From 22eb197d6cbfbf9f71b2f64aede89080af82ae7f Mon Sep 17 00:00:00 2001 From: Matt Johnston Date: Sun, 11 Feb 2018 10:53:59 +0800 Subject: Fix building default_options.h --- Makefile.in | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'Makefile.in') diff --git a/Makefile.in b/Makefile.in index 5c4e106..1ffb2d9 100644 --- a/Makefile.in +++ b/Makefile.in @@ -234,7 +234,6 @@ tidy: # default_options.h is stored in version control, could not find a workaround # for parallel "make -j" and dependency rules. default_options.h: default_options.h.in - echo "# > > > Generated from $^, edit that file instead !" > $@.tmp - echo >> $@.tmp - $(srcdir)/ifndef_wrapper.sh < $^ > $@.tmp + echo "/*\n > > > Do not edit this file (default_options.h) < < <\nGenerated from "$^"\nLocal customisation goes in localoptions.h\n*/\n\n" > $@.tmp + $(srcdir)/ifndef_wrapper.sh < $^ >> $@.tmp mv $@.tmp $@ -- cgit v1.2.3 From ad9db51434a037f6be6820b7a943825f13514209 Mon Sep 17 00:00:00 2001 From: Michael Witten Date: Mon, 31 Jul 2017 23:55:52 +0000 Subject: build: Remove unused constructs: `space' and `AC_PROG_MAKE_SET' The makefile variable `space' is never used. The autoconf output variable `SET_MAKE' is never used, so the autoconf macro `AC_PROG_MAKE_SET' has been removed. --- Makefile.in | 1 - configure.ac | 1 - 2 files changed, 2 deletions(-) (limited to 'Makefile.in') diff --git a/Makefile.in b/Makefile.in index 1ffb2d9..74f3965 100644 --- a/Makefile.in +++ b/Makefile.in @@ -97,7 +97,6 @@ STATIC=@STATIC@ # whether we're building client, server, or both for the common objects. # evilness so we detect 'dropbear' by itself as a word -space:= $(empty) $(empty) ifneq (,$(strip $(foreach prog, $(PROGRAMS), $(findstring ZdropbearZ, Z$(prog)Z)))) CFLAGS+= -DDROPBEAR_SERVER endif diff --git a/configure.ac b/configure.ac index 0e1a4fc..0e71ffd 100644 --- a/configure.ac +++ b/configure.ac @@ -11,7 +11,6 @@ AC_CONFIG_SRCDIR(buffer.c) # Checks for programs. AC_PROG_CC -AC_PROG_MAKE_SET if test -z "$LD" ; then LD=$CC -- cgit v1.2.3 From 93632660bb08c74a6942430b90a161f7205fad3d Mon Sep 17 00:00:00 2001 From: Matt Johnston Date: Wed, 14 Feb 2018 00:17:30 +0800 Subject: update some dependencies --- Makefile.in | 23 +++++++++++------------ 1 file changed, 11 insertions(+), 12 deletions(-) (limited to 'Makefile.in') diff --git a/Makefile.in b/Makefile.in index 74f3965..8c2b7c7 100644 --- a/Makefile.in +++ b/Makefile.in @@ -25,6 +25,7 @@ endif ifneq ($(wildcard localoptions.h),) CFLAGS+=-DLOCALOPTIONS_H_EXISTS +LOCALOPTIONS_H=localoptions.h endif COMMONOBJS=dbutil.o buffer.o dbhelpers.o \ @@ -56,13 +57,6 @@ CONVERTOBJS=dropbearconvert.o keyimport.o SCPOBJS=scp.o progressmeter.o atomicio.o scpmisc.o compat.o -HEADERS=options.h dbutil.h session.h packet.h algo.h ssh.h buffer.h kex.h \ - dss.h bignum.h signkey.h rsa.h dbrandom.h service.h auth.h \ - debug.h channel.h chansession.h config.h queue.h