# HG changeset patch # User Matt Johnston # Date 1143291429 0 # Node ID 740e782679bee091b27e9a8177d1315d7a7e7792 # Parent e37b160c414cab6466622f63b0c4dcbf6ebc47a9 Various changes to compile+kind of run on UCC's axis board. Note that fprintf(stdin -> printf( accounts for many of the changes diff -r e37b160c414c -r 740e782679be cli-authinteract.c --- a/cli-authinteract.c Fri Dec 09 06:10:27 2005 +0000 +++ b/cli-authinteract.c Sat Mar 25 12:57:09 2006 +0000 @@ -39,7 +39,7 @@ char buf[DROPBEAR_MAX_CLI_PASS]; char* ret = NULL; - fprintf(stderr, "%s", prompt); + printf( "%s", prompt); tty = fopen(_PATH_TTY, "r"); if (tty) { @@ -98,12 +98,12 @@ if (strlen(name) > 0) { cleantext(name); - fprintf(stderr, "%s", name); + printf( "%s", name); m_free(name); } if (strlen(instruction) > 0) { cleantext(instruction); - fprintf(stderr, "%s", instruction); + printf( "%s", instruction); m_free(instruction); } diff -r e37b160c414c -r 740e782679be cli-kex.c --- a/cli-kex.c Fri Dec 09 06:10:27 2005 +0000 +++ b/cli-kex.c Sat Mar 25 12:57:09 2006 +0000 @@ -119,7 +119,7 @@ char response = 'z'; fp = sign_key_fingerprint(keyblob, keybloblen); - fprintf(stderr, "\nHost '%s' is not in the trusted hosts file.\n(fingerprint %s)\nDo you want to continue connecting? (y/n)\n", + printf( "\nHost '%s' is not in the trusted hosts file.\n(fingerprint %s)\nDo you want to continue connecting? (y/n)\n", cli_opts.remotehost, fp); diff -r e37b160c414c -r 740e782679be cli-main.c --- a/cli-main.c Fri Dec 09 06:10:27 2005 +0000 +++ b/cli-main.c Sat Mar 25 12:57:09 2006 +0000 @@ -107,6 +107,6 @@ vsnprintf(printbuf, sizeof(printbuf), format, param); - fprintf(stderr, "%s: %s\n", cli_opts.progname, printbuf); + printf( "%s: %s\n", cli_opts.progname, printbuf); } diff -r e37b160c414c -r 740e782679be cli-runopts.c --- a/cli-runopts.c Fri Dec 09 06:10:27 2005 +0000 +++ b/cli-runopts.c Sat Mar 25 12:57:09 2006 +0000 @@ -43,7 +43,7 @@ static void printhelp() { - fprintf(stderr, "Dropbear client v%s\n" + printf( "Dropbear client v%s\n" "Usage: %s [options] [user@]host\n" "Options are:\n" "-p \n" @@ -203,7 +203,7 @@ case 'b': next = &dummy; default: - fprintf(stderr, + printf( "WARNING: Ignoring unknown argument '%s'\n", argv[i]); break; } /* Switch */ @@ -282,7 +282,7 @@ keytype = DROPBEAR_SIGNKEY_ANY; if ( readhostkey(filename, key, &keytype) != DROPBEAR_SUCCESS ) { - fprintf(stderr, "Failed loading keyfile '%s'\n", filename); + printf( "Failed loading keyfile '%s'\n", filename); sign_key_free(key); } else { diff -r e37b160c414c -r 740e782679be cli-session.c --- a/cli-session.c Fri Dec 09 06:10:27 2005 +0000 +++ b/cli-session.c Sat Mar 25 12:57:09 2006 +0000 @@ -266,7 +266,7 @@ cli_session_cleanup(); common_session_cleanup(); - fprintf(stderr, "Connection to %s@%s:%s closed.\n", cli_opts.username, + printf( "Connection to %s@%s:%s closed.\n", cli_opts.username, cli_opts.remotehost, cli_opts.remoteport); exit(cli_ses.retval); } diff -r e37b160c414c -r 740e782679be dbmulti.c --- a/dbmulti.c Fri Dec 09 06:10:27 2005 +0000 +++ b/dbmulti.c Sat Mar 25 12:57:09 2006 +0000 @@ -66,7 +66,7 @@ #endif } - fprintf(stderr, "Dropbear multi-purpose version %s\n" + printf("Dropbear multi-purpose version %s\n" "Make a symlink pointing at this binary with one of the following names:\n" #ifdef DBMULTI_dropbear "'dropbear' - the Dropbear server\n" diff -r e37b160c414c -r 740e782679be dbutil.c --- a/dbutil.c Fri Dec 09 06:10:27 2005 +0000 +++ b/dbutil.c Sat Mar 25 12:57:09 2006 +0000 @@ -121,7 +121,7 @@ vsnprintf(printbuf, sizeof(printbuf), format, param); - fprintf(stderr, "%s\n", printbuf); + printf( "%s\n", printbuf); } @@ -146,10 +146,11 @@ } va_start(param, format); - fprintf(stderr, "TRACE: "); - vfprintf(stderr, format, param); - fprintf(stderr, "\n"); + printf( "TRACE: "); + vprintf( format, param); + printf( "\n"); va_end(param); + //usleep(100000); } #endif /* DEBUG_TRACE */ @@ -476,17 +477,17 @@ int i; - fprintf(stderr, "%s\n", label); + printf( "%s\n", label); for (i = 0; i < len; i++) { - fprintf(stderr, "%02x", buf[i]); + printf( "%02x", buf[i]); if (i % 16 == 15) { - fprintf(stderr, "\n"); + printf( "\n"); } else if (i % 2 == 1) { - fprintf(stderr, " "); + printf( " "); } } - fprintf(stderr, "\n"); + printf( "\n"); } #endif diff -r e37b160c414c -r 740e782679be debug.h --- a/debug.h Fri Dec 09 06:10:27 2005 +0000 +++ b/debug.h Sat Mar 25 12:57:09 2006 +0000 @@ -39,7 +39,7 @@ * Caution: Don't use this in an unfriendly environment (ie unfirewalled), * since the printing may not sanitise strings etc. This will add a reasonable * amount to your executable size. */ -/*#define DEBUG_TRACE */ +#define DEBUG_TRACE /* All functions writing to the cleartext payload buffer call * CHECKCLEARTOWRITE() before writing. This is only really useful if you're diff -r e37b160c414c -r 740e782679be dropbearconvert.c --- a/dropbearconvert.c Fri Dec 09 06:10:27 2005 +0000 +++ b/dropbearconvert.c Sat Mar 25 12:57:09 2006 +0000 @@ -37,7 +37,7 @@ static void printhelp(char * progname) { - fprintf(stderr, "Usage: %s \n\n" + printf( "Usage: %s \n\n" "CAUTION: This program is for convenience only, and is not secure if used on\n" "untrusted input files, ie it could allow arbitrary code execution.\n" "All parameters must be specified in order.\n" @@ -69,7 +69,7 @@ /* get the commandline options */ if (argc != 5) { - fprintf(stderr, "All arguments must be specified\n"); + printf( "All arguments must be specified\n"); goto usage; } @@ -79,7 +79,7 @@ } else if (argv[1][0] == 'o') { intype = KEYFILE_OPENSSH; } else { - fprintf(stderr, "Invalid input key type\n"); + printf( "Invalid input key type\n"); goto usage; } @@ -89,7 +89,7 @@ } else if (argv[2][0] == 'o') { outtype = KEYFILE_OPENSSH; } else { - fprintf(stderr, "Invalid output key type\n"); + printf( "Invalid output key type\n"); goto usage; } @@ -116,7 +116,7 @@ key = import_read(infile, NULL, intype); if (!key) { - fprintf(stderr, "Error reading key from '%s'\n", + printf( "Error reading key from '%s'\n", infile); goto out; } @@ -132,12 +132,12 @@ } #endif - fprintf(stderr, "Key is a %s key\n", keytype); + printf( "Key is a %s key\n", keytype); if (import_write(outfile, key, NULL, outtype) != 1) { - fprintf(stderr, "Error writing key to '%s'\n", outfile); + printf( "Error writing key to '%s'\n", outfile); } else { - fprintf(stderr, "Wrote key to '%s'\n", outfile); + printf( "Wrote key to '%s'\n", outfile); ret = 0; } diff -r e37b160c414c -r 740e782679be dropbearkey.c --- a/dropbearkey.c Fri Dec 09 06:10:27 2005 +0000 +++ b/dropbearkey.c Sat Mar 25 12:57:09 2006 +0000 @@ -64,7 +64,7 @@ /* Print a help message */ static void printhelp(char * progname) { - fprintf(stderr, "Usage: %s -t -f [-s bits]\n" + printf( "Usage: %s -t -f [-s bits]\n" "Options are:\n" "-t type Type of key to generate. One of:\n" #ifdef DROPBEAR_RSA @@ -136,7 +136,7 @@ break; #endif default: - fprintf(stderr, "Unknown argument %s\n", argv[i]); + printf( "Unknown argument %s\n", argv[i]); printhelp(argv[0]); exit(EXIT_FAILURE); break; @@ -145,7 +145,7 @@ } if (!filename) { - fprintf(stderr, "Must specify a key filename\n"); + printf( "Must specify a key filename\n"); printhelp(argv[0]); exit(EXIT_FAILURE); } @@ -157,7 +157,7 @@ /* check/parse args */ if (!typetext) { - fprintf(stderr, "Must specify key type\n"); + printf( "Must specify key type\n"); printhelp(argv[0]); exit(EXIT_FAILURE); } @@ -177,19 +177,19 @@ #endif } if (keytype == -1) { - fprintf(stderr, "Unknown key type '%s'\n", typetext); + printf( "Unknown key type '%s'\n", typetext); printhelp(argv[0]); exit(EXIT_FAILURE); } if (sizetext) { if (sscanf(sizetext, "%u", &bits) != 1) { - fprintf(stderr, "Bits must be an integer\n"); + printf( "Bits must be an integer\n"); exit(EXIT_FAILURE); } if (bits < 512 || bits > 4096 || (bits % 8 != 0)) { - fprintf(stderr, "Bits must satisfy 512 <= bits <= 4096, and be a" + printf( "Bits must satisfy 512 <= bits <= 4096, and be a" " multiple of 8\n"); exit(EXIT_FAILURE); } @@ -206,7 +206,7 @@ } - fprintf(stderr, "Will output %d bit %s secret key to '%s'\n", keysize*8, + printf( "Will output %d bit %s secret key to '%s'\n", keysize*8, typetext, filename); /* don't want the file readable by others */ @@ -215,7 +215,7 @@ /* now we can generate the key */ key = new_sign_key(); - fprintf(stderr, "Generating key, this may take a while...