dropbear: update to 2015.67
fixes dbclient login into OpenSSH 6.8p1 error: "Bad hostkey signature" reported on irc, replicated with Arch Linux Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de> SVN-Revision: 45493v19.07.3_mercusys_ac12_duma
Steven Barth
9 years ago
parent
125b2ced63
commit
af4d04ed36
@ -1,58 +0,0 @@
|
||||
|
||||
# HG changeset patch
|
||||
# User Matt Johnston <matt@ucc.asn.au>
|
||||
# Date 1407937727 -28800
|
||||
# Node ID f7f6c15b0ec30b0def69c9ccbb3dc4eb97374abc
|
||||
# Parent 02821319ab1f1208b7ab5de4af82a562c386d40d
|
||||
Don't send SSH_MSG_UNIMPLEMENTED for keepalive responses
|
||||
|
||||
diff -r 02821319ab1f -r f7f6c15b0ec3 cli-session.c
|
||||
--- a/cli-session.c Fri Aug 08 21:53:47 2014 +0800
|
||||
+++ b/cli-session.c Wed Aug 13 21:48:47 2014 +0800
|
||||
@@ -73,6 +73,8 @@
|
||||
#ifdef ENABLE_CLI_REMOTETCPFWD
|
||||
{SSH_MSG_REQUEST_SUCCESS, cli_recv_msg_request_success}, /* client */
|
||||
{SSH_MSG_REQUEST_FAILURE, cli_recv_msg_request_failure}, /* client */
|
||||
+#else
|
||||
+ {SSH_MSG_REQUEST_FAILURE, ignore_recv_msg_request_failure}, /* for keepalive */
|
||||
#endif
|
||||
{0, 0} /* End */
|
||||
};
|
||||
diff -r 02821319ab1f -r f7f6c15b0ec3 common-session.c
|
||||
--- a/common-session.c Fri Aug 08 21:53:47 2014 +0800
|
||||
+++ b/common-session.c Wed Aug 13 21:48:47 2014 +0800
|
||||
@@ -394,6 +394,11 @@
|
||||
return pos+1;
|
||||
}
|
||||
|
||||
+void ignore_recv_msg_request_failure() {
|
||||
+ // Do nothing
|
||||
+ TRACE(("Ignored msg_request_failure"))
|
||||
+}
|
||||
+
|
||||
static void send_msg_keepalive() {
|
||||
CHECKCLEARTOWRITE();
|
||||
time_t old_time_idle = ses.last_packet_time_idle;
|
||||
diff -r 02821319ab1f -r f7f6c15b0ec3 session.h
|
||||
--- a/session.h Fri Aug 08 21:53:47 2014 +0800
|
||||
+++ b/session.h Wed Aug 13 21:48:47 2014 +0800
|
||||
@@ -47,6 +47,7 @@
|
||||
void session_cleanup();
|
||||
void send_session_identification();
|
||||
void send_msg_ignore();
|
||||
+void ignore_recv_msg_request_failure();
|
||||
|
||||
void update_channel_prio();
|
||||
|
||||
diff -r 02821319ab1f -r f7f6c15b0ec3 svr-session.c
|
||||
--- a/svr-session.c Fri Aug 08 21:53:47 2014 +0800
|
||||
+++ b/svr-session.c Wed Aug 13 21:48:47 2014 +0800
|
||||
@@ -58,6 +58,7 @@
|
||||
{SSH_MSG_CHANNEL_OPEN, recv_msg_channel_open},
|
||||
{SSH_MSG_CHANNEL_EOF, recv_msg_channel_eof},
|
||||
{SSH_MSG_CHANNEL_CLOSE, recv_msg_channel_close},
|
||||
+ {SSH_MSG_REQUEST_FAILURE, ignore_recv_msg_request_failure}, /* for keepalive */
|
||||
#ifdef USING_LISTENERS
|
||||
{SSH_MSG_CHANNEL_OPEN_CONFIRMATION, recv_msg_channel_open_confirmation},
|
||||
{SSH_MSG_CHANNEL_OPEN_FAILURE, recv_msg_channel_open_failure},
