Mercurial > dropbear
annotate dbutil.c @ 994:5c5ade336926
Prefer stronger algorithms in algorithm negotiation.
Prefer diffie-hellman-group14-sha1 (2048 bit) over
diffie-hellman-group1-sha1 (1024 bit).
Due to meet-in-the-middle attacks the effective key length of
three key 3DES is 112 bits. AES is stronger and faster then 3DES.
Prefer to delay the start of compression until after authentication
has completed. This avoids exposing compression code to attacks
from unauthenticated users.
(github pull request #9)
author | Fedor Brunner <fedor.brunner@azet.sk> |
---|---|
date | Fri, 23 Jan 2015 23:00:25 +0800 |
parents | db9fa5971d24 |
children | 6fb4c010c448 |
rev | line source |
---|---|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1 /* |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
2 * Dropbear - a SSH2 server |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
3 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
4 * Copyright (c) 2002,2003 Matt Johnston |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
5 * All rights reserved. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
6 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
7 * Permission is hereby granted, free of charge, to any person obtaining a copy |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
8 * of this software and associated documentation files (the "Software"), to deal |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
9 * in the Software without restriction, including without limitation the rights |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
11 * copies of the Software, and to permit persons to whom the Software is |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
12 * furnished to do so, subject to the following conditions: |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
13 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
14 * The above copyright notice and this permission notice shall be included in |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
15 * all copies or substantial portions of the Software. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
16 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
20 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
23 * SOFTWARE. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
24 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
25 * strlcat() is copyright as follows: |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
26 * Copyright (c) 1998 Todd C. Miller <[email protected]> |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
27 * All rights reserved. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
28 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
29 * Redistribution and use in source and binary forms, with or without |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
30 * modification, are permitted provided that the following conditions |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
31 * are met: |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
32 * 1. Redistributions of source code must retain the above copyright |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
33 * notice, this list of conditions and the following disclaimer. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
34 * 2. Redistributions in binary form must reproduce the above copyright |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
35 * notice, this list of conditions and the following disclaimer in the |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
36 * documentation and/or other materials provided with the distribution. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
37 * 3. The name of the author may not be used to endorse or promote products |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
38 * derived from this software without specific prior written permission. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
39 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
40 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
41 * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
42 * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
43 * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
44 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
45 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
46 * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
47 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
48 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
49 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
50 |
928
7cd89d4e0335
Add new monotonic_now() wrapper so that timeouts are unaffected by
Matt Johnston <matt@ucc.asn.au>
parents:
883
diff
changeset
|
51 #include "config.h" |
7cd89d4e0335
Add new monotonic_now() wrapper so that timeouts are unaffected by
Matt Johnston <matt@ucc.asn.au>
parents:
883
diff
changeset
|
52 |
7cd89d4e0335
Add new monotonic_now() wrapper so that timeouts are unaffected by
Matt Johnston <matt@ucc.asn.au>
parents:
883
diff
changeset
|
53 #ifdef __linux__ |
7cd89d4e0335
Add new monotonic_now() wrapper so that timeouts are unaffected by
Matt Johnston <matt@ucc.asn.au>
parents:
883
diff
changeset
|
54 #define _GNU_SOURCE |
7cd89d4e0335
Add new monotonic_now() wrapper so that timeouts are unaffected by
Matt Johnston <matt@ucc.asn.au>
parents:
883
diff
changeset
|
55 /* To call clock_gettime() directly */ |
7cd89d4e0335
Add new monotonic_now() wrapper so that timeouts are unaffected by
Matt Johnston <matt@ucc.asn.au>
parents:
883
diff
changeset
|
56 #include <sys/syscall.h> |
7cd89d4e0335
Add new monotonic_now() wrapper so that timeouts are unaffected by
Matt Johnston <matt@ucc.asn.au>
parents:
883
diff
changeset
|
57 #endif /* __linux */ |
7cd89d4e0335
Add new monotonic_now() wrapper so that timeouts are unaffected by
Matt Johnston <matt@ucc.asn.au>
parents:
883
diff
changeset
|
58 |
7cd89d4e0335
Add new monotonic_now() wrapper so that timeouts are unaffected by
Matt Johnston <matt@ucc.asn.au>
parents:
883
diff
changeset
|
59 #ifdef HAVE_MACH_MACH_TIME_H |
7cd89d4e0335
Add new monotonic_now() wrapper so that timeouts are unaffected by
Matt Johnston <matt@ucc.asn.au>
parents:
883
diff
changeset
|
60 #include <mach/mach_time.h> |
7cd89d4e0335
Add new monotonic_now() wrapper so that timeouts are unaffected by
Matt Johnston <matt@ucc.asn.au>
parents:
883
diff
changeset
|
61 #include <mach/mach.h> |
7cd89d4e0335
Add new monotonic_now() wrapper so that timeouts are unaffected by
Matt Johnston <matt@ucc.asn.au>
parents:
883
diff
changeset
|
62 #endif |
7cd89d4e0335
Add new monotonic_now() wrapper so that timeouts are unaffected by
Matt Johnston <matt@ucc.asn.au>
parents:
883
diff
changeset
|
63 |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
64 #include "includes.h" |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
65 #include "dbutil.h" |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
66 #include "buffer.h" |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
67 #include "session.h" |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
68 #include "atomicio.h" |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
69 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
70 #define MAX_FMT 100 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
71 |
73
0bf5cebe622c
Dropbearkey can now print out pubkey portions
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
72 static void generic_dropbear_exit(int exitcode, const char* format, |
614
00eca37e47e8
Add noreturn and format attribute hints for some functions.
Matt Johnston <matt@ucc.asn.au>
parents:
594
diff
changeset
|
73 va_list param) ATTRIB_NORETURN; |
73
0bf5cebe622c
Dropbearkey can now print out pubkey portions
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
74 static void generic_dropbear_log(int priority, const char* format, |
0bf5cebe622c
Dropbearkey can now print out pubkey portions
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
75 va_list param); |
0bf5cebe622c
Dropbearkey can now print out pubkey portions
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
76 |
614
00eca37e47e8
Add noreturn and format attribute hints for some functions.
Matt Johnston <matt@ucc.asn.au>
parents:
594
diff
changeset
|
77 void (*_dropbear_exit)(int exitcode, const char* format, va_list param) ATTRIB_NORETURN |
73
0bf5cebe622c
Dropbearkey can now print out pubkey portions
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
78 = generic_dropbear_exit; |
0bf5cebe622c
Dropbearkey can now print out pubkey portions
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
79 void (*_dropbear_log)(int priority, const char* format, va_list param) |
0bf5cebe622c
Dropbearkey can now print out pubkey portions
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
80 = generic_dropbear_log; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
81 |
94
c85c88500ea6
DEBUG_TRACE now only triggers with -v on the cmdline
Matt Johnston <matt@ucc.asn.au>
parents:
73
diff
changeset
|
82 #ifdef DEBUG_TRACE |
c85c88500ea6
DEBUG_TRACE now only triggers with -v on the cmdline
Matt Johnston <matt@ucc.asn.au>
parents:
73
diff
changeset
|
83 int debug_trace = 0; |
c85c88500ea6
DEBUG_TRACE now only triggers with -v on the cmdline
Matt Johnston <matt@ucc.asn.au>
parents:
73
diff
changeset
|
84 #endif |
c85c88500ea6
DEBUG_TRACE now only triggers with -v on the cmdline
Matt Johnston <matt@ucc.asn.au>
parents:
73
diff
changeset
|
85 |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
86 #ifndef DISABLE_SYSLOG |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
87 void startsyslog() { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
88 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
89 openlog(PROGNAME, LOG_PID, LOG_AUTHPRIV); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
90 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
91 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
92 #endif /* DISABLE_SYSLOG */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
93 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
94 /* the "format" string must be <= 100 characters */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
95 void dropbear_close(const char* format, ...) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
96 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
97 va_list param; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
98 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
99 va_start(param, format); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
100 _dropbear_exit(EXIT_SUCCESS, format, param); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
101 va_end(param); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
102 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
103 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
104 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
105 void dropbear_exit(const char* format, ...) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
106 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
107 va_list param; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
108 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
109 va_start(param, format); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
110 _dropbear_exit(EXIT_FAILURE, format, param); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
111 va_end(param); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
112 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
113 |
73
0bf5cebe622c
Dropbearkey can now print out pubkey portions
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
114 static void generic_dropbear_exit(int exitcode, const char* format, |
0bf5cebe622c
Dropbearkey can now print out pubkey portions
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
115 va_list param) { |
0bf5cebe622c
Dropbearkey can now print out pubkey portions
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
116 |
0bf5cebe622c
Dropbearkey can now print out pubkey portions
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
117 char fmtbuf[300]; |
0bf5cebe622c
Dropbearkey can now print out pubkey portions
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
118 |
0bf5cebe622c
Dropbearkey can now print out pubkey portions
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
119 snprintf(fmtbuf, sizeof(fmtbuf), "Exited: %s", format); |
0bf5cebe622c
Dropbearkey can now print out pubkey portions
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
120 |
0bf5cebe622c
Dropbearkey can now print out pubkey portions
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
121 _dropbear_log(LOG_INFO, fmtbuf, param); |
0bf5cebe622c
Dropbearkey can now print out pubkey portions
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
122 |
0bf5cebe622c
Dropbearkey can now print out pubkey portions
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
123 exit(exitcode); |
0bf5cebe622c
Dropbearkey can now print out pubkey portions
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
124 } |
0bf5cebe622c
Dropbearkey can now print out pubkey portions
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
125 |
241
c5d3ef11155f
* use own assertions which should get logged properly
Matt Johnston <matt@ucc.asn.au>
parents:
198
diff
changeset
|
126 void fail_assert(const char* expr, const char* file, int line) { |
594
a98a2138364a
Improve capitalisation for all logged strings
Matt Johnston <matt@ucc.asn.au>
parents:
568
diff
changeset
|
127 dropbear_exit("Failed assertion (%s:%d): `%s'", file, line, expr); |
241
c5d3ef11155f
* use own assertions which should get logged properly
Matt Johnston <matt@ucc.asn.au>
parents:
198
diff
changeset
|
128 } |
c5d3ef11155f
* use own assertions which should get logged properly
Matt Johnston <matt@ucc.asn.au>
parents:
198
diff
changeset
|
129 |
108
10f4d3319780
- added circular buffering for channels
Matt Johnston <matt@ucc.asn.au>
parents:
107
diff
changeset
|
130 static void generic_dropbear_log(int UNUSED(priority), const char* format, |
73
0bf5cebe622c
Dropbearkey can now print out pubkey portions
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
131 va_list param) { |
0bf5cebe622c
Dropbearkey can now print out pubkey portions
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
132 |
0bf5cebe622c
Dropbearkey can now print out pubkey portions
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
133 char printbuf[1024]; |
0bf5cebe622c
Dropbearkey can now print out pubkey portions
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
134 |
0bf5cebe622c
Dropbearkey can now print out pubkey portions
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
135 vsnprintf(printbuf, sizeof(printbuf), format, param); |
0bf5cebe622c
Dropbearkey can now print out pubkey portions
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
136 |
0bf5cebe622c
Dropbearkey can now print out pubkey portions
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
137 fprintf(stderr, "%s\n", printbuf); |
0bf5cebe622c
Dropbearkey can now print out pubkey portions
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
138 |
0bf5cebe622c
Dropbearkey can now print out pubkey portions
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
139 } |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
140 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
