Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • Geofferey/dropbear
1 result
Show changes
Hide whitespace changes
Inline Side-by-side
Showing
with 132 additions and 152 deletions
common-channel.c
View file @ 278a3e43
@@ -38,18 +38,18 @@
@@ -38,18 +38,18 @@
   
static void send_msg_channel_open_failure(unsigned int remotechan, int reason, static void send_msg_channel_open_failure(unsigned int remotechan, int reason,
const char *text, const char *lang); const char *text, const char *lang);
static void send_msg_channel_open_confirmation(struct Channel* channel, static void send_msg_channel_open_confirmation(const struct Channel* channel,
unsigned int recvwindow, unsigned int recvwindow,
unsigned int recvmaxpacket); unsigned int recvmaxpacket);
static int writechannel(struct Channel* channel, int fd, circbuffer *cbuf, static int writechannel(struct Channel* channel, int fd, circbuffer *cbuf,
const unsigned char *moredata, unsigned int *morelen); const unsigned char *moredata, unsigned int *morelen);
static void send_msg_channel_window_adjust(struct Channel *channel, static void send_msg_channel_window_adjust(const struct Channel *channel,
unsigned int incr); unsigned int incr);
static void send_msg_channel_data(struct Channel *channel, int isextended); static void send_msg_channel_data(struct Channel *channel, int isextended);
static void send_msg_channel_eof(struct Channel *channel); static void send_msg_channel_eof(struct Channel *channel);
static void send_msg_channel_close(struct Channel *channel); static void send_msg_channel_close(struct Channel *channel);
static void remove_channel(struct Channel *channel); static void remove_channel(struct Channel *channel);
static unsigned int write_pending(struct Channel * channel); static unsigned int write_pending(const struct Channel * channel);
static void check_close(struct Channel *channel); static void check_close(struct Channel *channel);
static void close_chan_fd(struct Channel *channel, int fd, int how); static void close_chan_fd(struct Channel *channel, int fd, int how);
   
@@ -198,7 +198,7 @@ struct Channel* getchannel() {
@@ -198,7 +198,7 @@ struct Channel* getchannel() {
} }
   
/* Iterate through the channels, performing IO if available */ /* Iterate through the channels, performing IO if available */
void channelio(fd_set *readfds, fd_set *writefds) { void channelio(const fd_set *readfds, const fd_set *writefds) {
   
/* Listeners such as TCP, X11, agent-auth */ /* Listeners such as TCP, X11, agent-auth */
struct Channel *channel; struct Channel *channel;
@@ -262,7 +262,7 @@ void channelio(fd_set *readfds, fd_set *writefds) {
@@ -262,7 +262,7 @@ void channelio(fd_set *readfds, fd_set *writefds) {
   
/* Returns true if there is data remaining to be written to stdin or /* Returns true if there is data remaining to be written to stdin or
* stderr of a channel's endpoint. */ * stderr of a channel's endpoint. */
static unsigned int write_pending(struct Channel * channel) { static unsigned int write_pending(const struct Channel * channel) {
   
if (channel->writefd >= 0 && cbuf_getused(channel->writebuf) > 0) { if (channel->writefd >= 0 && cbuf_getused(channel->writebuf) > 0) {
return 1; return 1;
@@ -903,7 +903,7 @@ void recv_msg_channel_window_adjust() {
@@ -903,7 +903,7 @@ void recv_msg_channel_window_adjust() {
   
/* Increment the incoming data window for a channel, and let the remote /* Increment the incoming data window for a channel, and let the remote
* end know */ * end know */
static void send_msg_channel_window_adjust(struct Channel* channel, static void send_msg_channel_window_adjust(const struct Channel* channel,
unsigned int incr) { unsigned int incr) {
   
TRACE(("sending window adjust %d", incr)) TRACE(("sending window adjust %d", incr))
@@ -1008,7 +1008,7 @@ cleanup:
@@ -1008,7 +1008,7 @@ cleanup:
} }
   
/* Send a failure message */ /* Send a failure message */
void send_msg_channel_failure(struct Channel *channel) { void send_msg_channel_failure(const struct Channel *channel) {
   
TRACE(("enter send_msg_channel_failure")) TRACE(("enter send_msg_channel_failure"))
CHECKCLEARTOWRITE(); CHECKCLEARTOWRITE();
@@ -1021,7 +1021,7 @@ void send_msg_channel_failure(struct Channel *channel) {
@@ -1021,7 +1021,7 @@ void send_msg_channel_failure(struct Channel *channel) {
} }
   
/* Send a success message */ /* Send a success message */
void send_msg_channel_success(struct Channel *channel) { void send_msg_channel_success(const struct Channel *channel) {
   
TRACE(("enter send_msg_channel_success")) TRACE(("enter send_msg_channel_success"))
CHECKCLEARTOWRITE(); CHECKCLEARTOWRITE();
@@ -1053,7 +1053,7 @@ static void send_msg_channel_open_failure(unsigned int remotechan,
@@ -1053,7 +1053,7 @@ static void send_msg_channel_open_failure(unsigned int remotechan,
   
/* Confirm a channel open, and let the remote end know what number we've /* Confirm a channel open, and let the remote end know what number we've
* allocated and the receive parameters */ * allocated and the receive parameters */
static void send_msg_channel_open_confirmation(struct Channel* channel, static void send_msg_channel_open_confirmation(const struct Channel* channel,
unsigned int recvwindow, unsigned int recvwindow,
unsigned int recvmaxpacket) { unsigned int recvmaxpacket) {
   