|
||||
|
||||
@ -1,333 +0,0 @@
|
||||
|
||||
# HG changeset patch
|
||||
# User Matt Johnston <matt@ucc.asn.au>
|
||||
# Date 1408460936 -28800
|
||||
# Node ID 0bb16232e7c4162daa43e8618521cf453847ac16
|
||||
# Parent 939944f0fca9b2dcdf8470bb24efcc37a3843e8b
|
||||
Make keepalive handling more robust, this should now match what OpenSSH does
|
||||
|
||||
diff -r 939944f0fca9 -r 0bb16232e7c4 LICENSE
|
||||
--- a/LICENSE Wed Aug 13 22:07:43 2014 +0800
|
||||
+++ b/LICENSE Tue Aug 19 23:08:56 2014 +0800
|
||||
@@ -8,7 +8,7 @@
|
||||
Portions of the client-mode work are (c) 2004 Mihnea Stoenescu, under the
|
||||
same license:
|
||||
|
||||
-Copyright (c) 2002-2013 Matt Johnston
|
||||
+Copyright (c) 2002-2014 Matt Johnston
|
||||
Portions copyright (c) 2004 Mihnea Stoenescu
|
||||
All rights reserved.
|
||||
|
||||
diff -r 939944f0fca9 -r 0bb16232e7c4 auth.h
|
||||
--- a/auth.h Wed Aug 13 22:07:43 2014 +0800
|
||||
+++ b/auth.h Tue Aug 19 23:08:56 2014 +0800
|
||||
@@ -106,7 +106,7 @@
|
||||
valid */
|
||||
unsigned int failcount; /* Number of (failed) authentication attempts.*/
|
||||
unsigned authdone : 1; /* 0 if we haven't authed, 1 if we have. Applies for
|
||||
- client and server (though has differing [obvious]
|
||||
+ client and server (though has differing
|
||||
meanings). */
|
||||
unsigned perm_warn : 1; /* Server only, set if bad permissions on
|
||||
~/.ssh/authorized_keys have already been
|
||||
diff -r 939944f0fca9 -r 0bb16232e7c4 channel.h
|
||||
--- a/channel.h Wed Aug 13 22:07:43 2014 +0800
|
||||
+++ b/channel.h Tue Aug 19 23:08:56 2014 +0800
|
||||
@@ -105,6 +105,9 @@
|
||||
void setchannelfds(fd_set *readfd, fd_set *writefd);
|
||||
void channelio(fd_set *readfd, fd_set *writefd);
|
||||
struct Channel* getchannel();
|
||||
+/* Returns an arbitrary channel that is in a ready state - not
|
||||
+being initialised and no EOF in either direction. NULL if none. */
|
||||
+struct Channel* get_any_ready_channel();
|
||||
|
||||
void recv_msg_channel_open();
|
||||
void recv_msg_channel_request();
|
||||
@@ -128,8 +131,10 @@
|
||||
void recv_msg_channel_open_confirmation();
|
||||
void recv_msg_channel_open_failure();
|
||||
#endif
|
||||
+void start_send_channel_request(struct Channel *channel, unsigned char *type);
|
||||
|
||||
void send_msg_request_success();
|
||||
void send_msg_request_failure();
|
||||
|
||||
+
|
||||
#endif /* _CHANNEL_H_ */
|
||||
diff -r 939944f0fca9 -r 0bb16232e7c4 chansession.h
|
||||
--- a/chansession.h Wed Aug 13 22:07:43 2014 +0800
|
||||
+++ b/chansession.h Tue Aug 19 23:08:56 2014 +0800
|
||||
@@ -89,7 +89,6 @@
|
||||
#ifdef ENABLE_CLI_NETCAT
|
||||