141 /* this is what can be called to write arbitrary log messages */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
142 void dropbear_log(int priority, const char* format, ...) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
143 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
144 va_list param; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
145 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
146 va_start(param, format); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
147 _dropbear_log(priority, format, param); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
148 va_end(param); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
149 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
150 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
151 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
152 #ifdef DEBUG_TRACE |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
153 void dropbear_trace(const char* format, ...) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
154 va_list param; |
753
d63ef1e211ea
Take transmit and receive keys into use separately
Matt Johnston <matt@ucc.asn.au>
parents:
731
diff
changeset
|
155 struct timeval tv; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
156 |
94
c85c88500ea6
DEBUG_TRACE now only triggers with -v on the cmdline
Matt Johnston <matt@ucc.asn.au>
parents:
73
diff
changeset
|
157 if (!debug_trace) { |
c85c88500ea6
DEBUG_TRACE now only triggers with -v on the cmdline
Matt Johnston <matt@ucc.asn.au>
parents:
73
diff
changeset
|
158 return; |
c85c88500ea6
DEBUG_TRACE now only triggers with -v on the cmdline
Matt Johnston <matt@ucc.asn.au>
parents:
73
diff
changeset
|
159 } |
c85c88500ea6
DEBUG_TRACE now only triggers with -v on the cmdline
Matt Johnston <matt@ucc.asn.au>
parents:
73
diff
changeset
|
160 |
753
d63ef1e211ea
Take transmit and receive keys into use separately
Matt Johnston <matt@ucc.asn.au>
parents:
731
diff
changeset
|
161 gettimeofday(&tv, NULL); |
d63ef1e211ea
Take transmit and receive keys into use separately
Matt Johnston <matt@ucc.asn.au>
parents:
731
diff
changeset
|
162 |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
163 va_start(param, format); |
953
356a25a108a3
Fix some format string warnings
Matt Johnston <matt@ucc.asn.au>
parents:
952
diff
changeset
|
164 fprintf(stderr, "TRACE (%d) %d.%d: ", getpid(), (int)tv.tv_sec, (int)tv.tv_usec); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
165 vfprintf(stderr, format, param); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
166 fprintf(stderr, "\n"); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
167 va_end(param); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
168 } |
753
d63ef1e211ea
Take transmit and receive keys into use separately
Matt Johnston <matt@ucc.asn.au>
parents:
731
diff
changeset
|
169 |
731
9a5438271556
Move the more verbose TRACE() statements into TRACE2()
Matt Johnston <matt@ucc.asn.au>
parents:
667
diff
changeset
|
170 void dropbear_trace2(const char* format, ...) { |
753
d63ef1e211ea
Take transmit and receive keys into use separately
Matt Johnston <matt@ucc.asn.au>
parents:
731
diff
changeset
|
171 static int trace_env = -1; |
731
9a5438271556
Move the more verbose TRACE() statements into TRACE2()
Matt Johnston <matt@ucc.asn.au>
parents:
667
diff
changeset
|
172 va_list param; |
753
d63ef1e211ea
Take transmit and receive keys into use separately
Matt Johnston <matt@ucc.asn.au>
parents:
731
diff
changeset
|
173 struct timeval tv; |
731
9a5438271556
Move the more verbose TRACE() statements into TRACE2()
Matt Johnston <matt@ucc.asn.au>
parents:
667
diff
changeset
|
174 |
753
d63ef1e211ea
Take transmit and receive keys into use separately
Matt Johnston <matt@ucc.asn.au>
parents:
731
diff
changeset
|
175 if (trace_env == -1) { |
d63ef1e211ea
Take transmit and receive keys into use separately
Matt Johnston <matt@ucc.asn.au>
parents:
731
diff
changeset
|
176 trace_env = getenv("DROPBEAR_TRACE2") ? 1 : 0; |
d63ef1e211ea
Take transmit and receive keys into use separately
Matt Johnston <matt@ucc.asn.au>
parents:
731
diff
changeset
|
177 } |
d63ef1e211ea
Take transmit and receive keys into use separately
Matt Johnston <matt@ucc.asn.au>
parents:
731
diff
changeset
|
178 |
d63ef1e211ea
Take transmit and receive keys into use separately
Matt Johnston <matt@ucc.asn.au>
parents:
731
diff
changeset
|
179 if (!(debug_trace && trace_env)) { |
731
9a5438271556
Move the more verbose TRACE() statements into TRACE2()
Matt Johnston <matt@ucc.asn.au>
parents:
667
diff
changeset
|
180 return; |
9a5438271556
Move the more verbose TRACE() statements into TRACE2()
Matt Johnston <matt@ucc.asn.au>
parents:
667
diff
changeset
|
181 } |
9a5438271556
Move the more verbose TRACE() statements into TRACE2()
Matt Johnston <matt@ucc.asn.au>
parents:
667
diff
changeset
|
182 |
753
d63ef1e211ea
Take transmit and receive keys into use separately
Matt Johnston <matt@ucc.asn.au>
parents:
731
diff
changeset
|
183 gettimeofday(&tv, NULL); |
d63ef1e211ea
Take transmit and receive keys into use separately
Matt Johnston <matt@ucc.asn.au>
parents:
731
diff
changeset
|
184 |
731
9a5438271556
Move the more verbose TRACE() statements into TRACE2()
Matt Johnston <matt@ucc.asn.au>
parents:
667
diff
changeset
|
185 va_start(param, format); |
953
356a25a108a3
Fix some format string warnings
Matt Johnston <matt@ucc.asn.au>
parents:
952
diff
changeset
|
186 fprintf(stderr, "TRACE2 (%d) %d.%d: ", getpid(), (int)tv.tv_sec, (int)tv.tv_usec); |
731
9a5438271556
Move the more verbose TRACE() statements into TRACE2()
Matt Johnston <matt@ucc.asn.au>
parents:
667
diff
changeset
|
187 vfprintf(stderr, format, param); |
9a5438271556
Move the more verbose TRACE() statements into TRACE2()
Matt Johnston <matt@ucc.asn.au>
parents:
667
diff
changeset
|
188 fprintf(stderr, "\n"); |
9a5438271556
Move the more verbose TRACE() statements into TRACE2()
Matt Johnston <matt@ucc.asn.au>
parents:
667
diff
changeset
|
189 va_end(param); |
9a5438271556
Move the more verbose TRACE() statements into TRACE2()
Matt Johnston <matt@ucc.asn.au>
parents:
667
diff
changeset
|
190 } |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
191 #endif /* DEBUG_TRACE */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
192 |
870
80af450dae76
Set IPTOS_LOWDELAY on PTY sessions only
Catalin Patulea <cat@vv.carleton.ca>
parents:
864
diff
changeset
|
193 void set_sock_nodelay(int sock) { |
251
b02e8eef3c3a
- new function to set "low delay" for a packet, set the ip TOS bit
Matt Johnston <matt@ucc.asn.au>
parents:
242
diff
changeset
|
194 int val; |
b02e8eef3c3a
- new function to set "low delay" for a packet, set the ip TOS bit
Matt Johnston <matt@ucc.asn.au>
parents:
242
diff
changeset
|
195 |
b02e8eef3c3a
- new function to set "low delay" for a packet, set the ip TOS bit
Matt Johnston <matt@ucc.asn.au>
parents:
242
diff
changeset
|
196 /* disable nagle */ |
b02e8eef3c3a
- new function to set "low delay" for a packet, set the ip TOS bit
Matt Johnston <matt@ucc.asn.au>
parents:
242
diff
changeset
|
197 val = 1; |
b02e8eef3c3a
- new function to set "low delay" for a packet, set the ip TOS bit
Matt Johnston <matt@ucc.asn.au>
parents:
242
diff
changeset
|
198 setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, (void*)&val, sizeof(val)); |
870
80af450dae76
Set IPTOS_LOWDELAY on PTY sessions only
Catalin Patulea <cat@vv.carleton.ca>
parents:
864
diff
changeset
|
199 } |
80af450dae76
Set IPTOS_LOWDELAY on PTY sessions only
Catalin Patulea <cat@vv.carleton.ca>
parents:
864
diff
changeset
|
200 |
871
aa689d140928
- Sockets are set to lowdelay priority initially to improve conneciton setup
Matt Johnston <matt@ucc.asn.au>
parents:
870
diff
changeset
|
201 void set_sock_priority(int sock, enum dropbear_prio prio) { |
870
80af450dae76
Set IPTOS_LOWDELAY on PTY sessions only
Catalin Patulea <cat@vv.carleton.ca>
parents:
864
diff
changeset
|
202 |
871
aa689d140928
- Sockets are set to lowdelay priority initially to improve conneciton setup
Matt Johnston <matt@ucc.asn.au>
parents:
870
diff
changeset
|
203 int iptos_val = 0, so_prio_val = 0, rc; |
251
b02e8eef3c3a
- new function to set "low delay" for a packet, set the ip TOS bit
Matt Johnston <matt@ucc.asn.au>
parents:
242
diff
changeset
|
204 |
962
db9fa5971d24
Don't warn about ENOTSOCK when setting priority
Matt Johnston <matt@ucc.asn.au>
parents:
953
diff
changeset
|
205 /* Don't log ENOTSOCK errors so that this can harmlessly be called |
db9fa5971d24
Don't warn about ENOTSOCK when setting priority
Matt Johnston <matt@ucc.asn.au>
parents:
953
diff
changeset
|
206 * on a client '-J' proxy pipe */ |
db9fa5971d24
Don't warn about ENOTSOCK when setting priority
Matt Johnston <matt@ucc.asn.au>
parents:
953
diff
changeset
|
207 |
629
bdadc7f4b97d
Set IPTOS_LOWDELAY for IPv6 too
Matt Johnston <matt@ucc.asn.au>
parents:
627
diff
changeset
|
208 /* set the TOS bit for either ipv4 or ipv6 */ |
251
b02e8eef3c3a
- new function to set "low delay" for a packet, set the ip TOS bit
Matt Johnston <matt@ucc.asn.au>
parents:
242
diff
changeset
|
209 #ifdef IPTOS_LOWDELAY |
871
aa689d140928
- Sockets are set to lowdelay priority initially to improve conneciton setup
Matt Johnston <matt@ucc.asn.au>
parents:
870
diff
changeset
|
210 if (prio == DROPBEAR_PRIO_LOWDELAY) { |
aa689d140928
- Sockets are set to lowdelay priority initially to improve conneciton setup
Matt Johnston <matt@ucc.asn.au>
parents:
870
diff
changeset
|
211 iptos_val = IPTOS_LOWDELAY; |
aa689d140928
- Sockets are set to lowdelay priority initially to improve conneciton setup
Matt Johnston <matt@ucc.asn.au>
parents:
870
diff
changeset
|
212 } else if (prio == DROPBEAR_PRIO_BULK) { |
aa689d140928
- Sockets are set to lowdelay priority initially to improve conneciton setup
Matt Johnston <matt@ucc.asn.au>
parents:
870
diff
changeset
|
213 iptos_val = IPTOS_THROUGHPUT; |
aa689d140928
- Sockets are set to lowdelay priority initially to improve conneciton setup
Matt Johnston <matt@ucc.asn.au>
parents:
870
diff
changeset
|
214 } |
639
452bcf810e44
Put better #if guards around IPv6 socket options for IPV6_TCLASS and
Matt Johnston <matt@ucc.asn.au>
parents:
629
diff
changeset
|
215 #if defined(IPPROTO_IPV6) && defined(IPV6_TCLASS) |
871
aa689d140928
- Sockets are set to lowdelay priority initially to improve conneciton setup
Matt Johnston <matt@ucc.asn.au>
parents:
870
diff
changeset
|
216 rc = setsockopt(sock, IPPROTO_IPV6, IPV6_TCLASS, (void*)&iptos_val, sizeof(iptos_val)); |
962
db9fa5971d24
Don't warn about ENOTSOCK when setting priority
Matt Johnston <matt@ucc.asn.au>
parents:
953
diff
changeset
|
217 if (rc < 0 && errno != ENOTSOCK) { |
871
aa689d140928
- Sockets are set to lowdelay priority initially to improve conneciton setup
Matt Johnston <matt@ucc.asn.au>
parents:
870
diff
changeset
|
218 TRACE(("Couldn't set IPV6_TCLASS (%s)", strerror(errno))); |
aa689d140928
- Sockets are set to lowdelay priority initially to improve conneciton setup
Matt Johnston <matt@ucc.asn.au>
parents:
870
diff
changeset
|
219 } |
629
bdadc7f4b97d
Set IPTOS_LOWDELAY for IPv6 too
Matt Johnston <matt@ucc.asn.au>
parents:
627
diff
changeset
|
220 #endif |
871
aa689d140928
- Sockets are set to lowdelay priority initially to improve conneciton setup
Matt Johnston <matt@ucc.asn.au>
parents:
870
diff
changeset
|
221 rc = setsockopt(sock, IPPROTO_IP, IP_TOS, (void*)&iptos_val, sizeof(iptos_val)); |
962
db9fa5971d24
Don't warn about ENOTSOCK when setting priority
Matt Johnston <matt@ucc.asn.au>
parents:
953
diff
changeset
|
222 if (rc < 0 && errno != ENOTSOCK) { |
871
aa689d140928
- Sockets are set to lowdelay priority initially to improve conneciton setup
Matt Johnston <matt@ucc.asn.au>
parents:
870
diff
changeset
|
223 TRACE(("Couldn't set IP_TOS (%s)", strerror(errno))); |
aa689d140928
- Sockets are set to lowdelay priority initially to improve conneciton setup
Matt Johnston <matt@ucc.asn.au>
parents:
870
diff
changeset
|
224 } |
251
b02e8eef3c3a
- new function to set "low delay" for a packet, set the ip TOS bit
Matt Johnston <matt@ucc.asn.au>
parents:
242
diff
changeset
|
225 #endif |
b02e8eef3c3a
- new function to set "low delay" for a packet, set the ip TOS bit
Matt Johnston <matt@ucc.asn.au>
parents:
242
diff
changeset
|
226 |
b02e8eef3c3a
- new function to set "low delay" for a packet, set the ip TOS bit
Matt Johnston <matt@ucc.asn.au>
parents:
242
diff
changeset
|
227 #ifdef SO_PRIORITY |
871
aa689d140928
- Sockets are set to lowdelay priority initially to improve conneciton setup
Matt Johnston <matt@ucc.asn.au>
parents:
870
diff
changeset
|
228 if (prio == DROPBEAR_PRIO_LOWDELAY) { |
aa689d140928
- Sockets are set to lowdelay priority initially to improve conneciton setup
Matt Johnston <matt@ucc.asn.au>
parents:
870
diff
changeset
|
229 so_prio_val = TC_PRIO_INTERACTIVE; |
aa689d140928
- Sockets are set to lowdelay priority initially to improve conneciton setup
Matt Johnston <matt@ucc.asn.au>
parents:
870
diff
changeset
|
230 } else if (prio == DROPBEAR_PRIO_BULK) { |
aa689d140928
- Sockets are set to lowdelay priority initially to improve conneciton setup
Matt Johnston <matt@ucc.asn.au>
parents:
870
diff
changeset
|
231 so_prio_val = TC_PRIO_BULK; |
aa689d140928
- Sockets are set to lowdelay priority initially to improve conneciton setup
Matt Johnston <matt@ucc.asn.au>
parents:
870
diff
changeset
|
232 } |
aa689d140928
- Sockets are set to lowdelay priority initially to improve conneciton setup
Matt Johnston <matt@ucc.asn.au>
parents:
870
diff
changeset
|
233 /* linux specific, sets QoS class. see tc-prio(8) */ |
aa689d140928
- Sockets are set to lowdelay priority initially to improve conneciton setup
Matt Johnston <matt@ucc.asn.au>
parents:
870
diff
changeset
|
234 rc = setsockopt(sock, SOL_SOCKET, SO_PRIORITY, (void*) &so_prio_val, sizeof(so_prio_val)); |
962
db9fa5971d24
Don't warn about ENOTSOCK when setting priority
Matt Johnston <matt@ucc.asn.au>
parents:
953
diff
changeset
|
235 if (rc < 0 && errno != ENOTSOCK) |
870
80af450dae76
Set IPTOS_LOWDELAY on PTY sessions only
Catalin Patulea <cat@vv.carleton.ca>
parents:
864
diff
changeset
|
236 dropbear_log(LOG_WARNING, "Couldn't set SO_PRIORITY (%s)", |
80af450dae76
Set IPTOS_LOWDELAY on PTY sessions only
Catalin Patulea <cat@vv.carleton.ca>
parents:
864
diff
changeset
|
237 strerror(errno)); |
251
b02e8eef3c3a
- new function to set "low delay" for a packet, set the ip TOS bit
Matt Johnston <matt@ucc.asn.au>
parents:
242
diff
changeset
|
238 #endif |
b02e8eef3c3a
- new function to set "low delay" for a packet, set the ip TOS bit
Matt Johnston <matt@ucc.asn.au>
parents:
242
diff
changeset
|
239 |
b02e8eef3c3a
- new function to set "low delay" for a packet, set the ip TOS bit
Matt Johnston <matt@ucc.asn.au>
parents:
242
diff
changeset
|
240 } |
b02e8eef3c3a
- new function to set "low delay" for a packet, set the ip TOS bit
Matt Johnston <matt@ucc.asn.au>
parents:
242
diff
changeset
|
241 |
258
306499676384
* add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents:
251
diff
changeset
|
242 /* Listen on address:port. |
306499676384
* add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents:
251
diff
changeset
|
243 * Special cases are address of "" listening on everything, |
306499676384
* add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents:
251
diff
changeset
|
244 * and address of NULL listening on localhost only. |
63
dcc43965928f
- A nice cleaner structure for tcp (acceptor) forwarding.