@@ -1239,8 +1239,8 @@ struct Channel* get_any_ready_channel() {
@@ -1239,8 +1239,8 @@ struct Channel* get_any_ready_channel() {
return NULL; return NULL;
} }
   
void start_send_channel_request(struct Channel *channel, void start_send_channel_request(const struct Channel *channel,
char *type) { const char *type) {
   
CHECKCLEARTOWRITE(); CHECKCLEARTOWRITE();
buf_putbyte(ses.writepayload, SSH_MSG_CHANNEL_REQUEST); buf_putbyte(ses.writepayload, SSH_MSG_CHANNEL_REQUEST);
common-kex.c
View file @ 278a3e43
@@ -714,7 +714,7 @@ void free_kexcurve25519_param(struct kex_curve25519_param *param)
@@ -714,7 +714,7 @@ void free_kexcurve25519_param(struct kex_curve25519_param *param)
m_free(param); m_free(param);
} }
   
void kexcurve25519_comb_key(struct kex_curve25519_param *param, buffer *buf_pub_them, void kexcurve25519_comb_key(const struct kex_curve25519_param *param, const buffer *buf_pub_them,
sign_key *hostkey) { sign_key *hostkey) {
unsigned char out[CURVE25519_LEN]; unsigned char out[CURVE25519_LEN];
const unsigned char* Q_C = NULL; const unsigned char* Q_C = NULL;
configure.ac
View file @ 278a3e43
@@ -9,7 +9,6 @@ AC_PREREQ(2.59)
@@ -9,7 +9,6 @@ AC_PREREQ(2.59)
AC_INIT AC_INIT
AC_CONFIG_SRCDIR(buffer.c) AC_CONFIG_SRCDIR(buffer.c)
   
OLDCFLAGS="$CFLAGS"
# Checks for programs. # Checks for programs.
AC_PROG_CC AC_PROG_CC
AC_PROG_MAKE_SET AC_PROG_MAKE_SET
@@ -19,23 +18,43 @@ if test -z "$LD" ; then
@@ -19,23 +18,43 @@ if test -z "$LD" ; then
fi fi
AC_SUBST(LD) AC_SUBST(LD)
   
AC_DEFUN(DB_TRYADDCFLAGS,
[{
OLDFLAGS="$CFLAGS"
TESTFLAGS="$1"
CFLAGS="$CFLAGS $TESTFLAGS"
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])],
[AC_MSG_NOTICE([Setting $TESTFLAGS])],
[AC_MSG_NOTICE([Not setting $TESTFLAGS]); CFLAGS="$OLDFLAGS" ]
)
}])
# set compile flags prior to other tests # set compile flags prior to other tests
if test -z "$OLDCFLAGS" && test "$GCC" = "yes"; then if test -z "$OLDCFLAGS" && test "$GCC" = "yes"; then
AC_MSG_NOTICE(No \$CFLAGS set... using "-Os -W -Wall" for GCC) AC_MSG_NOTICE(No \$CFLAGS set... using "-Os -W -Wall" for GCC)
CFLAGS="-Os -W -Wall -Wno-pointer-sign" CFLAGS="-Os -W -Wall"
fi fi
   
AC_MSG_CHECKING([if compiler '$CC' supports -fno-strict-overflow]) AC_MSG_NOTICE([Checking if compiler '$CC' supports -Wno-pointer-sign])
OLDCFLAGS="$CFLAGS" DB_TRYADDCFLAGS([-Wno-pointer-sign])
CFLAGS="$CFLAGS -fno-strict-overflow"
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])], AC_MSG_NOTICE([Checking if compiler '$CC' supports -fno-strict-overflow])
[AC_MSG_RESULT(yes)], DB_TRYADDCFLAGS([-fno-strict-overflow])
[AC_MSG_RESULT(no); CFLAGS="$OLDCFLAGS" ]
) STATIC=0
AC_ARG_ENABLE(static,
[ --enable-static Build static binaries],
[
if test "x$enableval" = "xyes"; then
STATIC=1
AC_MSG_NOTICE(Static Build)
fi
], [])
AC_SUBST(STATIC)
   
hardenbuild=1 hardenbuild=1
AC_ARG_ENABLE(harden, AC_ARG_ENABLE(harden,
[ --disable-harden Don't set hardened build flags], [ --disable-harden Don't set hardened build flags],
[ [
if test "x$enableval" = "xno"; then if test "x$enableval" = "xno"; then
hardenbuild=0 hardenbuild=0
@@ -45,37 +64,35 @@ AC_ARG_ENABLE(harden,
@@ -45,37 +64,35 @@ AC_ARG_ENABLE(harden,
   
