diff options
| -rw-r--r-- | Makefile.in | 4 | ||||
| -rw-r--r-- | authpasswd.h | 33 | ||||
| -rw-r--r-- | authpubkey.h | 33 | ||||
| -rw-r--r-- | cli-auth.c | 10 | ||||
| -rw-r--r-- | cli-authpasswd.c | 2 | ||||
| -rw-r--r-- | cli-authpubkey.c | 2 | ||||
| -rw-r--r-- | cli-runopts.c | 14 | ||||
| -rw-r--r-- | cli-session.c | 2 | ||||
| -rw-r--r-- | dbutil.c | 2 | ||||
| -rw-r--r-- | options.h | 12 | ||||
| -rw-r--r-- | runopts.h | 2 | ||||
| -rw-r--r-- | svr-auth.c | 10 | ||||
| -rw-r--r-- | svr-authpasswd.c | 5 | ||||
| -rw-r--r-- | svr-authpubkey.c | 5 | ||||
| -rw-r--r-- | svr-runopts.c | 4 | ||||
| -rw-r--r-- | svr-session.c | 3 |
16 files changed, 38 insertions, 105 deletions
diff --git a/Makefile.in b/Makefile.in index f70bca2..761a3c9 100644 --- a/Makefile.in +++ b/Makefile.in @@ -43,9 +43,9 @@ CONVERTOBJS=dropbearconvert.o keyimport.o SCPOBJS=scp.o progressmeter.o atomicio.o scpmisc.o HEADERS=options.h dbutil.h session.h packet.h algo.h ssh.h buffer.h kex.h \ - dss.h bignum.h signkey.h rsa.h random.h service.h auth.h authpasswd.h \ + dss.h bignum.h signkey.h rsa.h random.h service.h auth.h \ debug.h channel.h chansession.h config.h queue.h sshpty.h \ - termcodes.h gendss.h genrsa.h authpubkey.h runopts.h includes.h \ + termcodes.h gendss.h genrsa.h runopts.h includes.h \ loginrec.h atomicio.h x11fwd.h agentfwd.h tcpfwd.h compat.h \ listener.h fake-rfc2553.h diff --git a/authpasswd.h b/authpasswd.h deleted file mode 100644 index 9738532..0000000 --- a/authpasswd.h +++ /dev/null @@ -1,33 +0,0 @@ -/* - * Dropbear - a SSH2 server - * - * Copyright (c) 2002,2003 Matt Johnston - * All rights reserved. - * - * Permission is hereby granted, free of charge, to any person obtaining a copy - * of this software and associated documentation files (the "Software"), to deal - * in the Software without restriction, including without limitation the rights - * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell - * copies of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in - * all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE - * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER - * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - * SOFTWARE. */ - -#ifndef _AUTH_PASSWD_ -#define _AUTH_PASSWD_ - -#ifdef DROPBEAR_PASSWORD_AUTH - -void passwordauth(); - -#endif /* DROPBEAR_PASSWORD_AUTH */ -#endif /* _AUTH_PASSWD_ */ diff --git a/authpubkey.h b/authpubkey.h deleted file mode 100644 index bf9549e..0000000 --- a/authpubkey.h +++ /dev/null @@ -1,33 +0,0 @@ -/* - * Dropbear - a SSH2 server - * - * Copyright (c) 2002,2003 Matt Johnston - * All rights reserved. - * - * Permission is hereby granted, free of charge, to any person obtaining a copy - * of this software and associated documentation files (the "Software"), to deal - * in the Software without restriction, including without limitation the rights - * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell - * copies of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in - * all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE - * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER - * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - * SOFTWARE. */ - -#ifndef _PUBKEY_AUTH_ -#define _PUBKEY_AUTH_ - -#ifdef DROPBEAR_PUBKEY_AUTH - -void pubkeyauth(); - -#endif /* DROPBEAR_PUBKEY_AUTH */ -#endif /* _PUBKEY_AUTH_ */ @@ -92,7 +92,7 @@ void recv_msg_userauth_failure() { return; } -#ifdef DROPBEAR_PUBKEY_AUTH +#ifdef ENABLE_CLI_PUBKEY_AUTH /* If it was a pubkey auth request, we should cross that key * off the list. */ if (cli_ses.lastauthtype == AUTH_TYPE_PUBKEY) { @@ -126,13 +126,13 @@ void recv_msg_userauth_failure() { for (i = 0; i <= methlen; i++) { if (methods[i] == '\0') { TRACE(("auth method '%s'", tok)); -#ifdef DROPBEAR_PUBKEY_AUTH +#ifdef ENABLE_CLI_PUBKEY_AUTH if (strncmp(AUTH_METHOD_PUBKEY, tok, AUTH_METHOD_PUBKEY_LEN) == 0) { ses.authstate.authtypes |= AUTH_TYPE_PUBKEY; } #endif -#ifdef DROPBEAR_PASSWORD_AUTH +#ifdef ENABLE_CLI_PASSWORD_AUTH if (strncmp(AUTH_METHOD_PASSWORD, tok, AUTH_METHOD_PASSWORD_LEN) == 0) { ses.authstate.authtypes |= AUTH_TYPE_PASSWORD; @@ -163,14 +163,14 @@ void cli_auth_try() { CHECKCLEARTOWRITE(); /* XXX We hardcode that we try a pubkey first */ -#ifdef DROPBEAR_PUBKEY_AUTH +#ifdef ENABLE_CLI_PUBKEY_AUTH if (ses.authstate.authtypes & AUTH_TYPE_PUBKEY) { finished = cli_auth_pubkey(); cli_ses.lastauthtype = AUTH_TYPE_PUBKEY; } #endif -#ifdef DROPBEAR_PASSWORD_AUTH +#ifdef ENABLE_CLI_PASSWORD_AUTH if (!finished && ses.authstate.authtypes & AUTH_TYPE_PASSWORD) { finished = cli_auth_password(); cli_ses.lastauthtype = AUTH_TYPE_PASSWORD; diff --git a/cli-authpasswd.c b/cli-authpasswd.c index c04d240..2a66a06 100644 --- a/cli-authpasswd.c +++ b/cli-authpasswd.c @@ -5,6 +5,7 @@ #include "ssh.h" #include "runopts.h" +#ifdef ENABLE_CLI_PASSWORD_AUTH int cli_auth_password() { char* password = NULL; @@ -35,3 +36,4 @@ int cli_auth_password() { return 1; /* Password auth can always be tried */ } +#endif diff --git a/cli-authpubkey.c b/cli-authpubkey.c index 33514ce..7e380e1 100644 --- a/cli-authpubkey.c +++ b/cli-authpubkey.c @@ -6,6 +6,7 @@ #include "runopts.h" #include "auth.h" +#ifdef ENABLE_CLI_PUBKEY_AUTH static void send_msg_userauth_pubkey(sign_key *key, int type, int realsign); /* Called when we receive a SSH_MSG_USERAUTH_FAILURE for a pubkey request. @@ -158,3 +159,4 @@ int cli_auth_pubkey() { return 0; } } +#endif /* Pubkey auth */ diff --git a/cli-runopts.c b/cli-runopts.c index cef8312..e66f860 100644 --- a/cli-runopts.c +++ b/cli-runopts.c @@ -34,7 +34,7 @@ cli_runopts cli_opts; /* GLOBAL */ static void printhelp(); static void parsehostname(char* userhostarg); -#ifdef DROPBEAR_PUBKEY_AUTH +#ifdef ENABLE_CLI_PUBKEY_AUTH static void loadidentityfile(const char* filename); #endif #ifdef ENABLE_CLI_ANYTCPFWD @@ -49,7 +49,7 @@ static void printhelp() { "-p <remoteport>\n" "-t Allocate a pty\n" "-T Don't allocate a pty\n" -#ifdef DROPBEAR_PUBKEY_AUTH +#ifdef ENABLE_CLI_PUBKEY_AUTH "-i <identityfile> (multiple allowed)\n" #endif #ifdef ENABLE_CLI_LOCALTCPFWD @@ -67,7 +67,7 @@ void cli_getopts(int argc, char ** argv) { unsigned int i, j; char ** next = 0; unsigned int cmdlen; -#ifdef DROPBEAR_PUBKEY_AUTH +#ifdef ENABLE_CLI_PUBKEY_AUTH int nextiskey = 0; /* A flag if the next argument is a keyfile */ #endif #ifdef ENABLE_CLI_LOCALTCPFWD @@ -85,7 +85,7 @@ void cli_getopts(int argc, char ** argv) { cli_opts.username = NULL; cli_opts.cmd = NULL; cli_opts.wantpty = 9; /* 9 means "it hasn't been touched", gets set later */ -#ifdef DROPBEAR_PUBKEY_AUTH +#ifdef ENABLE_CLI_PUBKEY_AUTH cli_opts.pubkeys = NULL; #endif #ifdef ENABLE_CLI_LOCALTCPFWD @@ -103,7 +103,7 @@ void cli_getopts(int argc, char ** argv) { /* Iterate all the arguments */ for (i = 1; i < (unsigned int)argc; i++) { -#ifdef DROPBEAR_PUBKEY_AUTH +#ifdef ENABLE_CLI_PUBKEY_AUTH if (nextiskey) { /* Load a hostkey since the previous argument was "-i" */ loadidentityfile(argv[i]); @@ -150,7 +150,7 @@ void cli_getopts(int argc, char ** argv) { case 'p': /* remoteport */ next = &cli_opts.remoteport; break; -#ifdef DROPBEAR_PUBKEY_AUTH +#ifdef ENABLE_CLI_PUBKEY_AUTH case 'i': /* an identityfile */ nextiskey = 1; break; @@ -255,7 +255,7 @@ void cli_getopts(int argc, char ** argv) { } } -#ifdef DROPBEAR_PUBKEY_AUTH +#ifdef ENABLE_CLI_PUBKEY_AUTH static void loadidentityfile(const char* filename) { struct PubkeyList * nextkey; diff --git a/cli-session.c b/cli-session.c index 20ce89a..07a5ba8 100644 --- a/cli-session.c +++ b/cli-session.c @@ -37,7 +37,7 @@ static const packettype cli_packettypes[] = { {SSH_MSG_CHANNEL_OPEN_CONFIRMATION, recv_msg_channel_open_confirmation}, {SSH_MSG_CHANNEL_OPEN_FAILURE, recv_msg_channel_open_failure}, {SSH_MSG_USERAUTH_BANNER, recv_msg_userauth_banner}, /* client */ -#ifdef DROPBEAR_PUBKEY_AUTH +#ifdef ENABLE_CLI_PUBKEY_AUTH {SSH_MSG_USERAUTH_PK_OK, recv_msg_userauth_pk_ok}, /* client */ #endif {0, 0} /* End */ @@ -442,7 +442,7 @@ int buf_readfile(buffer* buf, const char* filename) { * authkeys file. * Will return DROPBEAR_SUCCESS if data is read, or DROPBEAR_FAILURE on EOF.*/ /* Only used for ~/.ssh/known_hosts and ~/.ssh/authorized_keys */ -#if defined(DROPBEAR_CLIENT) || defined(DROPBEAR_PUBKEY_AUTH) +#if defined(DROPBEAR_CLIENT) || defined(ENABLE_SVR_PUBKEY_AUTH) int buf_getline(buffer * line, FILE * authfile) { int c = EOF; @@ -114,11 +114,11 @@ /* Authentication types to enable, at least one required. RFC Draft requires pubkey auth, and recommends password */ -#define DROPBEAR_SVR_PASSWORD_AUTH -#define DROPBEAR_SVR_PUBKEY_AUTH +#define ENABLE_SVR_PASSWORD_AUTH +#define ENABLE_SVR_PUBKEY_AUTH -#define DROPBEAR_CLI_PASSWORD_AUTH -#define DROPBEAR_CLI_PUBKEY_AUTH +#define ENABLE_CLI_PASSWORD_AUTH +#define ENABLE_CLI_PUBKEY_AUTH /* Random device to use - you must specify _one only_. * DEV_RANDOM is recommended on hosts with a good /dev/urandom, otherwise use @@ -241,7 +241,7 @@ #define DROPBEAR_COMP_ZLIB 1 /* Required for pubkey auth */ -#if defined(DROPBEAR_PUBKEY_AUTH) || defined(DROPBEAR_CLIENT) +#if defined(ENABLE_SVR_PUBKEY_AUTH) || defined(DROPBEAR_CLIENT) #define DROPBEAR_SIGNKEY_VERIFY #endif @@ -320,7 +320,7 @@ #define USING_LISTENERS #endif -#if defined(DROPBEAR_CLIENT) || defined(DROPBEAR_PUBKEY_AUTH) +#if defined(DROPBEAR_CLIENT) || defined(ENABLE_SVR_PUBKEY_AUTH) #define DROPBEAR_KEY_LINES /* ie we're using authorized_keys or known_hosts */ #endif @@ -91,7 +91,7 @@ typedef struct cli_runopts { char *cmd; int wantpty; -#ifdef DROPBEAR_PUBKEY_AUTH +#ifdef