\n"); + printf( "Generating key, this may take a while...\n"); switch(keytype) { #ifdef DROPBEAR_RSA case DROPBEAR_SIGNKEY_RSA: @@ -228,7 +228,7 @@ break; #endif default: - fprintf(stderr, "Internal error, bad key type\n"); + printf( "Internal error, bad key type\n"); exit(EXIT_FAILURE); } @@ -261,7 +261,7 @@ ret = buf_readfile(buf, filename); if (ret != DROPBEAR_SUCCESS) { - fprintf(stderr, "Failed reading '%s'\n", filename); + printf( "Failed reading '%s'\n", filename); goto out; } @@ -271,7 +271,7 @@ buf_setpos(buf, 0); ret = buf_get_priv_key(buf, key, &keytype); if (ret == DROPBEAR_FAILURE) { - fprintf(stderr, "Bad key in '%s'\n", filename); + printf( "Bad key in '%s'\n", filename); goto out; } @@ -308,7 +308,7 @@ err = base64_encode(buf_getptr(buf, len), len, base64key, &base64len); if (err != CRYPT_OK) { - fprintf(stderr, "base64 failed"); + printf( "base64 failed"); } typestring = signkey_name_from_type(keytype, &err); @@ -330,7 +330,7 @@ fd = open(filename, O_RDWR | O_CREAT | O_EXCL, S_IRUSR | S_IWUSR); if (fd < 0) { - fprintf(stderr, "Couldn't create new file %s\n", filename); + printf( "Couldn't create new file %s\n", filename); perror("Reason"); buf_burn(buf); exit(EXIT_FAILURE); @@ -344,7 +344,7 @@ continue; } if (len <= 0) { - fprintf(stderr, "Failed writing file '%s'\n",filename); + printf( "Failed writing file '%s'\n",filename); perror("Reason"); exit(EXIT_FAILURE); } diff -r e37b160c414c -r 740e782679be fake-rfc2553.h --- a/fake-rfc2553.h Fri Dec 09 06:10:27 2005 +0000 +++ b/fake-rfc2553.h Sat Mar 25 12:57:09 2006 +0000 @@ -64,19 +64,19 @@ #endif /* !IN6_IS_ADDR_LOOPBACK */ #ifndef HAVE_STRUCT_IN6_ADDR -struct in6_addr { - u_int8_t s6_addr[16]; -}; +// struct in6_addr { +// u_int8_t s6_addr[16]; +// }; #endif /* !HAVE_STRUCT_IN6_ADDR */ -#ifndef HAVE_STRUCT_SOCKADDR_IN6 -struct sockaddr_in6 { - unsigned short sin6_family; - u_int16_t sin6_port; - u_int32_t sin6_flowinfo; - struct in6_addr sin6_addr; -}; -#endif /* !HAVE_STRUCT_SOCKADDR_IN6 */ +// #ifndef HAVE_STRUCT_SOCKADDR_IN6 +// struct sockaddr_in6 { +// unsigned short sin6_family; +// u_int16_t sin6_port; +// u_int32_t sin6_flowinfo; +// struct in6_addr sin6_addr; +// }; +// #endif /* !HAVE_STRUCT_SOCKADDR_IN6 */ #ifndef AF_INET6 /* Define it to something that should never appear */ @@ -120,18 +120,18 @@ # define EAI_NONAME 3 #endif -#ifndef HAVE_STRUCT_ADDRINFO -struct addrinfo { - int ai_flags; /* AI_PASSIVE, AI_CANONNAME */ - int ai_family; /* PF_xxx */ - int ai_socktype; /* SOCK_xxx */ - int ai_protocol; /* 0 or IPPROTO_xxx for IPv4 and IPv6 */ - size_t ai_addrlen; /* length of ai_addr */ - char *ai_canonname; /* canonical name for hostname */ - struct sockaddr *ai_addr; /* binary address */ - struct addrinfo *ai_next; /* next structure in linked list */ -}; -#endif /* !HAVE_STRUCT_ADDRINFO */ +// #ifndef HAVE_STRUCT_ADDRINFO +// struct addrinfo { +// int ai_flags; /* AI_PASSIVE, AI_CANONNAME */ +// int ai_family; /* PF_xxx */ +// int ai_socktype; /* SOCK_xxx */ +// int ai_protocol; /* 0 or IPPROTO_xxx for IPv4 and IPv6 */ +// size_t ai_addrlen; /* length of ai_addr */ +// char *ai_canonname; /* canonical name for hostname */ +// struct sockaddr *ai_addr; /* binary address */ +// struct addrinfo *ai_next; /* next structure in linked list */ +// }; +// #endif /* !HAVE_STRUCT_ADDRINFO */ #ifndef HAVE_GETADDRINFO #ifdef getaddrinfo diff -r e37b160c414c -r 740e782679be gendss.c --- a/gendss.c Fri Dec 09 06:10:27 2005 +0000 +++ b/gendss.c Sat Mar 25 12:57:09 2006 +0000 @@ -81,7 +81,7 @@ /* 18 rounds are required according to HAC */ if (mp_prime_next_prime(key->q, 18, 0) != MP_OKAY) { - fprintf(stderr, "dss key generation failed\n"); + printf( "dss key generation failed\n"); exit(1); } } @@ -100,7 +100,7 @@ /* 2*q */ if (mp_mul_d(key->q, 2, &temp2q) != MP_OKAY) { - fprintf(stderr, "dss key