if test "$hardenbuild" -eq 1; then if test "$hardenbuild" -eq 1; then
AC_MSG_NOTICE(Checking for available hardened build flags:) AC_MSG_NOTICE(Checking for available hardened build flags:)
# pie # relocation flags don't make sense for static builds
OLDCFLAGS="$CFLAGS" if test "$STATIC" -ne 1; then
TESTFLAGS="-fPIE" # pie
CFLAGS="$CFLAGS $TESTFLAGS" DB_TRYADDCFLAGS([-fPIE])
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])],
[AC_MSG_NOTICE([Setting $TESTFLAGS])], OLDLDFLAGS="$LDFLAGS"
[AC_MSG_NOTICE([Not setting $TESTFLAGS]); CFLAGS="$OLDCFLAGS" ] TESTFLAGS="-Wl,-pie"
) LDFLAGS="$LDFLAGS $TESTFLAGS"
OLDLDFLAGS="$LDFLAGS" AC_LINK_IFELSE([AC_LANG_PROGRAM([])],
TESTFLAGS="-Wl,-pie" [AC_MSG_NOTICE([Setting $TESTFLAGS])],
LDFLAGS="$LDFLAGS $TESTFLAGS" [
AC_LINK_IFELSE([AC_LANG_PROGRAM([])], LDFLAGS="$OLDLDFLAGS"
[AC_MSG_NOTICE([Setting $TESTFLAGS])], TESTFLAGS="-pie"
[ LDFLAGS="$LDFLAGS $TESTFLAGS"
LDFLAGS="$OLDLDFLAGS" AC_LINK_IFELSE([AC_LANG_PROGRAM([])],
TESTFLAGS="-pie" [AC_MSG_NOTICE([Setting $TESTFLAGS])],
LDFLAGS="$LDFLAGS $TESTFLAGS" [AC_MSG_NOTICE([Not setting $TESTFLAGS]); LDFLAGS="$OLDLDFLAGS" ]
AC_LINK_IFELSE([AC_LANG_PROGRAM([])], )
[AC_MSG_NOTICE([Setting $TESTFLAGS])], ]
[AC_MSG_NOTICE([Not setting $TESTFLAGS]); LDFLAGS="$OLDLDFLAGS" ] )
) # readonly elf relocation sections (relro)
] OLDLDFLAGS="$LDFLAGS"
) TESTFLAGS="-Wl,-z,now -Wl,-z,relro"
# readonly elf relocation sections (relro) LDFLAGS="$LDFLAGS $TESTFLAGS"
OLDLDFLAGS="$LDFLAGS" AC_LINK_IFELSE([AC_LANG_PROGRAM([])],
TESTFLAGS="-Wl,-z,now -Wl,-z,relro" [AC_MSG_NOTICE([Setting $TESTFLAGS])],
LDFLAGS="$LDFLAGS $TESTFLAGS" [AC_MSG_NOTICE([Not setting $TESTFLAGS]); LDFLAGS="$OLDLDFLAGS" ]
AC_LINK_IFELSE([AC_LANG_PROGRAM([])], )
[AC_MSG_NOTICE([Setting $TESTFLAGS])], fi # non-static
[AC_MSG_NOTICE([Not setting $TESTFLAGS]); LDFLAGS="$OLDLDFLAGS" ]
)
# stack protector. -strong is good but only in gcc 4.9 or later # stack protector. -strong is good but only in gcc 4.9 or later
OLDCFLAGS="$CFLAGS" OLDCFLAGS="$CFLAGS"
TESTFLAGS="-fstack-protector-strong" TESTFLAGS="-fstack-protector-strong"
@@ -93,13 +110,7 @@ if test "$hardenbuild" -eq 1; then
@@ -93,13 +110,7 @@ if test "$hardenbuild" -eq 1; then
] ]
) )
# FORTIFY_SOURCE # FORTIFY_SOURCE
OLDCFLAGS="$CFLAGS" DB_TRYADDCFLAGS([-D_FORTIFY_SOURCE=2])
TESTFLAGS="-D_FORTIFY_SOURCE=2"
CFLAGS="$CFLAGS $TESTFLAGS"
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])],
[AC_MSG_NOTICE([Setting $TESTFLAGS])],
[AC_MSG_NOTICE([Not setting $TESTFLAGS]); CFLAGS="$OLDCFLAGS" ]
)
fi fi
   
# large file support is useful for scp # large file support is useful for scp
@@ -230,7 +241,7 @@ AC_ARG_WITH(pam,
@@ -230,7 +241,7 @@ AC_ARG_WITH(pam,
   
   
AC_ARG_ENABLE(pam, AC_ARG_ENABLE(pam,
[ --enable-pam Try to include PAM support], [ --enable-pam Try to include PAM support],
[ [
if test "x$enableval" = "xyes"; then if test "x$enableval" = "xyes"; then
AC_CHECK_LIB(pam, pam_authenticate, , AC_MSG_ERROR([*** PAM missing - install first or check config.log ***])) AC_CHECK_LIB(pam, pam_authenticate, , AC_MSG_ERROR([*** PAM missing - install first or check config.log ***]))
@@ -255,15 +266,20 @@ AC_ARG_ENABLE(openpty,
@@ -255,15 +266,20 @@ AC_ARG_ENABLE(openpty,
AC_MSG_NOTICE(Not using openpty) AC_MSG_NOTICE(Not using openpty)
else else
AC_MSG_NOTICE(Using openpty if available) AC_MSG_NOTICE(Using openpty if available)
AC_SEARCH_LIBS(openpty, util, [AC_DEFINE(HAVE_OPENPTY,1,[Have openpty() function])]) AC_SEARCH_LIBS(openpty, util, [dropbear_cv_func_have_openpty=yes])
fi fi
], ],
[ [
AC_MSG_NOTICE(Using openpty if available) AC_MSG_NOTICE(Using openpty if available)
AC_SEARCH_LIBS(openpty, util, [AC_DEFINE(HAVE_OPENPTY)]) AC_SEARCH_LIBS(openpty, util, [dropbear_cv_func_have_openpty=yes])
] ]
) )
if test "x$dropbear_cv_func_have_openpty" = "xyes"; then
AC_DEFINE(HAVE_OPENPTY,,Have openpty() function)
no_ptc_check=yes
no_ptmx_check=yes
fi
   
AC_ARG_ENABLE(syslog, AC_ARG_ENABLE(syslog,
[ --disable-syslog Don't include syslog support], [ --disable-syslog Don't include syslog support],
@@ -782,60 +798,11 @@ fi
@@ -782,60 +798,11 @@ fi
   
