Mercurial > dropbear

comparison svr-session.c @ 1739:13d834efc376 fuzz

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
merge from main
author Matt Johnston <matt@ucc.asn.au>
date Thu, 15 Oct 2020 19:55:15 +0800
parents 435cfb9ec96e
children a6da10ac64b5
comparison
equal deleted inserted replaced
1562:768ebf737aa0 1739:13d834efc376
86 86
87 m_free(svr_ses.addrstring); 87 m_free(svr_ses.addrstring);
88 m_free(svr_ses.remotehost); 88 m_free(svr_ses.remotehost);
89 m_free(svr_ses.childpids); 89 m_free(svr_ses.childpids);
90 svr_ses.childpidsize = 0; 90 svr_ses.childpidsize = 0;
91
92 #if DROPBEAR_PLUGIN
93 if (svr_ses.plugin_handle != NULL) {
94 if (svr_ses.plugin_instance) {
95 svr_ses.plugin_instance->delete_plugin(svr_ses.plugin_instance);
96 svr_ses.plugin_instance = NULL;
97 }
98
99 dlclose(svr_ses.plugin_handle);
100 svr_ses.plugin_handle = NULL;
101 }
102 #endif
91 } 103 }
92 104
93 void svr_session(int sock, int childpipe) { 105 void svr_session(int sock, int childpipe) {
94 char *host, *port; 106 char *host, *port;
95 size_t len; 107 size_t len;
99 /* Initialise server specific parts of the session */ 111 /* Initialise server specific parts of the session */
100 svr_ses.childpipe = childpipe; 112 svr_ses.childpipe = childpipe;
101 #if DROPBEAR_VFORK 113 #if DROPBEAR_VFORK
102 svr_ses.server_pid = getpid(); 114 svr_ses.server_pid = getpid();
103 #endif 115 #endif
104 svr_authinitialise();
105 chaninitialise(svr_chantypes);
106 svr_chansessinitialise();
107 svr_algos_initialise();
108 116
109 /* for logging the remote address */ 117 /* for logging the remote address */
110 get_socket_address(ses.sock_in, NULL, NULL, &host, &port, 0); 118 get_socket_address(ses.sock_in, NULL, NULL, &host, &port, 0);
111 len = strlen(host) + strlen(port) + 2; 119 len = strlen(host) + strlen(port) + 2;
112 svr_ses.addrstring = m_malloc(len); 120 svr_ses.addrstring = m_malloc(len);
113 snprintf(svr_ses.addrstring, len, "%s:%s", host, port); 121 snprintf(svr_ses.addrstring, len, "%s:%s", host, port);
114 m_free(host); 122 m_free(host);
115 m_free(port); 123 m_free(port);
116 124
125 #if DROPBEAR_PLUGIN
126 /* Initializes the PLUGIN Plugin */
127 svr_ses.plugin_handle = NULL;
128 svr_ses.plugin_instance = NULL;
129 if (svr_opts.pubkey_plugin) {
130 #if DEBUG_TRACE
131 const int verbose = debug_trace;
132 #else
133 const int verbose = 0;
134 #endif
135 PubkeyExtPlugin_newFn pluginConstructor;
136
137 /* RTLD_NOW: fails if not all the symbols are resolved now. Better fail now than at run-time */
138 svr_ses.plugin_handle = dlopen(svr_opts.pubkey_plugin, RTLD_NOW);
139 if (svr_ses.plugin_handle == NULL) {
140 dropbear_exit("failed to load external pubkey plugin '%s': %s", svr_opts.pubkey_plugin, dlerror());
141 }
142 pluginConstructor = (PubkeyExtPlugin_newFn)dlsym(svr_ses.plugin_handle, DROPBEAR_PUBKEY_PLUGIN_FNNAME_NEW);
143 if (!pluginConstructor) {
144 dropbear_exit("plugin constructor method not found in external pubkey plugin");
145 }
146
147 /* Create an instance of the plugin */
148 svr_ses.plugin_instance = pluginConstructor(verbose, svr_opts.pubkey_plugin_options, svr_ses.addrstring);
149 if (svr_ses.plugin_instance == NULL) {
150 dropbear_exit("external plugin initialization failed");
151 }
152 /* Check if the plugin is compatible */
153 if ( (svr_ses.plugin_instance->api_version[0] != DROPBEAR_PLUGIN_VERSION_MAJOR) ||
154 (svr_ses.plugin_instance->api_version[1] < DROPBEAR_PLUGIN_VERSION_MINOR) ) {
155 dropbear_exit("plugin version check failed: "
156 "Dropbear=%d.%d, plugin=%d.%d",
157 DROPBEAR_PLUGIN_VERSION_MAJOR, DROPBEAR_PLUGIN_VERSION_MINOR,
158 svr_ses.plugin_instance->api_version[0], svr_ses.plugin_instance->api_version[1]);
159 }
160 if (svr_ses.plugin_instance->api_version[1] > DROPBEAR_PLUGIN_VERSION_MINOR) {
161 dropbear_log(LOG_WARNING, "plugin API newer than dropbear API: "
162 "Dropbear=%d.%d, plugin=%d.%d",
163 DROPBEAR_PLUGIN_VERSION_MAJOR, DROPBEAR_PLUGIN_VERSION_MINOR,
164 svr_ses.plugin_instance->api_version[0], svr_ses.plugin_instance->api_version[1]);
