Commit d7575f95 authored by Matt Johnston's avatar Matt Johnston
Browse files

cleaning up the pubkey defines

--HG--
extra : convert_revision : 149ce7a9a9cc5fe670994d6789b40be49895c595
parent 96a0f77b
......@@ -43,9 +43,9 @@ CONVERTOBJS=dropbearconvert.o keyimport.o
SCPOBJS=scp.o progressmeter.o atomicio.o scpmisc.o
HEADERS=options.h dbutil.h session.h packet.h algo.h ssh.h buffer.h kex.h \
dss.h bignum.h signkey.h rsa.h random.h service.h auth.h authpasswd.h \
dss.h bignum.h signkey.h rsa.h random.h service.h auth.h \
debug.h channel.h chansession.h config.h queue.h sshpty.h \
termcodes.h gendss.h genrsa.h authpubkey.h runopts.h includes.h \
termcodes.h gendss.h genrsa.h runopts.h includes.h \
loginrec.h atomicio.h x11fwd.h agentfwd.h tcpfwd.h compat.h \
listener.h fake-rfc2553.h
......
/*
* Dropbear - a SSH2 server
*
* Copyright (c) 2002,2003 Matt Johnston
* All rights reserved.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE. */
#ifndef _AUTH_PASSWD_
#define _AUTH_PASSWD_
#ifdef DROPBEAR_PASSWORD_AUTH
void passwordauth();
#endif /* DROPBEAR_PASSWORD_AUTH */
#endif /* _AUTH_PASSWD_ */
/*
* Dropbear - a SSH2 server
*
* Copyright (c) 2002,2003 Matt Johnston
* All rights reserved.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE. */
#ifndef _PUBKEY_AUTH_
#define _PUBKEY_AUTH_
#ifdef DROPBEAR_PUBKEY_AUTH
void pubkeyauth();
#endif /* DROPBEAR_PUBKEY_AUTH */
#endif /* _PUBKEY_AUTH_ */
......@@ -92,7 +92,7 @@ void recv_msg_userauth_failure() {
return;
}
#ifdef DROPBEAR_PUBKEY_AUTH
#ifdef ENABLE_CLI_PUBKEY_AUTH
/* If it was a pubkey auth request, we should cross that key
* off the list. */
if (cli_ses.lastauthtype == AUTH_TYPE_PUBKEY) {
......@@ -126,13 +126,13 @@ void recv_msg_userauth_failure() {
for (i = 0; i <= methlen; i++) {
if (methods[i] == '\0') {
TRACE(("auth method '%s'", tok));
#ifdef DROPBEAR_PUBKEY_AUTH
#ifdef ENABLE_CLI_PUBKEY_AUTH
if (strncmp(AUTH_METHOD_PUBKEY, tok,
AUTH_METHOD_PUBKEY_LEN) == 0) {
ses.authstate.authtypes |= AUTH_TYPE_PUBKEY;
}
#endif
#ifdef DROPBEAR_PASSWORD_AUTH
#ifdef ENABLE_CLI_PASSWORD_AUTH
if (strncmp(AUTH_METHOD_PASSWORD, tok,
AUTH_METHOD_PASSWORD_LEN) == 0) {
ses.authstate.authtypes |= AUTH_TYPE_PASSWORD;
......@@ -163,14 +163,14 @@ void cli_auth_try() {
CHECKCLEARTOWRITE();
/* XXX We hardcode that we try a pubkey first */
#ifdef DROPBEAR_PUBKEY_AUTH
#ifdef ENABLE_CLI_PUBKEY_AUTH
if (ses.authstate.authtypes & AUTH_TYPE_PUBKEY) {
finished = cli_auth_pubkey();
cli_ses.lastauthtype = AUTH_TYPE_PUBKEY;
}
#endif
#ifdef DROPBEAR_PASSWORD_AUTH
#ifdef ENABLE_CLI_PASSWORD_AUTH
if (!finished && ses.authstate.authtypes & AUTH_TYPE_PASSWORD) {
finished = cli_auth_password();
cli_ses.lastauthtype = AUTH_TYPE_PASSWORD;
......
......@@ -5,6 +5,7 @@
#include "ssh.h"
#include "runopts.h"
#ifdef ENABLE_CLI_PASSWORD_AUTH
int cli_auth_password() {
char* password = NULL;
......@@ -35,3 +36,4 @@ int cli_auth_password() {
return 1; /* Password auth can always be tried */
}
#endif
......@@ -6,6 +6,7 @@
#include "runopts.h"
#include "auth.h"
#ifdef ENABLE_CLI_PUBKEY_AUTH
static void send_msg_userauth_pubkey(sign_key *key, int type, int realsign);
/* Called when we receive a SSH_MSG_USERAUTH_FAILURE for a pubkey request.