AC_EXEEXT AC_EXEEXT
   
# XXX there must be a nicer way to do this
if test $BUNDLED_LIBTOM = 1 ; then if test $BUNDLED_LIBTOM = 1 ; then
AS_MKDIR_P(libtomcrypt/src/ciphers/aes) (cd $srcdir; find libtomcrypt -type d) | xargs mkdir -pv
AS_MKDIR_P(libtomcrypt/src/ciphers/safer)
AS_MKDIR_P(libtomcrypt/src/ciphers/twofish)
AS_MKDIR_P(libtomcrypt/src/encauth/ccm)
AS_MKDIR_P(libtomcrypt/src/encauth/eax)
AS_MKDIR_P(libtomcrypt/src/encauth/gcm)
AS_MKDIR_P(libtomcrypt/src/encauth/ocb)
AS_MKDIR_P(libtomcrypt/src/hashes)
AS_MKDIR_P(libtomcrypt/src/hashes/chc)
AS_MKDIR_P(libtomcrypt/src/hashes/helper)
AS_MKDIR_P(libtomcrypt/src/hashes/sha2)
AS_MKDIR_P(libtomcrypt/src/hashes/whirl)
AS_MKDIR_P(libtomcrypt/src/mac/hmac)
AS_MKDIR_P(libtomcrypt/src/mac/omac)
AS_MKDIR_P(libtomcrypt/src/mac/pelican)
AS_MKDIR_P(libtomcrypt/src/mac/pmac)
AS_MKDIR_P(libtomcrypt/src/mac/f9)
AS_MKDIR_P(libtomcrypt/src/mac/xcbc)
AS_MKDIR_P(libtomcrypt/src/math/fp)
AS_MKDIR_P(libtomcrypt/src/misc/base64)
AS_MKDIR_P(libtomcrypt/src/misc/crypt)
AS_MKDIR_P(libtomcrypt/src/misc/mpi)
AS_MKDIR_P(libtomcrypt/src/misc/pkcs5)
AS_MKDIR_P(libtomcrypt/src/modes/cbc)
AS_MKDIR_P(libtomcrypt/src/modes/cfb)
AS_MKDIR_P(libtomcrypt/src/modes/ctr)
AS_MKDIR_P(libtomcrypt/src/modes/ecb)
AS_MKDIR_P(libtomcrypt/src/modes/ofb)
AS_MKDIR_P(libtomcrypt/src/modes/f8)
AS_MKDIR_P(libtomcrypt/src/modes/lrw)
AS_MKDIR_P(libtomcrypt/src/pk/asn1/der/bit)
AS_MKDIR_P(libtomcrypt/src/pk/asn1/der/boolean)
AS_MKDIR_P(libtomcrypt/src/pk/asn1/der/choice)
AS_MKDIR_P(libtomcrypt/src/pk/asn1/der/ia5)
AS_MKDIR_P(libtomcrypt/src/pk/asn1/der/integer)
AS_MKDIR_P(libtomcrypt/src/pk/asn1/der/object_identifier)
AS_MKDIR_P(libtomcrypt/src/pk/asn1/der/octet)
AS_MKDIR_P(libtomcrypt/src/pk/asn1/der/printable_string)
AS_MKDIR_P(libtomcrypt/src/pk/asn1/der/sequence)
AS_MKDIR_P(libtomcrypt/src/pk/asn1/der/set)
AS_MKDIR_P(libtomcrypt/src/pk/asn1/der/short_integer)
AS_MKDIR_P(libtomcrypt/src/pk/asn1/der/utctime)
AS_MKDIR_P(libtomcrypt/src/pk/asn1/der/utf8)
AS_MKDIR_P(libtomcrypt/src/pk/dh)
AS_MKDIR_P(libtomcrypt/src/pk/dsa)
AS_MKDIR_P(libtomcrypt/src/pk/ecc)
AS_MKDIR_P(libtomcrypt/src/pk/katja)
AS_MKDIR_P(libtomcrypt/src/pk/pkcs1)
AS_MKDIR_P(libtomcrypt/src/pk/rsa)
AS_MKDIR_P(libtomcrypt/src/prngs)
LIBTOM_FILES="libtomcrypt/Makefile libtommath/Makefile" LIBTOM_FILES="libtomcrypt/Makefile libtommath/Makefile"
fi fi
AC_CONFIG_HEADER(config.h) AC_CONFIG_HEADER(config.h)
AC_CONFIG_FILES(Makefile $LIBTOM_FILES) AC_CONFIG_FILES(Makefile $LIBTOM_FILES)
AC_OUTPUT AC_OUTPUT
dbclient.1
View file @ 278a3e43
@@ -133,8 +133,8 @@ Can be used to give options in the format used by OpenSSH config file. This is
@@ -133,8 +133,8 @@ Can be used to give options in the format used by OpenSSH config file. This is
useful for specifying options for which there is no separate command-line flag. useful for specifying options for which there is no separate command-line flag.
For full details of the options listed below, and their possible values, see For full details of the options listed below, and their possible values, see
ssh_config(5). ssh_config(5).
The following options have currently been implemented:
   