Matt Johnston <matt@ucc.asn.au>
parents:
62
diff
changeset
|
245 * Returns the number of sockets bound on success, or -1 on failure. On |
62 | 246 * failure, if errstring wasn't NULL, it'll be a newly malloced error |
247 * string.*/ | |
248 int dropbear_listen(const char* address, const char* port, | |
249 int *socks, unsigned int sockcount, char **errstring, int *maxfd) { | |
250 | |
70
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
251 struct addrinfo hints, *res = NULL, *res0 = NULL; |
62 | 252 int err; |
253 unsigned int nsock; | |
254 struct linger linger; | |
255 int val; | |
256 int sock; | |
257 | |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
161
diff
changeset
|
258 TRACE(("enter dropbear_listen")) |
62 | 259 |
260 memset(&hints, 0, sizeof(hints)); | |
261 hints.ai_family = AF_UNSPEC; /* TODO: let them flag v4 only etc */ | |
262 hints.ai_socktype = SOCK_STREAM; | |
63
dcc43965928f
- A nice cleaner structure for tcp (acceptor) forwarding.
Matt Johnston <matt@ucc.asn.au>
parents:
62
diff
changeset
|
263 |
433
c216212001fc
Fix for -pedantic -ansi compilation, change // to /**/, plus some signedness
Matt Johnston <matt@ucc.asn.au>
parents:
425
diff
changeset
|
264 /* for calling getaddrinfo: |
c216212001fc
Fix for -pedantic -ansi compilation, change // to /**/, plus some signedness
Matt Johnston <matt@ucc.asn.au>
parents:
425
diff
changeset
|
265 address == NULL and !AI_PASSIVE: local loopback |
c216212001fc
Fix for -pedantic -ansi compilation, change // to /**/, plus some signedness
Matt Johnston <matt@ucc.asn.au>
parents:
425
diff
changeset
|
266 address == NULL and AI_PASSIVE: all interfaces |
c216212001fc
Fix for -pedantic -ansi compilation, change // to /**/, plus some signedness
Matt Johnston <matt@ucc.asn.au>
parents:
425
diff
changeset
|
267 address != NULL: whatever the address says */ |
258
306499676384
* add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents:
251
diff
changeset
|
268 if (!address) { |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
161
diff
changeset
|
269 TRACE(("dropbear_listen: local loopback")) |
63
dcc43965928f
- A nice cleaner structure for tcp (acceptor) forwarding.
Matt Johnston <matt@ucc.asn.au>
parents:
62
diff
changeset
|
270 } else { |
258
306499676384
* add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents:
251
diff
changeset
|
271 if (address[0] == '\0') { |
306499676384
* add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents:
251
diff
changeset
|
272 TRACE(("dropbear_listen: all interfaces")) |
306499676384
* add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents:
251
diff
changeset
|
273 address = NULL; |
306499676384
* add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents:
251
diff
changeset
|
274 } |
63
dcc43965928f
- A nice cleaner structure for tcp (acceptor) forwarding.
Matt Johnston <matt@ucc.asn.au>
parents:
62
diff
changeset
|
275 hints.ai_flags = AI_PASSIVE; |
dcc43965928f
- A nice cleaner structure for tcp (acceptor) forwarding.
Matt Johnston <matt@ucc.asn.au>
parents:
62
diff
changeset
|
276 } |
62 | 277 err = getaddrinfo(address, port, &hints, &res0); |
278 | |
279 if (err) { | |
280 if (errstring != NULL && *errstring == NULL) { | |
281 int len; | |
282 len = 20 + strlen(gai_strerror(err)); | |
283 *errstring = (char*)m_malloc(len); | |
284 snprintf(*errstring, len, "Error resolving: %s", gai_strerror(err)); | |
285 } | |
239
e5ad9fa8b1fa
add a missing freeaddrinfo()
Matt Johnston <matt@ucc.asn.au>
parents:
198
diff
changeset
|
286 if (res0) { |
e5ad9fa8b1fa
add a missing freeaddrinfo()
Matt Johnston <matt@ucc.asn.au>
parents:
198
diff
changeset
|
287 freeaddrinfo(res0); |
e5ad9fa8b1fa
add a missing freeaddrinfo()
Matt Johnston <matt@ucc.asn.au>
parents:
198
diff
changeset
|
288 res0 = NULL; |
e5ad9fa8b1fa
add a missing freeaddrinfo()
Matt Johnston <matt@ucc.asn.au>
parents:
198
diff
changeset
|
289 } |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
161
diff
changeset
|
290 TRACE(("leave dropbear_listen: failed resolving")) |
62 | 291 return -1; |
292 } | |
293 | |
294 | |
295 nsock = 0; | |
296 for (res = res0; res != NULL && nsock < sockcount; | |
297 res = res->ai_next) { | |
298 | |
299 /* Get a socket */ | |
300 socks[nsock] = socket(res->ai_family, res->ai_socktype, | |
301 res->ai_protocol); | |
302 | |
303 sock = socks[nsock]; /* For clarity */ | |
304 | |
305 if (sock < 0) { | |
306 err = errno; | |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
161
diff
changeset
|
307 TRACE(("socket() failed")) |
62 | 308 continue; |
309 } | |
310 | |
311 /* Various useful socket options */ | |
312 val = 1; | |
313 /* set to reuse, quick timeout */ | |
314 setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void*) &val, sizeof(val)); | |
315 linger.l_onoff = 1; | |
316 linger.l_linger = 5; | |
317 setsockopt(sock, SOL_SOCKET, SO_LINGER, (void*)&linger, sizeof(linger)); | |
318 | |
639
452bcf810e44
Put better #if guards around IPv6 socket options for IPV6_TCLASS and
Matt Johnston <matt@ucc.asn.au>
parents:
629
diff
changeset
|
319 #if defined(IPPROTO_IPV6) && defined(IPV6_V6ONLY) |
627 | 320 if (res->ai_family == AF_INET6) { |
321 int on = 1; | |
322 if (setsockopt(sock, IPPROTO_IPV6, IPV6_V6ONLY, | |
323 &on, sizeof(on)) == -1) { | |
324 dropbear_log(LOG_WARNING, "Couldn't set IPV6_V6ONLY"); | |
325 } | |
326 } | |
327 #endif | |
328 | |
870
80af450dae76
Set IPTOS_LOWDELAY on PTY sessions only
Catalin Patulea <cat@vv.carleton.ca>
parents:
864
diff
changeset
|
329 set_sock_nodelay(sock); |
62 | 330 |
331 if (bind(sock, res->ai_addr, res->ai_addrlen) < 0) { | |
332 err = errno; | |
333 close(sock); | |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
161
diff
changeset
|
334 TRACE(("bind(%s) failed", port)) |
62 | 335 continue; |
336 } | |
337 | |
936
d93a6bcf616f
Improve handling lots of concurrent forwarded connections. Increase
Matt Johnston <matt@ucc.asn.au>
parents:
930
diff
changeset
|
338 if (listen(sock, DROPBEAR_LISTEN_BACKLOG) < 0) { |
62 | 339 err = errno; |
340 close(sock); | |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
161
diff
changeset
|
341 TRACE(("listen() failed")) |
62 | 342 continue; |
343 } | |
344 | |
345 *maxfd = MAX(*maxfd, sock); | |
346 | |
347 nsock++; | |
348 } | |
349 | |
239
e5ad9fa8b1fa
add a missing freeaddrinfo()
Matt Johnston <matt@ucc.asn.au>
parents:
198
diff
changeset
|
350 if (res0) { |
e5ad9fa8b1fa
add a missing freeaddrinfo()
Matt Johnston <matt@ucc.asn.au>
parents:
198
diff
changeset
|
351 freeaddrinfo(res0); |
e5ad9fa8b1fa
add a missing freeaddrinfo()
Matt Johnston <matt@ucc.asn.au>
parents:
198
diff
changeset
|
352 res0 = NULL; |
e5ad9fa8b1fa
add a missing freeaddrinfo()
Matt Johnston <matt@ucc.asn.au>
parents:
198
diff
changeset
|
353 } |
e5ad9fa8b1fa
add a missing freeaddrinfo()
Matt Johnston <matt@ucc.asn.au>
parents:
198
diff
changeset
|
354 |
62 | 355 if (nsock == 0) { |
356 if (errstring != NULL && *errstring == NULL) { | |
357 int len; | |
358 len = 20 + strlen(strerror(err)); | |
359 *errstring = (char*)m_malloc(len); | |
64 | 360 snprintf(*errstring, len, "Error listening: %s", strerror(err)); |
62 | 361 } |
408
28b10e93685c
Fix failure-handling in dropbear_listen() when errstring is unset
Matt Johnston <matt@ucc.asn.au>
parents:
277
diff
changeset
|
362 TRACE(("leave dropbear_listen: failure, %s", strerror(err))) |
28b10e93685c
Fix failure-handling in dropbear_listen() when errstring is unset
Matt Johnston <matt@ucc.asn.au>
parents:
277
diff
changeset
|
363 return -1; |
62 | 364 } |
365 | |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
161
diff
changeset
|
366 TRACE(("leave dropbear_listen: success, %d socks bound", nsock)) |
62 | 367 return nsock; |
368 } | |
369 | |
547
cf376c696dfc
Make it compile, update for changes in channel structure.
Matt Johnston <matt@ucc.asn.au>
parents:
500
diff
changeset
|
370 /* Connect to a given unix socket. The socket is blocking */ |
225
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
198
diff
changeset
|
371 #ifdef ENABLE_CONNECT_UNIX |
550
61c3513825b0
Talking to the agent works now. Can't interpret the pubkeys.
Matt Johnston <matt@ucc.asn.au>
parents:
547
diff
changeset
|
372 int connect_unix(const char* path) { |
61c3513825b0
Talking to the agent works now. Can't interpret the pubkeys.
Matt Johnston <matt@ucc.asn.au>
parents:
547
diff
changeset
|
373 struct sockaddr_un addr; |
225
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
198
diff
changeset
|
374 int fd = -1; |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
198
diff
changeset
|
375 |
550
61c3513825b0
Talking to the agent works now. Can't interpret the pubkeys.
Matt Johnston <matt@ucc.asn.au>
parents:
547
diff
changeset
|
376 memset((void*)&addr, 0x0, sizeof(addr)); |
61c3513825b0
Talking to the agent works now. Can't interpret the pubkeys.
Matt Johnston <matt@ucc.asn.au>
parents:
547
diff
changeset
|
377 addr.sun_family = AF_UNIX; |
61c3513825b0
Talking to the agent works now. Can't interpret the pubkeys.
Matt Johnston <matt@ucc.asn.au>
parents:
547
diff
changeset
|
378 strlcpy(addr.sun_path, path, sizeof(addr.sun_path)); |
225
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
198
diff
changeset
|
379 fd = socket(PF_UNIX, SOCK_STREAM, 0); |
550
61c3513825b0
Talking to the agent works now. Can't interpret the pubkeys.
Matt Johnston <matt@ucc.asn.au>
parents:
547
diff
changeset
|
380 if (fd < 0) { |
61c3513825b0
Talking to the agent works now. Can't interpret the pubkeys.
Matt Johnston <matt@ucc.asn.au>
parents:
547
diff
changeset
|
381 TRACE(("Failed to open unix socket")) |
61c3513825b0
Talking to the agent works now. Can't interpret the pubkeys.
Matt Johnston <matt@ucc.asn.au>
parents:
547
diff
changeset
|
382 return -1; |
61c3513825b0
Talking to the agent works now. Can't interpret the pubkeys.