......@@ -158,3 +159,4 @@ int cli_auth_pubkey() {
return 0;
}
}
#endif /* Pubkey auth */
......@@ -34,7 +34,7 @@ cli_runopts cli_opts; /* GLOBAL */
static void printhelp();
static void parsehostname(char* userhostarg);
#ifdef DROPBEAR_PUBKEY_AUTH
#ifdef ENABLE_CLI_PUBKEY_AUTH
static void loadidentityfile(const char* filename);
#endif
#ifdef ENABLE_CLI_ANYTCPFWD
......@@ -49,7 +49,7 @@ static void printhelp() {
"-p <remoteport>\n"
"-t Allocate a pty\n"
"-T Don't allocate a pty\n"
#ifdef DROPBEAR_PUBKEY_AUTH
#ifdef ENABLE_CLI_PUBKEY_AUTH
"-i <identityfile> (multiple allowed)\n"
#endif
#ifdef ENABLE_CLI_LOCALTCPFWD
......@@ -67,7 +67,7 @@ void cli_getopts(int argc, char ** argv) {
unsigned int i, j;
char ** next = 0;
unsigned int cmdlen;
#ifdef DROPBEAR_PUBKEY_AUTH
#ifdef ENABLE_CLI_PUBKEY_AUTH
int nextiskey = 0; /* A flag if the next argument is a keyfile */
#endif
#ifdef ENABLE_CLI_LOCALTCPFWD
......@@ -85,7 +85,7 @@ void cli_getopts(int argc, char ** argv) {
cli_opts.username = NULL;
cli_opts.cmd = NULL;
cli_opts.wantpty = 9; /* 9 means "it hasn't been touched", gets set later */
#ifdef DROPBEAR_PUBKEY_AUTH
#ifdef ENABLE_CLI_PUBKEY_AUTH
cli_opts.pubkeys = NULL;
#endif
#ifdef ENABLE_CLI_LOCALTCPFWD
......@@ -103,7 +103,7 @@ void cli_getopts(int argc, char ** argv) {
/* Iterate all the arguments */
for (i = 1; i < (unsigned int)argc; i++) {
#ifdef DROPBEAR_PUBKEY_AUTH
#ifdef ENABLE_CLI_PUBKEY_AUTH
if (nextiskey) {
/* Load a hostkey since the previous argument was "-i" */
loadidentityfile(argv[i]);
......@@ -150,7 +150,7 @@ void cli_getopts(int argc, char ** argv) {
case 'p': /* remoteport */
next = &cli_opts.remoteport;
break;
#ifdef DROPBEAR_PUBKEY_AUTH
#ifdef ENABLE_CLI_PUBKEY_AUTH
case 'i': /* an identityfile */
nextiskey = 1;
break;
......@@ -255,7 +255,7 @@ void cli_getopts(int argc, char ** argv) {
}
}
#ifdef DROPBEAR_PUBKEY_AUTH
#ifdef ENABLE_CLI_PUBKEY_AUTH
static void loadidentityfile(const char* filename) {
struct PubkeyList * nextkey;
......
......@@ -37,7 +37,7 @@ static const packettype cli_packettypes[] = {
{SSH_MSG_CHANNEL_OPEN_CONFIRMATION, recv_msg_channel_open_confirmation},
{SSH_MSG_CHANNEL_OPEN_FAILURE, recv_msg_channel_open_failure},
{SSH_MSG_USERAUTH_BANNER, recv_msg_userauth_banner}, /* client */
#ifdef DROPBEAR_PUBKEY_AUTH
#ifdef ENABLE_CLI_PUBKEY_AUTH
{SSH_MSG_USERAUTH_PK_OK, recv_msg_userauth_pk_ok}, /* client */
#endif
{0, 0} /* End */
......
......@@ -442,7 +442,7 @@ int buf_readfile(buffer* buf, const char* filename) {
* authkeys file.
* Will return DROPBEAR_SUCCESS if data is read, or DROPBEAR_FAILURE on EOF.*/
/* Only used for ~/.ssh/known_hosts and ~/.ssh/authorized_keys */
#if defined(DROPBEAR_CLIENT) || defined(DROPBEAR_PUBKEY_AUTH)
#if defined(DROPBEAR_CLIENT) || defined(ENABLE_SVR_PUBKEY_AUTH)
int buf_getline(buffer * line, FILE * authfile) {
int c = EOF;
......
......@@ -114,11 +114,11 @@
/* Authentication types to enable, at least one required.
RFC Draft requires pubkey auth, and recommends password */
#define DROPBEAR_SVR_PASSWORD_AUTH
#define DROPBEAR_SVR_PUBKEY_AUTH
#define ENABLE_SVR_PASSWORD_AUTH
#define ENABLE_SVR_PUBKEY_AUTH
#define DROPBEAR_CLI_PASSWORD_AUTH
#define DROPBEAR_CLI_PUBKEY_AUTH
#define ENABLE_CLI_PASSWORD_AUTH
#define ENABLE_CLI_PUBKEY_AUTH
/* Random device to use - you must specify _one only_.