sshpty.h \ - termcodes.h gendss.h genrsa.h runopts.h includes.h \ - loginrec.h atomicio.h x11fwd.h agentfwd.h tcpfwd.h compat.h \ - listener.h fake-rfc2553.h ecc.h ecdsa.h - dropbearobjs=$(COMMONOBJS) $(CLISVROBJS) $(SVROBJS) dbclientobjs=$(COMMONOBJS) $(CLISVROBJS) $(CLIOBJS) dropbearkeyobjs=$(COMMONOBJS) $(KEYOBJS) @@ -127,6 +121,10 @@ endif all: $(TARGETS) +# a bit lazy, but safer +HEADERS=$(wildcard $(srcdir)/*.h *.h) +*.o: $(HEADERS) + strip: $(TARGETS) $(STRIP) $(addsuffix $(EXEEXT), $(TARGETS)) @@ -199,10 +197,10 @@ link%: -rm -f $*$(EXEEXT) -ln -s dropbearmulti$(EXEEXT) $*$(EXEEXT) -$(STATIC_LTC): options.h +$(STATIC_LTC): $(MAKE) -C libtomcrypt -$(STATIC_LTM): options.h +$(STATIC_LTM): $(MAKE) -C libtommath .PHONY : clean sizes thisclean distclean tidy ltc-clean ltm-clean @@ -233,6 +231,7 @@ tidy: # default_options.h is stored in version control, could not find a workaround # for parallel "make -j" and dependency rules. default_options.h: default_options.h.in - echo "/*\n > > > Do not edit this file (default_options.h) < < <\nGenerated from "$^"\nLocal customisation goes in localoptions.h\n*/\n\n" > $@.tmp - $(srcdir)/ifndef_wrapper.sh < $^ >> $@.tmp - mv $@.tmp $@ + @echo Creating $@ + @echo "/*\n > > > Do not edit this file (default_options.h) < < <\nGenerated from "$^"\nLocal customisation goes in localoptions.h\n*/\n\n" > $@.tmp + @$(srcdir)/ifndef_wrapper.sh < $^ >> $@.tmp + @mv $@.tmp $@ -- cgit v1.2.3 From 3ee685ad1cf6c35b28e600ac2f429a118af5349b Mon Sep 17 00:00:00 2001 From: Michael Witten Date: Thu, 20 Jul 2017 19:38:26 +0000 Subject: options: Complete the transition to numeric toggles (`#if') For the sake of review, this commit alters only the code; the affiliated comments within the source files also need to be updated, but doing so now would obscure the operational changes that have been made here. * All on/off options have been switched to the numeric `#if' variant; that is the only way to make this `default_options.h.in' thing work in a reasonable manner. * There is now some very minor compile-time checking of the user's choice of options. * NO_FAST_EXPTMOD doesn't seem to be used, so it has been removed. * ENABLE_USER_ALGO_LIST was supposed to be renamed DROPBEAR_USER_ALGO_LIST, and this commit completes that work. * DROPBEAR_FUZZ seems to be a relatively new, as-yet undocumented option, which was added by the following commit: commit 6e0b539e9ca0b5628c6c5a3d118ad6a2e79e8039 Author: Matt Johnston Date: Tue May 23 22:29:21 2017 +0800 split out checkpubkey_line() separately It has now been added to `sysoptions.h' and defined as `0' by default. * The configuration option `DROPBEAR_PASSWORD_ENV' is no longer listed in `default_options.h.in'; it is no longer meant to be set by the user, and is instead left to be defined in `sysoptions.h' (where it was already being defined) as merely the name of the environment variable in question: DROPBEAR_PASSWORD To enable or disable use of that environment variable, the user must now toggle `DROPBEAR_USE_DROPBEAR_PASSWORD'. * The sFTP support is now toggled by setting `DROPBEAR_SFTPSERVER', and the path of the sFTP server program is set independently through the usual SFTPSERVER_PATH. --- Makefile.in | 2 +- cli-auth.c | 4 +- cli-runopts.c | 4 +- dbrandom.c | 8 ++-- dbutil.c | 2 +- dbutil.h | 2 +- default_options.h.in | 78 ++++++++++++++++++++++++------- keyimport.c | 4 +- libtomcrypt/src/headers/tomcrypt_custom.h | 4 +- netio.c | 2 +- runopts.h | 2 +- signkey.c | 6 +-- svr-authpubkeyoptions.c | 2 +- svr-chansession.c | 8 ++-- svr-main.c | 12 ++--- svr-runopts.c | 10 ++-- svr-tcpfwd.c | 2 +- sysoptions.h | 2 +- 18 files changed, 100 insertions(+), 54 deletions(-) (limited to 'Makefile.in') diff --git a/Makefile.in b/Makefile.in index 8c2b7c7..8c9fbfe 100644 --- a/Makefile.in +++ b/Makefile.in @@ -20,7 +20,7 @@ LIBTOM_LIBS=@LIBTOM_LIBS@ ifeq (@BUNDLED_LIBTOM@, 1) LIBTOM_DEPS=$(STATIC_LTC) $(STATIC_LTM) CFLAGS+=-I$(srcdir)/libtomcrypt/src/headers/ -LIBTOM_LIBS=$(STATIC_LTC) $(STATIC_LTM) +LIBTOM_LIBS=$(STATIC_LTC) $(STATIC_LTM) endif ifneq ($(wildcard localoptions.h),) diff --git a/cli-auth.c b/cli-auth.c index bfeee58..bcc7281 100644 --- a/cli-auth.c +++ b/cli-auth.c @@ -60,9 +60,11 @@ void cli_auth_getmethods() { */ if (ses.keys->trans.algo_comp != DROPBEAR_COMP_ZLIB_DELAY) { ses.authstate.authtypes = AUTH_TYPE_PUBKEY; +#if DROPBEAR_USE_DROPBEAR_PASSWORD if (getenv(DROPBEAR_PASSWORD_ENV)) { ses.authstate.authtypes |= AUTH_TYPE_PASSWORD | AUTH_TYPE_INTERACT; } +#endif if (cli_auth_try() == DROPBEAR_SUCCESS) { TRACE(("skipped initial none auth query")) /* Note that there will be two auth responses in-flight */ @@ -335,7 +337,7 @@ char* getpass_or_cancel(const char* prompt) { char* password = NULL; -#ifdef DROPBEAR_PASSWORD_ENV +#if DROPBEAR_USE_DROPBEAR_PASSWORD /* Password provided in an environment var */ password = getenv(DROPBEAR_PASSWORD_ENV); if (password) diff --git a/cli-runopts.c b/cli-runopts.c index d69a719..abcfc9f 100644 --- a/cli-runopts.c +++ b/cli-runopts.c @@ -306,10 +306,10 @@ void cli_getopts(int argc, char ** argv) { case 'm': #endif case 'D': -#ifndef DROPBEAR_CLI_REMOTETCPFWD +#if !DROPBEAR_CLI_REMOTETCPFWD case 'R': #endif -#ifndef DROPBEAR_CLI_LOCALTCPFWD +#if !DROPBEAR_CLI_LOCALTCPFWD case 'L': #endif case 'V': diff --git a/dbrandom.c b/dbrandom.c index 28b0d48..a117b10 100644 --- a/dbrandom.c +++ b/dbrandom.c @@ -59,7 +59,7 @@ process_file(hash_state *hs, const char *filename, unsigned int readcount; int ret = DROPBEAR_FAILURE; -#ifdef DROPBEAR_PRNGD_SOCKET +#if DROPBEAR_USE_PRNGD if (prngd) { readfd = connect_unix(filename); @@ -107,7 +107,7 @@ process_file(hash_state *hs, const char *filename, wantread = MIN(sizeof(readbuf), len-readcount); } -#ifdef DROPBEAR_PRNGD_SOCKET +#if DROPBEAR_USE_PRNGD if (prngd) { char