Matt Johnston <matt@ucc.asn.au>
parents:
547
diff
changeset
|
383 } |
61c3513825b0
Talking to the agent works now. Can't interpret the pubkeys.
Matt Johnston <matt@ucc.asn.au>
parents:
547
diff
changeset
|
384 if (connect(fd, (struct sockaddr*)&addr, sizeof(addr)) < 0) { |
61c3513825b0
Talking to the agent works now. Can't interpret the pubkeys.
Matt Johnston <matt@ucc.asn.au>
parents:
547
diff
changeset
|
385 TRACE(("Failed to connect to '%s' socket", path)) |
615
e3ac0a426bd0
Fix FD leak if connect() fails, found by Klocwork
Matt Johnston <matt@ucc.asn.au>
parents:
614
diff
changeset
|
386 m_close(fd); |
550
61c3513825b0
Talking to the agent works now. Can't interpret the pubkeys.
Matt Johnston <matt@ucc.asn.au>
parents:
547
diff
changeset
|
387 return -1; |
61c3513825b0
Talking to the agent works now. Can't interpret the pubkeys.
Matt Johnston <matt@ucc.asn.au>
parents:
547
diff
changeset
|
388 } |
225
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
198
diff
changeset
|
389 return fd; |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
198
diff
changeset
|
390 } |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
198
diff
changeset
|
391 #endif |
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
198
diff
changeset
|
392 |
26 | 393 /* Connect via TCP to a host. Connection will try ipv4 or ipv6, will |
62 | 394 * return immediately if nonblocking is set. On failure, if errstring |
395 * wasn't null, it will be a newly malloced error message */ | |
396 | |
397 /* TODO: maxfd */ | |
26 | 398 int connect_remote(const char* remotehost, const char* remoteport, |
399 int nonblocking, char ** errstring) { | |
400 | |
401 struct addrinfo *res0 = NULL, *res = NULL, hints; | |
402 int sock; | |
403 int err; | |
404 | |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
161
diff
changeset
|
405 TRACE(("enter connect_remote")) |
26 | 406 |
407 if (errstring != NULL) { | |
408 *errstring = NULL; | |
409 } | |
410 | |
411 memset(&hints, 0, sizeof(hints)); | |
412 hints.ai_socktype = SOCK_STREAM; | |
413 hints.ai_family = PF_UNSPEC; | |
414 | |
415 err = getaddrinfo(remotehost, remoteport, &hints, &res0); | |
416 if (err) { | |
417 if (errstring != NULL && *errstring == NULL) { | |
418 int len; | |
490
bd2634b03b12
- Improve DNS failure message to include lookup host
Matt Johnston <matt@ucc.asn.au>
parents:
486
diff
changeset
|
419 len = 100 + strlen(gai_strerror(err)); |
26 | 420 *errstring = (char*)m_malloc(len); |
490
bd2634b03b12
- Improve DNS failure message to include lookup host
Matt Johnston <matt@ucc.asn.au>
parents:
486
diff
changeset
|
421 snprintf(*errstring, len, "Error resolving '%s' port '%s'. %s", |
bd2634b03b12
- Improve DNS failure message to include lookup host
Matt Johnston <matt@ucc.asn.au>
parents:
486
diff
changeset
|
422 remotehost, remoteport, gai_strerror(err)); |
26 | 423 } |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
161
diff
changeset
|
424 TRACE(("Error resolving: %s", gai_strerror(err))) |
26 | 425 return -1; |
426 } | |
427 | |
428 sock = -1; | |
429 err = EADDRNOTAVAIL; | |
430 for (res = res0; res; res = res->ai_next) { | |
431 | |
432 sock = socket(res->ai_family, res->ai_socktype, res->ai_protocol); | |
433 if (sock < 0) { | |
434 err = errno; | |
435 continue; | |
436 } | |
437 | |
438 if (nonblocking) { | |
225
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
198
diff
changeset
|
439 setnonblocking(sock); |
26 | 440 } |
441 | |
442 if (connect(sock, res->ai_addr, res->ai_addrlen) < 0) { | |
70
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
443 if (errno == EINPROGRESS && nonblocking) { |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
161
diff
changeset
|
444 TRACE(("Connect in progress")) |
26 | 445 break; |
446 } else { | |
447 err = errno; | |
448 close(sock); | |
449 sock = -1; | |
450 continue; | |
451 } | |
452 } | |
453 | |
454 break; /* Success */ | |
455 } | |
456 | |
70
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
457 if (sock < 0 && !(errno == EINPROGRESS && nonblocking)) { |
26 | 458 /* Failed */ |
459 if (errstring != NULL && *errstring == NULL) { | |
460 int len; | |
461 len = 20 + strlen(strerror(err)); | |
462 *errstring = (char*)m_malloc(len); | |
463 snprintf(*errstring, len, "Error connecting: %s", strerror(err)); | |
464 } | |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
161
diff
changeset
|
465 TRACE(("Error connecting: %s", strerror(err))) |
26 | 466 } else { |
467 /* Success */ | |
870
80af450dae76
Set IPTOS_LOWDELAY on PTY sessions only
Catalin Patulea <cat@vv.carleton.ca>
parents:
864
diff
changeset
|
468 set_sock_nodelay(sock); |
26 | 469 } |
470 | |
471 freeaddrinfo(res0); | |
62 | 472 if (sock > 0 && errstring != NULL && *errstring != NULL) { |
473 m_free(*errstring); | |
474 } | |
26 | 475 |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
161
diff
changeset
|
476 TRACE(("leave connect_remote: sock %d\n", sock)) |
26 | 477 return sock; |
478 } | |
479 | |
481
357a2e2e9bcc
- Generalise spawn_command function
Matt Johnston <matt@ucc.asn.au>
parents:
433
diff
changeset
|
480 /* Sets up a pipe for a, returning three non-blocking file descriptors |
357a2e2e9bcc
- Generalise spawn_command function
Matt Johnston <matt@ucc.asn.au>
parents:
433
diff
changeset
|
481 * and the pid. exec_fn is the function that will actually execute the child process, |
484
effb4a25b1ae
Don't capture stderr from spawned processes in proxycommand mode
Matt Johnston <matt@ucc.asn.au>
parents:
482
diff
changeset
|
482 * it will be run after the child has fork()ed, and is passed exec_data. |
effb4a25b1ae
Don't capture stderr from spawned processes in proxycommand mode
Matt Johnston <matt@ucc.asn.au>
parents:
482
diff
changeset
|
483 * If ret_errfd == NULL then stderr will not be captured. |
effb4a25b1ae
Don't capture stderr from spawned processes in proxycommand mode
Matt Johnston <matt@ucc.asn.au>
parents:
482
diff
changeset
|
484 * ret_pid can be passed as NULL to discard the pid. */ |
481
357a2e2e9bcc
- Generalise spawn_command function
Matt Johnston <matt@ucc.asn.au>
parents:
433
diff
changeset
|
485 int spawn_command(void(*exec_fn)(void *user_data), void *exec_data, |
482
7ad49f34a122
- Add run_shell_command() function to run a "sh -c" command, handling
Matt Johnston <matt@ucc.asn.au>
parents:
481
diff
changeset
|
486 int *ret_writefd, int *ret_readfd, int *ret_errfd, pid_t *ret_pid) { |
481
357a2e2e9bcc
- Generalise spawn_command function
Matt Johnston <matt@ucc.asn.au>
parents:
433
diff
changeset
|
487 int infds[2]; |
357a2e2e9bcc
- Generalise spawn_command function
Matt Johnston <matt@ucc.asn.au>
parents:
433
diff
changeset
|
488 int outfds[2]; |
357a2e2e9bcc
- Generalise spawn_command function
Matt Johnston <matt@ucc.asn.au>
parents:
433
diff
changeset
|
489 int errfds[2]; |
357a2e2e9bcc
- Generalise spawn_command function
Matt Johnston <matt@ucc.asn.au>
parents:
433
diff
changeset
|
490 pid_t pid; |
357a2e2e9bcc
- Generalise spawn_command function
Matt Johnston <matt@ucc.asn.au>
parents:
433
diff
changeset
|
491 |
357a2e2e9bcc
- Generalise spawn_command function
Matt Johnston <matt@ucc.asn.au>
parents:
433
diff
changeset
|
492 const int FDIN = 0; |
357a2e2e9bcc
- Generalise spawn_command function
Matt Johnston <matt@ucc.asn.au>
parents:
433
diff
changeset
|
493 const int FDOUT = 1; |
357a2e2e9bcc
- Generalise spawn_command function
Matt Johnston <matt@ucc.asn.au>
parents:
433
diff
changeset
|
494 |
357a2e2e9bcc
- Generalise spawn_command function
Matt Johnston <matt@ucc.asn.au>
parents:
433
diff
changeset
|
495 /* redirect stdin/stdout/stderr */ |
484
effb4a25b1ae
Don't capture stderr from spawned processes in proxycommand mode
Matt Johnston <matt@ucc.asn.au>
parents:
482
diff
changeset
|
496 if (pipe(infds) != 0) { |
effb4a25b1ae
Don't capture stderr from spawned processes in proxycommand mode
Matt Johnston <matt@ucc.asn.au>
parents:
482
diff
changeset
|
497 return DROPBEAR_FAILURE; |
effb4a25b1ae
Don't capture stderr from spawned processes in proxycommand mode
Matt Johnston <matt@ucc.asn.au>
parents:
482
diff
changeset
|
498 } |
effb4a25b1ae
Don't capture stderr from spawned processes in proxycommand mode
Matt Johnston <matt@ucc.asn.au>
parents:
482
diff
changeset
|
499 if (pipe(outfds) != 0) { |
481
357a2e2e9bcc
- Generalise spawn_command function
Matt Johnston <matt@ucc.asn.au>
parents:
433
diff
changeset
|
500 return DROPBEAR_FAILURE; |
484
effb4a25b1ae
Don't capture stderr from spawned processes in proxycommand mode
Matt Johnston <matt@ucc.asn.au>
parents:
482
diff
changeset
|
501 } |
effb4a25b1ae
Don't capture stderr from spawned processes in proxycommand mode
Matt Johnston <matt@ucc.asn.au>
parents:
482
diff
changeset
|
502 if (ret_errfd && pipe(errfds) != 0) { |
481
357a2e2e9bcc
- Generalise spawn_command function
Matt Johnston <matt@ucc.asn.au>
parents:
433
diff
changeset
|
503 return DROPBEAR_FAILURE; |
484
effb4a25b1ae
Don't capture stderr from spawned processes in proxycommand mode
Matt Johnston <matt@ucc.asn.au>
parents:
482
diff
changeset
|
504 } |
481
357a2e2e9bcc
- Generalise spawn_command function
Matt Johnston <matt@ucc.asn.au>
parents:
433
diff
changeset
|
505 |
667
fc7ae88e63b3
Rename HAVE_FORK to USE_VFORK
Matt Johnston <matt@ucc.asn.au>
parents:
666
diff
changeset
|
506 #ifdef USE_VFORK |
481
357a2e2e9bcc
- Generalise spawn_command function
Matt Johnston <matt@ucc.asn.au>
parents:
433
diff
changeset
|
507 pid = vfork(); |
357a2e2e9bcc
- Generalise spawn_command function
Matt Johnston <matt@ucc.asn.au>
parents:
433
diff
changeset
|
508 #else |
357a2e2e9bcc
- Generalise spawn_command function
Matt Johnston <matt@ucc.asn.au>
parents:
433
diff
changeset
|
509 pid = fork(); |
357a2e2e9bcc
- Generalise spawn_command function
Matt Johnston <matt@ucc.asn.au>
parents:
433
diff
changeset
|
510 #endif |
357a2e2e9bcc
- Generalise spawn_command function
Matt Johnston <matt@ucc.asn.au>
parents:
433
diff
changeset
|
511 |
484
effb4a25b1ae
Don't capture stderr from spawned processes in proxycommand mode
Matt Johnston <matt@ucc.asn.au>
parents:
482
diff
changeset
|
512 if (pid < 0) { |
481
357a2e2e9bcc
- Generalise spawn_command function
Matt Johnston <matt@ucc.asn.au>
parents:
433
diff
changeset
|
513 return DROPBEAR_FAILURE; |
484
effb4a25b1ae
Don't capture stderr from spawned processes in proxycommand mode
Matt Johnston <matt@ucc.asn.au>
parents:
482
diff
changeset
|
514 } |
481
357a2e2e9bcc
- Generalise spawn_command function
Matt Johnston <matt@ucc.asn.au>
parents:
433
diff
changeset
|
515 |
357a2e2e9bcc
- Generalise spawn_command function
Matt Johnston <matt@ucc.asn.au>
parents:
433
diff
changeset
|
516 if (!pid) { |
357a2e2e9bcc
- Generalise spawn_command function
Matt Johnston <matt@ucc.asn.au>
parents:
433
diff
changeset
|
517 /* child */ |
357a2e2e9bcc
- Generalise spawn_command function
Matt Johnston <matt@ucc.asn.au>
parents:
433
diff
changeset
|
518 |
357a2e2e9bcc
- Generalise spawn_command function
Matt Johnston <matt@ucc.asn.au>
parents:
433
diff
changeset
|
519 TRACE(("back to normal sigchld")) |
357a2e2e9bcc
- Generalise spawn_command function
Matt Johnston <matt@ucc.asn.au>
parents:
433
diff
changeset
|
520 /* Revert to normal sigchld handling */ |
357a2e2e9bcc
- Generalise spawn_command function
Matt Johnston <matt@ucc.asn.au>
parents:
433
diff
changeset
|
521 if (signal(SIGCHLD, SIG_DFL) == SIG_ERR) { |
357a2e2e9bcc
- Generalise spawn_command function
Matt Johnston <matt@ucc.asn.au>
parents:
433
diff
changeset
|
522 dropbear_exit("signal() error"); |
357a2e2e9bcc
- Generalise spawn_command function
Matt Johnston <matt@ucc.asn.au>
parents:
433
diff
changeset
|
523 } |
357a2e2e9bcc
- Generalise spawn_command function
Matt Johnston <matt@ucc.asn.au>
parents:
433
diff
changeset
|
524 |
357a2e2e9bcc
- Generalise spawn_command function
Matt Johnston <matt@ucc.asn.au>
parents:
433
diff
changeset
|
525 /* redirect stdin/stdout */ |
357a2e2e9bcc
- Generalise spawn_command function
Matt Johnston <matt@ucc.asn.au>
parents:
433
diff
changeset
|
526 |
357a2e2e9bcc
- Generalise spawn_command function
Matt Johnston <matt@ucc.asn.au>
parents:
433
diff
changeset
|
527 if ((dup2(infds[FDIN], STDIN_FILENO) < 0) || |
357a2e2e9bcc
- Generalise spawn_command function
Matt Johnston <matt@ucc.asn.au>
parents:
433
diff
changeset
|
528 (dup2(outfds[FDOUT], STDOUT_FILENO) < 0) || |
484
effb4a25b1ae
Don't capture stderr from spawned processes in proxycommand mode
Matt Johnston <matt@ucc.asn.au>
parents:
482
diff
changeset
|
529 (ret_errfd && dup2(errfds[FDOUT], STDERR_FILENO) < 0)) { |
481
357a2e2e9bcc
- Generalise spawn_command function
Matt Johnston <matt@ucc.asn.au>
parents:
433
diff
changeset
|
530 TRACE(("leave noptycommand: error redirecting FDs")) |
594
a98a2138364a
Improve capitalisation for all logged strings
Matt Johnston <matt@ucc.asn.au>
parents:
568
diff
changeset
|
531 dropbear_exit("Child dup2() failure"); |
481
357a2e2e9bcc
- Generalise spawn_command function
Matt Johnston <matt@ucc.asn.au>
parents:
433
diff
changeset
|
532 } |
357a2e2e9bcc
- Generalise spawn_command function
Matt Johnston <matt@ucc.asn.au>
parents:
433
diff
changeset
|
533 |
357a2e2e9bcc
- Generalise spawn_command function
Matt Johnston <matt@ucc.asn.au>
parents:
433
diff
changeset
|
534 close(infds[FDOUT]); |
357a2e2e9bcc
- Generalise spawn_command function
Matt Johnston <matt@ucc.asn.au>
parents:
433
diff
changeset
|
535 close(infds[FDIN]); |
357a2e2e9bcc
- Generalise spawn_command function
Matt Johnston <matt@ucc.asn.au>
parents:
433
diff
changeset
|
536 close(outfds[FDIN]); |
357a2e2e9bcc
- Generalise spawn_command function
Matt Johnston <matt@ucc.asn.au>
parents:
433
diff
changeset
|
537 close(outfds[FDOUT]); |
484
effb4a25b1ae
Don't capture stderr from spawned processes in proxycommand mode
Matt Johnston <matt@ucc.asn.au>
parents:
482
diff
changeset
|
538 if (ret_errfd) |
effb4a25b1ae
Don't capture stderr from spawned processes in proxycommand mode
Matt Johnston <matt@ucc.asn.au>
parents:
482
diff
changeset
|
539 { |
effb4a25b1ae
Don't capture stderr from spawned processes in proxycommand mode
Matt Johnston <matt@ucc.asn.au>
parents:
482
diff
changeset
|
540 close(errfds[FDIN]); |
effb4a25b1ae
Don't capture stderr from spawned processes in proxycommand mode
Matt Johnston <matt@ucc.asn.au>
parents:
482
diff
changeset
|
541 close(errfds[FDOUT]); |
effb4a25b1ae
Don't capture stderr from spawned processes in proxycommand mode
Matt Johnston <matt@ucc.asn.au>
parents:
482
diff
changeset
|
542 } |
481
357a2e2e9bcc
- Generalise spawn_command function
Matt Johnston <matt@ucc.asn.au>
parents:
433
diff
changeset
|
543 |
357a2e2e9bcc
- Generalise spawn_command function
Matt Johnston <matt@ucc.asn.au>
parents:
433
diff
changeset
|
544 exec_fn(exec_data); |
357a2e2e9bcc
- Generalise spawn_command function
Matt Johnston <matt@ucc.asn.au>
parents:
433
diff
changeset
|
545 /* not reached */ |
357a2e2e9bcc
- Generalise spawn_command function
Matt Johnston <matt@ucc.asn.au>
parents:
433
diff
changeset
|
546 return DROPBEAR_FAILURE; |
357a2e2e9bcc
- Generalise spawn_command function
Matt Johnston <matt@ucc.asn.au>
parents:
433
diff
changeset
|
547 } else { |
357a2e2e9bcc
- Generalise spawn_command function
Matt Johnston <matt@ucc.asn.au>
parents:
433
diff
changeset
|
548 /* parent */ |
357a2e2e9bcc
- Generalise spawn_command function
Matt Johnston <matt@ucc.asn.au>
parents:
433
diff
changeset
|
549 close(infds[FDIN]); |
357a2e2e9bcc
- Generalise spawn_command function
Matt Johnston <matt@ucc.asn.au>
parents:
433
diff
changeset
|
550 close(outfds[FDOUT]); |
357a2e2e9bcc
- Generalise spawn_command function
Matt Johnston <matt@ucc.asn.au>
parents:
433
diff
changeset
|
551 |
357a2e2e9bcc
- Generalise spawn_command function
Matt Johnston <matt@ucc.asn.au>
parents:
433
diff
changeset
|
552 setnonblocking(outfds[FDIN]); |
357a2e2e9bcc
- Generalise spawn_command function
Matt Johnston <matt@ucc.asn.au>
parents:
433
diff
changeset
|
553 setnonblocking(infds[FDOUT]); |
357a2e2e9bcc
- Generalise spawn_command function
Matt Johnston <matt@ucc.asn.au>
parents:
433
diff
changeset
|
554 |
484
effb4a25b1ae
Don't capture stderr from spawned processes in proxycommand mode
Matt Johnston <matt@ucc.asn.au>
parents:
482
diff
changeset
|
555 if (ret_errfd) { |
effb4a25b1ae
Don't capture stderr from spawned processes in proxycommand mode
Matt Johnston <matt@ucc.asn.au>
parents:
482
diff
changeset
|
556 close(errfds[FDOUT]); |
effb4a25b1ae
Don't capture stderr from spawned processes in proxycommand mode
Matt Johnston <matt@ucc.asn.au>
parents:
482
diff
changeset
|
557 setnonblocking(errfds[FDIN]); |
effb4a25b1ae
Don't capture stderr from spawned processes in proxycommand mode
Matt Johnston <matt@ucc.asn.au>
parents:
482
diff
changeset
|
558 } |
effb4a25b1ae
Don't capture stderr from spawned processes in proxycommand mode
Matt Johnston <matt@ucc.asn.au>
parents:
482
diff
changeset
|
559 |
effb4a25b1ae
Don't capture stderr from spawned processes in proxycommand mode
Matt Johnston <matt@ucc.asn.au>
parents:
482
diff
changeset
|
560 if (ret_pid) { |
effb4a25b1ae
Don't capture stderr from spawned processes in proxycommand mode
Matt Johnston <matt@ucc.asn.au>
parents:
482
diff
changeset
|
561 *ret_pid = pid; |
effb4a25b1ae
Don't capture stderr from spawned processes in proxycommand mode
Matt Johnston <matt@ucc.asn.au>
parents:
482
diff
changeset
|
562 } |
effb4a25b1ae
Don't capture stderr from spawned processes in proxycommand mode
Matt Johnston <matt@ucc.asn.au>
parents:
482
diff
changeset
|
563 |
481
357a2e2e9bcc
- Generalise spawn_command function
Matt Johnston <matt@ucc.asn.au>
parents:
433
diff
changeset
|
564 *ret_writefd = infds[FDOUT]; |
357a2e2e9bcc
- Generalise spawn_command function
Matt Johnston <matt@ucc.asn.au>
parents:
433
diff
changeset
|
565 *ret_readfd = outfds[FDIN]; |
484
effb4a25b1ae
Don't capture stderr from spawned processes in proxycommand mode
Matt Johnston <matt@ucc.asn.au>
parents:
482
diff
changeset
|
566 if (ret_errfd) { |
effb4a25b1ae
Don't capture stderr from spawned processes in proxycommand mode
Matt Johnston <matt@ucc.asn.au>
parents:
482
diff
changeset
|
567 *ret_errfd = errfds[FDIN]; |
effb4a25b1ae
Don't capture stderr from spawned processes in proxycommand mode
Matt Johnston <matt@ucc.asn.au>
parents:
482
diff
changeset
|
568 } |
481
357a2e2e9bcc
- Generalise spawn_command function
Matt Johnston <matt@ucc.asn.au>
parents:
433
diff
changeset
|
569 return DROPBEAR_SUCCESS; |
357a2e2e9bcc
- Generalise spawn_command function
Matt Johnston <matt@ucc.asn.au>
parents:
433
diff
changeset
|
570 } |
357a2e2e9bcc
- Generalise spawn_command function
Matt Johnston <matt@ucc.asn.au>
parents:
433
diff
changeset
|
571 } |
357a2e2e9bcc
- Generalise spawn_command function
Matt Johnston <matt@ucc.asn.au>
parents:
433
diff
changeset
|
572 |
482
7ad49f34a122
- Add run_shell_command() function to run a "sh -c" command, handling
Matt Johnston <matt@ucc.asn.au>
parents:
481
diff
changeset
|
573 /* Runs a command with "sh -c". Will close FDs (except stdin/stdout/stderr) and |
7ad49f34a122
- Add run_shell_command() function to run a "sh -c" command, handling
Matt Johnston <matt@ucc.asn.au>
parents:
481
diff
changeset
|
574 * re-enabled SIGPIPE. If cmd is NULL, will run a login shell. |
7ad49f34a122
- Add run_shell_command() function to run a "sh -c" command, handling
Matt Johnston <matt@ucc.asn.au>
parents:
481
diff
changeset
|
575 */ |
7ad49f34a122
- Add run_shell_command() function to run a "sh -c" command, handling
Matt Johnston <matt@ucc.asn.au>
parents:
481
diff
changeset
|
576 void run_shell_command(const char* cmd, unsigned int maxfd, char* usershell) { |
7ad49f34a122
- Add run_shell_command() function to run a "sh -c" command, handling
Matt Johnston <matt@ucc.asn.au>
parents:
481
diff
changeset
|
577 char * argv[4]; |
7ad49f34a122
- Add run_shell_command() function to run a "sh -c" command, handling
Matt Johnston <matt@ucc.asn.au>
parents:
481
diff
changeset
|
578 char * baseshell = NULL; |
7ad49f34a122
- Add run_shell_command() function to run a "sh -c" command, handling
Matt Johnston <matt@ucc.asn.au>
parents:
481
diff
changeset
|
579 unsigned int i; |
7ad49f34a122
- Add run_shell_command() function to run a "sh -c" command, handling
Matt Johnston <matt@ucc.asn.au>
parents:
481
diff
changeset
|
580 |
7ad49f34a122
- Add run_shell_command() function to run a "sh -c" command, handling
Matt Johnston <matt@ucc.asn.au>
parents:
481
diff
changeset
|
581 baseshell = basename(usershell); |
7ad49f34a122
- Add run_shell_command() function to run a "sh -c" command, handling
Matt Johnston <matt@ucc.asn.au>
parents:
481
diff
changeset
|
582 |
7ad49f34a122
- Add run_shell_command() function to run a "sh -c" command, handling
Matt Johnston <matt@ucc.asn.au>
parents:
481
diff
changeset
|
583 if (cmd != NULL) { |
7ad49f34a122
- Add run_shell_command() function to run a "sh -c" command, handling
Matt Johnston <matt@ucc.asn.au>
parents:
481
diff
changeset
|
584 argv[0] = baseshell; |
7ad49f34a122
- Add run_shell_command() function to run a "sh -c" command, handling
Matt Johnston <matt@ucc.asn.au>
parents:
481
diff
changeset
|
585 } else { |
7ad49f34a122
- Add run_shell_command() function to run a "sh -c" command, handling
Matt Johnston <matt@ucc.asn.au>
parents:
481
diff
changeset
|
586 /* a login shell should be "-bash" for "/bin/bash" etc */ |
7ad49f34a122
- Add run_shell_command() function to run a "sh -c" command, handling
Matt Johnston <matt@ucc.asn.au>
parents:
481
diff
changeset
|
587 int len = strlen(baseshell) + 2; /* 2 for "-" */ |
7ad49f34a122
- Add run_shell_command() function to run a "sh -c" command, handling
Matt Johnston <matt@ucc.asn.au>
parents:
481
diff
changeset
|
588 argv[0] = (char*)m_malloc(len); |
7ad49f34a122
- Add run_shell_command() function to run a "sh -c" command, handling
Matt Johnston <matt@ucc.asn.au>
parents:
481
diff
changeset
|
589 snprintf(argv[0], len, "-%s", baseshell); |
7ad49f34a122
- Add run_shell_command() function to run a "sh -c" command, handling
Matt Johnston <matt@ucc.asn.au>
parents:
481
diff
changeset
|
590 } |
7ad49f34a122
- Add run_shell_command() function to run a "sh -c" command, handling
Matt Johnston <matt@ucc.asn.au>
parents:
481
diff
changeset
|
591 |
7ad49f34a122
- Add run_shell_command() function to run a "sh -c" command, handling
Matt Johnston <matt@ucc.asn.au>
parents:
481
diff
changeset
|
592 if (cmd != NULL) { |
7ad49f34a122
- Add run_shell_command() function to run a "sh -c" command, handling
Matt Johnston <matt@ucc.asn.au>
parents:
481
diff
changeset
|
593 argv[1] = "-c"; |
492
b956d6151600
Replace calls to strtoul() with a helper m_str_to_uint()
Matt Johnston <matt@ucc.asn.au>
parents:
490
diff
changeset
|
594 argv[2] = (char*)cmd; |
482
7ad49f34a122
- Add run_shell_command() function to run a "sh -c" command, handling
Matt Johnston <matt@ucc.asn.au>
parents:
481
diff
changeset
|
595 argv[3] = NULL; |
7ad49f34a122
- Add run_shell_command() function to run a "sh -c" command, handling
Matt Johnston <matt@ucc.asn.au>
parents:
481
diff
changeset
|
596 } else { |
7ad49f34a122
- Add run_shell_command() function to run a "sh -c" command, handling
Matt Johnston <matt@ucc.asn.au>
parents:
481
diff
changeset
|
597 /* construct a shell of the form "-bash" etc */ |
7ad49f34a122
- Add run_shell_command() function to run a "sh -c" command, handling
Matt Johnston <matt@ucc.asn.au>
parents:
481
diff
changeset
|
598 argv[1] = NULL; |
7ad49f34a122
- Add run_shell_command() function to run a "sh -c" command, handling
Matt Johnston <matt@ucc.asn.au>
parents:
481
diff
changeset
|
599 } |
7ad49f34a122
- Add run_shell_command() function to run a "sh -c" command, handling
Matt Johnston <matt@ucc.asn.au>
parents:
481
diff
changeset
|
600 |
7ad49f34a122
- Add run_shell_command() function to run a "sh -c" command, handling
Matt Johnston <matt@ucc.asn.au>
parents:
481
diff
changeset
|
601 /* Re-enable SIGPIPE for the executed process */ |
7ad49f34a122
- Add run_shell_command() function to run a "sh -c" command, handling
Matt Johnston <matt@ucc.asn.au>
parents:
481
diff
changeset
|
602 if (signal(SIGPIPE, SIG_DFL) == SIG_ERR) { |
7ad49f34a122
- Add run_shell_command() function to run a "sh -c" command, handling
Matt Johnston <matt@ucc.asn.au>
parents:
481
diff
changeset
|
603 dropbear_exit("signal() error"); |
7ad49f34a122
- Add run_shell_command() function to run a "sh -c" command, handling
Matt Johnston <matt@ucc.asn.au>
parents:
481
diff
changeset
|
604 } |
7ad49f34a122
- Add run_shell_command() function to run a "sh -c" command, handling
Matt Johnston <matt@ucc.asn.au>
parents:
481
diff
changeset
|
605 |
7ad49f34a122
- Add run_shell_command() function to run a "sh -c" command, handling
Matt Johnston <matt@ucc.asn.au>
parents:
481
diff
changeset
|
606 /* close file descriptors except stdin/stdout/stderr |
7ad49f34a122
- Add run_shell_command() function to run a "sh -c" command, handling
Matt Johnston <matt@ucc.asn.au>
parents:
481
diff
changeset
|
607 * Need to be sure FDs are closed here to avoid reading files as root */ |
7ad49f34a122
- Add run_shell_command() function to run a "sh -c" command, handling
Matt Johnston <matt@ucc.asn.au>
parents:
481
diff
changeset
|
608 for (i = 3; i <= maxfd; i++) { |
7ad49f34a122
- Add run_shell_command() function to run a "sh -c" command, handling
Matt Johnston <matt@ucc.asn.au>
parents:
481
diff
changeset
|
609 m_close(i); |
7ad49f34a122
- Add run_shell_command() function to run a "sh -c" command, handling
Matt Johnston <matt@ucc.asn.au>
parents:
481
diff
changeset
|
610 } |
7ad49f34a122
- Add run_shell_command() function to run a "sh -c" command, handling
Matt Johnston <matt@ucc.asn.au>
parents:
481
diff
changeset
|
611 |
7ad49f34a122
- Add run_shell_command() function to run a "sh -c" command, handling
Matt Johnston <matt@ucc.asn.au>
parents:
481
diff
changeset
|
612 execv(usershell, argv); |
7ad49f34a122
- Add run_shell_command() function to run a "sh -c" command, handling
Matt Johnston <matt@ucc.asn.au>
parents:
481
diff
changeset
|
613 } |
7ad49f34a122
- Add run_shell_command() function to run a "sh -c" command, handling
Matt Johnston <matt@ucc.asn.au>
parents:
481
diff
changeset
|
614 |
568
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
550
diff
changeset
|
615 void get_socket_address(int fd, char **local_host, char **local_port, |
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
550
diff
changeset
|
616 char **remote_host, char **remote_port, int host_lookup) |
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
550
diff
changeset
|
617 { |
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
550
diff
changeset
|
618 struct sockaddr_storage addr; |
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
550
diff
changeset
|
619 socklen_t addrlen; |
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
550
diff
changeset
|
620 |
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
550
diff
changeset
|
621 if (local_host || local_port) { |
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
550
diff
changeset
|
622 addrlen = sizeof(addr); |
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
550
diff
changeset
|
623 if (getsockname(fd, (struct sockaddr*)&addr, &addrlen) < 0) { |
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
550
diff
changeset
|
624 dropbear_exit("Failed socket address: %s", strerror(errno)); |
