90b5691183 Run the cleanup handler also when we close due to TCP connection being closed 2013-04-01 22:26:55 +08:00
Matt Johnston
32294978a3 merge 
--HG--
branch : kexguess
 2013-03-31 00:41:15 +08:00
Matt Johnston
a0e931005b send out our kexinit packet before blocking to read the SSH version string 2013-03-31 00:40:00 +08:00
Matt Johnston
9c7485331a Get rid of client/server specific buf_match_algo, use single 
function with a couple of if statements instead

--HG--
branch : kexguess
 2013-03-30 23:55:05 +08:00
Matt Johnston
d5ccc32b4d Improve RNG seeding. 
Try to read from /dev/urandom multiple times, take input from extra sources,
and use /dev/random when generating private keys
 2012-06-29 23:19:43 +08:00
Matt Johnston
2a02c4084a - Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD 
- Fix build if ENABLE_SVR_REMOTETCPFWD is disabled but ENABLE_SVR_LOCALTCPFWD
  is enabled
 2012-05-09 20:33:16 +08:00
Matt Johnston
49b79fa02d Rename HAVE_FORK to USE_VFORK 
It makes it a bit more obvious why there's a test there since HAVE_FORK
is the normal case.
 2012-04-09 20:35:13 +08:00
Mike Frysinger
c957edbe75 check for fork() and not __uClinux__ 2012-04-08 01:50:52 -04:00
Matt Johnston
b272b967e2 Properly fix the bug found years ago by Klocwork, refound again. 
--HG--
extra : convert_revision : 65b95facde07c748c56e0bfa25c801397dc16a99
 2011-04-07 13:33:26 +00:00
Matt Johnston
38ed870ffe Improve capitalisation for all logged strings 
--HG--
extra : convert_revision : 997e53cec7a9efb7413ac6e17b6be60a5597bd2e
 2011-02-23 15:50:30 +00:00
Matt Johnston
4dfb834f7c Move remotehost into svr_ses structure since we can't look it up 
once we've forked (the connection socket has been closed).
Fixes inetd mode.

--HG--
extra : convert_revision : 7d5d152ec84fb11a188966c1400d213c908cc511
 2009-09-05 11:40:00 +00:00
Matt Johnston
f88bed7a30 Rearrange getaddrstring() etc 
--HG--
extra : convert_revision : 8a18c4a60aeaec085923d13d98fa0f93c506ceba
 2009-09-01 16:38:26 +00:00