void cli_send_netcat_request();
|
||||
#endif
|
||||
-void cli_start_send_channel_request(struct Channel *channel, unsigned char *type);
|
||||
|
||||
void svr_chansessinitialise();
|
||||
extern const struct ChanType svrchansess;
|
||||
diff -r 939944f0fca9 -r 0bb16232e7c4 cli-agentfwd.c
|
||||
--- a/cli-agentfwd.c Wed Aug 13 22:07:43 2014 +0800
|
||||
+++ b/cli-agentfwd.c Tue Aug 19 23:08:56 2014 +0800
|
||||
@@ -234,7 +234,7 @@
|
||||
return;
|
||||
}
|
||||
|
||||
- cli_start_send_channel_request(channel, "auth-agent-req@openssh.com");
|
||||
+ start_send_channel_request(channel, "auth-agent-req@openssh.com");
|
||||
/* Don't want replies */
|
||||
buf_putbyte(ses.writepayload, 0);
|
||||
encrypt_packet();
|
||||
diff -r 939944f0fca9 -r 0bb16232e7c4 cli-chansession.c
|
||||
--- a/cli-chansession.c Wed Aug 13 22:07:43 2014 +0800
|
||||
+++ b/cli-chansession.c Tue Aug 19 23:08:56 2014 +0800
|
||||
@@ -92,17 +92,6 @@
|
||||
}
|
||||
}
|
||||
|
||||
-void cli_start_send_channel_request(struct Channel *channel,
|
||||
- unsigned char *type) {
|
||||
-
|
||||
- CHECKCLEARTOWRITE();
|
||||
- buf_putbyte(ses.writepayload, SSH_MSG_CHANNEL_REQUEST);
|
||||
- buf_putint(ses.writepayload, channel->remotechan);
|
||||
-
|
||||
- buf_putstring(ses.writepayload, type, strlen(type));
|
||||
-
|
||||
-}
|
||||
-
|
||||
/* Taken from OpenSSH's sshtty.c:
|
||||
* RCSID("OpenBSD: sshtty.c,v 1.5 2003/09/19 17:43:35 markus Exp "); */
|
||||
static void cli_tty_setup() {
|
||||
@@ -287,7 +276,7 @@
|
||||
|
||||
TRACE(("enter send_chansess_pty_req"))
|
||||
|
||||
- cli_start_send_channel_request(channel, "pty-req");
|
||||
+ start_send_channel_request(channel, "pty-req");
|
||||
|
||||
/* Don't want replies */
|
||||
buf_putbyte(ses.writepayload, 0);
|
||||
@@ -330,7 +319,7 @@
|
||||
reqtype = "shell";
|
||||
}
|
||||
|
||||
- cli_start_send_channel_request(channel, reqtype);
|
||||
+ start_send_channel_request(channel, reqtype);
|
||||
|
||||
/* XXX TODO */
|
||||
buf_putbyte(ses.writepayload, 0); /* Don't want replies */
|
||||
diff -r 939944f0fca9 -r 0bb16232e7c4 cli-session.c
|
||||
--- a/cli-session.c Wed Aug 13 22:07:43 2014 +0800
|
||||
+++ b/cli-session.c Tue Aug 19 23:08:56 2014 +0800
|
||||
@@ -70,11 +70,15 @@
|
||||
{SSH_MSG_USERAUTH_BANNER, recv_msg_userauth_banner}, /* client */
|
||||
{SSH_MSG_USERAUTH_SPECIFIC_60, recv_msg_userauth_specific_60}, /* client */
|
||||
{SSH_MSG_GLOBAL_REQUEST, recv_msg_global_request_cli},
|
||||
+ {SSH_MSG_CHANNEL_SUCCESS, ignore_recv_response},
|
||||
+ {SSH_MSG_CHANNEL_FAILURE, ignore_recv_response},
|
||||
#ifdef ENABLE_CLI_REMOTETCPFWD
|
||||
{SSH_MSG_REQUEST_SUCCESS, cli_recv_msg_request_success}, /* client */