165 }
166 dropbear_log(LOG_INFO, "successfully loaded and initialized pubkey plugin '%s'", svr_opts.pubkey_plugin);
167 }
168 #endif
169
170 svr_authinitialise();
171 chaninitialise(svr_chantypes);
172 svr_chansessinitialise();
173 svr_algos_initialise();
174
117 get_socket_address(ses.sock_in, NULL, NULL, 175 get_socket_address(ses.sock_in, NULL, NULL,
118 &svr_ses.remotehost, NULL, 1); 176 &svr_ses.remotehost, NULL, 1);
119 177
120 /* set up messages etc */ 178 /* set up messages etc */
121 ses.remoteclosed = svr_remoteclosed; 179 ses.remoteclosed = svr_remoteclosed;
147 205
148 /* failure exit - format must be <= 100 chars */ 206 /* failure exit - format must be <= 100 chars */
149 void svr_dropbear_exit(int exitcode, const char* format, va_list param) { 207 void svr_dropbear_exit(int exitcode, const char* format, va_list param) {
150 char exitmsg[150]; 208 char exitmsg[150];
151 char fullmsg[300]; 209 char fullmsg[300];
210 char fromaddr[60];
152 int i; 211 int i;
212
213 #if DROPBEAR_PLUGIN
214 if ((ses.plugin_session != NULL)) {
215 svr_ses.plugin_instance->delete_session(ses.plugin_session);
216 }
217 ses.plugin_session = NULL;
218 #endif
153 219
154 /* Render the formatted exit message */ 220 /* Render the formatted exit message */
155 vsnprintf(exitmsg, sizeof(exitmsg), format, param); 221 vsnprintf(exitmsg, sizeof(exitmsg), format, param);
222
223 /* svr_ses.addrstring may not be set for some early exits, or for
224 the listener process */
225 fromaddr[0] = '\0';
226 if (svr_ses.addrstring) {
227 snprintf(fromaddr, sizeof(fromaddr), " from <%s>", svr_ses.addrstring);
228 }
156 229
157 /* Add the prefix depending on session/auth state */ 230 /* Add the prefix depending on session/auth state */
158 if (!ses.init_done) { 231 if (!ses.init_done) {
159 /* before session init */ 232 /* before session init */
160 snprintf(fullmsg, sizeof(fullmsg), "Early exit: %s", exitmsg); 233 snprintf(fullmsg, sizeof(fullmsg), "Early exit%s: %s", fromaddr, exitmsg);
161 } else if (ses.authstate.authdone) { 234 } else if (ses.authstate.authdone) {
162 /* user has authenticated */ 235 /* user has authenticated */
163 snprintf(fullmsg, sizeof(fullmsg), 236 snprintf(fullmsg, sizeof(fullmsg),
164 "Exit (%s): %s", 237 "Exit (%s)%s: %s",
165 ses.authstate.pw_name, exitmsg); 238 ses.authstate.pw_name, fromaddr, exitmsg);
166 } else if (ses.authstate.pw_name) { 239 } else if (ses.authstate.pw_name) {
167 /* we have a potential user */ 240 /* we have a potential user */
168 snprintf(fullmsg, sizeof(fullmsg), 241 snprintf(fullmsg, sizeof(fullmsg),
169 "Exit before auth (user '%s', %u fails): %s", 242 "Exit before auth%s: (user '%s', %u fails): %s",
170 ses.authstate.pw_name, ses.authstate.failcount, exitmsg); 243 fromaddr, ses.authstate.pw_name, ses.authstate.failcount, exitmsg);
171 } else { 244 } else {
172 /* before userauth */ 245 /* before userauth */
173 snprintf(fullmsg, sizeof(fullmsg), "Exit before auth: %s", exitmsg); 246 snprintf(fullmsg, sizeof(fullmsg), "Exit before auth%s: %s", fromaddr, exitmsg);
174 } 247 }
175 248
176 dropbear_log(LOG_INFO, "%s", fullmsg); 249 dropbear_log(LOG_INFO, "%s", fullmsg);
177 250
178 #if DROPBEAR_VFORK 251 #if DROPBEAR_VFORK
255 dropbear_close("Exited normally"); 328 dropbear_close("Exited normally");
256 329
257 } 330 }
258 331
259 static void svr_algos_initialise(void) { 332 static void svr_algos_initialise(void) {
260 #if DROPBEAR_DH_GROUP1 && DROPBEAR_DH_GROUP1_CLIENTONLY
261 algo_type *algo; 333 algo_type *algo;
262 for (algo = sshkex; algo->name; algo++) { 334 for (algo = sshkex; algo->name; algo++) {
335 #if DROPBEAR_DH_GROUP1 && DROPBEAR_DH_GROUP1_CLIENTONLY
263 if (strcmp(algo->name, "diffie-hellman-group1-sha1") == 0) { 336 if (strcmp(algo->name, "diffie-hellman-group1-sha1") == 0) {
264 algo->usable = 0; 337 algo->usable = 0;
265 } 338 }
266 } 339 #endif
267 #endif 340 #if DROPBEAR_EXT_INFO
268 } 341 if (strcmp(algo->name, SSH_EXT_INFO_C) == 0) {
269 342 algo->usable = 0;
343 }
344 #endif
345 }
346 }
347