# HG changeset patch # User Matt Johnston # Date 1557928785 -28800 # Node ID cc0fc5131c5cf988039e9e4712d62a0b73451c29 # Parent 76189c9ffea27285992555b0a9eb4b71b4f55bbe Rename EPKA -> Plugin diff -r 76189c9ffea2 -r cc0fc5131c5c Makefile.in --- a/Makefile.in Wed May 15 09:43:57 2019 -0400 +++ b/Makefile.in Wed May 15 21:59:45 2019 +0800 @@ -80,13 +80,13 @@ scpobjs=$(SCPOBJS) endif -ifeq (@DROPBEAR_EPKA@, 1) +ifeq (@DROPBEAR_PLUGIN@, 1) # rdynamic makes all the global symbols of dropbear available to all the loaded shared libraries # this allow a plugin to reuse existing crypto/utilities like base64_decode/base64_encode without # the need to rewrite them. - EPKA_LIBS=-ldl -rdynamic + PLUGIN_LIBS=-ldl -rdynamic else - EPKA_LIBS= + PLUGIN_LIBS= endif VPATH=@srcdir@ @@ -198,7 +198,7 @@ dropbearconvert: $(dropbearconvertobjs) dropbear: $(HEADERS) $(LIBTOM_DEPS) Makefile - $(CC) $(LDFLAGS) -o $@$(EXEEXT) $($@objs) $(LIBTOM_LIBS) $(LIBS) @CRYPTLIB@ $(EPKA_LIBS) + $(CC) $(LDFLAGS) -o $@$(EXEEXT) $($@objs) $(LIBTOM_LIBS) $(LIBS) @CRYPTLIB@ $(PLUGIN_LIBS) dbclient: $(HEADERS) $(LIBTOM_DEPS) Makefile $(CC) $(LDFLAGS) -o $@$(EXEEXT) $($@objs) $(LIBTOM_LIBS) $(LIBS) diff -r 76189c9ffea2 -r cc0fc5131c5c common-session.c --- a/common-session.c Wed May 15 09:43:57 2019 -0400 +++ b/common-session.c Wed May 15 21:59:45 2019 +0800 @@ -147,8 +147,8 @@ ses.allowprivport = 0; -#if DROPBEAR_EPKA - ses.epka_session = NULL; +#if DROPBEAR_PLUGIN + ses.plugin_session = NULL; #endif TRACE(("leave session_init")) diff -r 76189c9ffea2 -r cc0fc5131c5c configure.ac --- a/configure.ac Wed May 15 09:43:57 2019 -0400 +++ b/configure.ac Wed May 15 21:59:45 2019 +0800 @@ -323,20 +323,20 @@ ] ) -AC_ARG_ENABLE(epka, - [ --enable-epka Enable support for External Public Key Authentication plug-in], +AC_ARG_ENABLE(plugin, + [ --enable-plugin Enable support for External Public Key Authentication plug-in], [ - AC_DEFINE(DROPBEAR_EPKA, 1, External Public Key Authentication) + AC_DEFINE(DROPBEAR_PLUGIN, 1, External Public Key Authentication) AC_MSG_NOTICE(Enabling support for External Public Key Authentication) - DROPBEAR_EPKA=1 + DROPBEAR_PLUGIN=1 ], [ - AC_DEFINE(DROPBEAR_EPKA, 0, External Public Key Authentication) - DROPBEAR_EPKA=0 + AC_DEFINE(DROPBEAR_PLUGIN, 0, External Public Key Authentication) + DROPBEAR_PLUGIN=0 ] ) -AC_SUBST(DROPBEAR_EPKA) +AC_SUBST(DROPBEAR_PLUGIN) AC_ARG_ENABLE(fuzz, [ --enable-fuzz Build fuzzing. Not recommended for deployment.], diff -r 76189c9ffea2 -r cc0fc5131c5c includes.h --- a/includes.h Wed May 15 09:43:57 2019 -0400 +++ b/includes.h Wed May 15 21:59:45 2019 +0800 @@ -164,7 +164,7 @@ #include #endif -#if DROPBEAR_EPKA +#if DROPBEAR_PLUGIN #include #endif diff -r 76189c9ffea2 -r cc0fc5131c5c pubkeyapi.h --- a/pubkeyapi.h Wed May 15 09:43:57 2019 -0400 +++ b/pubkeyapi.h Wed May 15 21:59:45 2019 +0800 @@ -33,21 +33,21 @@ * */ -struct EPKAInstance; -struct EPKASession; +struct PluginInstance; +struct PluginSession; /* API VERSION INFORMATION - * Dropbear will: * - Reject any plugin with a major version mismatch * - Load and print a warning