diff options
| -rw-r--r-- | Makefile.in | 3 | ||||
| -rw-r--r-- | cli-auth.c | 2 | ||||
| -rw-r--r-- | cli-chansession.c | 4 | ||||
| -rw-r--r-- | cli-kex.c | 62 | ||||
| -rw-r--r-- | common-channel.c | 2 | ||||
| -rw-r--r-- | random.c | 16 | ||||
| -rw-r--r-- | svr-auth.c | 7 | ||||
| -rw-r--r-- | svr-chansession.c | 2 | ||||
| -rw-r--r-- | svr-main.c | 1 |
9 files changed, 56 insertions, 43 deletions
diff --git a/Makefile.in b/Makefile.in index fc17c1f..1ce13d2 100644 --- a/Makefile.in +++ b/Makefile.in @@ -69,7 +69,8 @@ AR=@AR@ RANLIB=@RANLIB@ STRIP=@STRIP@ INSTALL=@INSTALL@ -CFLAGS=-I. -I$(srcdir)/libtomcrypt/src/headers/ @CFLAGS@ +CPPFLAGS=@CPPFLAGS@ +CFLAGS=-I. -I$(srcdir)/libtomcrypt/src/headers/ $(CPPFLAGS) @CFLAGS@ LIBS=$(LTC) $(LTM) @LIBS@ LDFLAGS=@LDFLAGS@ @@ -236,8 +236,8 @@ void recv_msg_userauth_success() { void cli_auth_try() { - TRACE(("enter cli_auth_try")) int finished = 0; + TRACE(("enter cli_auth_try")) CHECKCLEARTOWRITE(); diff --git a/cli-chansession.c b/cli-chansession.c index 6d358b7..fee8a22 100644 --- a/cli-chansession.c +++ b/cli-chansession.c @@ -162,8 +162,6 @@ void cli_tty_cleanup() { static void put_termcodes() { - TRACE(("enter put_termcodes")) - struct termios tio; unsigned int sshcode; const struct TermCode *termcode; @@ -172,6 +170,8 @@ static void put_termcodes() { unsigned int bufpos1, bufpos2; + TRACE(("enter put_termcodes")) + if (tcgetattr(STDIN_FILENO, &tio) == -1) { dropbear_log(LOG_WARNING, "Failed reading termmodes"); buf_putint(ses.writepayload, 1); /* Just the terminator */ @@ -145,6 +145,7 @@ static void checkhostkey(unsigned char* keyblob, unsigned int keybloblen) { FILE *hostsfile = NULL; int readonly = 0; struct passwd *pw = NULL; + char * homedir = NULL; unsigned int hostlen, algolen; unsigned long len; const char *algoname = NULL; @@ -153,41 +154,50 @@ static void checkhostkey(unsigned char* keyblob, unsigned int keybloblen) { pw = getpwuid(getuid()); - if (pw == NULL) { - dropbear_exit("Failed to get homedir"); + if (pw) + homedir = pw->pw_dir; } + pw = NULL; - len = strlen(pw->pw_dir); - filename = m_malloc(len + 18); /* "/.ssh/known_hosts" and null-terminator*/ - - snprintf(filename, len+18, "%s/.ssh", pw->pw_dir); - /* Check that ~/.ssh exists - easiest way is just to mkdir */ - if (mkdir(filename, S_IRWXU) != 0) { - if (errno != EEXIST) { - dropbear_log(LOG_INFO, "Warning: failed creating ~/.ssh: %s", - strerror(errno)); - TRACE(("mkdir didn't work: %s", strerror(errno))) - ask_to_confirm(keyblob, keybloblen); - goto out; /* only get here on success */ - } + if (!homedir) + homedir = getenv("HOME"); } - snprintf(filename, len+18, "%s/.ssh/known_hosts", pw->pw_dir); - hostsfile = fopen(filename, "a+"); - - if (hostsfile != NULL) { - fseek(hostsfile, 0, SEEK_SET); - } else { - /* We mightn't have been able to open it if it was read-only */ - if (errno == EACCES || errno == EROFS) { - TRACE(("trying readonly: %s", strerror(errno))) - readonly = 1; - hostsfile = fopen(filename, "r"); + if (homedir) { + + len = strlen(homedir); + filename = m_malloc(len + 18); /* "/.ssh/known_hosts" and null-terminator*/ + + snprintf(filename, len+18, "%s/.ssh", homedir); + /* Check that ~/.ssh exists - easiest way is just to mkdir */ + if (mkdir(filename, S_IRWXU) != 0) { + if (errno != EEXIST) { + dropbear_log(LOG_INFO, "Warning: failed creating ~/.ssh: %s", + strerror(errno)); + TRACE(("mkdir didn't work: %s", strerror(errno))) + ask_to_confirm(keyblob, keybloblen); + goto out; /* only get here on success */ + } + } + + snprintf(filename, len+18, "%s/.ssh/known_hosts", homedir); + hostsfile = fopen(filename, "a+"); + + if (hostsfile != NULL) { + fseek(hostsfile, 0, SEEK_SET); + } else { + /* We mightn't have been able to open it if it was read-only */ + if (errno == EACCES || errno == EROFS) { + TRACE(("trying readonly: %s", strerror(errno))) + readonly = 1; + hostsfile = fopen(filename, "r"); + } } } if (hostsfile == NULL) { TRACE(("hostsfile didn't open: %s", strerror(errno))) + dropbear_log(LOG_WARNING, "Failed to open ~/.ssh/known_hosts"); ask_to_confirm(keyblob, keybloblen); goto out; /* We only get here on success */ } diff --git a/common-channel.c b/common-channel.c index 68d2b48..0be354d 100644 --- a/common-channel.c +++ b/common-channel.c @@ -236,7 +236,7 @@ static void checkclose(struct Channel *channel) { TRACE(("checkclose: writefd %d, readfd %d, errfd %d, sentclosed %d, recvclosed %d", channel->writefd, channel->readfd, channel->errfd, channel->sentclosed, channel->recvclosed)) - TRACE(("writebuf %d extrabuf %s extrabuf %d", + TRACE(("writebuf size %d extrabuf ptr 0x%x extrabuf size %d", cbuf_getused(channel->writebuf), channel->writebuf, channel->writebuf ? 0 : cbuf_getused(channel->extrabuf))) @@ -31,7 +31,8 @@ static int donerandinit = 0; /* this is used to generate unique output from the same hashpool */ static uint32_t counter = 0; -#define MAX_COUNTER 1<<31 /* the max value for the counter, so it won't loop */ +/* the max value for the counter, so it won't integer overflow */ +#define MAX_COUNTER 1<<30 static unsigned char hashpool[SHA1_HASH_SIZE]; @@ -129,7 +130,7 @@ void seedrandom() { hash_state hs; /* initialise so that things won't warn about - * hashing an undefined buffer */ + * hashing an undefined buffer */ if (!donerandinit) { m_burn(hashpool, sizeof(hashpool)); } @@ -152,18 +153,17 @@ void seedrandom() { * the random pools for fork()ed processes. */ void reseedrandom() { - pid_t pid; - struct timeval tv; + pid_t pid; + hash_state hs; + struct timeval tv; if (!donerandinit) { dropbear_exit("seedrandom not done"); } - pid = getpid(); - gettimeofday(&tv, NULL); + pid = getpid(); + gettimeofday(&tv, NULL); - hash_state hs; - unsigned char hash[SHA1_HASH_SIZE]; sha1_init(&hs); sha1_process(&hs, (void*)hashpool, sizeof(hashpool)); sha1_process(&hs, (void*)&pid, sizeof(pid)); @@ -315,14 +315,15 @@ void send_msg_userauth_failure(int partial, int incrfail) { buf_setpos(typebuf, 0); buf_putstring(ses.writepayload, buf_getptr(typebuf, typebuf->len), typebuf->len); + + TRACE(("auth fail: methods %d, '%s'", ses.authstate.authtypes, + buf_getptr(typebuf, typebuf->len))); + buf_free(typebuf); buf_putbyte(ses.writepayload, partial ? 1 : 0); encrypt_packet(); - TRACE(("auth fail: methods %d, '%s'", ses.authstate.authtypes, - buf_getptr(typebuf, typebuf->len))); - if (incrfail) { usleep(300000); /* XXX improve this */ ses.authstate.failcount++; diff --git a/svr-chansession.c b/svr-chansession.c index 0916e7e..605bb60 100644 --- a/svr-chansession.c +++ b/svr-chansession.c @@ -410,7 +410,7 @@ static int sessionwinchange(struct ChanSess *chansess) { pty_change_window_size(chansess->master, termr, termc, termw, termh); - return DROPBEAR_FAILURE; + return DROPBEAR_SUCCESS; } static void get_termmodes(struct ChanSess *chansess) { @@ -28,6 +28,7 @@ #include "buffer.h" #include "signkey.h" #include "runopts.h" +#include "random.h" static size_t listensockets(int *sock, size_t sockcount, int *maxfd); static void sigchld_handler(int dummy); |