For now following options have been implemented:
.RS .RS
.TP .TP
.B ExitOnForwardFailure .B ExitOnForwardFailure
@@ -147,6 +147,10 @@ Send dbclient log messages to syslog in addition to stderr.
@@ -147,6 +147,10 @@ Send dbclient log messages to syslog in addition to stderr.
.B \-s .B \-s
The specified command will be requested as a subsystem, used for sftp. Dropbear doesn't implement sftp itself but the OpenSSH sftp client can be used eg \fIsftp -S dbclient user@host\fR The specified command will be requested as a subsystem, used for sftp. Dropbear doesn't implement sftp itself but the OpenSSH sftp client can be used eg \fIsftp -S dbclient user@host\fR
.TP .TP
.B \-b \fI[address][:port]
Bind to a specific local address when connecting to the remote host. This can be used to choose from
multiple outgoing interfaces. Either address or port (or both) can be given.
.TP
.B \-V .B \-V
Print the version Print the version
   
dbrandom.c
View file @ 278a3e43
@@ -141,7 +141,7 @@ out:
@@ -141,7 +141,7 @@ out:
return ret; return ret;
} }
   
void addrandom(unsigned char * buf, unsigned int len) void addrandom(const unsigned char * buf, unsigned int len)
{ {
hash_state hs; hash_state hs;
   
dbrandom.h
View file @ 278a3e43
@@ -29,7 +29,7 @@
@@ -29,7 +29,7 @@
   
void seedrandom(void); void seedrandom(void);
void genrandom(unsigned char* buf, unsigned int len); void genrandom(unsigned char* buf, unsigned int len);
void addrandom(unsigned char * buf, unsigned int len); void addrandom(const unsigned char * buf, unsigned int len);
void gen_random_mpint(mp_int *max, mp_int *rand); void gen_random_mpint(mp_int *max, mp_int *rand);
   
#endif /* DROPBEAR_RANDOM_H_ */ #endif /* DROPBEAR_RANDOM_H_ */
dbutil.c
View file @ 278a3e43
@@ -241,7 +241,7 @@ int connect_unix(const char* path) {
@@ -241,7 +241,7 @@ int connect_unix(const char* path) {
* it will be run after the child has fork()ed, and is passed exec_data. * it will be run after the child has fork()ed, and is passed exec_data.
* If ret_errfd == NULL then stderr will not be captured. * If ret_errfd == NULL then stderr will not be captured.
* ret_pid can be passed as NULL to discard the pid. */ * ret_pid can be passed as NULL to discard the pid. */
int spawn_command(void(*exec_fn)(void *user_data), void *exec_data, int spawn_command(void(*exec_fn)(const void *user_data), const void *exec_data,
int *ret_writefd, int *ret_readfd, int *ret_errfd, pid_t *ret_pid) { int *ret_writefd, int *ret_readfd, int *ret_errfd, pid_t *ret_pid) {
int infds[2]; int infds[2];
int outfds[2]; int outfds[2];
@@ -506,7 +506,7 @@ out:
@@ -506,7 +506,7 @@ out:
void m_close(int fd) { void m_close(int fd) {
int val; int val;
   
if (fd == -1) { if (fd < 0) {
return; return;
} }
   
@@ -634,6 +634,10 @@ reach userspace include headers */
@@ -634,6 +634,10 @@ reach userspace include headers */
#ifndef CLOCK_MONOTONIC_COARSE #ifndef CLOCK_MONOTONIC_COARSE
#define CLOCK_MONOTONIC_COARSE 6 #define CLOCK_MONOTONIC_COARSE 6
#endif #endif
/* Some old toolchains know SYS_clock_gettime but not CLOCK_MONOTONIC */
#ifndef CLOCK_MONOTONIC
#define CLOCK_MONOTONIC 1
#endif
static clockid_t get_linux_clock_source() { static clockid_t get_linux_clock_source() {
struct timespec ts; struct timespec ts;
if (syscall(SYS_clock_gettime, CLOCK_MONOTONIC_COARSE, &ts) == 0) { if (syscall(SYS_clock_gettime, CLOCK_MONOTONIC_COARSE, &ts) == 0) {
dbutil.h
View file @ 278a3e43
@@ -56,7 +56,7 @@ extern int debug_trace;
@@ -56,7 +56,7 @@ extern int debug_trace;
   
char * stripcontrol(const char * text); char * stripcontrol(const char * text);
   
int spawn_command(void(*exec_fn)(void *user_data), void *exec_data, int spawn_command(void(*exec_fn)(const void *user_data), const void *exec_data,
int *writefd, int *readfd, int *errfd, pid_t *pid); int *writefd, int *readfd, int *errfd, pid_t *pid);
void run_shell_command(const char* cmd, unsigned int maxfd, char* usershell); void run_shell_command(const char* cmd, unsigned int maxfd, char* usershell);
#ifdef ENABLE_CONNECT_UNIX #ifdef ENABLE_CONNECT_UNIX
default_options.h
View file @ 278a3e43
@@ -380,7 +380,8 @@ Homedir is prepended unless path begins with / */
@@ -380,7 +380,8 @@ Homedir is prepended unless path begins with / */
#define MAX_UNAUTH_CLIENTS 30 #define MAX_UNAUTH_CLIENTS 30
#endif #endif
   
/* Maximum number of failed authentication tries (server option) */ /* Default maximum number of failed authentication tries (server option) */
/* -T runtime option overrides */
#ifndef MAX_AUTH_TRIES #ifndef MAX_AUTH_TRIES
#define MAX_AUTH_TRIES 10 #define MAX_AUTH_TRIES 10
#endif #endif
default_options.h.in
View file @ 278a3e43
@@ -258,7 +258,8 @@ Homedir is prepended unless path begins with / */
@@ -258,7 +258,8 @@ Homedir is prepended unless path begins with / */
* come from many IPs */ * come from many IPs */
#define MAX_UNAUTH_CLIENTS 30 #define MAX_UNAUTH_CLIENTS 30
   
/* Maximum number of failed authentication tries (server option) */ /* Default maximum number of failed authentication tries (server option) */
/* -T server option overrides */
#define MAX_AUTH_TRIES 10 #define MAX_AUTH_TRIES 10
   