|
||||
{SSH_MSG_REQUEST_FAILURE, cli_recv_msg_request_failure}, /* client */
|
||||
#else
|
||||
- {SSH_MSG_REQUEST_FAILURE, ignore_recv_msg_request_failure}, /* for keepalive */
|
||||
+ /* For keepalive */
|
||||
+ {SSH_MSG_REQUEST_SUCCESS, ignore_recv_response},
|
||||
+ {SSH_MSG_REQUEST_FAILURE, ignore_recv_response},
|
||||
#endif
|
||||
{0, 0} /* End */
|
||||
};
|
||||
diff -r 939944f0fca9 -r 0bb16232e7c4 common-channel.c
|
||||
--- a/common-channel.c Wed Aug 13 22:07:43 2014 +0800
|
||||
+++ b/common-channel.c Tue Aug 19 23:08:56 2014 +0800
|
||||
@@ -627,7 +627,12 @@
|
||||
&& !channel->close_handler_done) {
|
||||
channel->type->reqhandler(channel);
|
||||
} else {
|
||||
- send_msg_channel_failure(channel);
|
||||
+ int wantreply;
|
||||
+ buf_eatstring(ses.payload);
|
||||
+ wantreply = buf_getbool(ses.payload);
|
||||
+ if (wantreply) {
|
||||
+ send_msg_channel_failure(channel);
|
||||
+ }
|
||||
}
|
||||
|
||||
TRACE(("leave recv_msg_channel_request"))
|
||||
@@ -1134,3 +1139,30 @@
|
||||
buf_putbyte(ses.writepayload, SSH_MSG_REQUEST_FAILURE);
|
||||
encrypt_packet();
|
||||
}
|
||||
+
|
||||
+struct Channel* get_any_ready_channel() {
|
||||
+ if (ses.chancount == 0) {
|
||||
+ return NULL;
|
||||
+ }
|
||||
+ size_t i;
|
||||
+ for (i = 0; i < ses.chansize; i++) {
|
||||
+ struct Channel *chan = ses.channels[i];
|
||||
+ if (chan
|
||||
+ && !(chan->sent_eof || chan->recv_eof)
|
||||
+ && !(chan->await_open || chan->initconn)) {
|
||||
+ return chan;
|
||||
+ }
|
||||
+ }
|
||||
+ return NULL;
|
||||
+}
|
||||
+
|
||||
+void start_send_channel_request(struct Channel *channel,
|
||||
+ unsigned char *type) {
|
||||
+
|
||||
+ CHECKCLEARTOWRITE();
|
||||
+ buf_putbyte(ses.writepayload, SSH_MSG_CHANNEL_REQUEST);
|
||||
+ buf_putint(ses.writepayload, channel->remotechan);
|
||||
+
|
||||
+ buf_putstring(ses.writepayload, type, strlen(type));
|
||||
+
|
||||
+}
|
||||
diff -r 939944f0fca9 -r 0bb16232e7c4 common-session.c
|
||||
--- a/common-session.c Wed Aug 13 22:07:43 2014 +0800
|
||||
+++ b/common-session.c Tue Aug 19 23:08:56 2014 +0800
|
||||
@@ -394,19 +394,30 @@
|
||||
return pos+1;
|
||||
}
|
||||
|
||||
-void ignore_recv_msg_request_failure() {
|
||||
+void ignore_recv_response() {
|
||||
// Do nothing
|
||||
- TRACE(("Ignored msg_request_failure"))
|
||||
+ TRACE(("Ignored msg_request_response"))
|
||||
}
|
||||
|
||||
static void send_msg_keepalive() {
|
||||
CHECKCLEARTOWRITE();
|
||||
time_t old_time_idle = ses.last_packet_time_idle;
|
||||
- /* Try to force a response from the other end. Some peers will
|
||||
- reply with SSH_MSG_REQUEST_FAILURE, some will reply with SSH_MSG_UNIMPLEMENTED */
