Mercurial > dropbear
annotate dbutil.h @ 1928:333688ec53d0
Handle ecdsa-sk flags, reject no-touch
For the time being Dropbear will only allow SK auth with default
parameters, user-presence needs to be set.
In future handling of authorized_keys option "no-touch-required" can be
added.
This code would also be refactored to share between ecdsa and ed25519
once I get hardware/emulation to test ed25519.
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Wed, 30 Mar 2022 21:06:15 +0800 |
parents | 180e580778df |
children | 83b6a47759a8 |
rev | line source |
---|---|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1 /* |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
2 * Dropbear - a SSH2 server |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
3 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
4 * Copyright (c) 2002,2003 Matt Johnston |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
5 * All rights reserved. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
6 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
7 * Permission is hereby granted, free of charge, to any person obtaining a copy |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
8 * of this software and associated documentation files (the "Software"), to deal |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
9 * in the Software without restriction, including without limitation the rights |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
11 * copies of the Software, and to permit persons to whom the Software is |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
12 * furnished to do so, subject to the following conditions: |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
13 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
14 * The above copyright notice and this permission notice shall be included in |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
15 * all copies or substantial portions of the Software. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
16 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
20 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
23 * SOFTWARE. */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
24 |
1036
deed0571cacc
DROPBEAR_ prefix for include guards to avoid collisions
Thorsten Horstmann <thorsten.horstmann@web.de>
parents:
1022
diff
changeset
|
25 #ifndef DROPBEAR_DBUTIL_H_ |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
26 |
1036
deed0571cacc
DROPBEAR_ prefix for include guards to avoid collisions
Thorsten Horstmann <thorsten.horstmann@web.de>
parents:
1022
diff
changeset
|
27 #define DROPBEAR_DBUTIL_H_ |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
28 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
29 #include "includes.h" |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
30 #include "buffer.h" |
1027
daf21fd50abf
In theory TFO should work. Needs platform cleanup and testing
Matt Johnston <matt@ucc.asn.au>
parents:
1025
diff
changeset
|
31 #include "queue.h" |
1283
3017bc7d6238
move m_burn and function attributes to dbhelpers
Matt Johnston <matt@ucc.asn.au>
parents:
1276
diff
changeset
|
32 #include "dbhelpers.h" |
1361
f9f930e1a516
add dbmalloc epoch cleanup
Matt Johnston <matt@ucc.asn.au>
parents:
1343
diff
changeset
|
33 #include "dbmalloc.h" |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
34 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
35 #ifndef DISABLE_SYSLOG |
1211
6ecc133fb2ee
Allow setting syslog identifier via startsyslog().
Konstantin Tokarev <ktokarev@smartlabs.tv>
parents:
1135
diff
changeset
|
36 void startsyslog(const char *ident); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
37 #endif |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
38 |
614
00eca37e47e8
Add noreturn and format attribute hints for some functions.
Matt Johnston <matt@ucc.asn.au>
parents:
568
diff
changeset
|
39 extern void (*_dropbear_exit)(int exitcode, const char* format, va_list param) ATTRIB_NORETURN; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
40 extern void (*_dropbear_log)(int priority, const char* format, va_list param); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
41 |
614
00eca37e47e8
Add noreturn and format attribute hints for some functions.
Matt Johnston <matt@ucc.asn.au>
parents:
568
diff
changeset
|
42 void dropbear_exit(const char* format, ...) ATTRIB_PRINTF(1,2) ATTRIB_NORETURN; |
00eca37e47e8
Add noreturn and format attribute hints for some functions.
Matt Johnston <matt@ucc.asn.au>
parents:
568
diff
changeset
|
43 |
00eca37e47e8
Add noreturn and format attribute hints for some functions.
Matt Johnston <matt@ucc.asn.au>
parents:
568
diff
changeset
|
44 void dropbear_close(const char* format, ...) ATTRIB_PRINTF(1,2) ; |
00eca37e47e8
Add noreturn and format attribute hints for some functions.
Matt Johnston <matt@ucc.asn.au>
parents:
568
diff
changeset
|
45 void dropbear_log(int priority, const char* format, ...) ATTRIB_PRINTF(2,3) ; |
00eca37e47e8
Add noreturn and format attribute hints for some functions.