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
550
diff
changeset
|
625 } |
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
550
diff
changeset
|
626 getaddrstring(&addr, local_host, local_port, host_lookup); |
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
550
diff
changeset
|
627 } |
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
550
diff
changeset
|
628 if (remote_host || remote_port) { |
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
550
diff
changeset
|
629 addrlen = sizeof(addr); |
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
550
diff
changeset
|
630 if (getpeername(fd, (struct sockaddr*)&addr, &addrlen) < 0) { |
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
550
diff
changeset
|
631 dropbear_exit("Failed socket address: %s", strerror(errno)); |
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
550
diff
changeset
|
632 } |
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
550
diff
changeset
|
633 getaddrstring(&addr, remote_host, remote_port, host_lookup); |
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
550
diff
changeset
|
634 } |
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
550
diff
changeset
|
635 } |
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
550
diff
changeset
|
636 |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
637 /* Return a string representation of the socket address passed. The return |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
638 * value is allocated with malloc() */ |
568
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
550
diff
changeset
|
639 void getaddrstring(struct sockaddr_storage* addr, |
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
550
diff
changeset
|
640 char **ret_host, char **ret_port, |
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
550
diff
changeset
|
641 int host_lookup) { |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
642 |
568
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
550
diff
changeset
|
643 char host[NI_MAXHOST+1], serv[NI_MAXSERV+1]; |
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
550
diff
changeset
|
644 unsigned int len; |
62 | 645 int ret; |
568
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
550
diff
changeset
|
646 |
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
550
diff
changeset
|
647 int flags = NI_NUMERICSERV | NI_NUMERICHOST; |
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
550
diff
changeset
|
648 |
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
550
diff
changeset
|
649 #ifndef DO_HOST_LOOKUP |
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
550
diff
changeset
|
650 host_lookup = 0; |
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
550
diff
changeset
|
651 #endif |
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
550
diff
changeset
|
652 |
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
550
diff
changeset
|
653 if (host_lookup) { |
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
550
diff
changeset
|
654 flags = NI_NUMERICSERV; |
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
550
diff
changeset
|
655 } |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
656 |
62 | 657 len = sizeof(struct sockaddr_storage); |
160
7ceceb46d655
Fix so that getnameinfo() is passed the address-specific structure size. This
Matt Johnston <matt@ucc.asn.au>
parents:
150
diff
changeset
|
658 /* Some platforms such as Solaris 8 require that len is the length |
335
e17f0333c21e
Another stab at getting ss_family happy on older glibc
Matt Johnston <matt@ucc.asn.au>
parents:
277
diff
changeset
|
659 * of the specific structure. Some older linux systems (glibc 2.1.3 |
e17f0333c21e
Another stab at getting ss_family happy on older glibc
Matt Johnston <matt@ucc.asn.au>
parents:
277
diff
changeset
|
660 * such as debian potato) have sockaddr_storage.__ss_family instead |
e17f0333c21e
Another stab at getting ss_family happy on older glibc
Matt Johnston <matt@ucc.asn.au>
parents:
277
diff
changeset
|
661 * but we'll ignore them */ |
e17f0333c21e
Another stab at getting ss_family happy on older glibc
Matt Johnston <matt@ucc.asn.au>
parents:
277
diff
changeset
|
662 #ifdef HAVE_STRUCT_SOCKADDR_STORAGE_SS_FAMILY |
160
7ceceb46d655
Fix so that getnameinfo() is passed the address-specific structure size. This
Matt Johnston <matt@ucc.asn.au>
parents:
150
diff
changeset
|
663 if (addr->ss_family == AF_INET) { |
7ceceb46d655
Fix so that getnameinfo() is passed the address-specific structure size. This
Matt Johnston <matt@ucc.asn.au>
parents:
150
diff
changeset
|
664 len = sizeof(struct sockaddr_in); |
7ceceb46d655
Fix so that getnameinfo() is passed the address-specific structure size. This
Matt Johnston <matt@ucc.asn.au>
parents:
150
diff
changeset
|
665 } |
7ceceb46d655
Fix so that getnameinfo() is passed the address-specific structure size. This
Matt Johnston <matt@ucc.asn.au>
parents:
150
diff
changeset
|
666 #ifdef AF_INET6 |
7ceceb46d655
Fix so that getnameinfo() is passed the address-specific structure size. This
Matt Johnston <matt@ucc.asn.au>
parents:
150
diff
changeset
|
667 if (addr->ss_family == AF_INET6) { |
7ceceb46d655
Fix so that getnameinfo() is passed the address-specific structure size. This
Matt Johnston <matt@ucc.asn.au>
parents:
150
diff
changeset
|
668 len = sizeof(struct sockaddr_in6); |
7ceceb46d655
Fix so that getnameinfo() is passed the address-specific structure size. This
Matt Johnston <matt@ucc.asn.au>
parents:
150
diff
changeset
|
669 } |
7ceceb46d655
Fix so that getnameinfo() is passed the address-specific structure size. This
Matt Johnston <matt@ucc.asn.au>
parents:
150
diff
changeset
|
670 #endif |
335
e17f0333c21e
Another stab at getting ss_family happy on older glibc
Matt Johnston <matt@ucc.asn.au>
parents:
277
diff
changeset
|
671 #endif |
62 | 672 |
568
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
550
diff
changeset
|
673 ret = getnameinfo((struct sockaddr*)addr, len, host, sizeof(host)-1, |
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
550
diff
changeset
|
674 serv, sizeof(serv)-1, flags); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
675 |
62 | 676 if (ret != 0) { |
568
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
550
diff
changeset
|
677 if (host_lookup) { |
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
550
diff
changeset
|
678 /* On some systems (Darwin does it) we get EINTR from getnameinfo |
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
550
diff
changeset
|
679 * somehow. Eew. So we'll just return the IP, since that doesn't seem |
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
550
diff
changeset
|
680 * to exhibit that behaviour. */ |
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
550
diff
changeset
|
681 getaddrstring(addr, ret_host, ret_port, 0); |
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
550
diff
changeset
|
682 return; |
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
550
diff
changeset
|
683 } else { |
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
550
diff
changeset
|
684 /* if we can't do a numeric lookup, something's gone terribly wrong */ |
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
550
diff
changeset
|
685 dropbear_exit("Failed lookup: %s", gai_strerror(ret)); |
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
550
diff
changeset
|
686 } |
62 | 687 } |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
688 |
568
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
550
diff
changeset
|
689 if (ret_host) { |
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
550
diff
changeset
|
690 *ret_host = m_strdup(host); |
160
7ceceb46d655
Fix so that getnameinfo() is passed the address-specific structure size. This
Matt Johnston <matt@ucc.asn.au>
parents:
150
diff
changeset
|
691 } |
568
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
550
diff
changeset
|
692 if (ret_port) { |
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
550
diff
changeset
|
693 *ret_port = m_strdup(serv); |
160
7ceceb46d655
Fix so that getnameinfo() is passed the address-specific structure size. This
Matt Johnston <matt@ucc.asn.au>
parents:
150
diff
changeset
|
694 } |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
695 } |
62 | 696 |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
697 #ifdef DEBUG_TRACE |
198
65585699d980
* add a "label" argument to printhex()
Matt Johnston <matt@ucc.asn.au>
parents:
173
diff
changeset
|
698 void printhex(const char * label, const unsigned char * buf, int len) { |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
699 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
700 int i; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
701 |
198
65585699d980
* add a "label" argument to printhex()
Matt Johnston <matt@ucc.asn.au>
parents:
173
diff
changeset
|
702 fprintf(stderr, "%s\n", label); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
703 for (i = 0; i < len; i++) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
704 fprintf(stderr, "%02x", buf[i]); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
705 if (i % 16 == 15) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
706 fprintf(stderr, "\n"); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
707 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
708 else if (i % 2 == 1) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
709 fprintf(stderr, " "); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
710 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
711 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
712 fprintf(stderr, "\n"); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
713 } |
764
2202e854d187
add printmpint() for debugging
Matt Johnston <matt@ucc.asn.au>
parents:
667
diff
changeset
|
714 |
2202e854d187
add printmpint() for debugging
Matt Johnston <matt@ucc.asn.au>
parents:
667
diff
changeset
|
715 void printmpint(const char *label, mp_int *mp) { |
2202e854d187
add printmpint() for debugging
Matt Johnston <matt@ucc.asn.au>
parents:
667
diff
changeset
|
716 buffer *buf = buf_new(1000); |
2202e854d187
add printmpint() for debugging
Matt Johnston <matt@ucc.asn.au>
parents:
667
diff
changeset
|
717 buf_putmpint(buf, mp); |
2202e854d187
add printmpint() for debugging
Matt Johnston <matt@ucc.asn.au>
parents:
667
diff
changeset
|
718 printhex(label, buf->data, buf->len); |
2202e854d187
add printmpint() for debugging
Matt Johnston <matt@ucc.asn.au>
parents:
667
diff
changeset
|
719 buf_free(buf); |
2202e854d187
add printmpint() for debugging
Matt Johnston <matt@ucc.asn.au>
parents:
667
diff
changeset
|
720 |
2202e854d187
add printmpint() for debugging
Matt Johnston <matt@ucc.asn.au>
parents:
667
diff
changeset
|
721 } |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
722 #endif |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
723 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
724 /* Strip all control characters from text (a null-terminated string), except |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
725 * for '\n', '\r' and '\t'. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
726 * The result returned is a newly allocated string, this must be free()d after |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
727 * use */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
728 char * stripcontrol(const char * text) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
729 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
730 char * ret; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
731 int len, pos; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
732 int i; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
733 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
734 len = strlen(text); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
735 ret = m_malloc(len+1); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
736 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
737 pos = 0; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
738 for (i = 0; i < len; i++) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
739 if ((text[i] <= '~' && text[i] >= ' ') /* normal printable range */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
740 || text[i] == '\n' || text[i] == '\r' || text[i] == '\t') { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
741 ret[pos] = text[i]; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
742 pos++; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
743 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
744 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
745 ret[pos] = 0x0; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
746 return ret; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
747 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
748 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
749 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
750 /* reads the contents of filename into the buffer buf, from the current |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
751 * position, either to the end of the file, or the buffer being full. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
752 * Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
753 int buf_readfile(buffer* buf, const char* filename) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
754 |
357
9e2ad1023978
Handle failure reading a file (such as a key file)
Matt Johnston <matt@ucc.asn.au>
parents:
335
diff
changeset
|
755 int fd = -1; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
756 int len; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
757 int maxlen; |
358
e81d3bc1dc78
Forgot variable declaration.