ENABLE_CLI_PUBKEY_AUTH struct PubkeyList *pubkeys; /* Keys to use for public-key auth */ #endif #ifdef ENABLE_CLI_REMOTETCPFWD @@ -32,8 +32,6 @@ #include "ssh.h" #include "packet.h" #include "auth.h" -#include "authpasswd.h" -#include "authpubkey.h" #include "runopts.h" static void authclear(); @@ -54,10 +52,10 @@ void svr_authinitialise() { static void authclear() { memset(&ses.authstate, 0, sizeof(ses.authstate)); -#ifdef DROPBEAR_PUBKEY_AUTH +#ifdef ENABLE_SVR_PUBKEY_AUTH ses.authstate.authtypes |= AUTH_TYPE_PUBKEY; #endif -#ifdef DROPBEAR_PASSWORD_AUTH +#ifdef ENABLE_SVR_PASSWORD_AUTH if (!svr_opts.noauthpass) { ses.authstate.authtypes |= AUTH_TYPE_PASSWORD; } @@ -143,7 +141,7 @@ void recv_msg_userauth_request() { goto out; } -#ifdef DROPBEAR_PASSWORD_AUTH +#ifdef ENABLE_SVR_PASSWORD_AUTH if (!svr_opts.noauthpass && !(svr_opts.norootpass && ses.authstate.pw->pw_uid == 0) ) { /* user wants to try password auth */ @@ -156,7 +154,7 @@ void recv_msg_userauth_request() { } #endif -#ifdef DROPBEAR_PUBKEY_AUTH +#ifdef ENABLE_SVR_PUBKEY_AUTH /* user wants to try pubkey auth */ if (methodlen == AUTH_METHOD_PUBKEY_LEN && strncmp(methodname, AUTH_METHOD_PUBKEY, diff --git a/svr-authpasswd.c b/svr-authpasswd.c index 7249553..7c6c7b7 100644 --- a/svr-authpasswd.c +++ b/svr-authpasswd.c @@ -29,9 +29,8 @@ #include "buffer.h" #include "dbutil.h" #include "auth.h" -#include "authpasswd.h" -#ifdef DROPBEAR_PASSWORD_AUTH +#ifdef ENABLE_SVR_PASSWORD_AUTH /* Process a password auth request, sending success or failure messages as * appropriate */ @@ -105,4 +104,4 @@ void svr_auth_password() { } -#endif /* DROPBEAR_PASSWORD_AUTH */ +#endif diff --git a/svr-authpubkey.c b/svr-authpubkey.c index 53d5c06..9205078 100644 --- a/svr-authpubkey.c +++ b/svr-authpubkey.c @@ -30,12 +30,11 @@ #include "buffer.h" #include "signkey.h" #include "auth.h" -#include "authpubkey.h" #include "ssh.h" #include "packet.h" #include "algo.h" -#ifdef DROPBEAR_PUBKEY_AUTH +#ifdef ENABLE_SVR_PUBKEY_AUTH #define MIN_AUTHKEYS_LINE 10 /* "ssh-rsa AB" - short but doesn't matter */ #define MAX_AUTHKEYS_LINE 4200 /* max length of a line in authkeys */ @@ -336,4 +335,4 @@ static int checkfileperm(char * filename) { } -#endif /* DROPBEAR_PUBKEY_AUTH */ +#endif diff --git a/svr-runopts.c b/svr-runopts.c index 996c15c..9ecaf32 100644 --- a/svr-runopts.c +++ b/svr-runopts.c @@ -61,7 +61,7 @@ static void printhelp(const char * progname) { "-m Don't display the motd on login\n" #endif "-w Disallow root logins\n" -#ifdef DROPBEAR_PASSWORD_AUTH +#ifdef ENABLE_SVR_PASSWORD_AUTH "-s Disable password logins\n" "-g Disable password logins for root\n" #endif @@ -174,7 +174,7 @@ void svr_getopts(int argc, char ** argv) { case 'w': svr_opts.norootlogin = 1; break; -#ifdef DROPBEAR_PASSWORD_AUTH +#ifdef ENABLE_SVR_PASSWORD_AUTH case 's': svr_opts.noauthpass = 1; break; diff --git a/svr-session.c b/svr-session.c index d46adf4..a24765d 100644 --- a/svr-session.c +++ b/svr-session.c @@ -35,8 +35,7 @@ #include "channel.h" #include "chansession.h" #include "atomicio.h" -#include "tcp-accept.h" -#include "tcp-connect.h" +#include "tcpfwd.h" #include "service.h" #include "auth.h" #include "runopts.h" |