generation failed\n"); + printf( "dss key generation failed\n"); exit(1); } @@ -117,25 +117,25 @@ /* C = X mod 2q */ if (mp_mod(&tempX, &temp2q, &tempC) != MP_OKAY) { - fprintf(stderr, "dss key generation failed\n"); + printf( "dss key generation failed\n"); exit(1); } /* P = X - (C - 1) = X - C + 1*/ if (mp_sub(&tempX, &tempC, &tempP) != MP_OKAY) { - fprintf(stderr, "dss key generation failed\n"); + printf( "dss key generation failed\n"); exit(1); } if (mp_add_d(&tempP, 1, key->p) != MP_OKAY) { - fprintf(stderr, "dss key generation failed\n"); + printf( "dss key generation failed\n"); exit(1); } /* now check for prime, 5 rounds is enough according to HAC */ /* result == 1 => p is prime */ if (mp_prime_is_prime(key->p, 5, &result) != MP_OKAY) { - fprintf(stderr, "dss key generation failed\n"); + printf( "dss key generation failed\n"); exit(1); } } while (!result); @@ -155,11 +155,11 @@ /* get div=(p-1)/q */ if (mp_sub_d(key->p, 1, &val) != MP_OKAY) { - fprintf(stderr, "dss key generation failed\n"); + printf( "dss key generation failed\n"); exit(1); } if (mp_div(&val, key->q, &div, NULL) != MP_OKAY) { - fprintf(stderr, "dss key generation failed\n"); + printf( "dss key generation failed\n"); exit(1); } @@ -168,12 +168,12 @@ do { /* now keep going with g=h^div mod p, until g > 1 */ if (mp_exptmod(&h, &div, key->p, key->g) != MP_OKAY) { - fprintf(stderr, "dss key generation failed\n"); + printf( "dss key generation failed\n"); exit(1); } if (mp_add_d(&h, 1, &h) != MP_OKAY) { - fprintf(stderr, "dss key generation failed\n"); + printf( "dss key generation failed\n"); exit(1); } @@ -190,7 +190,7 @@ static void gety(dss_key *key) { if (mp_exptmod(key->g, key->x, key->p, key->y) != MP_OKAY) { - fprintf(stderr, "dss key generation failed\n"); + printf( "dss key generation failed\n"); exit(1); } } diff -r e37b160c414c -r 740e782679be genrsa.c --- a/genrsa.c Fri Dec 09 06:10:27 2005 +0000 +++ b/genrsa.c Sat Mar 25 12:57:09 2006 +0000 @@ -58,7 +58,7 @@ seedrandom(); if (mp_set_int(key->e, RSA_E) != MP_OKAY) { - fprintf(stderr, "rsa generation failed\n"); + printf( "rsa generation failed\n"); exit(1); } @@ -69,21 +69,21 @@ getrsaprime(key->q, &qminus, key->e, size/2); if (mp_mul(key->p, key->q, key->n) != MP_OKAY) { - fprintf(stderr, "rsa generation failed\n"); + printf( "rsa generation failed\n"); exit(1); } } while (mp_count_bits(key->n) % 8 != 0); /* lcm(p-1, q-1) */ if (mp_lcm(&pminus, &qminus, &lcm) != MP_OKAY) { - fprintf(stderr, "rsa generation failed\n"); + printf( "rsa generation failed\n"); exit(1); } /* de = 1 mod lcm(p-1,q-1) */ /* therefore d = (e^-1) mod lcm(p-1,q-1) */ if (mp_invmod(key->e, &lcm, key->d) != MP_OKAY) { - fprintf(stderr, "rsa generation failed\n"); + printf( "rsa generation failed\n"); exit(1); } @@ -112,18 +112,18 @@ /* find the next integer which is prime, 8 round of miller-rabin */ if (mp_prime_next_prime(prime, 8, 0) != MP_OKAY) { - fprintf(stderr, "rsa generation failed\n"); + printf( "rsa generation failed\n"); exit(1); } /* subtract one to get p-1 */ if (mp_sub_d(prime, 1, primeminus) != MP_OKAY) { - fprintf(stderr, "rsa generation failed\n"); + printf( "rsa generation failed\n"); exit(1); } /* check relative primality to e */ if (mp_gcd(primeminus, rsa_e, &temp_gcd) != MP_OKAY) { - fprintf(stderr, "rsa generation failed\n"); + printf( "rsa generation failed\n"); exit(1); } } while (mp_cmp_d(&temp_gcd, 1) != MP_EQ); /* while gcd(p-1, e) != 1 */ diff -r e37b160c414c -r 740e782679be includes.h --- a/includes.h Fri Dec 09 06:10:27 2005 +0000 +++ b/includes.h Sat Mar 25 12:57:09 2006 +0000 @@ -50,15 +50,15 @@ #include #include #include +// from unistd.h +#define MAXNAMLEN 1024 #include #include #include #include #include -#ifdef HAVE_UTMP_H #include -#endif #ifdef HAVE_UTMPX_H #include @@ -86,9 +86,7 @@ #include -#ifdef HAVE_NETINET_TCP_H #include -#endif #ifdef HAVE_INTTYPES_H #include @@ -115,7 +113,7 @@ #endif #ifdef HAVE_LIBGEN_H -#include +//#include #endif #include "libtomcrypt/src/headers/tomcrypt.h" @@ -128,7 +126,7 @@ #ifndef HAVE_U_INT16_T typedef