if the plugin's minor version is HIGHER than * dropbear's minor version (assumes properties are added at the end of - * EPKAInstance or EPKASession). This is a case of plugin newer than dropbear. + * PluginInstance or PluginSession). This is a case of plugin newer than dropbear. * - Reject if the plugin minor version is SMALLER than dropbear one (case * of plugin older than dropbear). * - Load (with no warnings) if version match. */ -#define DROPBEAR_EPKA_VERSION_MAJOR 1 -#define DROPBEAR_EPKA_VERSION_MINOR 0 +#define DROPBEAR_PLUGIN_VERSION_MAJOR 1 +#define DROPBEAR_PLUGIN_VERSION_MINOR 0 /* Creates an instance of the plugin. @@ -60,7 +60,7 @@ * If the version MINOR is different, dropbear will allow the plugin to run * only if: plugin_MINOR > dropbear_MINOR * - * If plugin_MINOR < dropbeart_MINOR or if the MAJOR version is different + * If plugin_MINOR < dropbear_MINOR or if the MAJOR version is different * dropbear will reject the plugin and terminate the execution. * * addrstring is the IP address of the client. @@ -68,7 +68,7 @@ * Returns NULL in case of failure, otherwise a void * of the instance that need * to be passed to all the subsequent call to the plugin */ -typedef struct EPKAInstance *(* PubkeyExtPlugin_newFn)(int verbose, +typedef struct PluginInstance *(* PubkeyExtPlugin_newFn)(int verbose, const char *options, const char *addrstring); #define DROPBEAR_PUBKEY_PLUGIN_FNNAME_NEW "plugin_new" @@ -83,8 +83,8 @@ * Returns DROPBEAR_SUCCESS (0) if success or DROPBEAR_FAILURE (-1) if * authentication fails */ -typedef int (* PubkeyExtPlugin_checkPubKeyFn)(struct EPKAInstance *pluginInstance, - struct EPKASession **sessionInOut, +typedef int (* PubkeyExtPlugin_checkPubKeyFn)(struct PluginInstance *PluginInstance, + struct PluginSession **sessionInOut, const char* algo, unsigned int algolen, const unsigned char* keyblob, @@ -93,18 +93,18 @@ /* Notify the plugin that auth completed (after signature verification) */ -typedef void (* PubkeyExtPlugin_authSuccessFn)(struct EPKASession *session); +typedef void (* PubkeyExtPlugin_authSuccessFn)(struct PluginSession *session); /* Deletes a session * TODO: Add a reason why the session is terminated. See svr_dropbear_exit (in svr-session.c) */ -typedef void (* PubkeyExtPlugin_sessionDeleteFn)(struct EPKASession *session); +typedef void (* PubkeyExtPlugin_sessionDeleteFn)(struct PluginSession *session); /* Deletes the plugin instance */ -typedef void (* PubkeyExtPlugin_deleteFn)(struct EPKAInstance *pluginInstance); +typedef void (* PubkeyExtPlugin_deleteFn)(struct PluginInstance *PluginInstance); -/* The EPKAInstance object - A simple container of the pointer to the functions used +/* The PluginInstance object - A simple container of the pointer to the functions used * by Dropbear. * * A plug-in can extend it to add its own properties @@ -113,7 +113,7 @@ * shared library. * The delete_plugin function should delete the object. */ -struct EPKAInstance { +struct PluginInstance { int api_version[2]; /* 0=Major, 1=Minor */ PubkeyExtPlugin_checkPubKeyFn checkpubkey; /* mandatory */ @@ -129,7 +129,7 @@ * The returned buffer will be destroyed when the session is deleted. * Option buffer string NULL-terminated */ -typedef char * (* PubkeyExtPlugin_getOptionsFn)(struct EPKASession *session); +typedef char * (* PubkeyExtPlugin_getOptionsFn)(struct PluginSession *session); /* An SSH Session. Created during pre-auth and reused during the authentication. @@ -142,8 +142,8 @@ * * Store any optional auth options in the auth_options property of the session. */ -struct EPKASession { - struct EPKAInstance * plugin_instance; +struct PluginSession { + struct PluginInstance * plugin_instance; PubkeyExtPlugin_getOptionsFn get_options; }; diff -r 76189c9ffea2 -r cc0fc5131c5c runopts.h --- a/runopts.h Wed May 15 09:43:57 2019 -0400 +++ b/runopts.h Wed May 15 21:59:45 2019 +0800 @@ -125,7 +125,7 @@ char * forced_command; -#if DROPBEAR_EPKA +#if DROPBEAR_PLUGIN char *pubkey_plugin; char *pubkey_plugin_options; #endif diff -r 76189c9ffea2 -r cc0fc5131c5c session.h --- a/session.h Wed May 15 09:43:57 2019 -0400 +++ b/session.h Wed May 15 21:59:45 2019 +0800 @@ -38,7 +38,7 @@ #include "chansession.h" #include "dbutil.h" #include "netio.h" -#if DROPBEAR_EPKA +#if DROPBEAR_PLUGIN #include "pubkeyapi.h" #endif @@ -220,8 +220,8 @@ /* set once the ses structure (and cli_ses/svr_ses) have been populated to their initial state */ int init_done; -#if DROPBEAR_EPKA - struct EPKASession * epka_session; +#if DROPBEAR_PLUGIN + struct PluginSession * plugin_session; #endif }; @@ -248,12 +248,12 @@ pid_t server_pid; #endif -#if DROPBEAR_EPKA +#if DROPBEAR_PLUGIN /* The shared library handle */ - void *epka_plugin_handle; + void *plugin_handle; /* The instance created by the plugin_new function */ - struct EPKAInstance *epka_instance; + struct PluginInstance *plugin_instance; #endif }; diff -r 76189c9ffea2 -r cc0fc5131c5c svr-authpubkey.c --- a/svr-authpubkey.c Wed May 15 09:43:57 2019 -0400 +++ b/svr-authpubkey.c Wed May 15 21:59:45 2019 +0800 @@ -111,12 +111,12 @@ send_msg_userauth_failure(0, 0); goto out; } -#if DROPBEAR_EPKA - if (svr_ses.epka_instance != NULL) { +#if DROPBEAR_PLUGIN + if (svr_ses.plugin_instance != NULL) { char *options_buf; - if (svr_ses.epka_instance->checkpubkey( - svr_ses.epka_instance, - &ses.epka_session, + if (svr_ses.plugin_instance->checkpubkey( + svr_ses.plugin_instance, + &ses.plugin_session, algo, algolen, keyblob, @@ -126,7 +126,7 @@ auth_failure = 0; /* Options provided? */ - options_buf = ses.epka_session->get_options(ses.epka_session); + options_buf = ses.plugin_session->get_options(ses.plugin_session); if (options_buf) { struct buf temp_buf = { .data = (unsigned char *)options_buf, @@ -193,10 +193,10 @@ "Pubkey auth succeeded for '%s' with key %s from %s", ses.authstate.pw_name, fp, svr_ses.addrstring); send_msg_userauth_success(); -#if DROPBEAR_EPKA - if ((ses.epka_session != NULL) && (svr_ses.epka_instance->auth_success != NULL)) { +#if DROPBEAR_PLUGIN + if ((ses.plugin_session != NULL) && (svr_ses.plugin_instance->auth_success != NULL)) { /* Was authenticated through the external plugin. tell plugin that