Mercurial > dropbear
comparison svr-session.c @ 1739:13d834efc376 fuzz
merge from main
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Thu, 15 Oct 2020 19:55:15 +0800 |
parents | 435cfb9ec96e |
children | a6da10ac64b5 |
comparison
equal
deleted
inserted
replaced
1562:768ebf737aa0 | 1739:13d834efc376 |
---|---|
86 | 86 |
87 m_free(svr_ses.addrstring); | 87 m_free(svr_ses.addrstring); |
88 m_free(svr_ses.remotehost); | 88 m_free(svr_ses.remotehost); |
89 m_free(svr_ses.childpids); | 89 m_free(svr_ses.childpids); |
90 svr_ses.childpidsize = 0; | 90 svr_ses.childpidsize = 0; |
91 | |
92 #if DROPBEAR_PLUGIN | |
93 if (svr_ses.plugin_handle != NULL) { | |
94 if (svr_ses.plugin_instance) { | |
95 svr_ses.plugin_instance->delete_plugin(svr_ses.plugin_instance); | |
96 svr_ses.plugin_instance = NULL; | |
97 } | |
98 | |
99 dlclose(svr_ses.plugin_handle); | |
100 svr_ses.plugin_handle = NULL; | |
101 } | |
102 #endif | |
91 } | 103 } |
92 | 104 |
93 void svr_session(int sock, int childpipe) { | 105 void svr_session(int sock, int childpipe) { |
94 char *host, *port; | 106 char *host, *port; |
95 size_t len; | 107 size_t len; |
99 /* Initialise server specific parts of the session */ | 111 /* Initialise server specific parts of the session */ |
100 svr_ses.childpipe = childpipe; | 112 svr_ses.childpipe = childpipe; |
101 #if DROPBEAR_VFORK | 113 #if DROPBEAR_VFORK |
102 svr_ses.server_pid = getpid(); | 114 svr_ses.server_pid = getpid(); |
103 #endif | 115 #endif |
104 svr_authinitialise(); | |
105 chaninitialise(svr_chantypes); | |
106 svr_chansessinitialise(); | |
107 svr_algos_initialise(); | |
108 | 116 |
109 /* for logging the remote address */ | 117 /* for logging the remote address */ |
110 get_socket_address(ses.sock_in, NULL, NULL, &host, &port, 0); | 118 get_socket_address(ses.sock_in, NULL, NULL, &host, &port, 0); |
111 len = strlen(host) + strlen(port) + 2; | 119 len = strlen(host) + strlen(port) + 2; |
112 svr_ses.addrstring = m_malloc(len); | 120 svr_ses.addrstring = m_malloc(len); |
113 snprintf(svr_ses.addrstring, len, "%s:%s", host, port); | 121 snprintf(svr_ses.addrstring, len, "%s:%s", host, port); |
114 m_free(host); | 122 m_free(host); |
115 m_free(port); | 123 m_free(port); |
116 | 124 |
125 #if DROPBEAR_PLUGIN | |
126 /* Initializes the PLUGIN Plugin */ | |
127 svr_ses.plugin_handle = NULL; | |
128 svr_ses.plugin_instance = NULL; | |
129 if (svr_opts.pubkey_plugin) { | |
130 #if DEBUG_TRACE | |
131 const int verbose = debug_trace; | |
132 #else | |
133 const int verbose = 0; | |
134 #endif | |
135 PubkeyExtPlugin_newFn pluginConstructor; | |
136 | |
137 /* RTLD_NOW: fails if not all the symbols are resolved now. Better fail now than at run-time */ | |
138 svr_ses.plugin_handle = dlopen(svr_opts.pubkey_plugin, RTLD_NOW); | |
139 if (svr_ses.plugin_handle == NULL) { | |
140 dropbear_exit("failed to load external pubkey plugin '%s': %s", svr_opts.pubkey_plugin, dlerror()); | |
