diff options
-rw-r--r-- | Makefile.in | 8 | ||||
-rw-r--r-- | common-session.c | 4 | ||||
-rw-r--r-- | configure.ac | 14 | ||||
-rw-r--r-- | includes.h | 2 | ||||
-rw-r--r-- | pubkeyapi.h | 34 | ||||
-rw-r--r-- | runopts.h | 2 | ||||
-rw-r--r-- | session.h | 12 | ||||
-rw-r--r-- | svr-authpubkey.c | 18 | ||||
-rw-r--r-- | svr-runopts.c | 10 | ||||
-rw-r--r-- | svr-session.c | 54 | ||||
-rw-r--r-- | sysoptions.h | 4 |
11 files changed, 81 insertions, 81 deletions
diff --git a/Makefile.in b/Makefile.in index e363fd9..4bac2f7 100644 --- a/Makefile.in +++ b/Makefile.in @@ -80,13 +80,13 @@ else scpobjs=$(SCPOBJS) endif -ifeq (@DROPBEAR_EPKA@, 1) +ifeq (@DROPBEAR_PLUGIN@, 1) # rdynamic makes all the global symbols of dropbear available to all the loaded shared libraries # this allow a plugin to reuse existing crypto/utilities like base64_decode/base64_encode without # the need to rewrite them. - EPKA_LIBS=-ldl -rdynamic + PLUGIN_LIBS=-ldl -rdynamic else - EPKA_LIBS= + PLUGIN_LIBS= endif VPATH=@srcdir@ @@ -198,7 +198,7 @@ dropbearkey: $(dropbearkeyobjs) dropbearconvert: $(dropbearconvertobjs) dropbear: $(HEADERS) $(LIBTOM_DEPS) Makefile - $(CC) $(LDFLAGS) -o $@$(EXEEXT) $($@objs) $(LIBTOM_LIBS) $(LIBS) @CRYPTLIB@ $(EPKA_LIBS) + $(CC) $(LDFLAGS) -o $@$(EXEEXT) $($@objs) $(LIBTOM_LIBS) $(LIBS) @CRYPTLIB@ $(PLUGIN_LIBS) dbclient: $(HEADERS) $(LIBTOM_DEPS) Makefile $(CC) $(LDFLAGS) -o $@$(EXEEXT) $($@objs) $(LIBTOM_LIBS) $(LIBS) diff --git a/common-session.c b/common-session.c index a6449ca..fc0f9a0 100644 --- a/common-session.c +++ b/common-session.c @@ -147,8 +147,8 @@ void common_session_init(int sock_in, int sock_out) { ses.allowprivport = 0; -#if DROPBEAR_EPKA - ses.epka_session = NULL; +#if DROPBEAR_PLUGIN + ses.plugin_session = NULL; #endif TRACE(("leave session_init")) diff --git a/configure.ac b/configure.ac index bbbfd02..9996c34 100644 --- a/configure.ac +++ b/configure.ac @@ -323,20 +323,20 @@ AC_ARG_ENABLE(shadow, ] ) -AC_ARG_ENABLE(epka, - [ --enable-epka Enable support for External Public Key Authentication plug-in], +AC_ARG_ENABLE(plugin, + [ --enable-plugin Enable support for External Public Key Authentication plug-in], [ - AC_DEFINE(DROPBEAR_EPKA, 1, External Public Key Authentication) + AC_DEFINE(DROPBEAR_PLUGIN, 1, External Public Key Authentication) AC_MSG_NOTICE(Enabling support for External Public Key Authentication) - DROPBEAR_EPKA=1 + DROPBEAR_PLUGIN=1 ], [ - AC_DEFINE(DROPBEAR_EPKA, 0, External Public Key Authentication) - DROPBEAR_EPKA=0 + AC_DEFINE(DROPBEAR_PLUGIN, 0, External Public Key Authentication) + DROPBEAR_PLUGIN=0 ] ) -AC_SUBST(DROPBEAR_EPKA) +AC_SUBST(DROPBEAR_PLUGIN) AC_ARG_ENABLE(fuzz, [ --enable-fuzz Build fuzzing. Not recommended for deployment.], @@ -164,7 +164,7 @@ typedef u_int32_t uint32_t; #include <linux/pkt_sched.h> #endif -#if DROPBEAR_EPKA +#if DROPBEAR_PLUGIN #include <dlfcn.h> #endif diff --git a/pubkeyapi.h b/pubkeyapi.h index 9ca9551..21b1f24 100644 --- a/pubkeyapi.h +++ b/pubkeyapi.h @@ -33,21 +33,21 @@ * */ -struct EPKAInstance; -struct EPKASession; +struct PluginInstance; +struct PluginSession; /* API VERSION INFORMATION - * Dropbear will: * - Reject any plugin with a major version mismatch * - Load and print a warning if the plugin's minor