summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
-rw-r--r--Makefile.in8
-rw-r--r--common-session.c4
-rw-r--r--configure.ac14
-rw-r--r--includes.h2
-rw-r--r--pubkeyapi.h34
-rw-r--r--runopts.h2
-rw-r--r--session.h12
-rw-r--r--svr-authpubkey.c18
-rw-r--r--svr-runopts.c10
-rw-r--r--svr-session.c54
-rw-r--r--sysoptions.h4
11 files changed, 81 insertions, 81 deletions
diff --git a/Makefile.in b/Makefile.in
index e363fd9..4bac2f7 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -80,13 +80,13 @@ else
scpobjs=$(SCPOBJS)
endif
-ifeq (@DROPBEAR_EPKA@, 1)
+ifeq (@DROPBEAR_PLUGIN@, 1)
# rdynamic makes all the global symbols of dropbear available to all the loaded shared libraries
# this allow a plugin to reuse existing crypto/utilities like base64_decode/base64_encode without
# the need to rewrite them.
- EPKA_LIBS=-ldl -rdynamic
+ PLUGIN_LIBS=-ldl -rdynamic
else
- EPKA_LIBS=
+ PLUGIN_LIBS=
endif
VPATH=@srcdir@
@@ -198,7 +198,7 @@ dropbearkey: $(dropbearkeyobjs)
dropbearconvert: $(dropbearconvertobjs)
dropbear: $(HEADERS) $(LIBTOM_DEPS) Makefile
- $(CC) $(LDFLAGS) -o $@$(EXEEXT) $($@objs) $(LIBTOM_LIBS) $(LIBS) @CRYPTLIB@ $(EPKA_LIBS)
+ $(CC) $(LDFLAGS) -o $@$(EXEEXT) $($@objs) $(LIBTOM_LIBS) $(LIBS) @CRYPTLIB@ $(PLUGIN_LIBS)
dbclient: $(HEADERS) $(LIBTOM_DEPS) Makefile
$(CC) $(LDFLAGS) -o $@$(EXEEXT) $($@objs) $(LIBTOM_LIBS) $(LIBS)
diff --git a/common-session.c b/common-session.c
index a6449ca..fc0f9a0 100644
--- a/common-session.c
+++ b/common-session.c
@@ -147,8 +147,8 @@ void common_session_init(int sock_in, int sock_out) {
ses.allowprivport = 0;
-#if DROPBEAR_EPKA
- ses.epka_session = NULL;
+#if DROPBEAR_PLUGIN
+ ses.plugin_session = NULL;
#endif
TRACE(("leave session_init"))
diff --git a/configure.ac b/configure.ac
index bbbfd02..9996c34 100644
--- a/configure.ac
+++ b/configure.ac
@@ -323,20 +323,20 @@ AC_ARG_ENABLE(shadow,
]
)
-AC_ARG_ENABLE(epka,
- [ --enable-epka Enable support for External Public Key Authentication plug-in],
+AC_ARG_ENABLE(plugin,
+ [ --enable-plugin Enable support for External Public Key Authentication plug-in],
[
- AC_DEFINE(DROPBEAR_EPKA, 1, External Public Key Authentication)
+ AC_DEFINE(DROPBEAR_PLUGIN, 1, External Public Key Authentication)
AC_MSG_NOTICE(Enabling support for External Public Key Authentication)
- DROPBEAR_EPKA=1
+ DROPBEAR_PLUGIN=1
],
[
- AC_DEFINE(DROPBEAR_EPKA, 0, External Public Key Authentication)
- DROPBEAR_EPKA=0
+ AC_DEFINE(DROPBEAR_PLUGIN, 0, External Public Key Authentication)
+ DROPBEAR_PLUGIN=0
]
)
-AC_SUBST(DROPBEAR_EPKA)
+AC_SUBST(DROPBEAR_PLUGIN)
AC_ARG_ENABLE(fuzz,
[ --enable-fuzz Build fuzzing. Not recommended for deployment.],
diff --git a/includes.h b/includes.h
index 2fa26c4..6432d6e 100644
--- a/includes.h
+++ b/includes.h
@@ -164,7 +164,7 @@ typedef u_int32_t uint32_t;
#include <linux/pkt_sched.h>
#endif
-#if DROPBEAR_EPKA
+#if DROPBEAR_PLUGIN
#include <dlfcn.h>
#endif
diff --git a/pubkeyapi.h b/pubkeyapi.h
index 9ca9551..21b1f24 100644
--- a/pubkeyapi.h
+++ b/pubkeyapi.h
@@ -33,21 +33,21 @@
*
*/
-struct EPKAInstance;
-struct EPKASession;
+struct PluginInstance;
+struct PluginSession;
/* API VERSION INFORMATION -
* Dropbear will:
* - Reject any plugin with a major version mismatch
* - Load and print a warning if the plugin's minor version is HIGHER than
* dropbear's minor version (assumes properties are added at the end of
- * EPKAInstance or EPKASession). This is a case of plugin newer than dropbear.