Matt Johnston <matt@ucc.asn.au>
parents:
357
diff
changeset
|
758 int ret = DROPBEAR_FAILURE; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
759 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
760 fd = open(filename, O_RDONLY); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
761 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
762 if (fd < 0) { |
357
9e2ad1023978
Handle failure reading a file (such as a key file)
Matt Johnston <matt@ucc.asn.au>
parents:
335
diff
changeset
|
763 goto out; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
764 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
765 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
766 do { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
767 maxlen = buf->size - buf->pos; |
357
9e2ad1023978
Handle failure reading a file (such as a key file)
Matt Johnston <matt@ucc.asn.au>
parents:
335
diff
changeset
|
768 len = read(fd, buf_getwriteptr(buf, maxlen), maxlen); |
9e2ad1023978
Handle failure reading a file (such as a key file)
Matt Johnston <matt@ucc.asn.au>
parents:
335
diff
changeset
|
769 if (len < 0) { |
9e2ad1023978
Handle failure reading a file (such as a key file)
Matt Johnston <matt@ucc.asn.au>
parents:
335
diff
changeset
|
770 if (errno == EINTR || errno == EAGAIN) { |
9e2ad1023978
Handle failure reading a file (such as a key file)
Matt Johnston <matt@ucc.asn.au>
parents:
335
diff
changeset
|
771 continue; |
9e2ad1023978
Handle failure reading a file (such as a key file)
Matt Johnston <matt@ucc.asn.au>
parents:
335
diff
changeset
|
772 } |
9e2ad1023978
Handle failure reading a file (such as a key file)
Matt Johnston <matt@ucc.asn.au>
parents:
335
diff
changeset
|
773 goto out; |
9e2ad1023978
Handle failure reading a file (such as a key file)
Matt Johnston <matt@ucc.asn.au>
parents:
335
diff
changeset
|
774 } |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
775 buf_incrwritepos(buf, len); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
776 } while (len < maxlen && len > 0); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
777 |
357
9e2ad1023978
Handle failure reading a file (such as a key file)
Matt Johnston <matt@ucc.asn.au>
parents:
335
diff
changeset
|
778 ret = DROPBEAR_SUCCESS; |
9e2ad1023978
Handle failure reading a file (such as a key file)
Matt Johnston <matt@ucc.asn.au>
parents:
335
diff
changeset
|
779 |
9e2ad1023978
Handle failure reading a file (such as a key file)
Matt Johnston <matt@ucc.asn.au>
parents:
335
diff
changeset
|
780 out: |
9e2ad1023978
Handle failure reading a file (such as a key file)
Matt Johnston <matt@ucc.asn.au>
parents:
335
diff
changeset
|
781 if (fd >= 0) { |
9e2ad1023978
Handle failure reading a file (such as a key file)
Matt Johnston <matt@ucc.asn.au>
parents:
335
diff
changeset
|
782 m_close(fd); |
9e2ad1023978
Handle failure reading a file (such as a key file)
Matt Johnston <matt@ucc.asn.au>
parents:
335
diff
changeset
|
783 } |
9e2ad1023978
Handle failure reading a file (such as a key file)
Matt Johnston <matt@ucc.asn.au>
parents:
335
diff
changeset
|
784 return ret; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
785 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
786 |
51
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
45
diff
changeset
|
787 /* get a line from the file into buffer in the style expected for an |
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
45
diff
changeset
|
788 * authkeys file. |
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
45
diff
changeset
|
789 * Will return DROPBEAR_SUCCESS if data is read, or DROPBEAR_FAILURE on EOF.*/ |
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
45
diff
changeset
|
790 /* Only used for ~/.ssh/known_hosts and ~/.ssh/authorized_keys */ |
68
eee77ac31ccc
cleaning up the pubkey defines
Matt Johnston <matt@ucc.asn.au>
parents:
64
diff
changeset
|
791 #if defined(DROPBEAR_CLIENT) || defined(ENABLE_SVR_PUBKEY_AUTH) |
51
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
45
diff
changeset
|
792 int buf_getline(buffer * line, FILE * authfile) { |
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
45
diff
changeset
|
793 |
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
45
diff
changeset
|
794 int c = EOF; |
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
45
diff
changeset
|
795 |
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
45
diff
changeset
|
796 buf_setpos(line, 0); |
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
45
diff
changeset
|
797 buf_setlen(line, 0); |
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
45
diff
changeset
|
798 |
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
45
diff
changeset
|
799 while (line->pos < line->size) { |
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
45
diff
changeset
|
800 |
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
45
diff
changeset
|
801 c = fgetc(authfile); /*getc() is weird with some uClibc systems*/ |
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
45
diff
changeset
|
802 if (c == EOF || c == '\n' || c == '\r') { |
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
45
diff
changeset
|
803 goto out; |
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
45
diff
changeset
|
804 } |
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
45
diff
changeset
|
805 |
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
45
diff
changeset
|
806 buf_putbyte(line, (unsigned char)c); |
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
45
diff
changeset
|
807 } |
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
45
diff
changeset
|
808 |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
161
diff
changeset
|
809 TRACE(("leave getauthline: line too long")) |
51
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
45
diff
changeset
|
810 /* We return success, but the line length will be zeroed - ie we just |
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
45
diff
changeset
|
811 * ignore that line */ |
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
45
diff
changeset
|
812 buf_setlen(line, 0); |
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
45
diff
changeset
|
813 |
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
45
diff
changeset
|
814 out: |
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
45
diff
changeset
|
815 |
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
45
diff
changeset
|
816 |
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
45
diff
changeset
|
817 /* if we didn't read anything before EOF or error, exit */ |
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
45
diff
changeset
|
818 if (c == EOF && line->pos == 0) { |
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
45
diff
changeset
|
819 return DROPBEAR_FAILURE; |
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
45
diff
changeset
|
820 } else { |
117
e0acad552a92
Read the last line of a file without a finishing '\n' correctly
Matt Johnston <matt@ucc.asn.au>
parents:
109
diff
changeset
|
821 buf_setpos(line, 0); |
51
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
45
diff
changeset
|
822 return DROPBEAR_SUCCESS; |
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
45
diff
changeset
|
823 } |
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
45
diff
changeset
|
824 |
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
45
diff
changeset
|
825 } |
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
45
diff
changeset
|
826 #endif |
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
45
diff
changeset
|
827 |
277
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
828 /* make sure that the socket closes */ |
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
829 void m_close(int fd) { |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
830 |
883
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
871
diff
changeset
|
831 if (fd == -1) { |
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
871
diff
changeset
|
832 return; |
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
871
diff
changeset
|
833 } |
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
871
diff
changeset
|
834 |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
835 int val; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
836 do { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
837 val = close(fd); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
838 } while (val < 0 && errno == EINTR); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
839 |
277
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
840 if (val < 0 && errno != EBADF) { |
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
841 /* Linux says EIO can happen */ |
044bc108b9b3
* Per-IP connection unauthed connection limits
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
842 dropbear_exit("Error closing fd %d, %s", fd, strerror(errno)); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
843 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
844 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
845 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
846 void * m_malloc(size_t size) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
847 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
848 void* ret; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
849 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
850 if (size == 0) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
851 dropbear_exit("m_malloc failed"); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
852 } |
123
a0db9a23f6d4
calloc memory rather than mallocing it - can't hurt too much, and is
Matt Johnston <matt@ucc.asn.au>
parents:
117
diff
changeset
|
853 ret = calloc(1, size); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
854 if (ret == NULL) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
855 dropbear_exit("m_malloc failed"); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
856 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
857 return ret; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
858 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
859 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
860 |
11
f76c9389e9e0
Mostly done with the listener changeover
Matt Johnston <matt@ucc.asn.au>
parents:
4
diff
changeset
|
861 void * m_strdup(const char * str) { |
f76c9389e9e0
Mostly done with the listener changeover
Matt Johnston <matt@ucc.asn.au>
parents:
4
diff
changeset
|
862 char* ret; |
f76c9389e9e0
Mostly done with the listener changeover
Matt Johnston <matt@ucc.asn.au>
parents:
4
diff
changeset
|
863 |
f76c9389e9e0
Mostly done with the listener changeover
Matt Johnston <matt@ucc.asn.au>
parents:
4
diff
changeset
|
864 ret = strdup(str); |
f76c9389e9e0
Mostly done with the listener changeover
Matt Johnston <matt@ucc.asn.au>
parents:
4
diff
changeset
|
865 if (ret == NULL) { |
f76c9389e9e0
Mostly done with the listener changeover
Matt Johnston <matt@ucc.asn.au>
parents:
4
diff
changeset
|
866 dropbear_exit("m_strdup failed"); |
f76c9389e9e0
Mostly done with the listener changeover
Matt Johnston <matt@ucc.asn.au>
parents:
4
diff
changeset
|
867 } |
f76c9389e9e0
Mostly done with the listener changeover
Matt Johnston <matt@ucc.asn.au>
parents:
4
diff
changeset
|
868 return ret; |
f76c9389e9e0
Mostly done with the listener changeover
Matt Johnston <matt@ucc.asn.au>
parents:
4
diff
changeset
|
869 } |
f76c9389e9e0
Mostly done with the listener changeover
Matt Johnston <matt@ucc.asn.au>
parents:
4
diff
changeset
|
870 |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
871 void * m_realloc(void* ptr, size_t size) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
872 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
873 void *ret; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
874 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
875 if (size == 0) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
876 dropbear_exit("m_realloc failed"); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
877 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
878 ret = realloc(ptr, size); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
879 if (ret == NULL) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
880 dropbear_exit("m_realloc failed"); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
881 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