version is HIGHER than * dropbear's minor version (assumes properties are added at the end of - * EPKAInstance or EPKASession). This is a case of plugin newer than dropbear. + * PluginInstance or PluginSession). This is a case of plugin newer than dropbear. * - Reject if the plugin minor version is SMALLER than dropbear one (case * of plugin older than dropbear). * - Load (with no warnings) if version match. */ -#define DROPBEAR_EPKA_VERSION_MAJOR 1 -#define DROPBEAR_EPKA_VERSION_MINOR 0 +#define DROPBEAR_PLUGIN_VERSION_MAJOR 1 +#define DROPBEAR_PLUGIN_VERSION_MINOR 0 /* Creates an instance of the plugin. @@ -60,7 +60,7 @@ struct EPKASession; * If the version MINOR is different, dropbear will allow the plugin to run * only if: plugin_MINOR > dropbear_MINOR * - * If plugin_MINOR < dropbeart_MINOR or if the MAJOR version is different + * If plugin_MINOR < dropbear_MINOR or if the MAJOR version is different * dropbear will reject the plugin and terminate the execution. * * addrstring is the IP address of the client. @@ -68,7 +68,7 @@ struct EPKASession; * Returns NULL in case of failure, otherwise a void * of the instance that need * to be passed to all the subsequent call to the plugin */ -typedef struct EPKAInstance *(* PubkeyExtPlugin_newFn)(int verbose, +typedef struct PluginInstance *(* PubkeyExtPlugin_newFn)(int verbose, const char *options, const char *addrstring); #define DROPBEAR_PUBKEY_PLUGIN_FNNAME_NEW "plugin_new" @@ -83,8 +83,8 @@ typedef struct EPKAInstance *(* PubkeyExtPlugin_newFn)(int verbose, * Returns DROPBEAR_SUCCESS (0) if success or DROPBEAR_FAILURE (-1) if * authentication fails */ -typedef int (* PubkeyExtPlugin_checkPubKeyFn)(struct EPKAInstance *pluginInstance, - struct EPKASession **sessionInOut, +typedef int (* PubkeyExtPlugin_checkPubKeyFn)(struct PluginInstance *PluginInstance, + struct PluginSession **sessionInOut, const char* algo, unsigned int algolen, const unsigned char* keyblob, @@ -93,18 +93,18 @@ typedef int (* PubkeyExtPlugin_checkPubKeyFn)(struct EPKAInstance *pluginInstanc /* Notify the plugin that auth completed (after signature verification) */ -typedef void (* PubkeyExtPlugin_authSuccessFn)(struct EPKASession *session); +typedef void (* PubkeyExtPlugin_authSuccessFn)(struct PluginSession *session); /* Deletes a session * TODO: Add a reason why the session is terminated. See svr_dropbear_exit (in svr-session.c) */ -typedef void (* PubkeyExtPlugin_sessionDeleteFn)(struct EPKASession *session); +typedef void (* PubkeyExtPlugin_sessionDeleteFn)(struct PluginSession *session); /* Deletes the plugin instance */ -typedef void (* PubkeyExtPlugin_deleteFn)(struct EPKAInstance *pluginInstance); +typedef void (* PubkeyExtPlugin_deleteFn)(struct PluginInstance *PluginInstance); -/* The EPKAInstance object - A simple container of the pointer to the functions used +/* The PluginInstance object - A simple container of the pointer to the functions used * by Dropbear. * * A plug-in can extend it to add its own properties @@ -113,7 +113,7 @@ typedef void (* PubkeyExtPlugin_deleteFn)(struct EPKAInstance *pluginInstance); * shared library. * The delete_plugin function should delete the object. */ -struct EPKAInstance { +struct PluginInstance { int api_version[2]; /* 