+ * PluginInstance or PluginSession). This is a case of plugin newer than dropbear.
* - Reject if the plugin minor version is SMALLER than dropbear one (case
* of plugin older than dropbear).
* - Load (with no warnings) if version match.
*/
-#define DROPBEAR_EPKA_VERSION_MAJOR 1
-#define DROPBEAR_EPKA_VERSION_MINOR 0
+#define DROPBEAR_PLUGIN_VERSION_MAJOR 1
+#define DROPBEAR_PLUGIN_VERSION_MINOR 0
/* Creates an instance of the plugin.
@@ -60,7 +60,7 @@ struct EPKASession;
* If the version MINOR is different, dropbear will allow the plugin to run
* only if: plugin_MINOR > dropbear_MINOR
*
- * If plugin_MINOR < dropbeart_MINOR or if the MAJOR version is different
+ * If plugin_MINOR < dropbear_MINOR or if the MAJOR version is different
* dropbear will reject the plugin and terminate the execution.
*
* addrstring is the IP address of the client.
@@ -68,7 +68,7 @@ struct EPKASession;
* Returns NULL in case of failure, otherwise a void * of the instance that need
* to be passed to all the subsequent call to the plugin
*/
-typedef struct EPKAInstance *(* PubkeyExtPlugin_newFn)(int verbose,
+typedef struct PluginInstance *(* PubkeyExtPlugin_newFn)(int verbose,
const char *options,
const char *addrstring);
#define DROPBEAR_PUBKEY_PLUGIN_FNNAME_NEW "plugin_new"
@@ -83,8 +83,8 @@ typedef struct EPKAInstance *(* PubkeyExtPlugin_newFn)(int verbose,
* Returns DROPBEAR_SUCCESS (0) if success or DROPBEAR_FAILURE (-1) if
* authentication fails
*/
-typedef int (* PubkeyExtPlugin_checkPubKeyFn)(struct EPKAInstance *pluginInstance,
- struct EPKASession **sessionInOut,
+typedef int (* PubkeyExtPlugin_checkPubKeyFn)(struct PluginInstance *PluginInstance,
+ struct PluginSession **sessionInOut,
const char* algo,
unsigned int algolen,
const unsigned char* keyblob,
@@ -93,18 +93,18 @@ typedef int (* PubkeyExtPlugin_checkPubKeyFn)(struct EPKAInstance *pluginInstanc
/* Notify the plugin that auth completed (after signature verification)
*/
-typedef void (* PubkeyExtPlugin_authSuccessFn)(struct EPKASession *session);
+typedef void (* PubkeyExtPlugin_authSuccessFn)(struct PluginSession *session);
/* Deletes a session
* TODO: Add a reason why the session is terminated. See svr_dropbear_exit (in svr-session.c)
*/
-typedef void (* PubkeyExtPlugin_sessionDeleteFn)(struct EPKASession *session);
+typedef void (* PubkeyExtPlugin_sessionDeleteFn)(struct PluginSession *session);
/* Deletes the plugin instance */
-typedef void (* PubkeyExtPlugin_deleteFn)(struct EPKAInstance *pluginInstance);
+typedef void (* PubkeyExtPlugin_deleteFn)(struct PluginInstance *PluginInstance);
-/* The EPKAInstance object - A simple container of the pointer to the functions used
+/* The PluginInstance object - A simple container of the pointer to the functions used
* by Dropbear.
*
* A plug-in can extend it to add its own properties
@@ -113,7 +113,7 @@ typedef void (* PubkeyExtPlugin_deleteFn)(struct EPKAInstance *pluginInstance);
* shared library.
* The delete_plugin function should delete the object.
*/
-struct EPKAInstance {
+struct PluginInstance {
int api_version[2]; /* 0=Major, 1=Minor */
PubkeyExtPlugin_checkPubKeyFn checkpubkey; /* mandatory */
@@ -129,7 +129,7 @@ struct EPKAInstance {
* The returned buffer will be destroyed when the session is deleted.