/* The default file to store the daemon's process ID, for shutdown /* The default file to store the daemon's process ID, for shutdown
dropbear.8
View file @ 278a3e43
@@ -91,6 +91,9 @@ if 0 disables keepalives. If no response is received for 3 consecutive keepalive
@@ -91,6 +91,9 @@ if 0 disables keepalives. If no response is received for 3 consecutive keepalive
.B \-I \fIidle_timeout .B \-I \fIidle_timeout
Disconnect the session if no traffic is transmitted or received for \fIidle_timeout\fR seconds. Disconnect the session if no traffic is transmitted or received for \fIidle_timeout\fR seconds.
.TP .TP
.B \-T \fImax_authentication_attempts
Set the number of authentication attempts allowed per connection. If unspecified the default is 10 (MAX_AUTH_TRIES)
.TP
.B \-c \fIforced_command .B \-c \fIforced_command
Disregard the command provided by the user and always run \fIforced_command\fR. This also Disregard the command provided by the user and always run \fIforced_command\fR. This also
overrides any authorized_keys command= option. overrides any authorized_keys command= option.
dropbearkey.c
View file @ 278a3e43
@@ -241,7 +241,7 @@ int main(int argc, char ** argv) {
@@ -241,7 +241,7 @@ int main(int argc, char ** argv) {
} }
   
genbits = signkey_generate_get_bits(keytype, bits); genbits = signkey_generate_get_bits(keytype, bits);
fprintf(stderr, "Generating %d bit %s key, this may take a while...\n", genbits, typetext); fprintf(stderr, "Generating %u bit %s key, this may take a while...\n", genbits, typetext);
if (signkey_generate(keytype, bits, filename, 0) == DROPBEAR_FAILURE) if (signkey_generate(keytype, bits, filename, 0) == DROPBEAR_FAILURE)
{ {
dropbear_exit("Failed to generate key.\n"); dropbear_exit("Failed to generate key.\n");
dss.c
View file @ 278a3e43
@@ -127,7 +127,7 @@ void dss_key_free(dropbear_dss_key *key) {
@@ -127,7 +127,7 @@ void dss_key_free(dropbear_dss_key *key) {
* mpint g * mpint g
* mpint y * mpint y
*/ */
void buf_put_dss_pub_key(buffer* buf, dropbear_dss_key *key) { void buf_put_dss_pub_key(buffer* buf, const dropbear_dss_key *key) {
   
dropbear_assert(key != NULL); dropbear_assert(key != NULL);
buf_putstring(buf, SSH_SIGNKEY_DSS, SSH_SIGNKEY_DSS_LEN); buf_putstring(buf, SSH_SIGNKEY_DSS, SSH_SIGNKEY_DSS_LEN);
@@ -139,7 +139,7 @@ void buf_put_dss_pub_key(buffer* buf, dropbear_dss_key *key) {
@@ -139,7 +139,7 @@ void buf_put_dss_pub_key(buffer* buf, dropbear_dss_key *key) {
} }
   
/* Same as buf_put_dss_pub_key, but with the private "x" key appended */ /* Same as buf_put_dss_pub_key, but with the private "x" key appended */
void buf_put_dss_priv_key(buffer* buf, dropbear_dss_key *key) { void buf_put_dss_priv_key(buffer* buf, const dropbear_dss_key *key) {
   
dropbear_assert(key != NULL); dropbear_assert(key != NULL);
buf_put_dss_pub_key(buf, key); buf_put_dss_pub_key(buf, key);
@@ -150,7 +150,7 @@ void buf_put_dss_priv_key(buffer* buf, dropbear_dss_key *key) {
@@ -150,7 +150,7 @@ void buf_put_dss_priv_key(buffer* buf, dropbear_dss_key *key) {
#if DROPBEAR_SIGNKEY_VERIFY #if DROPBEAR_SIGNKEY_VERIFY
/* Verify a DSS signature (in buf) made on data by the key given. /* Verify a DSS signature (in buf) made on data by the key given.
* returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */ * returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
int buf_dss_verify(buffer* buf, dropbear_dss_key *key, buffer *data_buf) { int buf_dss_verify(buffer* buf, const dropbear_dss_key *key, const buffer *data_buf) {
unsigned char msghash[SHA1_HASH_SIZE]; unsigned char msghash[SHA1_HASH_SIZE];
hash_state hs; hash_state hs;
int ret = DROPBEAR_FAILURE; int ret = DROPBEAR_FAILURE;
@@ -255,7 +255,7 @@ out:
@@ -255,7 +255,7 @@ out:
   
/* Sign the data presented with key, writing the signature contents /* Sign the data presented with key, writing the signature contents
* to the buffer */ * to the buffer */
void buf_put_dss_sign(buffer* buf, dropbear_dss_key *key, buffer *data_buf) { void buf_put_dss_sign(buffer* buf, const dropbear_dss_key *key, const buffer *data_buf) {
unsigned char msghash[SHA1_HASH_SIZE]; unsigned char msghash[SHA1_HASH_SIZE];
unsigned int writelen; unsigned int writelen;
unsigned int i; unsigned int i;
dss.h
View file @ 278a3e43
@@ -44,14 +44,14 @@ typedef struct {
@@ -44,14 +44,14 @@ typedef struct {
#define DSS_P_BITS 1024 #define DSS_P_BITS 1024
#define DSS_Q_BITS 160 #define DSS_Q_BITS 160
   
void buf_put_dss_sign(buffer* buf, dropbear_dss_key *key, buffer *data_buf); void buf_put_dss_sign(buffer* buf, const dropbear_dss_key *key, const buffer *data_buf);
#if DROPBEAR_SIGNKEY_VERIFY #if DROPBEAR_SIGNKEY_VERIFY
int buf_dss_verify(buffer* buf, dropbear_dss_key *key, buffer *data_buf); int buf_dss_verify(buffer* buf, const dropbear_dss_key *key, const buffer *data_buf);
#endif #endif
int buf_get_dss_pub_key(buffer* buf, dropbear_dss_key *key); int buf_get_dss_pub_key(buffer* buf, dropbear_dss_key *key);
int buf_get_dss_priv_key(buffer* buf, dropbear_dss_key *key); int buf_get_dss_priv_key(buffer* buf, dropbear_dss_key *key);
void buf_put_dss_pub_key(buffer* buf, dropbear_dss_key *key); void buf_put_dss_pub_key(buffer* buf, const dropbear_dss_key *key);
void buf_put_dss_priv_key(buffer* buf, dropbear_dss_key *key); void buf_put_dss_priv_key(buffer* buf, const dropbear_dss_key *key);
void dss_key_free(dropbear_dss_key *key); void dss_key_free(dropbear_dss_key *key);
   