0=Major, 1=Minor */ PubkeyExtPlugin_checkPubKeyFn checkpubkey; /* mandatory */ @@ -129,7 +129,7 @@ struct EPKAInstance { * The returned buffer will be destroyed when the session is deleted. * Option buffer string NULL-terminated */ -typedef char * (* PubkeyExtPlugin_getOptionsFn)(struct EPKASession *session); +typedef char * (* PubkeyExtPlugin_getOptionsFn)(struct PluginSession *session); /* An SSH Session. Created during pre-auth and reused during the authentication. @@ -142,8 +142,8 @@ typedef char * (* PubkeyExtPlugin_getOptionsFn)(struct EPKASession *session); * * Store any optional auth options in the auth_options property of the session. */ -struct EPKASession { - struct EPKAInstance * plugin_instance; +struct PluginSession { + struct PluginInstance * plugin_instance; PubkeyExtPlugin_getOptionsFn get_options; }; @@ -125,7 +125,7 @@ typedef struct svr_runopts { char * forced_command; -#if DROPBEAR_EPKA +#if DROPBEAR_PLUGIN char *pubkey_plugin; char *pubkey_plugin_options; #endif @@ -38,7 +38,7 @@ #include "chansession.h" #include "dbutil.h" #include "netio.h" -#if DROPBEAR_EPKA +#if DROPBEAR_PLUGIN #include "pubkeyapi.h" #endif @@ -220,8 +220,8 @@ struct sshsession { /* set once the ses structure (and cli_ses/svr_ses) have been populated to their initial state */ int init_done; -#if DROPBEAR_EPKA - struct EPKASession * epka_session; +#if DROPBEAR_PLUGIN + struct PluginSession * plugin_session; #endif }; @@ -248,12 +248,12 @@ struct serversession { pid_t server_pid; #endif -#if DROPBEAR_EPKA +#if DROPBEAR_PLUGIN /* The shared library handle */ - void *epka_plugin_handle; + void *plugin_handle; /* The instance created by the plugin_new function */ - struct EPKAInstance *epka_instance; + struct PluginInstance *plugin_instance; #endif }; diff --git a/svr-authpubkey.c b/svr-authpubkey.c index 9d70bfb..5c234b9 100644 --- a/svr-authpubkey.c +++ b/svr-authpubkey.c @@ -111,12 +111,12 @@ void svr_auth_pubkey(int valid_user) { send_msg_userauth_failure(0, 0); goto out; } -#if DROPBEAR_EPKA - if (svr_ses.epka_instance != NULL) { +#if DROPBEAR_PLUGIN + if (svr_ses.plugin_instance != NULL) { char *options_buf; - if (svr_ses.epka_instance->checkpubkey( - svr_ses.epka_instance, - &ses.epka_session, + if (svr_ses.plugin_instance->checkpubkey( + svr_ses.plugin_instance, + &ses.plugin_session, algo, algolen, keyblob, @@ -126,7 +126,7 @@ void svr_auth_pubkey(int valid_user) { auth_failure = 0; /* Options provided? */ - options_buf = ses.epka_session->get_options(ses.epka_session); + options_buf = ses.plugin_session->get_options(ses.plugin_session); if (options_buf) { struct buf temp_buf = { .data = (unsigned char *)options_buf, @@ -193,10 +193,10 @@ void svr_auth_pubkey(int valid_user) { "Pubkey auth succeeded for '%s' with key %s from %s", ses.authstate.pw_name, fp, svr_ses.addrstring); send_msg_userauth_success(); -#if DROPBEAR_EPKA - if ((ses.epka_session != NULL) && (svr_ses.epka_instance->auth_success != NULL)) { +#if DROPBEAR_PLUGIN + if ((ses.plugin_session != NULL) && (svr_ses.plugin_instance->auth_success != NULL)) { /* Was authenticated through the external plugin. tell plugin that signature verification was ok */ - svr_ses.epka_instance->auth_success(ses.epka_session); + svr_ses.plugin_instance->auth_success(ses.plugin_session); } #endif