882 return ret; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
883 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
884 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
885 /* Clear the data, based on the method in David Wheeler's |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
886 * "Secure Programming for Linux and Unix HOWTO" */ |
161 | 887 /* Beware of calling this from within dbutil.c - things might get |
888 * optimised away */ | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
889 void m_burn(void *data, unsigned int len) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
890 volatile char *p = data; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
891 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
892 if (data == NULL) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
893 return; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
894 while (len--) { |
655
76e780c74a5e
- Burn buffers to 0x00 instead
Matt Johnston <matt@ucc.asn.au>
parents:
639
diff
changeset
|
895 *p++ = 0x0; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
896 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
897 } |
26 | 898 |
109
2e9d1f29c50f
merge of 50be59810e462f9f44f55e421227d6aa0b31982b
Matt Johnston <matt@ucc.asn.au>
parents:
108
diff
changeset
|
899 |
2e9d1f29c50f
merge of 50be59810e462f9f44f55e421227d6aa0b31982b
Matt Johnston <matt@ucc.asn.au>
parents:
108
diff
changeset
|
900 void setnonblocking(int fd) { |
2e9d1f29c50f
merge of 50be59810e462f9f44f55e421227d6aa0b31982b
Matt Johnston <matt@ucc.asn.au>
parents:
108
diff
changeset
|
901 |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
161
diff
changeset
|
902 TRACE(("setnonblocking: %d", fd)) |
109
2e9d1f29c50f
merge of 50be59810e462f9f44f55e421227d6aa0b31982b
Matt Johnston <matt@ucc.asn.au>
parents:
108
diff
changeset
|
903 |
2e9d1f29c50f
merge of 50be59810e462f9f44f55e421227d6aa0b31982b
Matt Johnston <matt@ucc.asn.au>
parents:
108
diff
changeset
|
904 if (fcntl(fd, F_SETFL, O_NONBLOCK) < 0) { |
173
257f09a63dab
* add SSH_ASKPASS support (based on patch from Paul Whittaker
Matt Johnston <matt@ucc.asn.au>
parents:
172
diff
changeset
|
905 if (errno == ENODEV) { |
257f09a63dab
* add SSH_ASKPASS support (based on patch from Paul Whittaker
Matt Johnston <matt@ucc.asn.au>
parents:
172
diff
changeset
|
906 /* Some devices (like /dev/null redirected in) |
257f09a63dab
* add SSH_ASKPASS support (based on patch from Paul Whittaker
Matt Johnston <matt@ucc.asn.au>
parents:
172
diff
changeset
|
907 * can't be set to non-blocking */ |
257f09a63dab
* add SSH_ASKPASS support (based on patch from Paul Whittaker
Matt Johnston <matt@ucc.asn.au>
parents:
172
diff
changeset
|
908 TRACE(("ignoring ENODEV for setnonblocking")) |
257f09a63dab
* add SSH_ASKPASS support (based on patch from Paul Whittaker
Matt Johnston <matt@ucc.asn.au>
parents:
172
diff
changeset
|
909 } else { |
257f09a63dab
* add SSH_ASKPASS support (based on patch from Paul Whittaker
Matt Johnston <matt@ucc.asn.au>
parents:
172
diff
changeset
|
910 dropbear_exit("Couldn't set nonblocking"); |
257f09a63dab
* add SSH_ASKPASS support (based on patch from Paul Whittaker
Matt Johnston <matt@ucc.asn.au>
parents:
172
diff
changeset
|
911 } |
109
2e9d1f29c50f
merge of 50be59810e462f9f44f55e421227d6aa0b31982b
Matt Johnston <matt@ucc.asn.au>
parents:
108
diff
changeset
|
912 } |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
161
diff
changeset
|
913 TRACE(("leave setnonblocking")) |
109
2e9d1f29c50f
merge of 50be59810e462f9f44f55e421227d6aa0b31982b
Matt Johnston <matt@ucc.asn.au>
parents:
108
diff
changeset
|
914 } |
425 | 915 |
916 void disallow_core() { | |
917 struct rlimit lim; | |
918 lim.rlim_cur = lim.rlim_max = 0; | |
919 setrlimit(RLIMIT_CORE, &lim); | |
920 } | |
492
b956d6151600
Replace calls to strtoul() with a helper m_str_to_uint()
Matt Johnston <matt@ucc.asn.au>
parents:
490
diff
changeset
|
921 |
b956d6151600
Replace calls to strtoul() with a helper m_str_to_uint()
Matt Johnston <matt@ucc.asn.au>
parents:
490
diff
changeset
|
922 /* Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE, with the result in *val */ |
b956d6151600
Replace calls to strtoul() with a helper m_str_to_uint()
Matt Johnston <matt@ucc.asn.au>
parents:
490
diff
changeset
|
923 int m_str_to_uint(const char* str, unsigned int *val) { |
864 | 924 unsigned long l; |
492
b956d6151600
Replace calls to strtoul() with a helper m_str_to_uint()
Matt Johnston <matt@ucc.asn.au>
parents:
490
diff
changeset
|
925 errno = 0; |
864 | 926 l = strtoul(str, NULL, 10); |
492
b956d6151600
Replace calls to strtoul() with a helper m_str_to_uint()
Matt Johnston <matt@ucc.asn.au>
parents:
490
diff
changeset
|
927 /* The c99 spec doesn't actually seem to define EINVAL, but most platforms |
b956d6151600
Replace calls to strtoul() with a helper m_str_to_uint()
Matt Johnston <matt@ucc.asn.au>
parents:
490
diff
changeset
|
928 * I've looked at mention it in their manpage */ |
864 | 929 if ((l == 0 && errno == EINVAL) |
930 || (l == ULONG_MAX && errno == ERANGE) | |
931 || (l > UINT_MAX)) { | |
492
b956d6151600
Replace calls to strtoul() with a helper m_str_to_uint()
Matt Johnston <matt@ucc.asn.au>
parents:
490
diff
changeset
|
932 return DROPBEAR_FAILURE; |
b956d6151600
Replace calls to strtoul() with a helper m_str_to_uint()
Matt Johnston <matt@ucc.asn.au>
parents:
490
diff
changeset
|
933 } else { |
864 | 934 *val = l; |
492
b956d6151600
Replace calls to strtoul() with a helper m_str_to_uint()
Matt Johnston <matt@ucc.asn.au>
parents:
490
diff
changeset
|
935 return DROPBEAR_SUCCESS; |
b956d6151600
Replace calls to strtoul() with a helper m_str_to_uint()
Matt Johnston <matt@ucc.asn.au>
parents:
490
diff
changeset
|
936 } |
b956d6151600
Replace calls to strtoul() with a helper m_str_to_uint()
Matt Johnston <matt@ucc.asn.au>
parents:
490
diff
changeset
|
937 } |
817
a625f9e135a4
Constant time memcmp for the hmac and password crypt
Matt Johnston <matt@ucc.asn.au>
parents:
753
diff
changeset
|
938 |
a625f9e135a4
Constant time memcmp for the hmac and password crypt
Matt Johnston <matt@ucc.asn.au>
parents:
753
diff
changeset
|
939 int constant_time_memcmp(const void* a, const void *b, size_t n) |
a625f9e135a4
Constant time memcmp for the hmac and password crypt
Matt Johnston <matt@ucc.asn.au>
parents:
753
diff
changeset
|
940 { |
a625f9e135a4
Constant time memcmp for the hmac and password crypt
Matt Johnston <matt@ucc.asn.au>
parents:
753
diff
changeset
|
941 const char *xa = a, *xb = b; |
a625f9e135a4
Constant time memcmp for the hmac and password crypt
Matt Johnston <matt@ucc.asn.au>
parents:
753
diff
changeset
|
942 uint8_t c = 0; |
a625f9e135a4
Constant time memcmp for the hmac and password crypt
Matt Johnston <matt@ucc.asn.au>
parents:
753
diff
changeset
|
943 size_t i; |
a625f9e135a4
Constant time memcmp for the hmac and password crypt
Matt Johnston <matt@ucc.asn.au>
parents:
753
diff
changeset
|
944 for (i = 0; i < n; i++) |
a625f9e135a4
Constant time memcmp for the hmac and password crypt
Matt Johnston <matt@ucc.asn.au>
parents:
753
diff
changeset
|
945 { |
a625f9e135a4
Constant time memcmp for the hmac and password crypt
Matt Johnston <matt@ucc.asn.au>
parents:
753
diff
changeset
|
946 c |= (xa[i] ^ xb[i]); |
a625f9e135a4
Constant time memcmp for the hmac and password crypt
Matt Johnston <matt@ucc.asn.au>
parents:
753
diff
changeset
|
947 } |
a625f9e135a4
Constant time memcmp for the hmac and password crypt
Matt Johnston <matt@ucc.asn.au>
parents:
753
diff
changeset
|
948 return c; |
a625f9e135a4
Constant time memcmp for the hmac and password crypt
Matt Johnston <matt@ucc.asn.au>
parents:
753
diff
changeset
|
949 } |
a625f9e135a4
Constant time memcmp for the hmac and password crypt
Matt Johnston <matt@ucc.asn.au>
parents:
753
diff
changeset
|
950 |
928
7cd89d4e0335
Add new monotonic_now() wrapper so that timeouts are unaffected by
Matt Johnston <matt@ucc.asn.au>
parents:
883
diff
changeset
|
951 #if defined(__linux__) && defined(SYS_clock_gettime) |
952 | 952 /* CLOCK_MONOTONIC_COARSE was added in Linux 2.6.32 but took a while to |
953 reach userspace include headers */ | |
928
7cd89d4e0335
Add new monotonic_now() wrapper so that timeouts are unaffected by
Matt Johnston <matt@ucc.asn.au>
parents:
883
diff
changeset
|
954 #ifndef CLOCK_MONOTONIC_COARSE |
7cd89d4e0335
Add new monotonic_now() wrapper so that timeouts are unaffected by
Matt Johnston <matt@ucc.asn.au>
parents:
883
diff
changeset
|
955 #define CLOCK_MONOTONIC_COARSE 6 |
7cd89d4e0335
Add new monotonic_now() wrapper so that timeouts are unaffected by
Matt Johnston <matt@ucc.asn.au>
parents:
883
diff
changeset
|
956 #endif |
952 | 957 static clockid_t get_linux_clock_source() { |
928
7cd89d4e0335
Add new monotonic_now() wrapper so that timeouts are unaffected by
Matt Johnston <matt@ucc.asn.au>
parents:
883
diff
changeset
|
958 struct timespec ts; |
952 | 959 if (syscall(SYS_clock_gettime, CLOCK_MONOTONIC_COARSE, &ts) == 0) { |
960 return CLOCK_MONOTONIC_COARSE; | |
961 } | |
953
356a25a108a3
Fix some format string warnings
Matt Johnston <matt@ucc.asn.au>
parents:
952
diff
changeset
|
962 |
952 | 963 if (syscall(SYS_clock_gettime, CLOCK_MONOTONIC, &ts) == 0) { |
964 return CLOCK_MONOTONIC; | |
965 } | |
966 return -1; | |
967 } | |
968 #endif | |
969 | |
970 time_t monotonic_now() { | |
971 #if defined(__linux__) && defined(SYS_clock_gettime) | |
972 static clockid_t clock_source = -2; | |
928
7cd89d4e0335
Add new monotonic_now() wrapper so that timeouts are unaffected by
Matt Johnston <matt@ucc.asn.au>
parents:
883
diff
changeset
|
973 |
952 | 974 if (clock_source == -2) { |
953
356a25a108a3
Fix some format string warnings
Matt Johnston <matt@ucc.asn.au>
parents:
952
diff
changeset
|
975 /* First run, find out which one works. |
952 | 976 -1 will fall back to time() */ |
977 clock_source = get_linux_clock_source(); | |
928
7cd89d4e0335
Add new monotonic_now() wrapper so that timeouts are unaffected by
Matt Johnston <matt@ucc.asn.au>
parents:
883
diff
changeset
|
978 } |
952 | 979 |
980 if (clock_source >= 0) { | |
981 struct timespec ts; | |
982 if (syscall(SYS_clock_gettime, clock_source, &ts) != 0) { | |
983 /* Intermittent clock failures should not happen */ | |
984 dropbear_exit("Clock broke"); | |
985 } | |
986 return ts.tv_sec; | |
987 } | |
988 #endif /* linux clock_gettime */ | |
989 | |
990 #if defined(HAVE_MACH_ABSOLUTE_TIME) | |
928
7cd89d4e0335
Add new monotonic_now() wrapper so that timeouts are unaffected by
Matt Johnston <matt@ucc.asn.au>
parents:
883
diff
changeset
|
991 /* OS X, see https://developer.apple.com/library/mac/qa/qa1398/_index.html */ |
930
8f04e36622c0
Fix monotonic_now() on OS X
Matt Johnston <matt@ucc.asn.au>
parents:
928
diff
changeset
|
992 static mach_timebase_info_data_t timebase_info; |
928
7cd89d4e0335
Add new monotonic_now() wrapper so that timeouts are unaffected by
Matt Johnston <matt@ucc.asn.au>
parents:
883
diff
changeset
|
993 if (timebase_info.denom == 0) { |
7cd89d4e0335
Add new monotonic_now() wrapper so that timeouts are unaffected by
Matt Johnston <matt@ucc.asn.au>
parents:
883
diff
changeset
|
994 mach_timebase_info(&timebase_info); |
7cd89d4e0335
Add new monotonic_now() wrapper so that timeouts are unaffected by
Matt Johnston <matt@ucc.asn.au>
parents:
883
diff
changeset
|
995 } |
7cd89d4e0335
Add new monotonic_now() wrapper so that timeouts are unaffected by
Matt Johnston <matt@ucc.asn.au>
parents:
883
diff
changeset
|
996 return mach_absolute_time() * timebase_info.numer / timebase_info.denom |
7cd89d4e0335
Add new monotonic_now() wrapper so that timeouts are unaffected by
Matt Johnston <matt@ucc.asn.au>
parents:
883
diff
changeset
|
997 / 1e9; |
952 | 998 #endif /* osx mach_absolute_time */ |
999 | |
928
7cd89d4e0335
Add new monotonic_now() wrapper so that timeouts are unaffected by
Matt Johnston <matt@ucc.asn.au>
parents:
883
diff
changeset
|
1000 /* Fallback for everything else - this will sometimes go backwards */ |
7cd89d4e0335
Add new monotonic_now() wrapper so that timeouts are unaffected by
Matt Johnston <matt@ucc.asn.au>
parents:
883
diff
changeset
|
1001 return time(NULL); |
7cd89d4e0335
Add new monotonic_now() wrapper so that timeouts are unaffected by
Matt Johnston <matt@ucc.asn.au>
parents:
883
diff
changeset
|
1002 } |
7cd89d4e0335
Add new monotonic_now() wrapper so that timeouts are unaffected by
Matt Johnston <matt@ucc.asn.au>
parents:
883
diff
changeset
|
1003 |