Matt Johnston <matt@ucc.asn.au>
parents:
568
diff
changeset
|
46 |
00eca37e47e8
Add noreturn and format attribute hints for some functions.
Matt Johnston <matt@ucc.asn.au>
parents:
568
diff
changeset
|
47 void fail_assert(const char* expr, const char* file, int line) ATTRIB_NORETURN; |
00eca37e47e8
Add noreturn and format attribute hints for some functions.
Matt Johnston <matt@ucc.asn.au>
parents:
568
diff
changeset
|
48 |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1283
diff
changeset
|
49 #if DEBUG_TRACE |
1893
180e580778df
Added DEBUG1,DEBUG2,DEBUG3 to separate functions while keeping TRACE and TRACE2.
HansH111 <hans@atbas.org>
parents:
1870
diff
changeset
|
50 void dropbear_trace1(const char* format, ...) ATTRIB_PRINTF(1,2); |
731
9a5438271556
Move the more verbose TRACE() statements into TRACE2()
Matt Johnston <matt@ucc.asn.au>
parents:
650
diff
changeset
|
51 void dropbear_trace2(const char* format, ...) ATTRIB_PRINTF(1,2); |
1893
180e580778df
Added DEBUG1,DEBUG2,DEBUG3 to separate functions while keeping TRACE and TRACE2.
HansH111 <hans@atbas.org>
parents:
1870
diff
changeset
|
52 void dropbear_trace3(const char* format, ...) ATTRIB_PRINTF(1,2); |
180e580778df
Added DEBUG1,DEBUG2,DEBUG3 to separate functions while keeping TRACE and TRACE2.
HansH111 <hans@atbas.org>
parents:
1870
diff
changeset
|
53 void dropbear_trace4(const char* format, ...) ATTRIB_PRINTF(1,2); |
180e580778df
Added DEBUG1,DEBUG2,DEBUG3 to separate functions while keeping TRACE and TRACE2.
HansH111 <hans@atbas.org>
parents:
1870
diff
changeset
|
54 void dropbear_trace5(const char* format, ...) ATTRIB_PRINTF(1,2); |
198
65585699d980
* add a "label" argument to printhex()
Matt Johnston <matt@ucc.asn.au>
parents:
109
diff
changeset
|
55 void printhex(const char * label, const unsigned char * buf, int len); |
764
2202e854d187
add printmpint() for debugging
Matt Johnston <matt@ucc.asn.au>
parents:
650
diff
changeset
|
56 void printmpint(const char *label, mp_int *mp); |
1276
9169e4e7cbee
fix empty C prototypes
Francois Perrad <francois.perrad@gadz.org>
parents:
1211
diff
changeset
|
57 void debug_start_net(void); |
94
c85c88500ea6
DEBUG_TRACE now only triggers with -v on the cmdline
Matt Johnston <matt@ucc.asn.au>
parents:
62
diff
changeset
|
58 extern int debug_trace; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
59 #endif |
614
00eca37e47e8
Add noreturn and format attribute hints for some functions.
Matt Johnston <matt@ucc.asn.au>
parents:
568
diff
changeset
|
60 |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
61 char * stripcontrol(const char * text); |
871
aa689d140928
- Sockets are set to lowdelay priority initially to improve conneciton setup
Matt Johnston <matt@ucc.asn.au>
parents:
870
diff
changeset
|
62 |
1460
58a74cb829b8
Pointer parameter could be declared as pointing to const (callback)
Francois Perrad <francois.perrad@gadz.org>
parents:
1343
diff
changeset
|
63 int spawn_command(void(*exec_fn)(const void *user_data), const void *exec_data, |
481
357a2e2e9bcc
- Generalise spawn_command function
Matt Johnston <matt@ucc.asn.au>
parents:
425
diff
changeset
|
64 int *writefd, int *readfd, int *errfd, pid_t *pid); |
482
7ad49f34a122
- Add run_shell_command() function to run a "sh -c" command, handling
Matt Johnston <matt@ucc.asn.au>
parents:
481
diff
changeset
|
65 void run_shell_command(const char* cmd, unsigned int maxfd, char* usershell); |
1499
2d450c1056e3
options: Complete the transition to numeric toggles (`#if')
Michael Witten <mfwitten@gmail.com>
parents:
1460
diff
changeset