|
||||
- buf_putbyte(ses.writepayload, SSH_MSG_GLOBAL_REQUEST);
|
||||
- /* A short string */
|
||||
- buf_putstring(ses.writepayload, "k@dropbear.nl", 0);
|
||||
+
|
||||
+ struct Channel *chan = get_any_ready_channel();
|
||||
+
|
||||
+ if (chan) {
|
||||
+ /* Channel requests are preferable, more implementations
|
||||
+ handle them than SSH_MSG_GLOBAL_REQUEST */
|
||||
+ TRACE(("keepalive channel request %d", chan->index))
|
||||
+ start_send_channel_request(chan, DROPBEAR_KEEPALIVE_STRING);
|
||||
+ } else {
|
||||
+ TRACE(("keepalive global request"))
|
||||
+ /* Some peers will reply with SSH_MSG_REQUEST_FAILURE,
|
||||
+ some will reply with SSH_MSG_UNIMPLEMENTED, some will exit. */
|
||||
+ buf_putbyte(ses.writepayload, SSH_MSG_GLOBAL_REQUEST);
|
||||
+ buf_putstring(ses.writepayload, DROPBEAR_KEEPALIVE_STRING,
|
||||
+ strlen(DROPBEAR_KEEPALIVE_STRING));
|
||||
+ }
|
||||
buf_putbyte(ses.writepayload, 1); /* want_reply */
|
||||
encrypt_packet();
|
||||
|
||||
@@ -435,7 +446,10 @@
|
||||
send_msg_kexinit();
|
||||
}
|
||||
|
||||
- if (opts.keepalive_secs > 0) {
|
||||
+ if (opts.keepalive_secs > 0 && ses.authstate.authdone) {
|
||||
+ /* Avoid sending keepalives prior to auth - those are
|
||||
+ not valid pre-auth packet types */
|
||||
+
|
||||
/* Send keepalives if we've been idle */
|
||||
if (now - ses.last_packet_time_any_sent >= opts.keepalive_secs) {
|
||||
send_msg_keepalive();
|
||||
diff -r 939944f0fca9 -r 0bb16232e7c4 session.h
|
||||
--- a/session.h Wed Aug 13 22:07:43 2014 +0800
|
||||
+++ b/session.h Tue Aug 19 23:08:56 2014 +0800
|
||||
@@ -47,7 +47,7 @@
|
||||
void session_cleanup();
|
||||
void send_session_identification();
|
||||
void send_msg_ignore();
|
||||
-void ignore_recv_msg_request_failure();
|
||||
+void ignore_recv_response();
|
||||
|
||||
void update_channel_prio();
|
||||
|
||||
diff -r 939944f0fca9 -r 0bb16232e7c4 svr-chansession.c
|
||||
--- a/svr-chansession.c Wed Aug 13 22:07:43 2014 +0800
|
||||
+++ b/svr-chansession.c Tue Aug 19 23:08:56 2014 +0800
|
||||
@@ -53,6 +53,7 @@
|
||||
static void closechansess(struct Channel *channel);
|
||||
static int newchansess(struct Channel *channel);
|
||||
static void chansessionrequest(struct Channel *channel);
|
||||
+static int sesscheckclose(struct Channel *channel);
|
||||
|
||||
static void send_exitsignalstatus(struct Channel *channel);
|
||||
static void send_msg_chansess_exitstatus(struct Channel * channel,
|
||||
@@ -61,6 +62,14 @@
|
||||
struct ChanSess * chansess);
|
||||
static void get_termmodes(struct ChanSess *chansess);
|
||||
|
||||
+const struct ChanType svrchansess = {
|
||||
+ 0, /* sepfds */
|
||||