#endif /* DROPBEAR_DSS */ #endif /* DROPBEAR_DSS */
ecc.c
View file @ 278a3e43
@@ -82,7 +82,7 @@ ecc_key * new_ecc_key(void) {
@@ -82,7 +82,7 @@ ecc_key * new_ecc_key(void) {
   
/* Copied from libtomcrypt ecc_import.c (version there is static), modified /* Copied from libtomcrypt ecc_import.c (version there is static), modified
for different mp_int pointer without LTC_SOURCE */ for different mp_int pointer without LTC_SOURCE */
static int ecc_is_point(ecc_key *key) static int ecc_is_point(const ecc_key *key)
{ {
mp_int *prime, *b, *t1, *t2; mp_int *prime, *b, *t1, *t2;
int err; int err;
@@ -213,7 +213,7 @@ ecc_key * buf_get_ecc_raw_pubkey(buffer *buf, const struct dropbear_ecc_curve *c
@@ -213,7 +213,7 @@ ecc_key * buf_get_ecc_raw_pubkey(buffer *buf, const struct dropbear_ecc_curve *c
   
/* a modified version of libtomcrypt's "ecc_shared_secret" to output /* a modified version of libtomcrypt's "ecc_shared_secret" to output
a mp_int instead. */ a mp_int instead. */
mp_int * dropbear_ecc_shared_secret(ecc_key *public_key, ecc_key *private_key) mp_int * dropbear_ecc_shared_secret(ecc_key *public_key, const ecc_key *private_key)
{ {
ecc_point *result = NULL; ecc_point *result = NULL;
mp_int *prime = NULL, *shared_secret = NULL; mp_int *prime = NULL, *shared_secret = NULL;
ecc.h
View file @ 278a3e43
@@ -29,7 +29,7 @@ void buf_put_ecc_raw_pubkey_string(buffer *buf, ecc_key *key);
@@ -29,7 +29,7 @@ void buf_put_ecc_raw_pubkey_string(buffer *buf, ecc_key *key);
ecc_key * buf_get_ecc_raw_pubkey(buffer *buf, const struct dropbear_ecc_curve *curve); ecc_key * buf_get_ecc_raw_pubkey(buffer *buf, const struct dropbear_ecc_curve *curve);
int buf_get_ecc_privkey_string(buffer *buf, ecc_key *key); int buf_get_ecc_privkey_string(buffer *buf, ecc_key *key);
   
mp_int * dropbear_ecc_shared_secret(ecc_key *pub_key, ecc_key *priv_key); mp_int * dropbear_ecc_shared_secret(ecc_key *pub_key, const ecc_key *priv_key);
   
#endif #endif
   
ecdsa.c
View file @ 278a3e43
@@ -15,7 +15,7 @@ int signkey_is_ecdsa(enum signkey_type type)
@@ -15,7 +15,7 @@ int signkey_is_ecdsa(enum signkey_type type)
|| type == DROPBEAR_SIGNKEY_ECDSA_NISTP521; || type == DROPBEAR_SIGNKEY_ECDSA_NISTP521;
} }
   
enum signkey_type ecdsa_signkey_type(ecc_key * key) { enum signkey_type ecdsa_signkey_type(const ecc_key * key) {
#if DROPBEAR_ECC_256 #if DROPBEAR_ECC_256
if (key->dp == ecc_curve_nistp256.dp) { if (key->dp == ecc_curve_nistp256.dp) {
return DROPBEAR_SIGNKEY_ECDSA_NISTP256; return DROPBEAR_SIGNKEY_ECDSA_NISTP256;
@@ -154,7 +154,7 @@ void buf_put_ecdsa_priv_key(buffer *buf, ecc_key *key) {
@@ -154,7 +154,7 @@ void buf_put_ecdsa_priv_key(buffer *buf, ecc_key *key) {
buf_putmpint(buf, key->k); buf_putmpint(buf, key->k);
} }
   
void buf_put_ecdsa_sign(buffer *buf, ecc_key *key, buffer *data_buf) { void buf_put_ecdsa_sign(buffer *buf, const ecc_key *key, const buffer *data_buf) {
/* Based on libtomcrypt's ecc_sign_hash but without the asn1 */ /* Based on libtomcrypt's ecc_sign_hash but without the asn1 */
int err = DROPBEAR_FAILURE; int err = DROPBEAR_FAILURE;
struct dropbear_ecc_curve *curve = NULL; struct dropbear_ecc_curve *curve = NULL;
@@ -272,7 +272,7 @@ out:
@@ -272,7 +272,7 @@ out:
} }
   
