summaryrefslogtreecommitdiffhomepage
path: root/svr-session.c
AgeCommit message (Collapse)Author
2020-05-24send and handle SSH_MSG_EXT_INFO only at the correct pointMatt Johnston
- other fixes for rsa pubkey auth - only include ext-info handling when rsa pubkey auth is compiled
2020-05-19ext-info handling for server-sig-algsMatt Johnston
only client side is handled
2020-03-18Handle early exit when addrstring isn't setMatt Johnston
2020-03-18Improve address logging on early exit messages (#83)Kevin Darbyshire-Bryant
Change 'Early exit' and 'Exit before auth' messages to include the IP address & port as part of the message. This allows log scanning utilities such as 'fail2ban' to obtain the offending IP address as part of the failure event instead of extracting the PID from the message and then scanning the log again for match 'child connection from' messages Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2019-05-15Rename EPKA -> PluginMatt Johnston
2019-05-15External Public-Key Authentication API (#72)fabriziobertocci
* Implemented dynamic loading of an external plug-in shared library to delegate public key authentication * Moved conditional compilation of the plugin infrastructure into the configure.ac script to be able to add -ldl to dropbear build only when the flag is enabled * Added tags file to the ignore list * Updated API to have the constructor to return function pointers in the pliugin instance. Added support for passing user name to the checkpubkey function. Added options to the session returned by the plugin and have dropbear to parse and process them * Added -rdynamic to the linker flags when EPKA is enabled * Changed the API to pass a previously created session to the checkPubKey function (created during preauth) * Added documentation to the API * Added parameter addrstring to plugin creation function * Modified the API to retrieve the auth options. Instead of having them as field of the EPKASession struct, they are stored internally (plugin-dependent) in the plugin/session and retrieved through a pointer to a function (in the session) * Changed option string to be a simple char * instead of unsigned char *
2018-02-28Fix to be able to compile normal(ish) binaries with --enable-fuzzMatt Johnston
--HG-- branch : fuzz
2018-02-28- #if not #ifdef for DROPBEAR_FUZZMatt Johnston
- fix some unused variables --HG-- branch : fuzz
2018-02-26merge from mainMatt Johnston
--HG-- branch : fuzz
2018-02-26make group1 client-onlyMatt Johnston
2018-02-17merge from mainMatt Johnston
--HG-- branch : fuzz
2018-02-14make signal flags volatile, simplify handlingMatt Johnston
2017-06-14merge from mainMatt Johnston
--HG-- branch : fuzz
2017-06-01Add a flag whether to longjmp, missed that last commitMatt Johnston
--HG-- branch : fuzz
2017-06-02when pointer, use NULL instead of 0Francois Perrad
2017-05-20glaring wrapfd problems fixedMatt Johnston
--HG-- branch : fuzz
2017-05-18merge main to fuzzMatt Johnston
--HG-- branch : fuzz
2017-05-13fuzz harnessMatt Johnston
--HG-- branch : fuzz
2017-05-12copy over some fuzzing code from AFL branchMatt Johnston
--HG-- branch : fuzz
2016-07-21merge 2016.74Matt Johnston
2016-05-04Convert #ifdef to #if, other build changesMatt Johnston
2016-07-11Improve exit message formattingMatt Johnston
2016-03-16fix empty C prototypesFrancois Perrad
2016-01-05Fix print format specifierChocobo1
2015-12-15A few minor style fixesMatt Johnston
2015-12-15Moved usingsyslog from svr_runopts to runopts.Konstantin Tokarev
2015-08-03Fix problem where auth timeout wasn't checked when waiting for identMatt Johnston
2015-05-03Make sure kexfirstinitialise is called early enoughMatt Johnston
2015-02-24Some additional cleanup functionsMatt Johnston
2015-02-24Free memory before exiting. Based on patch from Thorsten Horstmann.Matt Johnston
Client side is not complete.
2014-08-19Make keepalive handling more robust, this should now match what OpenSSH doesMatt Johnston
2014-08-13Don't send SSH_MSG_UNIMPLEMENTED for keepalive responsesMatt Johnston
2014-07-09Fix auth timeout regressionMatt Johnston
2014-07-09Make -K keepalive behave like OpenSSH's ServerAliveIntervalMatt Johnston
2014-03-13Add new monotonic_now() wrapper so that timeouts are unaffected byMatt Johnston
system clock changes
2013-12-03Fix disabling DSS keyMatt Johnston
2013-11-14rename random.h to dbrandom.h since some OSes have a system random.hMatt Johnston
--HG-- rename : random.c => dbrandom.c rename : random.h => dbrandom.h
2013-05-21merge in HEADMatt Johnston
--HG-- branch : ecc
2013-05-03ecdsa is workingMatt Johnston
--HG-- branch : ecc
2013-04-09start on ecdsa keysMatt Johnston
--HG-- branch : ecc
2013-04-03merge kexguess branchMatt Johnston
2013-04-01Run the cleanup handler also when we close due to TCP connection being closedMatt Johnston
2013-03-31mergeMatt Johnston
--HG-- branch : kexguess
2013-03-31send out our kexinit packet before blocking to read the SSH version stringMatt Johnston
2013-03-30Get rid of client/server specific buf_match_algo, use singleMatt Johnston
function with a couple of if statements instead --HG-- branch : kexguess
2012-06-29Improve RNG seeding.Matt Johnston
Try to read from /dev/urandom multiple times, take input from extra sources, and use /dev/random when generating private keys
2012-05-09- Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWDMatt Johnston
- Fix build if ENABLE_SVR_REMOTETCPFWD is disabled but ENABLE_SVR_LOCALTCPFWD is enabled
2012-04-09Rename HAVE_FORK to USE_VFORKMatt Johnston
It makes it a bit more obvious why there's a test there since HAVE_FORK is the normal case.
2012-04-08check for fork() and not __uClinux__Mike Frysinger
2011-04-07Properly fix the bug found years ago by Klocwork, refound again.Matt Johnston
--HG-- extra : convert_revision : 65b95facde07c748c56e0bfa25c801397dc16a99