changeset | 1d86a58fb52d |
---|---|
branch | |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | Leave non-interactive at default QoS class Lower class levels are less well defined, and non-interactive SSH can carry various different types of applications. This change also sets lowdelay class (AF21) earlier in an an outbound dbclient session |
files |
changeset | a7cc3332d8ab |
---|---|
branch | |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | Replace ChanType.sepfds with Channel.bidir_fd This handles the case where a svrchansess has separate FDs for nopty, but a single FD for pty mode. The use of sepfds was also previously incorrect for X11 and agent forwarding |
files |
changeset | 5015c80808c5 |
---|---|
branch | |
bookmark | |
tag | |
user | ValdikSS <iam@valdikss.org.ru> |
description | Use MAX_HOST_LEN for TCP forwarding requests (#121) tcpip-forward request can include hostname, which is later resolved by getaddrinfo() call. Dropbear incorrectly assumes tcpip-forward includes only IP(v4) address. Fix this. |
files |
changeset | 249681d9ecda |
---|---|
branch | |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | Use buf_eatstring instead |
files |
changeset | 1fc0012b9c38 |
---|---|
branch | |
bookmark | |
tag | |
user | Dirkjan Bussink <d.bussink@gmail.com> |
description | Fix handling of replies to global requests (#112) The current code assumes that all global requests want / need a reply. This isn't always true and the request itself indicates if it wants a reply or not. It causes a specific problem with hostkeys-00@openssh.com messages. These are sent by OpenSSH after authentication to inform the client of potential other host keys for the host. This can be used to add a new type of host key or to rotate host keys. The initial information message from the server is sent as a global request, but with want_reply set to false. This means that the server doesn't expect an answer to this message. Instead the client needs to send a prove request as a reply if it wants to receive proof of ownership for the host keys. The bug doesn't cause any current problems with due to how OpenSSH treats receiving the failure message. It instead treats it as a keepalive message and further ignores it. Arguably this is a protocol violation though of Dropbear and it is only accidental that it doesn't cause a problem with OpenSSH. The bug was found when adding host keys support to libssh, which is more strict protocol wise and treats the unexpected failure message an error, also see https://gitlab.com/libssh/libssh-mirror/-/merge_requests/145 for more information. The fix here is to honor the want_reply flag in the global request and to only send a reply if the other side expects a reply. |
files |
changeset | 9026f976eee8 |
---|---|
branch | |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | fuzz: work around fuzz_connect_remote() limitations |
files |
changeset | 9b02c49bd396 |
---|---|
branch | |
bookmark | |
tag | |
user | François Perrad <francois.perrad@gadz.org> |
description | add missing initializer (#71) |
files |
changeset | 79eef94ccea9 |
---|---|
branch | |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | Split ChanType closehandler() and cleanup() so that dbclient doesn't lose exit status messages |
files |
changeset | 572a7aefa188 |
---|---|
branch | |
bookmark | bugfix |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | FIx remote forward listeners |
files |
changeset | 2c902644036d |
---|---|
branch | |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | avoid warning about port |
files |
changeset | bb55dffab5ba |
---|---|
branch | |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | don't log server listen ports |
files |
changeset | 73aa542e76fe |
---|---|
branch | |
bookmark | |
tag | |
user | Francois Perrad <francois.perrad@gadz.org> |
description | fix indentation |
files |
changeset | 2d450c1056e3 |
---|---|
branch | |
bookmark | |
tag | |
user | Michael Witten <mfwitten@gmail.com> |