egdcmd[2]; @@ -157,7 +157,7 @@ void addrandom(const unsigned char * buf, unsigned int len) static void write_urandom() { -#ifndef DROPBEAR_PRNGD_SOCKET +#if !DROPBEAR_USE_PRNGD /* This is opportunistic, don't worry about failure */ unsigned char buf[INIT_SEED_SIZE]; FILE *f = fopen(DROPBEAR_URANDOM_DEV, "w"); @@ -185,7 +185,7 @@ void seedrandom() { /* existing state */ sha1_process(&hs, (void*)hashpool, sizeof(hashpool)); -#ifdef DROPBEAR_PRNGD_SOCKET +#if DROPBEAR_USE_PRNGD if (process_file(&hs, DROPBEAR_PRNGD_SOCKET, INIT_SEED_SIZE, 1) != DROPBEAR_SUCCESS) { dropbear_exit("Failure reading random device %s", diff --git a/dbutil.c b/dbutil.c index 1134dd6..18fe634 100644 --- a/dbutil.c +++ b/dbutil.c @@ -214,7 +214,7 @@ void dropbear_trace2(const char* format, ...) { #endif /* DEBUG_TRACE */ /* Connect to a given unix socket. The socket is blocking */ -#ifdef ENABLE_CONNECT_UNIX +#if ENABLE_CONNECT_UNIX int connect_unix(const char* path) { struct sockaddr_un addr; int fd = -1; diff --git a/dbutil.h b/dbutil.h index fe82272..645b428 100644 --- a/dbutil.h +++ b/dbutil.h @@ -59,7 +59,7 @@ char * stripcontrol(const char * text); int spawn_command(void(*exec_fn)(const void *user_data), const void *exec_data, int *writefd, int *readfd, int *errfd, pid_t *pid); void run_shell_command(const char* cmd, unsigned int maxfd, char* usershell); -#ifdef ENABLE_CONNECT_UNIX +#if ENABLE_CONNECT_UNIX int connect_unix(const char* addr); #endif int buf_readfile(buffer* buf, const char* filename); diff --git a/default_options.h.in b/default_options.h.in index 95097ac..3e7052f 100644 --- a/default_options.h.in +++ b/default_options.h.in @@ -36,10 +36,9 @@ IMPORTANT: Many options will require "make clean" after changes */ #define NON_INETD_MODE 1 #define INETD_MODE 1 -/* Setting this disables the fast exptmod bignum code. It saves ~5kB, but is - * perhaps 20% slower for pubkey operations (it is probably worth experimenting - * if you want to use this) */ -/*#define NO_FAST_EXPTMOD*/ +#if !(NON_INETD_MODE || INETD_MODE) + #error "NON_INETD_MODE or INETD_MODE (or both) must be enabled." +#endif /* Set this if you want to use the DROPBEAR_SMALL_CODE option. This can save several kB in binary size however will make the symmetrical ciphers and hashes @@ -77,7 +76,7 @@ much traffic. */ #define DROPBEAR_CLI_NETCAT 1 /* Whether to support "-c" and "-m" flags to choose ciphers/MACs at runtime */ -#define ENABLE_USER_ALGO_LIST 1 +#define DROPBEAR_USER_ALGO_LIST 1 /* Encryption - at least one required. * Protocol RFC requires 3DES and recommends AES128 for interoperability. @@ -86,10 +85,15 @@ much traffic. */ #define DROPBEAR_AES128 1 #define DROPBEAR_3DES 1 #define DROPBEAR_AES256 1 -/* Compiling in Blowfish will add ~6kB to runtime heap memory usage */ -/*#define DROPBEAR_BLOWFISH*/ #define DROPBEAR_TWOFISH256 1 #define DROPBEAR_TWOFISH128 1 +/* Compiling in Blowfish will add ~6kB to runtime heap memory usage */ +#define DROPBEAR_BLOWFISH 0 + +#if !