|
66 #if ENABLE_CONNECT_UNIX |
225
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
198
diff
changeset
|
67 int connect_unix(const char* addr); |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
198
diff
changeset
|
68 #endif |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
69 int buf_readfile(buffer* buf, const char* filename); |
52
c8fcd4841956
Forgot dbutil.h with the last commit (added buf_get_line)
Matt Johnston <matt@ucc.asn.au>
parents:
26
diff
changeset
|
70 int buf_getline(buffer * line, FILE * authfile); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
71 |
277
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
241
diff
changeset
|
72 void m_close(int fd); |
109
2e9d1f29c50f
merge of 50be59810e462f9f44f55e421227d6aa0b31982b
Matt Johnston <matt@ucc.asn.au>
parents:
94
diff
changeset
|
73 void setnonblocking(int fd); |
1276
9169e4e7cbee
fix empty C prototypes
Francois Perrad <francois.perrad@gadz.org>
parents:
1211
diff
changeset
|
74 void disallow_core(void); |
492
b956d6151600
Replace calls to strtoul() with a helper m_str_to_uint()
Matt Johnston <matt@ucc.asn.au>
parents:
482
diff
changeset
|
75 int m_str_to_uint(const char* str, unsigned int *val); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
76 |
26 | 77 /* Used to force mp_ints to be initialised */ |
78 #define DEF_MP_INT(X) mp_int X = {0, 0, 0, NULL} | |
79 | |
241
c5d3ef11155f
* use own assertions which should get logged properly
Matt Johnston <matt@ucc.asn.au>
parents:
198
diff
changeset
|
80 /* Dropbear assertion */ |
c5d3ef11155f
* use own assertions which should get logged properly
Matt Johnston <matt@ucc.asn.au>
parents:
198
diff
changeset
|
81 #define dropbear_assert(X) do { if (!(X)) { fail_assert(#X, __FILE__, __LINE__); } } while (0) |
c5d3ef11155f
* use own assertions which should get logged properly
Matt Johnston <matt@ucc.asn.au>
parents:
198
diff
changeset
|
82 |
817
a625f9e135a4
Constant time memcmp for the hmac and password crypt
Matt Johnston <matt@ucc.asn.au>
parents:
744
diff
changeset
|
83 /* Returns 0 if a and b have the same contents */ |
a625f9e135a4
Constant time memcmp for the hmac and password crypt
Matt Johnston <matt@ucc.asn.au>
parents:
744
diff
changeset
|
84 int constant_time_memcmp(const void* a, const void *b, size_t n); |
a625f9e135a4
Constant time memcmp for the hmac and password crypt
Matt Johnston <matt@ucc.asn.au>
parents:
744
diff
changeset
|
85 |
928
7cd89d4e0335
Add new monotonic_now() wrapper so that timeouts are unaffected by
Matt Johnston <matt@ucc.asn.au>
parents:
871
diff
changeset
|
86 /* Returns a time in seconds that doesn't go backwards - does not correspond to |
7cd89d4e0335
Add new monotonic_now() wrapper so that timeouts are unaffected by
Matt Johnston <matt@ucc.asn.au>
parents:
871
diff
changeset
|
87 a real-world clock */ |
1276
9169e4e7cbee
fix empty C prototypes
Francois Perrad <francois.perrad@gadz.org>
parents:
1211
diff
changeset
|
88 time_t monotonic_now(void); |
1622
e11ed628708b
- Add adaptive authentication failure delay
Matt Johnston <matt@ucc.asn.au>
parents:
1596
diff
changeset
|
89 /* Higher resolution clock_gettime(CLOCK_MONOTONIC) wrapper */ |
e11ed628708b
- Add adaptive authentication failure delay
Matt Johnston <matt@ucc.asn.au>
parents:
1596
diff
changeset
|
90 void gettime_wrapper(struct timespec *now); |
928
7cd89d4e0335
Add new monotonic_now() wrapper so that timeouts are unaffected by
Matt Johnston <matt@ucc.asn.au>
parents:
871
diff
changeset
|
91 |
1134
36557295418e
change DROPBEAR_DEFAULT_CLI_AUTHKEY to just prepend homedir
