summaryrefslogtreecommitdiffhomepage
path: root/svr-authpubkey.c
AgeCommit message (Collapse)Author
2020-05-17split signkey_type and signature_type for RSA sha1 vs sha256Matt Johnston
2020-04-06use sigtype where appropriateMatt Johnston
2019-05-15Rename EPKA -> PluginMatt Johnston
2019-05-15External Public-Key Authentication API (#72)fabriziobertocci
* Implemented dynamic loading of an external plug-in shared library to delegate public key authentication * Moved conditional compilation of the plugin infrastructure into the configure.ac script to be able to add -ldl to dropbear build only when the flag is enabled * Added tags file to the ignore list * Updated API to have the constructor to return function pointers in the pliugin instance. Added support for passing user name to the checkpubkey function. Added options to the session returned by the plugin and have dropbear to parse and process them * Added -rdynamic to the linker flags when EPKA is enabled * Changed the API to pass a previously created session to the checkPubKey function (created during preauth) * Added documentation to the API * Added parameter addrstring to plugin creation function * Modified the API to retrieve the auth options. Instead of having them as field of the EPKASession struct, they are stored internally (plugin-dependent) in the plugin/session and retrieved through a pointer to a function (in the session) * Changed option string to be a simple char * instead of unsigned char *
2019-03-20Support servers without multiple user support (#76)Patrick Stewart
2019-03-20use strlcpy & strlcat (#74)François Perrad
* refactor checkpubkeyperms() with safe BSD functions fix gcc8 warnings ``` svr-authpubkey.c: In function 'checkpubkeyperms': svr-authpubkey.c:427:2: warning: 'strncat' specified bound 5 equals source length [-Wstringop-overflow=] strncat(filename, "/.ssh", 5); /* strlen("/.ssh") == 5 */ ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~ svr-authpubkey.c:433:2: warning: 'strncat' specified bound 16 equals source length [-Wstringop-overflow=] strncat(filename, "/authorized_keys", 16); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ``` see https://www.sudo.ws/todd/papers/strlcpy.html * restore strlcpy in xstrdup see original https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/xmalloc.c?rev=1.16
2018-08-23Merge bugfix delay invalid usersMatt Johnston
2018-08-23Wait to fail invalid usernamesMatt Johnston
2018-03-07don't allow null characters in authorized_keysMatt Johnston
2018-03-06avoid leak of pubkey_optionsMatt Johnston
2018-02-28- #if not #ifdef for DROPBEAR_FUZZMatt Johnston
- fix some unused variables --HG-- branch : fuzz
2018-02-17merge from mainMatt Johnston
--HG-- branch : fuzz
2018-02-16Remove accidentally committed DROPBEAR_FUZZMatt Johnston
2018-01-25Merge pull request #49 from fperrad/20170812_lintMatt Johnston
Some linting, const parameters
2017-10-04fix checkpubkey_line function name for TRACEMatt Johnston
2017-10-04fix pubkey authentication return valueMatt Johnston
2017-08-19Pointer parameter could be declared as pointing to constFrancois Perrad
2017-05-25limit input sizeMatt Johnston
2017-05-25don't exit encountering short linesMatt Johnston
2017-05-23split out checkpubkey_line() separatelyMatt Johnston
2017-05-18merge 2017.75Matt Johnston
2017-05-10switch user when opening authorized_keysMatt Johnston
2016-05-04Convert #ifdef to #if, other build changesMatt Johnston
2016-03-16fix empty C prototypesFrancois Perrad
2015-06-04buf_getstring and buf_putstring now use non-unsigned char*Matt Johnston
2015-05-05Turn checkpubkey() and send_msg_userauth_pk_ok()'s algo argument into char *Gaël PORTAY
2015-05-05Fix pointer differ in signess warnings [-Werror=pointer-sign]Gaël PORTAY
2015-03-01Fix pubkey auth after change to reuse ses.readbuf as ses.payloadMatt Johnston
(4d7b4c5526c5) --HG-- branch : nocircbuffer
2013-11-12Don't exit fatally if authorized_keys has a line likeMatt Johnston
command="something" ssh-rsa --HG-- branch : ecc
2013-11-12Various cleanups and fixes for warningsMatt Johnston
--HG-- branch : ecc
2013-04-08- Fix various hardcoded uses of SHA1Matt Johnston
- rename curves to nistp256 etc - fix svr-auth.c TRACE problem --HG-- branch : ecc
2013-04-07ecc kind of works, needs fixing/testingMatt Johnston
--HG-- branch : ecc
2011-02-23Improve capitalisation for all logged stringsMatt Johnston
--HG-- extra : convert_revision : 997e53cec7a9efb7413ac6e17b6be60a5597bd2e
2008-09-12- Rework pubkey options to be more careful about buffer lengths. Needs review.Matt Johnston
--HG-- branch : pubkey-options extra : convert_revision : 537a6ebebb46424b967ffe787f0f8560e5f447e8
2008-09-08* Patch from Frédéric Moulins adding options to authorized_keys.Matt Johnston
Needs review. --HG-- branch : pubkey-options extra : convert_revision : 26872f944d79ddacff1070aab32115a6d726392c
2008-01-13Make a copy of passwd fields since getpwnam()'s retval isn't safe to keepMatt Johnston
--HG-- extra : convert_revision : 295b11312e327fe6c4f33512674ea4a1a9790344
2007-02-22Improve known_hosts checking.Matt Johnston
--HG-- extra : convert_revision : b7933fa29cbedeb53b79a0b60aaa0f049e003cb2
2005-09-20Log when pubkey auth fails because of bad pubkey perms/ownershipMatt Johnston
--HG-- extra : convert_revision : 43e1a0c8365776577acd814d708027fcddcb02ef
2005-09-05* use own assertions which should get logged properlyMatt Johnston
--HG-- extra : convert_revision : 3dc365619f0840ab5781660b1257a9f22c05d3fe
2005-03-13* fix longstanding bug with connections being closed on failure toMatt Johnston
connect to auth socket (server) * differentiate between get_byte and get_bool * get rid of some // comments * general tidying --HG-- extra : convert_revision : fb8d188ce33b6b45804a5ce51b9f601f83bdf3d7
2005-01-02Fixed DEBUG_TRACE macro so that we don't get semicolons left about the placeMatt Johnston
--HG-- extra : convert_revision : d928bc851e32be7bd429bf7504b148c0e4bf7e2f
2004-12-23Log the IP along with auth success/fail attemptsMatt Johnston
--HG-- extra : convert_revision : 25eab43bd46e931fd4afecec49c22b9311062099
2004-08-12Merging in the changes from 0.41-0.43 main Dropbear treeMatt Johnston
--HG-- extra : convert_revision : 4c3428781bc8faf0fd7cadd7099fbd7f4ea386e7
2004-08-12cleaning up the pubkey definesMatt Johnston
--HG-- extra : convert_revision : 149ce7a9a9cc5fe670994d6789b40be49895c595
2004-08-08- Hostkey checking is mostly there, just aren't appending yet.Matt Johnston
- Rearranged various bits of the fingerprint/base64 type code, so it can be shared between versions --HG-- extra : convert_revision : 6b8ab4ec5a6c99733fff584231b81ad9636ff15e
2004-08-03Improved signkey codeMatt Johnston
--HG-- extra : convert_revision : fcf64cb4d2e273f80bf8c5f1d2dd00a0f4dc1acf
2004-07-27Progressing client supportMatt Johnston
--HG-- extra : convert_revision : 48946be1cef774d1c33b0f78689962b18720c627
2004-06-01Makefile.in contains updated files requiredMatt Johnston
--HG-- extra : convert_revision : cc8a8c49dc70e632c352853a39801089b08149be