(DROPBEAR_AES128 || DROPBEAR_3DES || DROPBEAR_AES256 || DROPBEAR_BLOWFISH \ + || DROPBEAR_TWOFISH256 || DROPBEAR_TWOFISH128) + #error "At least one encryption algorithm must be enabled; 3DES and AES128 are recommended." +#endif /* Enable CBC mode for ciphers. This has security issues though * is the most compatible with older SSH implementations */ @@ -129,6 +133,10 @@ If you test it please contact the Dropbear author */ * on x86-64 */ #define DROPBEAR_ECDSA 1 +#if !(DROPBEAR_RSA || DROPBEAR_DSS || DROPBEAR_ECDSA) + #error "At least one hostkey or public-key algorithm must be enabled; RSA is recommended." +#endif + /* RSA must be >=1024 */ #define DROPBEAR_DEFAULT_RSA_SIZE 2048 /* DSS is always 1024 */ @@ -193,27 +201,57 @@ If you test it please contact the Dropbear author */ * PAM challenge/response. * You can't enable both PASSWORD and PAM. */ +/* PAM requires ./configure --enable-pam */ +#if defined(HAVE_LIBPAM) && !DROPBEAR_SVR_PASSWORD_AUTH + #define DROPBEAR_SVR_PAM_AUTH 1 +#else + #define DROPBEAR_SVR_PAM_AUTH 0 +#endif + /* This requires crypt() */ -#ifdef HAVE_CRYPT -#define DROPBEAR_SVR_PASSWORD_AUTH 1 +#if defined(HAVE_CRYPT) && !DROPBEAR_SVR_PAM_AUTH + #define DROPBEAR_SVR_PASSWORD_AUTH 1 #else -#define DROPBEAR_SVR_PASSWORD_AUTH 0 + #define DROPBEAR_SVR_PASSWORD_AUTH 0 #endif -/* PAM requires ./configure --enable-pam */ -#define DROPBEAR_SVR_PAM_AUTH 0 + #define DROPBEAR_SVR_PUBKEY_AUTH 1 +#if !(DROPBEAR_SVR_PASSWORD_AUTH || DROPBEAR_SVR_PAM_AUTH || DROPBEAR_SVR_PUBKEY_AUTH) + #error "At least one server authentication type must be enabled; PUBKEY and PASSWORD are recommended." +#endif + +#if DROPBEAR_SVR_PASSWORD_AUTH && !HAVE_CRYPT + #error "DROPBEAR_SVR_PASSWORD_AUTH requires `crypt()'." +#endif + +#if DROPBEAR_SVR_PAM_AUTH + #if DISABLE_PAM + #error "DROPBEAR_SVR_PAM_AUTH requires 'configure --enable-pam' to succeed." + #endif + #if DROPBEAR_SVR_PASSWORD_AUTH + #error "DROPBEAR_SVR_PASSWORD_AUTH cannot be enabled at the same time as DROPBEAR_SVR_PAM_AUTH." + #endif +#endif + /* Whether to take public key options in * authorized_keys file into account */ #define DROPBEAR_SVR_PUBKEY_OPTIONS 1 /* This requires getpass. */ #ifdef HAVE_GETPASS -#define DROPBEAR_CLI_PASSWORD_AUTH 1 -#define DROPBEAR_CLI_INTERACT_AUTH 1 + #define DROPBEAR_CLI_PASSWORD_AUTH 1 + #define DROPBEAR_CLI_INTERACT_AUTH 1 +#else + #define DROPBEAR_CLI_PASSWORD_AUTH 0 + #define DROPBEAR_CLI_INTERACT_AUTH 0 #endif #define DROPBEAR_CLI_PUBKEY_AUTH 1 +#if !(DROPBEAR_CLI_PASSWORD_AUTH || DROPBEAR_CLI_PUBKEY_AUTH) + #error "At least one client authentication type must be enabled; PUBKEY and PASSWORD are recommended." +#endif + /* A default argument for dbclient -i . Homedir is prepended unless path begins with / */ #define DROPBEAR_DEFAULT_CLI_AUTHKEY ".ssh/id_dropbear" @@ -224,7 +262,7 @@ Homedir is prepended unless path begins with / */ * note that it will be provided for all "hidden" client-interactive * style prompts - if you want something more sophisticated, use * SSH_ASKPASS instead. Comment out this var to remove this functionality.