description | options: Complete the transition to numeric toggles (`#if') For the sake of review, this commit alters only the code; the affiliated comments within the source files also need to be updated, but doing so now would obscure the operational changes that have been made here. * All on/off options have been switched to the numeric `#if' variant; that is the only way to make this `default_options.h.in' thing work in a reasonable manner. * There is now some very minor compile-time checking of the user's choice of options. * NO_FAST_EXPTMOD doesn't seem to be used, so it has been removed. * ENABLE_USER_ALGO_LIST was supposed to be renamed DROPBEAR_USER_ALGO_LIST, and this commit completes that work. * DROPBEAR_FUZZ seems to be a relatively new, as-yet undocumented option, which was added by the following commit: commit 6e0b539e9ca0b5628c6c5a3d118ad6a2e79e8039 Author: Matt Johnston <matt@ucc.asn.au> Date: Tue May 23 22:29:21 2017 +0800 split out checkpubkey_line() separately It has now been added to `sysoptions.h' and defined as `0' by default. * The configuration option `DROPBEAR_PASSWORD_ENV' is no longer listed in `default_options.h.in'; it is no longer meant to be set by the user, and is instead left to be defined in `sysoptions.h' (where it was already being defined) as merely the name of the environment variable in question: DROPBEAR_PASSWORD To enable or disable use of that environment variable, the user must now toggle `DROPBEAR_USE_DROPBEAR_PASSWORD'. * The sFTP support is now toggled by setting `DROPBEAR_SFTPSERVER', and the path of the sFTP server program is set independently through the usual SFTPSERVER_PATH. |
files |
changeset | f787f60f8e45 |
---|---|
branch | |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | bind to port as well with -b |
files |
changeset | f7a53832501d |
---|---|
branch | |
bookmark | |
tag | |
user | houseofkodai <karthik@houseofkodai.in> |
description | cli_bind_address_connect * replaces -b dummy option in dbclient to be similar with openssh -b option * useful in multi-wan connections |
files |
changeset | ad637c9e0f6f |
---|---|
branch | |
bookmark | |
tag | |
user | houseofkodai <karthik@houseofkodai.in> |
description | Server chosen tcpfwd ports (#43) Server chosen tcpfwd ports |
files |
changeset | 58a74cb829b8 |
---|---|
branch | |
bookmark | |
tag | |
user | Francois Perrad <francois.perrad@gadz.org> |
description | Pointer parameter could be declared as pointing to const (callback) |
files |
changeset | 8747c2b19152 |
---|---|
branch | |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | merge 2017.75 |
files |
changeset | c8114a48837c |
---|---|
branch | |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | listenaddr must be malloced |
files |
changeset | 750ec4ec4cbe |
---|---|
branch | |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | Convert #ifdef to #if, other build changes |
files |
changeset | 9169e4e7cbee |
---|---|
branch | |
bookmark | |
tag | |
user | Francois Perrad <francois.perrad@gadz.org> |
description | fix empty C prototypes |
files |
changeset | 52a456a3add0 |
---|---|
branch | |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | Merge branch '20151231_indent' of https://github.com/fperrad/dropbear into fperrad-20151231_indent |
files |
changeset | 2bb4c662d1c2 |
---|---|
branch | |
bookmark | |
tag | |
user | Francois Perrad <francois.perrad@gadz.org> |
description | more hard tab |
files |
changeset | 888e3d17e962 |
---|---|
branch | |
bookmark | |
tag | |
user | Chocobo1 <Chocobo1@users.noreply.github.com> |
description | Fix print format specifier |
files |
changeset | aaf576b27a10 |
---|---|
branch | |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | Merge pull request #13 from gazoo74/fix-warnings Fix warnings |
files |
changeset | db7963049308 |
---|---|
branch | |
bookmark | |
tag | |
user | Gaël PORTAY <gael.portay@gmail.com> |
description | Turn many local variables into char * reqname, bindaddr, request_addr, desthost and orighost to be exhaustive. |
files |
changeset | c45d65392c1a |
---|---|
branch | |
bookmark | |
tag | |
user | Gaël PORTAY <gael.portay@gmail.com> |
description | Fix pointer differ in signess warnings [-Werror=pointer-sign] |
files |
changeset | 0da8ba489c23 |
---|---|
branch | fastopen |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | Move generic network routines to netio.c |
files |
changeset | 02baa0b334e8 |
---|---|
branch | fastopen |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | async connections working |
files |
changeset | 4121ca987e6a |
---|---|
branch | |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | connect_remote() is now always non-blocking |
files |
changeset | 5daedffd0769 |
---|---|
branch | |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | Set tcp priority as follows: if (connecting || ptys || x11) tos = LOWDELAY; else if (tcp_forwards) tos = 0; else tos = BULK; TCP forwards could be either lowdelay or bulk, hence the default priority. |
files |
changeset | 4ad38e223ccd |
---|---|
branch | |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | Send a failure response if a client receives a global request |
files |
changeset | c19acba28590 |
---|---|