141 } | |
142 pluginConstructor = (PubkeyExtPlugin_newFn)dlsym(svr_ses.plugin_handle, DROPBEAR_PUBKEY_PLUGIN_FNNAME_NEW); | |
143 if (!pluginConstructor) { | |
144 dropbear_exit("plugin constructor method not found in external pubkey plugin"); | |
145 } | |
146 | |
147 /* Create an instance of the plugin */ | |
148 svr_ses.plugin_instance = pluginConstructor(verbose, svr_opts.pubkey_plugin_options, svr_ses.addrstring); | |
149 if (svr_ses.plugin_instance == NULL) { | |
150 dropbear_exit("external plugin initialization failed"); | |
151 } | |
152 /* Check if the plugin is compatible */ | |
153 if ( (svr_ses.plugin_instance->api_version[0] != DROPBEAR_PLUGIN_VERSION_MAJOR) || | |
154 (svr_ses.plugin_instance->api_version[1] < DROPBEAR_PLUGIN_VERSION_MINOR) ) { | |
155 dropbear_exit("plugin version check failed: " | |
156 "Dropbear=%d.%d, plugin=%d.%d", | |
157 DROPBEAR_PLUGIN_VERSION_MAJOR, DROPBEAR_PLUGIN_VERSION_MINOR, | |
158 svr_ses.plugin_instance->api_version[0], svr_ses.plugin_instance->api_version[1]); | |
159 } | |
160 if (svr_ses.plugin_instance->api_version[1] > DROPBEAR_PLUGIN_VERSION_MINOR) { | |
161 dropbear_log(LOG_WARNING, "plugin API newer than dropbear API: " | |
162 "Dropbear=%d.%d, plugin=%d.%d", | |
163 DROPBEAR_PLUGIN_VERSION_MAJOR, DROPBEAR_PLUGIN_VERSION_MINOR, | |
164 svr_ses.plugin_instance->api_version[0], svr_ses.plugin_instance->api_version[1]); | |
165 } | |
166 dropbear_log(LOG_INFO, "successfully loaded and initialized pubkey plugin '%s'", svr_opts.pubkey_plugin); | |
167 } | |
168 #endif | |
169 | |
170 svr_authinitialise(); | |
171 chaninitialise(svr_chantypes); | |
172 svr_chansessinitialise(); | |
173 svr_algos_initialise(); | |
174 | |
117 get_socket_address(ses.sock_in, NULL, NULL, | 175 get_socket_address(ses.sock_in, NULL, NULL, |
118 &svr_ses.remotehost, NULL, 1); | 176 &svr_ses.remotehost, NULL, 1); |
119 | 177 |
120 /* set up messages etc */ | 178 /* set up messages etc */ |
121 ses.remoteclosed = svr_remoteclosed; | 179 ses.remoteclosed = svr_remoteclosed; |
147 | 205 |
148 /* failure exit - format must be <= 100 chars */ | 206 /* failure exit - format must be <= 100 chars */ |
149 void svr_dropbear_exit(int exitcode, const char* format, va_list param) { | 207 void svr_dropbear_exit(int exitcode, const char* format, va_list param) { |
150 char exitmsg[150]; | 208 char exitmsg[150]; |
151 char fullmsg[300]; | 209 char fullmsg[300]; |
210 char fromaddr[60]; | |
152 int i; | 211 int i; |
212 | |
213 #if DROPBEAR_PLUGIN | |
214 if ((ses.plugin_session != NULL)) { | |
215 svr_ses.plugin_instance->delete_session(ses.plugin_session); | |
216 } | |
217 ses.plugin_session = NULL; | |
218 #endif | |
153 | 219 |
154 /* Render the formatted exit message */ | 220 /* Render the formatted exit message */ |
155 vsnprintf(exitmsg, sizeof(exitmsg), format, param); | 221 vsnprintf(exitmsg, sizeof(exitmsg), format, param); |