*/ -#define DROPBEAR_PASSWORD_ENV "DROPBEAR_PASSWORD" +#define DROPBEAR_USE_DROPBEAR_PASSWORD 1 /* Define this (as well as DROPBEAR_CLI_PASSWORD_AUTH) to allow the use of * a helper program for the ssh client. The helper program should be @@ -233,6 +271,10 @@ Homedir is prepended unless path begins with / */ * return the password on standard output */ #define DROPBEAR_CLI_ASKPASS_HELPER 0 +#if DROPBEAR_CLI_ASKPASS_HELPER + #define DROPBEAR_CLI_PASSWORD_AUTH 1 +#endif + /* Save a network roundtrip by sendng a real auth request immediately after * sending a query for the available methods. It is at the expense of < 100 * bytes of extra network traffic. This is not yet enabled by default since it @@ -245,8 +287,8 @@ Homedir is prepended unless path begins with / */ #define DROPBEAR_URANDOM_DEV "/dev/urandom" /* Set this to use PRNGD or EGD instead of /dev/urandom or /dev/random */ -/*#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"*/ - +#define DROPBEAR_USE_PRNGD 0 +#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng" /* Specify the number of clients we will allow to be connected but * not yet authenticated. After this limit, connections are rejected */ @@ -269,6 +311,8 @@ Homedir is prepended unless path begins with / */ * "-q" for quiet */ #define XAUTH_COMMAND "/usr/bin/xauth -q" +#define DROPBEAR_SFTPSERVER 1 + /* if you want to enable running an sftp server (such as the one included with * OpenSSH), set the path below. If the path isn't defined, sftp will not * be enabled */ diff --git a/keyimport.c b/keyimport.c index e44ee56..ea3164c 100644 --- a/keyimport.c +++ b/keyimport.c @@ -870,7 +870,7 @@ static int openssh_write(const char *filename, sign_key *key, */ numbers[0].start = zero; numbers[0].bytes = 1; zero[0] = '\0'; - #ifdef DROPBEAR_RSA + #if DROPBEAR_RSA if (key->type == DROPBEAR_SIGNKEY_RSA) { if (key->rsakey->p == NULL || key->rsakey->q == NULL) { @@ -966,7 +966,7 @@ static int openssh_write(const char *filename, sign_key *key, } #endif /* DROPBEAR_RSA */ - #ifdef DROPBEAR_DSS + #if DROPBEAR_DSS if (key->type == DROPBEAR_SIGNKEY_DSS) { /* p */ diff --git a/libtomcrypt/src/headers/tomcrypt_custom.h b/libtomcrypt/src/headers/tomcrypt_custom.h index e58de71..b7bd20c 100644 --- a/libtomcrypt/src/headers/tomcrypt_custom.h +++ b/libtomcrypt/src/headers/tomcrypt_custom.h @@ -68,8 +68,8 @@ #define LTC_NO_MODES #define LTC_NO_HASHES #define LTC_NO_MACS - #define LTC_NO_PRNGS - #define LTC_NO_PK + #define LTC_NO_PRNGS + #define LTC_NO_PK #define LTC_NO_PKCS #define LTC_NO_MISC #endif /* LTC_NOTHING */ diff --git a/netio.c b/netio.c index 04413e1..c73a1fe 100644 --- a/netio.c +++ b/netio.c @@ -613,7 +613,7 @@ void getaddrstring(struct sockaddr_storage* addr, int flags = NI_NUMERICSERV | NI_NUMERICHOST; -#ifndef DO_HOST_LOOKUP +#if !DO_HOST_LOOKUP host_lookup = 0; #endif diff --git a/runopts.h b/runopts.h index 770ae8f..5118769 100644 --- a/runopts.h +++ b/runopts.h @@ -86,7 +86,7 @@ typedef struct svr_runopts { int ipv6; */ -#ifdef DO_MOTD +#if DO_MOTD /* whether to print the MOTD */ int domotd; #endif diff --git a/signkey.c b/signkey.c index 682d445..d33ef44 100644 --- a/signkey.c +++ b/signkey.c @@ -78,13 +78,13 @@ enum signkey_type signkey_type_from_name(const char* name, unsigned int namelen) #if DROPBEAR_ECDSA /* Some of the ECDSA key sizes are defined even if they're not compiled in */ if (0 -#ifndef DROPBEAR_ECC_256 +#if !DROPBEAR_ECC_256 || i == DROPBEAR_SIGNKEY_ECDSA_NISTP256 #endif -#ifndef DROPBEAR_ECC_384 +#if !DROPBEAR_ECC_384 || i == DROPBEAR_SIGNKEY_ECDSA_NISTP384 #endif -#ifndef DROPBEAR_ECC_521 +#if !DROPBEAR_ECC_521 || i == DROPBEAR_SIGNKEY_ECDSA_NISTP521 #endif ) { diff --git a/svr-authpubkeyoptions.c b/svr-authpubkeyoptions.c index d08fc2c..19f07b9 100644 --- a/svr-authpubkeyoptions.c +++ b/svr-authpubkeyoptions.c @@ -100,7 +100,7 @@ void svr_pubkey_set_forced_command(struct ChanSess *chansess) { chansess->original_command = m_strdup(""); } chansess->cmd = m_strdup(ses.authstate.pubkey_options->forced_command); -#ifdef LOG_COMMANDS +#if LOG_COMMANDS dropbear_log(LOG_INFO, "Command forced to '%s'", chansess->original_command); #endif } diff --git a/svr-chansession.c b/svr-chansession.c index 5542ad1..cdc6e94 100644 --- a/svr-chansession.c +++ b/svr-chansession.c @@ -663,7 +663,7 @@ static int sessioncommand(struct Channel *channel, struct ChanSess *chansess, } } if (issubsys) { -#ifdef SFTPSERVER_PATH +#if DROPBEAR_SFTPSERVER if ((cmdlen == 4) && strncmp(chansess->cmd, "sftp", 4) == 0) { m_free(chansess->cmd); chansess->cmd = m_strdup(SFTPSERVER_PATH); @@ -687,7 +687,7 @@ static int sessioncommand(struct Channel *channel, struct ChanSess *chansess, } -#ifdef LOG_COMMANDS +#if LOG_COMMANDS if (chansess->cmd) { dropbear_log(LOG_INFO, "User %s executing '%s'", ses.authstate.pw_name, chansess->cmd); @@ -774,7 +774,7 @@ static int ptycommand(struct Channel *channel, struct ChanSess *chansess) { pid_t pid; struct logininfo *li = NULL; -#ifdef DO_MOTD +#if DO_MOTD buffer * motdbuf = NULL; int len; struct stat sb; @@ -826,7 +826,7 @@ static int ptycommand(struct Channel *channel, struct ChanSess *chansess) { login_login(li); login_free_entry(li); -#ifdef DO_MOTD +#if DO_MOTD if (svr_opts.domotd && !chansess->cmd) { /* don't show the motd if ~/.hushlogin exists */ diff --git a/svr-main.c b/svr-main.c index ea19d2d..0efbd26 100644 --- a/svr-main.c +++ b/svr-main.c @@ -35,10 +35,10 @@ static size_t listensockets(int *sock, size_t sockcount, int *maxfd); static void sigchld_handler(int dummy); static void sigsegv_handler(int); static void