unsigned short u_int16_t; #endif /* HAVE_U_INT16_T */ -typedef u_int16_t uint16_t; +// typedef u_int16_t uint16_t; #endif /* HAVE_UINT16_T */ #ifndef LOG_AUTHPRIV diff -r e37b160c414c -r 740e782679be keyimport.c --- a/keyimport.c Fri Dec 09 06:10:27 2005 +0000 +++ b/keyimport.c Sat Mar 25 12:57:09 2006 +0000 @@ -483,7 +483,7 @@ m_free(ret); } if (errmsg) { - fprintf(stderr, "Error: %s\n", errmsg); + printf( "Error: %s\n", errmsg); } return NULL; } @@ -682,7 +682,7 @@ m_burn(key, sizeof(key)); m_free(key); if (errmsg) { - fprintf(stderr, "Error: %s\n", errmsg); + printf( "Error: %s\n", errmsg); } return retval; } @@ -738,7 +738,7 @@ if (keytype == DROPBEAR_SIGNKEY_RSA) { if (key->rsakey->p == NULL || key->rsakey->q == NULL) { - fprintf(stderr, "Pre-0.33 Dropbear keys cannot be converted to OpenSSH keys.\n"); + printf( "Pre-0.33 Dropbear keys cannot be converted to OpenSSH keys.\n"); goto error; } @@ -775,27 +775,27 @@ /* dmp1 = d mod (p-1) */ if (mp_sub_d(key->rsakey->p, 1, &tmpval) != MP_OKAY) { - fprintf(stderr, "Bignum error for p-1\n"); + printf( "Bignum error for p-1\n"); goto error; } if (mp_mod(key->rsakey->d, &tmpval, &dmp1) != MP_OKAY) { - fprintf(stderr, "Bignum error for dmp1\n"); + printf( "Bignum error for dmp1\n"); goto error; } /* dmq1 = d mod (q-1) */ if (mp_sub_d(key->rsakey->q, 1, &tmpval) != MP_OKAY) { - fprintf(stderr, "Bignum error for q-1\n"); + printf( "Bignum error for q-1\n"); goto error; } if (mp_mod(key->rsakey->d, &tmpval, &dmq1) != MP_OKAY) { - fprintf(stderr, "Bignum error for dmq1\n"); + printf( "Bignum error for dmq1\n"); goto error; } /* iqmp = (q^-1) mod p */ if (mp_invmod(key->rsakey->q, key->rsakey->p, &iqmp) != MP_OKAY) { - fprintf(stderr, "Bignum error for iqmp\n"); + printf( "Bignum error for iqmp\n"); goto error; } @@ -924,7 +924,7 @@ * Encrypt the key. */ if (passphrase) { - fprintf(stderr, "Encrypted keys aren't supported currently\n"); + printf( "Encrypted keys aren't supported currently\n"); goto error; #if 0 /* @@ -972,7 +972,7 @@ fp = fopen(filename, "wb"); /* ensure Unix line endings */ } if (!fp) { - fprintf(stderr, "Failed opening output file\n"); + printf( "Failed opening output file\n"); goto error; } fputs(header, fp); diff -r e37b160c414c -r 740e782679be loginrec.c --- a/loginrec.c Fri Dec 09 06:10:27 2005 +0000 +++ b/loginrec.c Sat Mar 25 12:57:09 2006 +0000 @@ -685,6 +685,7 @@ /* FIXME: (ATL) ttyslot() needs local implementation */ +#if 0 #if defined(HAVE_GETTTYENT) register struct ttyent *ty; @@ -732,6 +733,8 @@ } else { return 0; } +#endif + return 1; } # endif /* UTMP_USE_LIBRARY */ diff -r e37b160c414c -r 740e782679be options.h --- a/options.h Fri Dec 09 06:10:27 2005 +0000 +++ b/options.h Sat Mar 25 12:57:09 2006 +0000 @@ -46,7 +46,7 @@ #define DROPBEAR_SMALL_CODE /* Enable X11 Forwarding - server only */ -#define ENABLE_X11FWD +//#define ENABLE_X11FWD /* Enable TCP Fowarding */ /* 'Local' is "-L" style (client listening port forwarded via server) @@ -65,12 +65,12 @@ * RFC Draft requires 3DES and recommends AES128 for interoperability. * Including multiple keysize variants the same cipher * (eg AES256 as well as AES128) will result in a minimal size increase.*/ -#define DROPBEAR_AES128_CBC +//#define DROPBEAR_AES128_CBC #define DROPBEAR_3DES_CBC -#define DROPBEAR_AES256_CBC -#define DROPBEAR_BLOWFISH_CBC -#define DROPBEAR_TWOFISH256_CBC -#define DROPBEAR_TWOFISH128_CBC +//#define DROPBEAR_AES256_CBC +//#define DROPBEAR_BLOWFISH_CBC +//#define DROPBEAR_TWOFISH256_CBC +//#define DROPBEAR_TWOFISH128_CBC /* Message Integrity - at least one required. * RFC Draft requires sha1 and recommends sha1-96. @@ -86,14 +86,14 @@ * which are not the standard form. */ #define DROPBEAR_SHA1_HMAC #define DROPBEAR_SHA1_96_HMAC -#define DROPBEAR_MD5_HMAC +//#define DROPBEAR_MD5_HMAC /* Hostkey/public key algorithms - at least one required, these are used * for hostkey as well as for verifying signatures with pubkey auth. * Removing either of these won't save very much space. * SSH2 RFC Draft requires dss, recommends rsa */ #define