From 90cf7f012cdc6143752464bc9bb2b4a9f94f7132 Mon Sep 17 00:00:00 2001 From: Matt Johnston Date: Mon, 1 Apr 2013 00:07:26 +0800 Subject: Move the more verbose TRACE() statements into TRACE2() --- process-packet.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'process-packet.c') diff --git a/process-packet.c b/process-packet.c index 2ae410d..384e449 100644 --- a/process-packet.c +++ b/process-packet.c @@ -45,7 +45,7 @@ void process_packet() { unsigned char type; unsigned int i; - TRACE(("enter process_packet")) + TRACE2(("enter process_packet")) type = buf_getbyte(ses.payload); TRACE(("process_packet: packet type = %d", type)) @@ -123,7 +123,7 @@ out: buf_free(ses.payload); ses.payload = NULL; - TRACE(("leave process_packet")) + TRACE2(("leave process_packet")) } -- cgit v1.2.3 From a2f70a3751a60d4843f7d6b8db2a0ce1389e2a99 Mon Sep 17 00:00:00 2001 From: Matt Johnston Date: Wed, 3 Apr 2013 19:23:53 +0800 Subject: Just put the version string on the queue, don't use atomicio --- common-session.c | 14 +++++--------- process-packet.c | 2 +- 2 files changed, 6 insertions(+), 10 deletions(-) (limited to 'process-packet.c') diff --git a/common-session.c b/common-session.c index b514796..6b357bf 100644 --- a/common-session.c +++ b/common-session.c @@ -33,7 +33,6 @@ #include "random.h" #include "kex.h" #include "channel.h" -#include "atomicio.h" #include "runopts.h" static void checktimeouts(); @@ -50,8 +49,6 @@ int sessinitdone = 0; /* GLOBAL */ /* this is set when we get SIGINT or SIGTERM, the handler is in main.c */ int exitflag = 0; /* GLOBAL */ - - /* called only at the start of a session, set up initial state */ void common_session_init(int sock_in, int sock_out) { @@ -257,13 +254,12 @@ void session_cleanup() { TRACE(("leave session_cleanup")) } - void send_session_identification() { - /* write our version string, this blocks */ - if (atomicio(write, ses.sock_out, LOCAL_IDENT "\r\n", - strlen(LOCAL_IDENT "\r\n")) == DROPBEAR_FAILURE) { - ses.remoteclosed(); - } + buffer *writebuf = buf_new(strlen(LOCAL_IDENT "\r\n") + 1); + buf_putbytes(writebuf, LOCAL_IDENT "\r\n", strlen(LOCAL_IDENT "\r\n")); + buf_putbyte(writebuf, 0x0); // packet type + buf_setpos(writebuf, 0); + enqueue(&ses.writequeue, writebuf); } static void read_session_identification() { diff --git a/process-packet.c b/process-packet.c index 384e449..128eb72 100644 --- a/process-packet.c +++ b/process-packet.c @@ -48,7 +48,7 @@ void process_packet() { TRACE2(("enter process_packet")) type = buf_getbyte(ses.payload); - TRACE(("process_packet: packet type = %d", type)) + TRACE(("process_packet: packet type = %d, len %d", type, ses.payload->len)) ses.lastpacket = type; -- cgit v1.2.3 From ef151888fbef7f33f2140da579945b7fcb83151c Mon Sep 17 00:00:00 2001 From: Matt Johnston Date: Sun, 14 Apr 2013 23:16:16 +0800 Subject: requirenext fixup for firstkexfollows --- CHANGES | 36 ++++++++++++++++++++++++++++++++++++ cli-kex.c | 7 ++++--- common-kex.c | 2 +- common-session.c | 2 +- debug.h | 2 +- process-packet.c | 9 +++++---- session.h | 5 +++-- svr-kex.c | 3 ++- 8 files changed, 53 insertions(+), 13 deletions(-) (limited to 'process-packet.c') diff --git a/CHANGES b/CHANGES index d21dc99..22b5a37 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,39 @@ +2013.57 - + +- Improved initial connection time particularly with high latency connections. + The number of round trips has been reduced for both client and server. + CPU time hasn't been changed. + +- Client will attempt to send an initial key exchange packet to save a round + trip. Dropbear implements an extension kexguess2@matt.ucc.asn.au to allow + the first packet guess to succeed in wider circumstances than the standard + behaviour. When communicating with other implementations the standard + behaviour is used. + +- Client side: when public key or password authentication with + $DROPBEAR_PASSWORD is used, an initial authentication request will + be sent immediately rather than querying the list of available methods. + This behaviour is enabled by CLI_IMMEDIATE_AUTH option (on by default), + please let the Dropbear author know if it causes any interoperability + problems. + +- Implement client escape characters ~. (terminate session) and + ~^Z (background session) + +- Server will more reliably clean up utmp when connection is closed + +- Don't crash if /dev/urandom isn't writable (RHEL5), thanks to Scott Case + +- Add "-y -y" client option to skip host key checking, thanks to Hans Harder + +- scp didn't work properly on systems using vfork(), thanks to Frank Van Uffelen + +- Added IUTF8 terminal mode support. Not yet