* Option buffer string NULL-terminated
*/
-typedef char * (* PubkeyExtPlugin_getOptionsFn)(struct EPKASession *session);
+typedef char * (* PubkeyExtPlugin_getOptionsFn)(struct PluginSession *session);
/* An SSH Session. Created during pre-auth and reused during the authentication.
@@ -142,8 +142,8 @@ typedef char * (* PubkeyExtPlugin_getOptionsFn)(struct EPKASession *session);
*
* Store any optional auth options in the auth_options property of the session.
*/
-struct EPKASession {
- struct EPKAInstance * plugin_instance;
+struct PluginSession {
+ struct PluginInstance * plugin_instance;
PubkeyExtPlugin_getOptionsFn get_options;
};
diff --git a/runopts.h b/runopts.h
index f173678..6a4a94c 100644
--- a/runopts.h
+++ b/runopts.h
@@ -125,7 +125,7 @@ typedef struct svr_runopts {
char * forced_command;
-#if DROPBEAR_EPKA
+#if DROPBEAR_PLUGIN
char *pubkey_plugin;
char *pubkey_plugin_options;
#endif
diff --git a/session.h b/session.h
index efade6e..e436882 100644
--- a/session.h
+++ b/session.h
@@ -38,7 +38,7 @@
#include "chansession.h"
#include "dbutil.h"
#include "netio.h"
-#if DROPBEAR_EPKA
+#if DROPBEAR_PLUGIN
#include "pubkeyapi.h"
#endif
@@ -220,8 +220,8 @@ struct sshsession {
/* set once the ses structure (and cli_ses/svr_ses) have been populated to their initial state */
int init_done;
-#if DROPBEAR_EPKA
- struct EPKASession * epka_session;
+#if DROPBEAR_PLUGIN
+ struct PluginSession * plugin_session;
#endif
};
@@ -248,12 +248,12 @@ struct serversession {
pid_t server_pid;
#endif
-#if DROPBEAR_EPKA
+#if DROPBEAR_PLUGIN
/* The shared library handle */
- void *epka_plugin_handle;
+ void *plugin_handle;
/* The instance created by the plugin_new function */
- struct EPKAInstance *epka_instance;
+ struct PluginInstance *plugin_instance;
#endif
};
diff --git a/svr-authpubkey.c b/svr-authpubkey.c
index 9d70bfb..5c234b9 100644
--- a/svr-authpubkey.c
+++ b/svr-authpubkey.c
@@ -111,12 +111,12 @@ void svr_auth_pubkey(int valid_user) {
send_msg_userauth_failure(0, 0);
goto out;
}
-#if DROPBEAR_EPKA
- if (svr_ses.epka_instance != NULL) {
+#if DROPBEAR_PLUGIN
+ if (svr_ses.plugin_instance != NULL) {
char *options_buf;
- if (svr_ses.epka_instance->checkpubkey(
- svr_ses.epka_instance,
- &ses.epka_session,
+ if (svr_ses.plugin_instance->checkpubkey(
+ svr_ses.plugin_instance,
+ &ses.plugin_session,
algo,
algolen,
keyblob,
@@ -126,7 +126,7 @@ void svr_auth_pubkey(int valid_user) {
auth_failure = 0;
/* Options provided? */
- options_buf = ses.epka_session->get_options(ses.epka_session);
+ options_buf = ses.plugin_session->get_options(ses.plugin_session);
if (options_buf) {
struct buf temp_buf = {
.data = (unsigned char *)options_buf,
@@ -193,10 +193,10 @@ void svr_auth_pubkey(int valid_user) {
"Pubkey auth succeeded for '%s' with key %s from %s",
ses.authstate.pw_name, fp, svr_ses.addrstring);
send_msg_userauth_success();
-#if DROPBEAR_EPKA
- if ((ses.epka_session != NULL) && (svr_ses.epka_instance->auth_success != NULL)) {
+#if DROPBEAR_PLUGIN
+ if ((ses.plugin_session != NULL) && (svr_ses.plugin_instance->auth_success != NULL)) {
/* Was authenticated through the external plugin. tell plugin that signature verification was ok */
- svr_ses.epka_instance->auth_success(ses.epka_session);