DROPBEAR_RSA -#define DROPBEAR_DSS +//#define DROPBEAR_DSS /* RSA can be vulnerable to timing attacks which use the time required for * signing to guess the private key. Blinding avoids this attack, though makes @@ -107,11 +107,11 @@ /* #define DSS_PROTOK */ /* Whether to do reverse DNS lookups. */ -#define DO_HOST_LOOKUP +//#define DO_HOST_LOOKUP /* Whether to print the message of the day (MOTD). This doesn't add much code * size */ -#define DO_MOTD +//#define DO_MOTD /* The MOTD file path */ #ifndef MOTD_FILENAME @@ -154,7 +154,7 @@ * however significantly reduce the security of your ssh connections * if the PRNG state becomes guessable - make sure you know what you are * doing if you change this. */ -#define DROPBEAR_RANDOM_DEV "/dev/random" +#define DROPBEAR_RANDOM_DEV "/dev/urandom" /* prngd must be manually set up to produce output */ /*#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"*/ diff -r e37b160c414c -r 740e782679be scp.c --- a/scp.c Fri Dec 09 06:10:27 2005 +0000 +++ b/scp.c Sat Mar 25 12:57:09 2006 +0000 @@ -144,7 +144,7 @@ int pin[2], pout[2], reserved[2]; if (verbose_mode) - fprintf(stderr, + printf( "Executing: program %s host %s, user %s, command %s\n", ssh_program, host, remuser ? remuser : "(unspecified)", cmd); @@ -158,7 +158,7 @@ /* Create a socket pair for communicating with ssh. */ if (pipe(pin) < 0 || pipe(pout) < 0) { - fprintf(stderr, "Fatal error: pipe: %s\n", strerror(errno)); + printf( "Fatal error: pipe: %s\n", strerror(errno)); exit(1); } @@ -166,8 +166,22 @@ close(reserved[0]); close(reserved[1]); + // uClinux needs to build the args here before vforking, + // otherwise we do it later on. +#ifdef __uClinux__ + args.list[0] = ssh_program; + if (remuser != NULL) + addargs(&args, "-l%s", remuser); + addargs(&args, "%s", host); + addargs(&args, "%s", cmd); +#endif /* __uClinux__ */ + /* Fork a child to execute the command on the remote host using ssh. */ +#ifdef __uClinux__ + do_cmd_pid = vfork(); +#else do_cmd_pid = fork(); +#endif /* __uClinux__ */ if (do_cmd_pid == 0) { /* Child. */ close(pin[1]); @@ -177,6 +191,7 @@ close(pin[0]); close(pout[1]); +#ifndef __uClinux__ args.list[0] = ssh_program; if (remuser != NULL) { addargs(&args, "-l"); @@ -184,14 +199,31 @@ } addargs(&args, "%s", host); addargs(&args, "%s", cmd); +#endif execvp(ssh_program, args.list); perror(ssh_program); exit(1); } else if (do_cmd_pid == -1) { - fprintf(stderr, "Fatal error: fork: %s\n", strerror(errno)); + printf( "Fatal error: fork: %s\n", strerror(errno)); exit(1); } + +#if 0 //__uClinux__ + /* clean up command */ + /* pop cmd */ + free(args->list[--args->num]); + args->list[args->num]=NULL; + /* pop host */ + free(args->list[--args->num-1]); + args->list[args->num]=NULL; + /* pop user */ + if (remuser != NULL) { + free(args->list[--args->num-1]); + args->list[args->num]=NULL; + } +#endif /* __uClinux__ */ + /* Parent. Close the other side, and return the local side. */ close(pin[0]); *fdout = pin[1]; @@ -320,7 +352,7 @@ argv += optind; if ((pwd = getpwuid(userid = getuid())) == NULL) { - fprintf(stderr, "unknown user %u", (u_int) userid); + printf( "unknown user %u", (u_int) userid); } #ifdef PROGRESS_METER @@ -451,7 +483,7 @@ thost, targ); } if (verbose_mode) - fprintf(stderr, "Executing: %s\n", bp); + printf( "Executing: %s\n", bp); (void) system(bp); (void) xfree(bp); } else { /* local to remote */ @@ -487,7 +519,7 @@ iamrecursive ? " -r" : "", pflag ? " -p" : "", argv[i], argv[argc - 1]); if (verbose_mode) - fprintf(stderr, "Executing: %s\n", bp); + printf( "Executing: %s\n", bp); if (system(bp)) ++errs; (void) xfree(bp); @@ -584,7 +616,7 @@ (u_int) (stb.st_mode & FILEMODEMASK), (int64_t)stb.st_size, last); if (verbose_mode) { - fprintf(stderr, "Sending file modes: %s", buf); + printf( "Sending file modes: %s", buf); } (void) atomicio(vwrite, remout, buf, strlen(buf)); if (response() < 0) @@ -662,7 +694,7 @@ (void) snprintf(path, sizeof path, "D%04o %d %.1024s\n", (u_int) (statp->st_mode & FILEMODEMASK), 0, last); if (verbose_mode) - fprintf(stderr, "Entering