222 | |
223 /* svr_ses.addrstring may not be set for some early exits, or for | |
224 the listener process */ | |
225 fromaddr[0] = '\0'; | |
226 if (svr_ses.addrstring) { | |
227 snprintf(fromaddr, sizeof(fromaddr), " from <%s>", svr_ses.addrstring); | |
228 } | |
156 | 229 |
157 /* Add the prefix depending on session/auth state */ | 230 /* Add the prefix depending on session/auth state */ |
158 if (!ses.init_done) { | 231 if (!ses.init_done) { |
159 /* before session init */ | 232 /* before session init */ |
160 snprintf(fullmsg, sizeof(fullmsg), "Early exit: %s", exitmsg); | 233 snprintf(fullmsg, sizeof(fullmsg), "Early exit%s: %s", fromaddr, exitmsg); |
161 } else if (ses.authstate.authdone) { | 234 } else if (ses.authstate.authdone) { |
162 /* user has authenticated */ | 235 /* user has authenticated */ |
163 snprintf(fullmsg, sizeof(fullmsg), | 236 snprintf(fullmsg, sizeof(fullmsg), |
164 "Exit (%s): %s", | 237 "Exit (%s)%s: %s", |
165 ses.authstate.pw_name, exitmsg); | 238 ses.authstate.pw_name, fromaddr, exitmsg); |
166 } else if (ses.authstate.pw_name) { | 239 } else if (ses.authstate.pw_name) { |
167 /* we have a potential user */ | 240 /* we have a potential user */ |
168 snprintf(fullmsg, sizeof(fullmsg), | 241 snprintf(fullmsg, sizeof(fullmsg), |
169 "Exit before auth (user '%s', %u fails): %s", | 242 "Exit before auth%s: (user '%s', %u fails): %s", |
170 ses.authstate.pw_name, ses.authstate.failcount, exitmsg); | 243 fromaddr, ses.authstate.pw_name, ses.authstate.failcount, exitmsg); |
171 } else { | 244 } else { |
172 /* before userauth */ | 245 /* before userauth */ |
173 snprintf(fullmsg, sizeof(fullmsg), "Exit before auth: %s", exitmsg); | 246 snprintf(fullmsg, sizeof(fullmsg), "Exit before auth%s: %s", fromaddr, exitmsg); |
174 } | 247 } |
175 | 248 |
176 dropbear_log(LOG_INFO, "%s", fullmsg); | 249 dropbear_log(LOG_INFO, "%s", fullmsg); |
177 | 250 |
178 #if DROPBEAR_VFORK | 251 #if DROPBEAR_VFORK |
255 dropbear_close("Exited normally"); | 328 dropbear_close("Exited normally"); |
256 | 329 |
257 } | 330 } |
258 | 331 |
259 static void svr_algos_initialise(void) { | 332 static void svr_algos_initialise(void) { |
260 #if DROPBEAR_DH_GROUP1 && DROPBEAR_DH_GROUP1_CLIENTONLY | |
261 algo_type *algo; | 333 algo_type *algo; |
262 for (algo = sshkex; algo->name; algo++) { | 334 for (algo = sshkex; algo->name; algo++) { |
335 #if DROPBEAR_DH_GROUP1 && DROPBEAR_DH_GROUP1_CLIENTONLY | |
263 if (strcmp(algo->name, "diffie-hellman-group1-sha1") == 0) { | 336 if (strcmp(algo->name, "diffie-hellman-group1-sha1") == 0) { |
264 algo->usable = 0; | 337 algo->usable = 0; |
265 } | 338 } |
266 } | 339 #endif |
267 #endif | 340 #if DROPBEAR_EXT_INFO |
268 } | 341 if (strcmp(algo->name, SSH_EXT_INFO_C) == 0) { |
269 | 342 algo->usable = 0; |
343 } | |
344 #endif | |
345 } | |
346 } | |
347 |