sigintterm_handler(int fish); -#ifdef INETD_MODE +#if INETD_MODE static void main_inetd(void); #endif -#ifdef NON_INETD_MODE +#if NON_INETD_MODE static void main_noinetd(void); #endif static void commonsetup(void); @@ -58,7 +58,7 @@ int main(int argc, char ** argv) /* get commandline options */ svr_getopts(argc, argv); -#ifdef INETD_MODE +#if INETD_MODE /* service program mode */ if (svr_opts.inetdmode) { main_inetd(); @@ -66,7 +66,7 @@ int main(int argc, char ** argv) } #endif -#ifdef NON_INETD_MODE +#if NON_INETD_MODE main_noinetd(); /* notreached */ #endif @@ -76,7 +76,7 @@ int main(int argc, char ** argv) } #endif -#ifdef INETD_MODE +#if INETD_MODE static void main_inetd() { char *host, *port = NULL; @@ -103,7 +103,7 @@ static void main_inetd() { } #endif /* INETD_MODE */ -#ifdef NON_INETD_MODE +#if NON_INETD_MODE static void main_noinetd() { fd_set fds; unsigned int i, j; diff --git a/svr-runopts.c b/svr-runopts.c index cca5562..3d97023 100644 --- a/svr-runopts.c +++ b/svr-runopts.c @@ -64,7 +64,7 @@ static void printhelp(const char * progname) { #else "-E Log to stderr rather than syslog\n" #endif -#ifdef DO_MOTD +#if DO_MOTD "-m Don't display the motd on login\n" #endif "-w Disallow root logins\n" @@ -88,7 +88,7 @@ static void printhelp(const char * progname) { " (default port is %s if none specified)\n" "-P PidFile Create pid file PidFile\n" " (default %s)\n" -#ifdef INETD_MODE +#if INETD_MODE "-i Start for inetd\n" #endif "-W (default %d, larger may be faster, max 1MB)\n" @@ -156,7 +156,7 @@ void svr_getopts(int argc, char ** argv) { opts.ipv4 = 1; opts.ipv6 = 1; */ -#ifdef DO_MOTD +#if DO_MOTD svr_opts.domotd = 1; #endif #ifndef DISABLE_SYSLOG @@ -210,7 +210,7 @@ void svr_getopts(int argc, char ** argv) { opts.listen_fwd_all = 1; break; #endif -#ifdef INETD_MODE +#if INETD_MODE case 'i': svr_opts.inetdmode = 1; break; @@ -221,7 +221,7 @@ void svr_getopts(int argc, char ** argv) { case 'P': next = &svr_opts.pidfile; break; -#ifdef DO_MOTD +#if DO_MOTD /* motd is displayed by default, -m turns it off */ case 'm': svr_opts.domotd = 0; diff --git a/svr-tcpfwd.c b/svr-tcpfwd.c index 480beb6..16d0859 100644 --- a/svr-tcpfwd.c +++ b/svr-tcpfwd.c @@ -35,7 +35,7 @@ #include "auth.h" #include "netio.h" -#ifndef DROPBEAR_SVR_REMOTETCPFWD +#if !DROPBEAR_SVR_REMOTETCPFWD /* This is better than SSH_MSG_UNIMPLEMENTED */ void recv_msg_global_request_remotetcp() { diff --git a/sysoptions.h b/sysoptions.h index 7aa1314..bf88cf3 100644 --- a/sysoptions.h +++ b/sysoptions.h @@ -192,7 +192,7 @@ #define DROPBEAR_CLI_MULTIHOP ((DROPBEAR_CLI_NETCAT) && (DROPBEAR_CLI_PROXYCMD)) -#define ENABLE_CONNECT_UNIX ((DROPBEAR_CLI_AGENTFWD) || (DROPBEAR_PRNGD_SOCKET)) +#define ENABLE_CONNECT_UNIX ((DROPBEAR_CLI_AGENTFWD) || (DROPBEAR_USE_PRNGD)) /* if we're using authorized_keys or known_hosts */ #define DROPBEAR_KEY_LINES ((DROPBEAR_CLIENT) || (DROPBEAR_SVR_PUBKEY_AUTH)) -- cgit v1.2.3