branch | |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | use oldstyle comments |
files |
changeset | dfdb9d9189ff |
---|---|
branch | |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | Server shouldn't return "localhost" in response to -R forward connections if that wasn't what the client requested. |
files |
changeset | c519b78b6d1a |
---|---|
branch | |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | - Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD - Fix build if ENABLE_SVR_REMOTETCPFWD is disabled but ENABLE_SVR_LOCALTCPFWD is enabled |
files |
changeset | 79d48028457c |
---|---|
branch | |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | Fix crash when remote forwarding was requested |
files |
changeset | 35d27c1d0ee7 |
---|---|
branch | |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | Fix leak found by Klocwork |
files |
changeset | 69e98c45db7c |
---|---|
branch | |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | - Progress for allowing specifying a listenaddr for tcp forwards |
files |
changeset | 52a644e7b8e1 |
---|---|
branch | pubkey-options |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | * Patch from Frédéric Moulins adding options to authorized_keys. Needs review. |
files |
changeset | b895f91c2ee6 |
---|---|
branch | |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | merge of 'b1dd3b94e60a07a176dba2b035ac79968595990a' and 'bcb33fce2fad01a7626598209d43af3571bd86f0' |
files |
changeset | 75940fef22dd |
---|---|
branch | |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | Fix free() of null pointer found by Klocwork |
files |
changeset | 454a34b2dfd1 |
---|---|
branch | |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | Fixes from Erik Hovland: cli-authpubkey.c: fix leak of keybuf cli-kex.c: fix leak of fingerprint fp cli-service.c: remove commented out code dropbearkey.c: don't attepmt to free NULL key on failure common-kex.c: only free key if it is initialised keyimport.c: remove dead encrypted-key code don't leak a FILE* loading OpenSSH keys rsa.c, dss.c: check return values for some libtommath functions svr-kex.c: check return value retrieving DH kex mpint svr-tcpfwd.c: fix null-dereference if remote tcp forward request fails tcp-accept.c: don't incorrectly free the tcpinfo var |
files |
changeset | 7ce577234a10 |
---|---|
branch | |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | * svr-tcpfwd.c: should be MAX_NAME_LEN not MAXNAMLEN |
files |
changeset | c049490e43fe |
---|---|
branch | |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | * fix -L forwarding on the client, broke last rev |
files |
changeset | 306499676384 |
---|---|
branch | |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | * add -g (dbclient) and -a (dropbear) options for allowing non-local hosts to connect to forwarded ports. Rearranged various some of the tcp listening code. * changed to /* */ style brackets in svr-authpam.c |
files |
changeset | 84925eceeb13 |
---|---|
branch | |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | * rename infd/outfd to writefd/readfd, to avoid confusion |
files |
changeset | 161557a9dde8 |
---|---|
branch | |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | * fix longstanding bug with connections being closed on failure to connect to auth socket (server) * differentiate between get_byte and get_bool * get rid of some // comments * general tidying |
files |
changeset | 0cfba3034be5 |
---|---|
branch | |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place |
files |
changeset | 8c2b3506f112 |
---|---|
branch | |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | Rearrange preprocessor parts so that compilation with various options disabled works OK. |
files |
changeset | e3adf4cf5465 |
---|---|
branch | |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | License boilerplate etc, add Mihnea as an author to some of the files |
files |
changeset | b0316ce64e4b |
---|---|
branch | |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | Merging in the changes from 0.41-0.43 main Dropbear tree |
files |
changeset | efb5e0b335cf |
---|---|
branch | |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | TCP forwarding works. |
files |
changeset | dcc43965928f |
---|---|
branch | |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | - A nice cleaner structure for tcp (acceptor) forwarding. - still a checkpoint-ish commit - sorted out listening on localhost only |
files |
changeset | 20563735e8b5 |
---|---|
branch | |
bookmark | |
tag | |
user | Matt Johnston <matt@ucc.asn.au> |
description | just checkpointing |
files |