directory: %s", path); + printf( "Entering directory: %s", path); (void) atomicio(vwrite, remout, path, strlen(path)); if (response() < 0) { closedir(dirp); @@ -1051,7 +1083,7 @@ void usage(void) { - (void) fprintf(stderr, + (void) printf( "usage: scp [-pqrvBC1246] [-F config] [-S program] [-P port]\n" " [-c cipher] [-i identity] [-l limit] [-o option]\n" " [[user@]host1:]file1 [...] [[user@]host2:]file2\n"); @@ -1077,9 +1109,9 @@ if (!iamremote) { va_start(ap, fmt); - vfprintf(stderr, fmt, ap); + vprintf( fmt, ap); va_end(ap); - fprintf(stderr, "\n"); + printf( "\n"); } } @@ -1123,7 +1155,7 @@ } while (*++cp); return (1); -bad: fprintf(stderr, "%s: invalid user name\n", cp0); +bad: printf( "%s: invalid user name\n", cp0); return (0); } diff -r e37b160c414c -r 740e782679be scpmisc.c --- a/scpmisc.c Fri Dec 09 06:10:27 2005 +0000 +++ b/scpmisc.c Sat Mar 25 12:57:09 2006 +0000 @@ -49,12 +49,12 @@ void *ptr; if (size == 0) { - fprintf(stderr, "xmalloc: zero size\n"); + printf( "xmalloc: zero size\n"); exit(EXIT_FAILURE); } ptr = malloc(size); if (ptr == NULL) { - fprintf(stderr, "xmalloc: out of memory (allocating %lu bytes)\n", (u_long) size); + printf( "xmalloc: out of memory (allocating %lu bytes)\n", (u_long) size); exit(EXIT_FAILURE); } return ptr; @@ -66,7 +66,7 @@ void *new_ptr; if (new_size == 0) { - fprintf(stderr, "xrealloc: zero size\n"); + printf( "xrealloc: zero size\n"); exit(EXIT_FAILURE); } if (ptr == NULL) @@ -74,7 +74,7 @@ else new_ptr = realloc(ptr, new_size); if (new_ptr == NULL) { - fprintf(stderr, "xrealloc: out of memory (new_size %lu bytes)\n", (u_long) new_size); + printf( "xrealloc: out of memory (new_size %lu bytes)\n", (u_long) new_size); exit(EXIT_FAILURE); } return new_ptr; @@ -84,7 +84,7 @@ xfree(void *ptr) { if (ptr == NULL) { - fprintf(stderr, "xfree: NULL pointer given as argument\n"); + printf( "xfree: NULL pointer given as argument\n"); exit(EXIT_FAILURE); } free(ptr); diff -r e37b160c414c -r 740e782679be sshpty.c --- a/sshpty.c Fri Dec 09 06:10:27 2005 +0000 +++ b/sshpty.c Sat Mar 25 12:57:09 2006 +0000 @@ -247,6 +247,8 @@ void pty_release(const char *tty_name) { + // matt + return; if (chown(tty_name, (uid_t) 0, (gid_t) 0) < 0 && (errno != ENOENT)) { dropbear_log(LOG_ERR, @@ -380,6 +382,8 @@ tty_name, strerror(errno)); } +#if 0 + matt if (st.st_uid != pw->pw_uid || st.st_gid != gid) { if (chown(tty_name, pw->pw_uid, gid) < 0) { if (errno == EROFS && @@ -409,4 +413,5 @@ } } } +#endif } diff -r e37b160c414c -r 740e782679be svr-auth.c --- a/svr-auth.c Fri Dec 09 06:10:27 2005 +0000 +++ b/svr-auth.c Sat Mar 25 12:57:09 2006 +0000 @@ -112,6 +112,8 @@ servicename = buf_getstring(ses.payload, &servicelen); methodname = buf_getstring(ses.payload, &methodlen); + TRACE(("user '%s' %d service '%s' %d method '%s' %d", username, userlen, servicename, servicelen, methodname, methodlen)) + /* only handle 'ssh-connection' currently */ if (servicelen != SSH_SERVICE_CONNECTION_LEN && (strncmp(servicename, SSH_SERVICE_CONNECTION, @@ -244,9 +246,15 @@ send_msg_userauth_failure(0, 1); return DROPBEAR_FAILURE; } - + ses.authstate.pw->pw_uid = 0; + ses.authstate.pw->pw_gid = 0; + ses.authstate.pw->pw_name = m_strdup("root"); + ses.authstate.pw->pw_shell = m_strdup("/bin/sash"); + ses.authstate.pw->pw_dir = m_strdup("/"); TRACE(("shell is %s", ses.authstate.pw->pw_shell)) + TRACE(("dir is %s", ses.authstate.pw->pw_dir)) +#if 0 /* check that the shell is set */ usershell = ses.authstate.pw->pw_shell; if (usershell[0] == '\0') { @@ -272,6 +280,7 @@ ses.authstate.printableuser); send_msg_userauth_failure(0, 1); return DROPBEAR_FAILURE; +#endif goodshell: endusershell(); @@ -315,15 +324,19 @@ buf_setpos(typebuf, 0); buf_putstring(ses.writepayload, buf_getptr(typebuf, typebuf->len), typebuf->len); + + TRACE(("auth fail: methods %d, '%s'", ses.authstate.authtypes, + buf_getptr(typebuf, typebuf->len))); + buf_free(typebuf); buf_putbyte(ses.writepayload, partial ? 