Matt Johnston <matt@ucc.asn.au>
parents:
1049
diff
changeset
|
92 char * expand_homedir_path(const char *inpath); |
928
7cd89d4e0335
Add new monotonic_now() wrapper so that timeouts are unaffected by
Matt Johnston <matt@ucc.asn.au>
parents:
871
diff
changeset
|
93 |
1329
185c14fa504d
Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents:
1295
diff
changeset
|
94 void fsync_parent_dir(const char* fn); |
185c14fa504d
Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents:
1295
diff
changeset
|
95 |
1835
90ac15aeac43
Bring back recently removed channel->flushing
Matt Johnston <matt@codeconstruct.com.au>
parents:
1622
diff
changeset
|
96 int fd_read_pending(int fd); |
90ac15aeac43
Bring back recently removed channel->flushing
Matt Johnston <matt@codeconstruct.com.au>
parents:
1622
diff
changeset
|
97 |
1596
60fceff95858
workaround memory sanitizer FD_ZERO false positives
Matt Johnston <matt@ucc.asn.au>
parents:
1511
diff
changeset
|
98 #if DROPBEAR_MSAN |
60fceff95858
workaround memory sanitizer FD_ZERO false positives
Matt Johnston <matt@ucc.asn.au>
parents:
1511
diff
changeset
|
99 /* FD_ZERO seems to leave some memory uninitialized. clear it to avoid false positives */ |
60fceff95858
workaround memory sanitizer FD_ZERO false positives
Matt Johnston <matt@ucc.asn.au>
parents:
1511
diff
changeset
|
100 #define DROPBEAR_FD_ZERO(fds) do { memset((fds), 0x0, sizeof(fd_set)); FD_ZERO(fds); } while(0) |
60fceff95858
workaround memory sanitizer FD_ZERO false positives
Matt Johnston <matt@ucc.asn.au>
parents:
1511
diff
changeset
|
101 #else |
60fceff95858
workaround memory sanitizer FD_ZERO false positives
Matt Johnston <matt@ucc.asn.au>
parents:
1511
diff
changeset
|
102 #define DROPBEAR_FD_ZERO(fds) FD_ZERO(fds) |
60fceff95858
workaround memory sanitizer FD_ZERO false positives
Matt Johnston <matt@ucc.asn.au>
parents:
1511
diff
changeset
|
103 #endif |
60fceff95858
workaround memory sanitizer FD_ZERO false positives
Matt Johnston <matt@ucc.asn.au>
parents:
1511
diff
changeset
|
104 |
1870
0dcc5b0d93fa
Make re-exec work with "dropbearmulti dropbear"
Matt Johnston <matt@ucc.asn.au>
parents:
1835
diff
changeset
|
105 /* dropbearmulti entry points */ |
0dcc5b0d93fa
Make re-exec work with "dropbearmulti dropbear"
Matt Johnston <matt@ucc.asn.au>
parents:
1835
diff
changeset
|
106 int dropbear_main(int argc, char ** argv, const char * multipath); |
0dcc5b0d93fa
Make re-exec work with "dropbearmulti dropbear"
Matt Johnston <matt@ucc.asn.au>
parents:
1835
diff
changeset
|
107 int cli_main(int argc, char ** argv); |
0dcc5b0d93fa
Make re-exec work with "dropbearmulti dropbear"
Matt Johnston <matt@ucc.asn.au>
parents:
1835
diff
changeset
|
108 int dropbearkey_main(int argc, char ** argv); |
0dcc5b0d93fa
Make re-exec work with "dropbearmulti dropbear"
Matt Johnston <matt@ucc.asn.au>
parents:
1835
diff
changeset
|
109 int dropbearconvert_main(int argc, char ** argv); |
0dcc5b0d93fa
Make re-exec work with "dropbearmulti dropbear"
Matt Johnston <matt@ucc.asn.au>
parents:
1835
diff
changeset
|
110 int scp_main(int argc, char ** argv); |
0dcc5b0d93fa
Make re-exec work with "dropbearmulti dropbear"
Matt Johnston <matt@ucc.asn.au>
parents:
1835
diff
changeset
|
111 |
0dcc5b0d93fa
Make re-exec work with "dropbearmulti dropbear"
Matt Johnston <matt@ucc.asn.au>
parents:
1835
diff
changeset
|
112 |
1036
deed0571cacc
DROPBEAR_ prefix for include guards to avoid collisions
Thorsten Horstmann <thorsten.horstmann@web.de>
parents:
1022
diff
changeset
|
113 #endif /* DROPBEAR_DBUTIL_H_ */ |