+ "session", /* name */
|
||||
+ newchansess, /* inithandler */
|
||||
+ sesscheckclose, /* checkclosehandler */
|
||||
+ chansessionrequest, /* reqhandler */
|
||||
+ closechansess, /* closehandler */
|
||||
+};
|
||||
|
||||
/* required to clear environment */
|
||||
extern char** environ;
|
||||
@@ -968,16 +977,6 @@
|
||||
dropbear_exit("Child failed");
|
||||
}
|
||||
|
||||
-const struct ChanType svrchansess = {
|
||||
- 0, /* sepfds */
|
||||
- "session", /* name */
|
||||
- newchansess, /* inithandler */
|
||||
- sesscheckclose, /* checkclosehandler */
|
||||
- chansessionrequest, /* reqhandler */
|
||||
- closechansess, /* closehandler */
|
||||
-};
|
||||
-
|
||||
-
|
||||
/* Set up the general chansession environment, in particular child-exit
|
||||
* handling */
|
||||
void svr_chansessinitialise() {
|
||||
diff -r 939944f0fca9 -r 0bb16232e7c4 svr-main.c
|
||||
--- a/svr-main.c Wed Aug 13 22:07:43 2014 +0800
|
||||
+++ b/svr-main.c Tue Aug 19 23:08:56 2014 +0800
|
||||
@@ -409,7 +409,7 @@
|
||||
size_t sockpos = 0;
|
||||
int nsock;
|
||||
|
||||
- TRACE(("listensockets: %d to try\n", svr_opts.portcount))
|
||||
+ TRACE(("listensockets: %d to try", svr_opts.portcount))
|
||||
|
||||
for (i = 0; i < svr_opts.portcount; i++) {
|
||||
|
||||
diff -r 939944f0fca9 -r 0bb16232e7c4 svr-session.c
|
||||
--- a/svr-session.c Wed Aug 13 22:07:43 2014 +0800
|
||||
+++ b/svr-session.c Tue Aug 19 23:08:56 2014 +0800
|
||||
@@ -58,7 +58,10 @@
|
||||
{SSH_MSG_CHANNEL_OPEN, recv_msg_channel_open},
|
||||
{SSH_MSG_CHANNEL_EOF, recv_msg_channel_eof},
|
||||
{SSH_MSG_CHANNEL_CLOSE, recv_msg_channel_close},
|
||||
- {SSH_MSG_REQUEST_FAILURE, ignore_recv_msg_request_failure}, /* for keepalive */
|
||||
+ {SSH_MSG_CHANNEL_SUCCESS, ignore_recv_response},
|
||||
+ {SSH_MSG_CHANNEL_FAILURE, ignore_recv_response},
|
||||
+ {SSH_MSG_REQUEST_FAILURE, ignore_recv_response}, /* for keepalive */
|
||||
+ {SSH_MSG_REQUEST_SUCCESS, ignore_recv_response}, /* client */
|
||||
#ifdef USING_LISTENERS
|
||||
{SSH_MSG_CHANNEL_OPEN_CONFIRMATION, recv_msg_channel_open_confirmation},
|
||||
{SSH_MSG_CHANNEL_OPEN_FAILURE, recv_msg_channel_open_failure},
|
||||
diff -r 939944f0fca9 -r 0bb16232e7c4 sysoptions.h
|
||||
--- a/sysoptions.h Wed Aug 13 22:07:43 2014 +0800
|
||||
+++ b/sysoptions.h Tue Aug 19 23:08:56 2014 +0800
|
||||
@@ -257,4 +257,7 @@
|
||||
#define DROPBEAR_LISTEN_BACKLOG MAX_CHANNELS
|
||||
#endif
|
||||
|
||||
+/* Use this string since some implementations might special-case it */
|
||||
+#define DROPBEAR_KEEPALIVE_STRING "keepalive@openssh.com"
|
||||
+
|
||||
/* no include guard for this file */
|
||||
|
||||
Loading…
Reference in New Issue