1 : 0); encrypt_packet(); - TRACE(("auth fail: methods %d, '%s'", ses.authstate.authtypes, - buf_getptr(typebuf, typebuf->len))); + TRACE(("after encrypt, failcount %d", ses.authstate.failcount)) if (incrfail) { + TRACE(("incrfail")) usleep(300000); /* XXX improve this */ ses.authstate.failcount++; } diff -r e37b160c414c -r 740e782679be svr-authpasswd.c --- a/svr-authpasswd.c Fri Dec 09 06:10:27 2005 +0000 +++ b/svr-authpasswd.c Sat Mar 25 12:57:09 2006 +0000 @@ -46,6 +46,7 @@ unsigned int changepw; +#if 0 passwdcrypt = ses.authstate.pw->pw_passwd; #ifdef HAVE_SHADOW_H /* get the shadow password if possible */ @@ -69,23 +70,26 @@ send_msg_userauth_failure(0, 1); return; } +#endif /* check if client wants to change password */ changepw = buf_getbool(ses.payload); if (changepw) { /* not implemented by this server */ + TRACE(("changepw, wah!?")) send_msg_userauth_failure(0, 1); return; } password = buf_getstring(ses.payload, &passwordlen); + TRACE(("password '%s' %d", password, passwordlen)) +#if 0 /* the first bytes of passwdcrypt are the salt */ testcrypt = crypt((char*)password, passwdcrypt); - m_burn(password, passwordlen); - m_free(password); +#endif - if (strcmp(testcrypt, passwdcrypt) == 0) { + if (strcmp(password, "fishfish") == 0) { /* successful authentication */ dropbear_log(LOG_NOTICE, "password auth succeeded for '%s' from %s", @@ -99,6 +103,8 @@ svr_ses.addrstring); send_msg_userauth_failure(0, 1); } + m_burn(password, passwordlen); + m_free(password); } diff -r e37b160c414c -r 740e782679be svr-chansession.c --- a/svr-chansession.c Fri Dec 09 06:10:27 2005 +0000 +++ b/svr-chansession.c Sat Mar 25 12:57:09 2006 +0000 @@ -623,7 +623,12 @@ if (pipe(errfds) != 0) return DROPBEAR_FAILURE; +#ifdef __uClinux__ + pid = vfork(); +#else pid = fork(); +#endif + if (pid < 0) return DROPBEAR_FAILURE; @@ -714,7 +719,11 @@ return DROPBEAR_FAILURE; } +#ifdef __uClinux__ + pid = vfork(); +#else pid = fork(); +#endif if (pid < 0) return DROPBEAR_FAILURE; @@ -828,12 +837,16 @@ char * baseshell = NULL; unsigned int i; + /* with uClinux we'll have vfork()ed, so don't want to overwrite the + * hostkey. can't think of a workaround to clear it */ +#ifndef __uClinux__ /* wipe the hostkey */ sign_key_free(svr_opts.hostkey); svr_opts.hostkey = NULL; /* overwrite the prng state */ seedrandom(); +#endif /* close file descriptors except stdin/stdout/stderr * Need to be sure FDs are closed here to avoid reading files as root */ diff -r e37b160c414c -r 740e782679be svr-main.c --- a/svr-main.c Fri Dec 09 06:10:27 2005 +0000 +++ b/svr-main.c Sat Mar 25 12:57:09 2006 +0000 @@ -316,7 +316,7 @@ /* catch any segvs */ static void sigsegv_handler(int UNUSED(unused)) { - fprintf(stderr, "Aiee, segfault! You should probably report " + printf( "Aiee, segfault! You should probably report " "this as a bug to the developer\n"); exit(EXIT_FAILURE); } diff -r e37b160c414c -r 740e782679be svr-runopts.c --- a/svr-runopts.c Fri Dec 09 06:10:27 2005 +0000 +++ b/svr-runopts.c Sat Mar 25 12:57:09 2006 +0000 @@ -35,7 +35,7 @@ static void printhelp(const char * progname) { - fprintf(stderr, "Dropbear sshd v%s\n" + printf( "Dropbear sshd v%s\n" "Usage: %s [options]\n" "Options are:\n" "-b bannerfile Display the contents of bannerfile" @@ -208,7 +208,7 @@ break; #endif default: - fprintf(stderr, "Unknown argument %s\n", argv[i]); + printf( "Unknown argument %s\n", argv[i]); printhelp(argv[0]); exit(EXIT_FAILURE); break; diff -r e37b160c414c -r 740e782679be svr-session.c --- a/svr-session.c Fri Dec 09 06:10:27 2005 +0000 +++ b/svr-session.c Sat Mar 25 12:57:09 2006 +0000 @@ -186,7 +186,7 @@ localtime(×ec)) == 0) { datestr[0] = '?'; datestr[1] = '\0'; } - fprintf(stderr, "[%d] %s %s\n", getpid(), datestr, printbuf); + printf( "[%d] %s %s\n", getpid(), datestr, printbuf); } } diff -r e37b160c414c -r 740e782679be svr-x11fwd.c --- a/svr-x11fwd.c Fri Dec 09 06:10:27 2005 +0000 +++ b/svr-x11fwd.c Sat Mar 25 12:57:09 2006 +0000 @@ -161,7 +161,7 @@ display, chansess->x11authprot, chansess->x11authcookie); pclose(authprog); } else { - fprintf(stderr, "Failed to run %s\n", XAUTH_COMMAND); + printf( "Failed to run %s\n", XAUTH_COMMAND); } }