standardised though seems that it + will soon be + +- Some verbose DROPBEAR_TRACE output is now hidden unless $DROPBEAR_TRACE2 + enviroment variable is set + 2013.56 - Thursday 21 March 2013 - Allow specifying cipher (-c) and MAC (-m) lists for dbclient diff --git a/cli-kex.c b/cli-kex.c index 3859109..e4d41cb 100644 --- a/cli-kex.c +++ b/cli-kex.c @@ -61,8 +61,8 @@ void send_msg_kexdh_init() { buf_putbyte(ses.writepayload, SSH_MSG_KEXDH_INIT); buf_putmpint(ses.writepayload, cli_ses.dh_e); encrypt_packet(); - // XXX fixme - //ses.requirenext = SSH_MSG_KEXDH_REPLY; + ses.requirenext[0] = SSH_MSG_KEXDH_REPLY; + ses.requirenext[1] = SSH_MSG_KEXINIT; } /* Handle a diffie-hellman key exchange reply. */ @@ -118,7 +118,8 @@ void recv_msg_kexdh_reply() { hostkey = NULL; send_msg_newkeys(); - ses.requirenext = SSH_MSG_NEWKEYS; + ses.requirenext[0] = SSH_MSG_NEWKEYS; + ses.requirenext[1] = 0; TRACE(("leave recv_msg_kexdh_init")) } diff --git a/common-kex.c b/common-kex.c index 530de0b..ba06e4f 100644 --- a/common-kex.c +++ b/common-kex.c @@ -542,7 +542,7 @@ void recv_msg_kexinit() { buf_putstring(ses.kexhashbuf, ses.transkexinit->data, ses.transkexinit->len); - ses.requirenext = SSH_MSG_KEXDH_INIT; + ses.requirenext[0] = SSH_MSG_KEXDH_INIT; } buf_free(ses.transkexinit); diff --git a/common-session.c b/common-session.c index 6b357bf..9df0f3d 100644 --- a/common-session.c +++ b/common-session.c @@ -82,7 +82,7 @@ void common_session_init(int sock_in, int sock_out) { initqueue(&ses.writequeue); - ses.requirenext = SSH_MSG_KEXINIT; + ses.requirenext[0] = SSH_MSG_KEXINIT; ses.dataallowed = 1; /* we can send data until we actually send the SSH_MSG_KEXINIT */ ses.ignorenext = 0; diff --git a/debug.h b/debug.h index be09865..289c577 100644 --- a/debug.h +++ b/debug.h @@ -39,7 +39,7 @@ * Caution: Don't use this in an unfriendly environment (ie unfirewalled), * since the printing may not sanitise strings etc. This will add a reasonable * amount to your executable size. */ -#define DEBUG_TRACE +/* #define DEBUG_TRACE */ /* All functions writing to the cleartext payload buffer call * CHECKCLEARTOWRITE() before writing. This is only really useful if you're diff --git a/process-packet.c b/process-packet.c index 128eb72..3ac0c1b 100644 --- a/process-packet.c +++ b/process-packet.c @@ -74,14 +74,15 @@ void process_packet() { /* This applies for KEX, where the spec says the next packet MUST be * NEWKEYS */ - if (ses.requirenext != 0) { - if (ses.requirenext != type) { - /* TODO send disconnect? */ + if (ses.requirenext[0] != 0) { + if (ses.requirenext[0] != type + && (ses.requirenext[1] == 0 || ses.requirenext[1] != type)) { dropbear_exit("Unexpected packet type %d, expected %d", type, ses.requirenext); } else { /* Got what we expected */ - ses.requirenext = 0; + ses.requirenext[0] = 0; + ses.requirenext[1] = 0; } } diff --git a/session.h b/session.h index 4ba8ac8..28cb5a9 100644 --- a/session.h +++ b/session.h @@ -135,8 +135,9 @@ struct sshsession { unsigned dataallowed : 1; /* whether we can send data packets or we are in the middle of a KEX or something */ - unsigned char requirenext; /* byte indicating what packet we require next, - or 0x00 for any */ + unsigned char requirenext[2]; /* bytes indicating what packets we require next, + or 0x00 for any. Second option can only be + used if the first byte is also set */ unsigned char ignorenext; /* whether to ignore the next packet, used for kex_follows stuff */ diff --git a/svr-kex.c b/svr-kex.c index abd7986..e56f082 100644 --- a/svr-kex.c +++ b/svr-kex.c @@ -61,7 +61,8 @@ void recv_msg_kexdh_init() { mp_clear(&dh_e); send_msg_newkeys(); - ses.requirenext = SSH_MSG_NEWKEYS; + ses.requirenext[0] = SSH_MSG_NEWKEYS; + ses.requirenext[1] = 0; TRACE(("leave recv_msg_kexdh_init")) } -- cgit v1.2.3 From 38f42a0fa204e81f2f23357f72c91d6f09654546 Mon Sep 17 00:00:00 2001 From: Matt Johnston Date: Mon, 15 Apr 2013 22:01:41 +0800 Subject: Fix error message for requirenext change --- process-packet.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'process-packet.c') diff --git a/process-packet.c b/process-packet.c index 3ac0c1b..ecc4863 100644 --- a/process-packet.c +++ b/process-packet.c @@ -77,8 +77,8 @@ void process_packet() { if (ses.requirenext[0] != 0) { if (ses.requirenext[0] != type && (ses.requirenext[1] == 0 || ses.requirenext[1] != type)) { - dropbear_exit("Unexpected packet type %d, expected %d", type, - ses.requirenext); + dropbear_exit("Unexpected packet type %d, expected [%d,%d]", type, + ses.requirenext[0], ses.requirenext[1]); } else { /* Got what we expected */ ses.requirenext[0] = 0; -- cgit v1.2.3