+ svr_ses.plugin_instance->auth_success(ses.plugin_session);
}
#endif
diff --git a/svr-runopts.c b/svr-runopts.c
index 19ce14c..d7a0d5a 100644
--- a/svr-runopts.c
+++ b/svr-runopts.c
@@ -99,7 +99,7 @@ static void printhelp(const char * progname) {
"-W <receive_window_buffer> (default %d, larger may be faster, max 1MB)\n"
"-K <keepalive> (0 is never, default %d, in seconds)\n"
"-I <idle_timeout> (0 is never, default %d, in seconds)\n"
-#if DROPBEAR_EPKA
+#if DROPBEAR_PLUGIN
"-A <authplugin>[,<options>]\n"
" Enable external public key auth through <authplugin>\n"
#endif
@@ -133,7 +133,7 @@ void svr_getopts(int argc, char ** argv) {
char* maxauthtries_arg = NULL;
char* keyfile = NULL;
char c;
-#if DROPBEAR_EPKA
+#if DROPBEAR_PLUGIN
char* pubkey_plugin = NULL;
#endif
@@ -163,7 +163,7 @@ void svr_getopts(int argc, char ** argv) {
#if DROPBEAR_SVR_REMOTETCPFWD
svr_opts.noremotetcp = 0;
#endif
-#if DROPBEAR_EPKA
+#if DROPBEAR_PLUGIN
svr_opts.pubkey_plugin = NULL;
svr_opts.pubkey_plugin_options = NULL;
#endif
@@ -285,7 +285,7 @@ void svr_getopts(int argc, char ** argv) {
case 'u':
/* backwards compatibility with old urandom option */
break;
-#if DROPBEAR_EPKA
+#if DROPBEAR_PLUGIN
case 'A':
next = &pubkey_plugin;
break;
@@ -410,7 +410,7 @@ void svr_getopts(int argc, char ** argv) {
if (svr_opts.forced_command) {
dropbear_log(LOG_INFO, "Forced command set to '%s'", svr_opts.forced_command);
}
-#if DROPBEAR_EPKA
+#if DROPBEAR_PLUGIN
if (pubkey_plugin) {
char *args = strchr(pubkey_plugin, ',');
if (args) {
diff --git a/svr-session.c b/svr-session.c
index 3ea7589..47f36b5 100644
--- a/svr-session.c
+++ b/svr-session.c
@@ -89,15 +89,15 @@ svr_session_cleanup(void) {
m_free(svr_ses.childpids);
svr_ses.childpidsize = 0;
-#if DROPBEAR_EPKA
- if (svr_ses.epka_plugin_handle != NULL) {
- if (svr_ses.epka_instance) {
- svr_ses.epka_instance->delete_plugin(svr_ses.epka_instance);
- svr_ses.epka_instance = NULL;
+#if DROPBEAR_PLUGIN
+ if (svr_ses.plugin_handle != NULL) {
+ if (svr_ses.plugin_instance) {
+ svr_ses.plugin_instance->delete_plugin(svr_ses.plugin_instance);
+ svr_ses.plugin_instance = NULL;
}
- dlclose(svr_ses.epka_plugin_handle);
- svr_ses.epka_plugin_handle = NULL;
+ dlclose(svr_ses.plugin_handle);
+ svr_ses.plugin_handle = NULL;
}
#endif
}
@@ -122,10 +122,10 @@ void svr_session(int sock, int childpipe) {
m_free(host);
m_free(port);
-#if DROPBEAR_EPKA
- /* Initializes the EPKA Plugin */
- svr_ses.epka_plugin_handle = NULL;
- svr_ses.epka_instance = NULL;
+#if DROPBEAR_PLUGIN
+ /* Initializes the PLUGIN Plugin */
+ svr_ses.plugin_handle = NULL;
+ svr_ses.plugin_instance = NULL;
if (svr_opts.pubkey_plugin) {
#if DEBUG_TRACE
const int verbose = debug_trace;
@@ -135,33 +135,33 @@ void svr_session(int sock, int childpipe) {
PubkeyExtPlugin_newFn pluginConstructor;
/* RTLD_NOW: fails if not all the symbols are resolved now. Better fail now than at run-time */
- svr_ses.epka_plugin_handle = dlopen(svr_opts.pubkey_plugin, RTLD_NOW);
- if (svr_ses.epka_plugin_handle == NULL) {
+ svr_ses.plugin_handle = dlopen(svr_opts.pubkey_plugin, RTLD_NOW);
+ if (svr_ses.plugin_handle == NULL) {
dropbear_exit("failed to load external pubkey plugin '%s': %s", svr_opts.pubkey_plugin, dlerror());
}