   
int buf_ecdsa_verify(buffer *buf, ecc_key *key, buffer *data_buf) { int buf_ecdsa_verify(buffer *buf, const ecc_key *key, const buffer *data_buf) {
/* Based on libtomcrypt's ecc_verify_hash but without the asn1 */ /* Based on libtomcrypt's ecc_verify_hash but without the asn1 */
int ret = DROPBEAR_FAILURE; int ret = DROPBEAR_FAILURE;
hash_state hs; hash_state hs;
ecdsa.h
View file @ 278a3e43
@@ -23,10 +23,10 @@ ecc_key *buf_get_ecdsa_pub_key(buffer* buf);
@@ -23,10 +23,10 @@ ecc_key *buf_get_ecdsa_pub_key(buffer* buf);
ecc_key *buf_get_ecdsa_priv_key(buffer *buf); ecc_key *buf_get_ecdsa_priv_key(buffer *buf);
void buf_put_ecdsa_pub_key(buffer *buf, ecc_key *key); void buf_put_ecdsa_pub_key(buffer *buf, ecc_key *key);
void buf_put_ecdsa_priv_key(buffer *buf, ecc_key *key); void buf_put_ecdsa_priv_key(buffer *buf, ecc_key *key);
enum signkey_type ecdsa_signkey_type(ecc_key * key); enum signkey_type ecdsa_signkey_type(const ecc_key * key);
   
void buf_put_ecdsa_sign(buffer *buf, ecc_key *key, buffer *data_buf); void buf_put_ecdsa_sign(buffer *buf, const ecc_key *key, const buffer *data_buf);
int buf_ecdsa_verify(buffer *buf, ecc_key *key, buffer *data_buf); int buf_ecdsa_verify(buffer *buf, const ecc_key *key, const buffer *data_buf);
/* Returns 1 on success */ /* Returns 1 on success */
int signkey_is_ecdsa(enum signkey_type type); int signkey_is_ecdsa(enum signkey_type type);
   
gendss.c
View file @ 278a3e43
@@ -37,11 +37,11 @@
@@ -37,11 +37,11 @@
   
#if DROPBEAR_DSS #if DROPBEAR_DSS
   
static void getq(dropbear_dss_key *key); static void getq(const dropbear_dss_key *key);
static void getp(dropbear_dss_key *key, unsigned int size); static void getp(const dropbear_dss_key *key, unsigned int size);
static void getg(dropbear_dss_key *key); static void getg(const dropbear_dss_key *key);
static void getx(dropbear_dss_key *key); static void getx(const dropbear_dss_key *key);
static void gety(dropbear_dss_key *key); static void gety(const dropbear_dss_key *key);
   
dropbear_dss_key * gen_dss_priv_key(unsigned int size) { dropbear_dss_key * gen_dss_priv_key(unsigned int size) {
   
@@ -65,7 +65,7 @@ dropbear_dss_key * gen_dss_priv_key(unsigned int size) {
@@ -65,7 +65,7 @@ dropbear_dss_key * gen_dss_priv_key(unsigned int size) {
} }
   
static void getq(dropbear_dss_key *key) { static void getq(const dropbear_dss_key *key) {
   
unsigned char buf[QSIZE]; unsigned char buf[QSIZE];
   
@@ -83,7 +83,7 @@ static void getq(dropbear_dss_key *key) {
@@ -83,7 +83,7 @@ static void getq(dropbear_dss_key *key) {
} }
} }
   
static void getp(dropbear_dss_key *key, unsigned int size) { static void getp(const dropbear_dss_key *key, unsigned int size) {
   
DEF_MP_INT(tempX); DEF_MP_INT(tempX);
DEF_MP_INT(tempC); DEF_MP_INT(tempC);
@@ -142,7 +142,7 @@ static void getp(dropbear_dss_key *key, unsigned int size) {
@@ -142,7 +142,7 @@ static void getp(dropbear_dss_key *key, unsigned int size) {
m_free(buf); m_free(buf);
} }
   
static void getg(dropbear_dss_key * key) { static void getg(const dropbear_dss_key * key) {
   
DEF_MP_INT(div); DEF_MP_INT(div);
DEF_MP_INT(h); DEF_MP_INT(h);
@@ -179,12 +179,12 @@ static void getg(dropbear_dss_key * key) {
@@ -179,12 +179,12 @@ static void getg(dropbear_dss_key * key) {
mp_clear_multi(&div, &h, &val, NULL); mp_clear_multi(&div, &h, &val, NULL);
} }
   
static void getx(dropbear_dss_key *key) { static void getx(const dropbear_dss_key *key) {
   
gen_random_mpint(key->q, key->x); gen_random_mpint(key->q, key->x);
} }
   
static void gety(dropbear_dss_key *key) { static void gety(const dropbear_dss_key *key) {
   
if (mp_exptmod(key->g, key->x, key->p, key->y) != MP_OKAY) { if (mp_exptmod(key->g, key->x, key->p, key->y) != MP_OKAY) {
fprintf(stderr, "DSS key generation failed\n"); fprintf(stderr, "DSS key generation failed\n");
kex.h
View file @ 278a3e43
@@ -50,7 +50,7 @@ void kexecdh_comb_key(struct kex_ecdh_param *param, buffer *pub_them,
@@ -50,7 +50,7 @@ void kexecdh_comb_key(struct kex_ecdh_param *param, buffer *pub_them,
#if DROPBEAR_CURVE25519 #if DROPBEAR_CURVE25519
struct kex_curve25519_param *gen_kexcurve25519_param(void); struct kex_curve25519_param *gen_kexcurve25519_param(void);
void free_kexcurve25519_param(struct kex_curve25519_param *param); void free_kexcurve25519_param(struct kex_curve25519_param *param);
void kexcurve25519_comb_key(struct kex_curve25519_param *param, buffer *pub_them, void kexcurve25519_comb_key(const struct kex_curve25519_param *param, const buffer *pub_them,
sign_key *hostkey); sign_key *hostkey);
#endif #endif