signature verification was ok */ - svr_ses.epka_instance->auth_success(ses.epka_session); + svr_ses.plugin_instance->auth_success(ses.plugin_session); } #endif diff -r 76189c9ffea2 -r cc0fc5131c5c svr-runopts.c --- a/svr-runopts.c Wed May 15 09:43:57 2019 -0400 +++ b/svr-runopts.c Wed May 15 21:59:45 2019 +0800 @@ -99,7 +99,7 @@ "-W (default %d, larger may be faster, max 1MB)\n" "-K (0 is never, default %d, in seconds)\n" "-I (0 is never, default %d, in seconds)\n" -#if DROPBEAR_EPKA +#if DROPBEAR_PLUGIN "-A [,]\n" " Enable external public key auth through \n" #endif @@ -133,7 +133,7 @@ char* maxauthtries_arg = NULL; char* keyfile = NULL; char c; -#if DROPBEAR_EPKA +#if DROPBEAR_PLUGIN char* pubkey_plugin = NULL; #endif @@ -163,7 +163,7 @@ #if DROPBEAR_SVR_REMOTETCPFWD svr_opts.noremotetcp = 0; #endif -#if DROPBEAR_EPKA +#if DROPBEAR_PLUGIN svr_opts.pubkey_plugin = NULL; svr_opts.pubkey_plugin_options = NULL; #endif @@ -285,7 +285,7 @@ case 'u': /* backwards compatibility with old urandom option */ break; -#if DROPBEAR_EPKA +#if DROPBEAR_PLUGIN case 'A': next = &pubkey_plugin; break; @@ -410,7 +410,7 @@ if (svr_opts.forced_command) { dropbear_log(LOG_INFO, "Forced command set to '%s'", svr_opts.forced_command); } -#if DROPBEAR_EPKA +#if DROPBEAR_PLUGIN if (pubkey_plugin) { char *args = strchr(pubkey_plugin, ','); if (args) { diff -r 76189c9ffea2 -r cc0fc5131c5c svr-session.c --- a/svr-session.c Wed May 15 09:43:57 2019 -0400 +++ b/svr-session.c Wed May 15 21:59:45 2019 +0800 @@ -89,15 +89,15 @@ m_free(svr_ses.childpids); svr_ses.childpidsize = 0; -#if DROPBEAR_EPKA - if (svr_ses.epka_plugin_handle != NULL) { - if (svr_ses.epka_instance) { - svr_ses.epka_instance->delete_plugin(svr_ses.epka_instance); - svr_ses.epka_instance = NULL; +#if DROPBEAR_PLUGIN + if (svr_ses.plugin_handle != NULL) { + if (svr_ses.plugin_instance) { + svr_ses.plugin_instance->delete_plugin(svr_ses.plugin_instance); + svr_ses.plugin_instance = NULL; } - dlclose(svr_ses.epka_plugin_handle); - svr_ses.epka_plugin_handle = NULL; + dlclose(svr_ses.plugin_handle); + svr_ses.plugin_handle = NULL; } #endif } @@ -122,10 +122,10 @@ m_free(host); m_free(port); -#if DROPBEAR_EPKA - /* Initializes the EPKA Plugin */ - svr_ses.epka_plugin_handle = NULL; - svr_ses.epka_instance = NULL; +#if DROPBEAR_PLUGIN + /* Initializes the PLUGIN Plugin */ + svr_ses.plugin_handle = NULL; + svr_ses.plugin_instance = NULL; if (svr_opts.pubkey_plugin) { #if DEBUG_TRACE const int verbose = debug_trace; @@ -135,33 +135,33 @@ PubkeyExtPlugin_newFn pluginConstructor; /* RTLD_NOW: fails if not all the symbols are resolved now. Better fail now than at run-time */ - svr_ses.epka_plugin_handle = dlopen(svr_opts.pubkey_plugin, RTLD_NOW); - if (svr_ses.epka_plugin_handle == NULL) { + svr_ses.plugin_handle = dlopen(svr_opts.pubkey_plugin, RTLD_NOW); + if (svr_ses.plugin_handle == NULL) { dropbear_exit("failed to load external pubkey plugin '%s': %s", svr_opts.pubkey_plugin, dlerror()); } - pluginConstructor = (PubkeyExtPlugin_newFn)dlsym(svr_ses.epka_plugin_handle, DROPBEAR_PUBKEY_PLUGIN_FNNAME_NEW); + pluginConstructor = (PubkeyExtPlugin_newFn)dlsym(svr_ses.plugin_handle, DROPBEAR_PUBKEY_PLUGIN_FNNAME_NEW); if (!pluginConstructor) { dropbear_exit("plugin constructor method not found in external pubkey plugin"); } /* Create an instance of the plugin */ - svr_ses.epka_instance = pluginConstructor(verbose, svr_opts.pubkey_plugin_options, svr_ses.addrstring); - if (svr_ses.epka_instance == NULL) { + svr_ses.plugin_instance = pluginConstructor(verbose, svr_opts.pubkey_plugin_options, svr_ses.addrstring); + if (svr_ses.plugin_instance == NULL) { dropbear_exit("external plugin initialization failed"); } /* Check if the plugin is compatible */ - if ( (svr_ses.epka_instance->api_version[0] != DROPBEAR_EPKA_VERSION_MAJOR) || - (svr_ses.epka_instance->api_version[1] < DROPBEAR_EPKA_VERSION_MINOR) ) { + if ( (svr_ses.plugin_instance->api_version[0] != DROPBEAR_PLUGIN_VERSION_MAJOR) || + (svr_ses.plugin_instance->api_version[1] < DROPBEAR_PLUGIN_VERSION_MINOR) ) { dropbear_exit("plugin version check failed: " "Dropbear=%d.%d, plugin=%d.%d", - DROPBEAR_EPKA_VERSION_MAJOR, DROPBEAR_EPKA_VERSION_MINOR, - svr_ses.epka_instance->api_version[0], svr_ses.epka_instance->api_version[1]); + DROPBEAR_PLUGIN_VERSION_MAJOR, DROPBEAR_PLUGIN_VERSION_MINOR, + svr_ses.plugin_instance->api_version[0], svr_ses.plugin_instance->api_version[1]); } - if (svr_ses.epka_instance->api_version[1] > DROPBEAR_EPKA_VERSION_MINOR) { + if (svr_ses.plugin_instance->api_version[1] > DROPBEAR_PLUGIN_VERSION_MINOR) { dropbear_log(LOG_WARNING, "plugin API newer than dropbear API: " "Dropbear=%d.%d, plugin=%d.%d", - DROPBEAR_EPKA_VERSION_MAJOR, DROPBEAR_EPKA_VERSION_MINOR, - svr_ses.epka_instance->api_version[0], svr_ses.epka_instance->api_version[1]); + DROPBEAR_PLUGIN_VERSION_MAJOR, DROPBEAR_PLUGIN_VERSION_MINOR, + svr_ses.plugin_instance->api_version[0], svr_ses.plugin_instance->api_version[1]); } dropbear_log(LOG_INFO, "successfully loaded and initialized pubkey plugin '%s'", svr_opts.pubkey_plugin); } @@ -209,11 +209,11 @@ char fullmsg[300]; int i; -#if DROPBEAR_EPKA - if ((ses.epka_session != NULL)) { - svr_ses.epka_instance->delete_session(ses.epka_session); +#if DROPBEAR_PLUGIN + if ((ses.plugin_session != NULL)) { + svr_ses.plugin_instance->delete_session(ses.plugin_session); } - ses.epka_session = NULL; + ses.plugin_session = NULL; #endif /* Render the formatted exit message */ diff -r 76189c9ffea2 -r cc0fc5131c5c sysoptions.h --- a/sysoptions.h Wed May 15 09:43:57 2019 -0400 +++ b/sysoptions.h Wed May 15 21:59:45 2019 +0800 @@ -243,8 +243,8 @@ #error "At least one server authentication type must be enabled. DROPBEAR_SVR_PUBKEY_AUTH and DROPBEAR_SVR_PASSWORD_AUTH are recommended." #endif -#if (DROPBEAR_EPKA && !DROPBEAR_SVR_PUBKEY_AUTH) - #error "You must define DROPBEAR_SVR_PUBKEY_AUTH in order to use External Public Key Authentication (EPKA)" +#if (DROPBEAR_PLUGIN && !DROPBEAR_SVR_PUBKEY_AUTH) + #error "You must define DROPBEAR_SVR_PUBKEY_AUTH in order to use plugins" #endif #if !(DROPBEAR_AES128 || DROPBEAR_3DES || DROPBEAR_AES256 || DROPBEAR_BLOWFISH \