- pluginConstructor = (PubkeyExtPlugin_newFn)dlsym(svr_ses.epka_plugin_handle, DROPBEAR_PUBKEY_PLUGIN_FNNAME_NEW);
+ pluginConstructor = (PubkeyExtPlugin_newFn)dlsym(svr_ses.plugin_handle, DROPBEAR_PUBKEY_PLUGIN_FNNAME_NEW);
if (!pluginConstructor) {
dropbear_exit("plugin constructor method not found in external pubkey plugin");
}
/* Create an instance of the plugin */
- svr_ses.epka_instance = pluginConstructor(verbose, svr_opts.pubkey_plugin_options, svr_ses.addrstring);
- if (svr_ses.epka_instance == NULL) {
+ svr_ses.plugin_instance = pluginConstructor(verbose, svr_opts.pubkey_plugin_options, svr_ses.addrstring);
+ if (svr_ses.plugin_instance == NULL) {
dropbear_exit("external plugin initialization failed");
}
/* Check if the plugin is compatible */
- if ( (svr_ses.epka_instance->api_version[0] != DROPBEAR_EPKA_VERSION_MAJOR) ||
- (svr_ses.epka_instance->api_version[1] < DROPBEAR_EPKA_VERSION_MINOR) ) {
+ if ( (svr_ses.plugin_instance->api_version[0] != DROPBEAR_PLUGIN_VERSION_MAJOR) ||
+ (svr_ses.plugin_instance->api_version[1] < DROPBEAR_PLUGIN_VERSION_MINOR) ) {
dropbear_exit("plugin version check failed: "
"Dropbear=%d.%d, plugin=%d.%d",
- DROPBEAR_EPKA_VERSION_MAJOR, DROPBEAR_EPKA_VERSION_MINOR,
- svr_ses.epka_instance->api_version[0], svr_ses.epka_instance->api_version[1]);
+ DROPBEAR_PLUGIN_VERSION_MAJOR, DROPBEAR_PLUGIN_VERSION_MINOR,
+ svr_ses.plugin_instance->api_version[0], svr_ses.plugin_instance->api_version[1]);
}
- if (svr_ses.epka_instance->api_version[1] > DROPBEAR_EPKA_VERSION_MINOR) {
+ if (svr_ses.plugin_instance->api_version[1] > DROPBEAR_PLUGIN_VERSION_MINOR) {
dropbear_log(LOG_WARNING, "plugin API newer than dropbear API: "
"Dropbear=%d.%d, plugin=%d.%d",
- DROPBEAR_EPKA_VERSION_MAJOR, DROPBEAR_EPKA_VERSION_MINOR,
- svr_ses.epka_instance->api_version[0], svr_ses.epka_instance->api_version[1]);
+ DROPBEAR_PLUGIN_VERSION_MAJOR, DROPBEAR_PLUGIN_VERSION_MINOR,
+ svr_ses.plugin_instance->api_version[0], svr_ses.plugin_instance->api_version[1]);
}
dropbear_log(LOG_INFO, "successfully loaded and initialized pubkey plugin '%s'", svr_opts.pubkey_plugin);
}
@@ -209,11 +209,11 @@ void svr_dropbear_exit(int exitcode, const char* format, va_list param) {
char fullmsg[300];
int i;
-#if DROPBEAR_EPKA
- if ((ses.epka_session != NULL)) {
- svr_ses.epka_instance->delete_session(ses.epka_session);
+#if DROPBEAR_PLUGIN
+ if ((ses.plugin_session != NULL)) {
+ svr_ses.plugin_instance->delete_session(ses.plugin_session);
}
- ses.epka_session = NULL;
+ ses.plugin_session = NULL;
#endif
/* Render the formatted exit message */
diff --git a/sysoptions.h b/sysoptions.h
index 58604f0..cfd5469 100644
--- a/sysoptions.h
+++ b/sysoptions.h
@@ -243,8 +243,8 @@ If you test it please contact the Dropbear author */
#error "At least one server authentication type must be enabled. DROPBEAR_SVR_PUBKEY_AUTH and DROPBEAR_SVR_PASSWORD_AUTH are recommended."
#endif
-#if (DROPBEAR_EPKA && !DROPBEAR_SVR_PUBKEY_AUTH)
- #error "You must define DROPBEAR_SVR_PUBKEY_AUTH in order to use External Public Key Authentication (EPKA)"
+#if (DROPBEAR_PLUGIN && !DROPBEAR_SVR_PUBKEY_AUTH)
+ #error "You must define DROPBEAR_SVR_PUBKEY_AUTH in order to use plugins"
#endif
#if !(DROPBEAR_AES128 || DROPBEAR_3DES || DROPBEAR_AES256 || DROPBEAR_BLOWFISH \