diff --git a/svr-runopts.c b/svr-runopts.c index 19ce14c..d7a0d5a 100644 --- a/svr-runopts.c +++ b/svr-runopts.c @@ -99,7 +99,7 @@ static void printhelp(const char * progname) { "-W <receive_window_buffer> (default %d, larger may be faster, max 1MB)\n" "-K <keepalive> (0 is never, default %d, in seconds)\n" "-I <idle_timeout> (0 is never, default %d, in seconds)\n" -#if DROPBEAR_EPKA +#if DROPBEAR_PLUGIN "-A <authplugin>[,<options>]\n" " Enable external public key auth through <authplugin>\n" #endif @@ -133,7 +133,7 @@ void svr_getopts(int argc, char ** argv) { char* maxauthtries_arg = NULL; char* keyfile = NULL; char c; -#if DROPBEAR_EPKA +#if DROPBEAR_PLUGIN char* pubkey_plugin = NULL; #endif @@ -163,7 +163,7 @@ void svr_getopts(int argc, char ** argv) { #if DROPBEAR_SVR_REMOTETCPFWD svr_opts.noremotetcp = 0; #endif -#if DROPBEAR_EPKA +#if DROPBEAR_PLUGIN svr_opts.pubkey_plugin = NULL; svr_opts.pubkey_plugin_options = NULL; #endif @@ -285,7 +285,7 @@ void svr_getopts(int argc, char ** argv) { case 'u': /* backwards compatibility with old urandom option */ break; -#if DROPBEAR_EPKA +#if DROPBEAR_PLUGIN case 'A': next = &pubkey_plugin; break; @@ -410,7 +410,7 @@ void svr_getopts(int argc, char ** argv) { if (svr_opts.forced_command) { dropbear_log(LOG_INFO, "Forced command set to '%s'", svr_opts.forced_command); } -#if DROPBEAR_EPKA +#if DROPBEAR_PLUGIN if (pubkey_plugin) { char *args = strchr(pubkey_plugin, ','); if (args) { diff --git a/svr-session.c b/svr-session.c index 3ea7589..47f36b5 100644 --- a/svr-session.c +++ b/svr-session.c @@ -89,15 +89,15 @@ svr_session_cleanup(void) { m_free(svr_ses.childpids); svr_ses.childpidsize = 0; -#if DROPBEAR_EPKA - if (svr_ses.epka_plugin_handle != NULL) { - if (svr_ses.epka_instance) { - svr_ses.epka_instance->delete_plugin(svr_ses.epka_instance); - svr_ses.epka_instance = NULL; +#if DROPBEAR_PLUGIN + if (svr_ses.plugin_handle != NULL) { + if (svr_ses.plugin_instance) { + svr_ses.plugin_instance->delete_plugin(svr_ses.plugin_instance); + svr_ses.plugin_instance = NULL; } - dlclose(svr_ses.epka_plugin_handle); - svr_ses.epka_plugin_handle = NULL; + dlclose(svr_ses.plugin_handle); + svr_ses.plugin_handle = NULL; } #endif } @@ -122,10 +122,10 @@ void svr_session(int sock, int childpipe) { m_free(host); m_free(port); -#if DROPBEAR_EPKA - /* Initializes the EPKA Plugin */ - svr_ses.epka_plugin_handle = NULL; - svr_ses.epka_instance = NULL; +#if DROPBEAR_PLUGIN + /* Initializes the PLUGIN Plugin */ + svr_ses.plugin_handle = NULL; + svr_ses.plugin_instance = NULL; if (svr_opts.pubkey_plugin) { #if DEBUG_TRACE const int verbose = debug_trace; @@ -135,33 +135,33 @@ void svr_session(int sock, int childpipe) { PubkeyExtPlugin_newFn pluginConstructor; /* RTLD_NOW: fails if not all the symbols are resolved now. Better fail now than at run-time */ - svr_ses.epka_plugin_handle = dlopen(svr_opts.pubkey_plugin, RTLD_NOW); - if (svr_ses.epka_plugin_handle == NULL) { + svr_ses.plugin_handle = dlopen(svr_opts.pubkey_plugin, RTLD_NOW); + if (svr_ses.plugin_handle == NULL) { dropbear_exit("failed to load external pubkey plugin '%s': %s", svr_opts.pubkey_plugin, dlerror()); } - pluginConstructor = (PubkeyExtPlugin_newFn)dlsym(svr_ses.epka_plugin_handle, DROPBEAR_PUBKEY_PLUGIN_FNNAME_NEW); + pluginConstructor = (PubkeyExtPlugin_newFn)dlsym(svr_ses.plugin_handle, DROPBEAR_PUBKEY_PLUGIN_FNNAME_NEW); if (!pluginConstructor) { dropbear_exit("plugin constructor method not found in external pubkey plugin"); } /* Create an instance of the plugin */ - svr_ses.epka_instance = pluginConstructor(verbose, svr_opts.pubkey_plugin_options, svr_ses.addrstring); - if (svr_ses.epka_instance == NULL) { + svr_ses.plugin_instance = pluginConstructor(verbose, svr_opts.pubkey_plugin_options, svr_ses.addrstring); + if (svr_ses.plugin_instance == NULL) { dropbear_exit("external plugin initialization failed"); } /* Check if the plugin is compatible */ - if ( (svr_ses.epka_instance->api_version[0] != DROPBEAR_EPKA_VERSION_MAJOR) || - (svr_ses.epka_instance->api_version[1] < DROPBEAR_EPKA_VERSION_MINOR) ) { + if ( (svr_ses.plugin_instance->api_version[0] != DROPBEAR_PLUGIN_VERSION_MAJOR) || + (svr_ses.plugin_instance->api_version[1] < DROPBEAR_PLUGIN_VERSION_MINOR) ) { dropbear_exit("plugin version check failed: " "Dropbear=%d.%d, plugin=%d.%d", - DROPBEAR_EPKA_VERSION_MAJOR, DROPBEAR_EPKA_VERSION_MINOR, - svr_ses.epka_instance->api_version[0], svr_ses.epka_instance->api_version[1]); + DROPBEAR_PLUGIN_VERSION_MAJOR, DROPBEAR_PLUGIN_VERSION_MINOR, + svr_ses.plugin_instance->api_version[0], svr_ses.plugin_instance->api_version[1]); } - if (svr_ses.epka_instance->api_version[1] > DROPBEAR_EPKA_VERSION_MINOR) { + if (svr_ses.plugin_instance->api_version[1] > DROPBEAR_PLUGIN_VERSION_MINOR) { dropbear_log(LOG_WARNING, "plugin API newer than dropbear API: " "Dropbear=%d.%d, plugin=%d.%d", - DROPBEAR_EPKA_VERSION_MAJOR, DROPBEAR_EPKA_VERSION_MINOR, - svr_ses.epka_instance->api_version[0], svr_ses.epka_instance->api_version[1]); + DROPBEAR_PLUGIN_VERSION_MAJOR, DROPBEAR_PLUGIN_VERSION_MINOR, + svr_ses.plugin_instance->api_version[0], svr_ses.plugin_instance->api_version[1]); } dropbear_log(LOG_INFO, "successfully loaded and initialized pubkey plugin '%s'", svr_opts.pubkey_plugin); } @@ -209,11 +209,11 @@ void svr_dropbear_exit(int exitcode, const char* format, va_list param) { char fullmsg[300]; int i; -#if DROPBEAR_EPKA - if ((ses.epka_session != NULL)) { - svr_ses.epka_instance->delete_session(ses.epka_session); +#if DROPBEAR_PLUGIN + if ((ses.plugin_session != NULL)) { + svr_ses.plugin_instance->delete_session(ses.plugin_session); } - ses.epka_session = NULL; + ses.plugin_session = NULL; #endif /* Render the formatted exit message */ diff --git a/sysoptions.h b/sysoptions.h index 58604f0..cfd5469 100644 --- a/sysoptions.h +++ b/sysoptions.h @@ -243,8 +243,8 @@ If you test it please contact the Dropbear author */ #error "At least one server authentication type must be enabled. DROPBEAR_SVR_PUBKEY_AUTH and DROPBEAR_SVR_PASSWORD_AUTH are recommended." #endif -#if (DROPBEAR_EPKA && !DROPBEAR_SVR_PUBKEY_AUTH) - #error "You must define DROPBEAR_SVR_PUBKEY_AUTH in order to use External Public Key Authentication (EPKA)" +#if (DROPBEAR_PLUGIN && !DROPBEAR_SVR_PUBKEY_AUTH) + #error "You must define DROPBEAR_SVR_PUBKEY_AUTH in order to use plugins" #endif #if !(DROPBEAR_AES128 || DROPBEAR_3DES || DROPBEAR_AES256 || DROPBEAR_BLOWFISH \ |