* DEV_RANDOM is recommended on hosts with a good /dev/urandom, otherwise use
......@@ -241,7 +241,7 @@
#define DROPBEAR_COMP_ZLIB 1
/* Required for pubkey auth */
#if defined(DROPBEAR_PUBKEY_AUTH) || defined(DROPBEAR_CLIENT)
#if defined(ENABLE_SVR_PUBKEY_AUTH) || defined(DROPBEAR_CLIENT)
#define DROPBEAR_SIGNKEY_VERIFY
#endif
......@@ -320,7 +320,7 @@
#define USING_LISTENERS
#endif
#if defined(DROPBEAR_CLIENT) || defined(DROPBEAR_PUBKEY_AUTH)
#if defined(DROPBEAR_CLIENT) || defined(ENABLE_SVR_PUBKEY_AUTH)
#define DROPBEAR_KEY_LINES /* ie we're using authorized_keys or known_hosts */
#endif
......
......@@ -91,7 +91,7 @@ typedef struct cli_runopts {
char *cmd;
int wantpty;
#ifdef DROPBEAR_PUBKEY_AUTH
#ifdef ENABLE_CLI_PUBKEY_AUTH
struct PubkeyList *pubkeys; /* Keys to use for public-key auth */
#endif
#ifdef ENABLE_CLI_REMOTETCPFWD
......
......@@ -32,8 +32,6 @@
#include "ssh.h"
#include "packet.h"
#include "auth.h"
#include "authpasswd.h"
#include "authpubkey.h"
#include "runopts.h"
static void authclear();
......@@ -54,10 +52,10 @@ void svr_authinitialise() {
static void authclear() {
memset(&ses.authstate, 0, sizeof(ses.authstate));
#ifdef DROPBEAR_PUBKEY_AUTH
#ifdef ENABLE_SVR_PUBKEY_AUTH
ses.authstate.authtypes |= AUTH_TYPE_PUBKEY;
#endif
#ifdef DROPBEAR_PASSWORD_AUTH
#ifdef ENABLE_SVR_PASSWORD_AUTH
if (!svr_opts.noauthpass) {
ses.authstate.authtypes |= AUTH_TYPE_PASSWORD;
}
......@@ -143,7 +141,7 @@ void recv_msg_userauth_request() {
goto out;
}
#ifdef DROPBEAR_PASSWORD_AUTH
#ifdef ENABLE_SVR_PASSWORD_AUTH
if (!svr_opts.noauthpass &&
!(svr_opts.norootpass && ses.authstate.pw->pw_uid == 0) ) {
/* user wants to try password auth */
......@@ -156,7 +154,7 @@ void recv_msg_userauth_request() {
}
#endif
#ifdef DROPBEAR_PUBKEY_AUTH
#ifdef ENABLE_SVR_PUBKEY_AUTH
/* user wants to try pubkey auth */
if (methodlen == AUTH_METHOD_PUBKEY_LEN &&
strncmp(methodname, AUTH_METHOD_PUBKEY,
......
......@@ -29,9 +29,8 @@
#include "buffer.h"
#include "dbutil.h"
#include "auth.h"
#include "authpasswd.h"
#ifdef DROPBEAR_PASSWORD_AUTH
#ifdef ENABLE_SVR_PASSWORD_AUTH
/* Process a password auth request, sending success or failure messages as
* appropriate */
......@@ -105,4 +104,4 @@ void svr_auth_password() {
}
#endif /* DROPBEAR_PASSWORD_AUTH */
#endif
......@@ -30,12 +30,11 @@
#include "buffer.h"
#include "signkey.h"
#include "auth.h"
#include "authpubkey.h"
#include "ssh.h"
#include "packet.h"
#include "algo.h"
#ifdef DROPBEAR_PUBKEY_AUTH
#ifdef ENABLE_SVR_PUBKEY_AUTH
#define MIN_AUTHKEYS_LINE 10 /* "ssh-rsa AB" - short but doesn't matter */
#define MAX_AUTHKEYS_LINE 4200 /* max length of a line in authkeys */
......@@ -336,4 +335,4 @@ static int checkfileperm(char * filename) {
}
#endif /* DROPBEAR_PUBKEY_AUTH */
#endif
......@@ -61,7 +61,7 @@ static void printhelp(const char * progname) {
"-m Don't display the motd on login\n"
#endif
"-w Disallow root logins\n"
#ifdef DROPBEAR_PASSWORD_AUTH
#ifdef ENABLE_SVR_PASSWORD_AUTH
"-s Disable password logins\n"
"-g Disable password logins for root\n"
#endif
......@@ -174,7 +174,7 @@ void svr_getopts(int argc, char ** argv) {
case 'w':
svr_opts.norootlogin = 1;
break;
#ifdef DROPBEAR_PASSWORD_AUTH
#ifdef ENABLE_SVR_PASSWORD_AUTH
case 's':
svr_opts.noauthpass = 1;
break;
......
......@@ -35,8 +35,7 @@
#include "channel.h"
#include "chansession.h"
#include "atomicio.h"
#include "tcp-accept.h"
#include "tcp-connect.h"
#include "tcpfwd.h"
#include "service.h"
#include "auth.h"
#include "runopts.h"
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment