From cengelma at gmx.at Sun Apr 6 02:13:54 2014 From: cengelma at gmx.at (Christian Engelmayer) Date: Sat, 5 Apr 2014 20:13:54 +0200 Subject: [PATCH] Fix a potential ressource leak in function lastlog_openseek() Message-ID: <20140405201354.7d46cb64@spike> Calling function lastlog_perform_login(), that currently is the only user of lastlog_openseek(), assumes no need for ressource cleanup in case the function returns an error. However, lastlog_openseek() leaves the already allocated file descriptor in place in case the following lseek() fails. Reported by Coverity - CID 1191538. --- Compile tested, applies against github.com/mkj/dropbear.git --- loginrec.c | 1 + 1 file changed, 1 insertion(+) diff --git a/loginrec.c b/loginrec.c index d6ec75f..00bd2dc 100644 --- a/loginrec.c +++ b/loginrec.c @@ -1344,6 +1344,7 @@ lastlog_openseek(struct logininfo *li, int *fd, int filemode) offset = (off_t) ((long)li->uid * sizeof(struct lastlog)); if ( lseek(*fd, offset, SEEK_SET) != offset ) { + close(*fd); dropbear_log(LOG_WARNING, "lastlog_openseek: %s->lseek(): %s", lastlog_file, strerror(errno)); return 0; -- 1.8.3.2 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: not available Url : http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/attachments/20140405/9ef30e77/attachment.sig From cengelma at gmx.at Sun Apr 6 03:51:25 2014 From: cengelma at gmx.at (Christian Engelmayer) Date: Sat, 5 Apr 2014 21:51:25 +0200 Subject: [PATCH] Fix a potential memory leak in function load_openssh_key() Message-ID: <20140405215125.0e35607d@spike> Fix a memory handling issue in the error path of function load_openssh_key(). When freeing the dynamically allocated struct openssh_key during cleanup, the pointer itself is memset instead of the pointed to struct memory. Thus the next instruction results in m_free(0). Reported by Coverity - CID 1191536. --- Compile tested, applies against github.com/mkj/dropbear.git --- keyimport.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/keyimport.c b/keyimport.c index 3da14ad..48cc1ba 100644 --- a/keyimport.c +++ b/keyimport.c @@ -474,7 +474,7 @@ static struct openssh_key *load_openssh_key(const char *filename) memset(ret->keyblob, 0, ret->keyblob_size); m_free(ret->keyblob); } - memset(&ret, 0, sizeof(ret)); + memset(ret, 0, sizeof(*ret)); m_free(ret); } if (fp) { -- 1.8.3.2 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: not available Url : http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/attachments/20140405/d6af2a5a/attachment.sig From loggiew at gmail.com Tue Apr 29 17:03:29 2014 From: loggiew at gmail.com (Logan Anderson) Date: Tue, 29 Apr 2014 05:03:29 -0400 Subject: Dropbear requiring passphrase Message-ID: Guys, I added drop bear to an initramfs I am building for PXE. No matter what I do, dropbear appears to require an ssh passphrase and I really don't know how to handle this. It doesn't ask me for a passphrase when I create the key. It appears to ask for the passphrase when I use ssh but it simply asks for a password when I use dbclient. What am I doing wrong? Any direction would be welcome. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/attachments/20140429/6a6d0ebb/attachment.htm From matt at ucc.asn.au Wed Apr 30 07:19:44 2014 From: matt at ucc.asn.au (Matt Johnston) Date: Wed, 30 Apr 2014 07:19:44 +0800 Subject: Dropbear requiring passphrase In-Reply-To: References: Message-ID: Hi, Dropbear has its own key format and doesn't support passphrases (encrypted keys). OpenSSH might be getting confused by the unknown format so asks for a passphrase, while dbclient just falls back to password authentication? dropbearconvert can convert the formats. Have a look at the Dropbear log /var/log/auth.log if you can, or run with "dropbear -F -E" interactively to log to stdout. In a boot script you should be able to run "dropbear -E" for just the logging to the console. Cheers, Matt On 29 April 2014 5:03:29 pm AWST, Logan Anderson wrote: >Guys, > >I added drop bear to an initramfs I am building for PXE. No matter what >I >do, dropbear appears to require an ssh passphrase and I really don't >know >how to handle this. It doesn't ask me for a passphrase when I create >the >key. > >It appears to ask for the passphrase when I use ssh but it simply asks >for >a password when I use dbclient. What am I doing wrong? > >Any direction would be welcome. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/attachments/20140430/73d29dbe/attachment.htm From loggiew at gmail.com Wed Apr 30 07:27:46 2014 From: loggiew at gmail.com (Logan Anderson) Date: Tue, 29 Apr 2014 19:27:46 -0400 Subject: Dropbear requiring passphrase In-Reply-To: References: Message-ID: That sounds highly accurate. Thanks for the info. I'll let you know tomorrow how it goes. Logan On Tue, Apr 29, 2014 at 7:19 PM, Matt Johnston wrote: > Hi, > > Dropbear has its own key format and doesn't support passphrases (encrypted > keys). OpenSSH might be getting confused by the unknown format so asks for > a passphrase, while dbclient just falls back to password authentication? > dropbearconvert can convert the formats. > > Have a look at the Dropbear log /var/log/auth.log if you can, or run with > "dropbear -F -E" interactively to log to stdout. In a boot script you > should be able to run "dropbear -E" for just the logging to the console. > > Cheers, > Matt > > > On 29 April 2014 5:03:29 pm AWST, Logan Anderson > wrote: >> >> Guys, >> >> I added drop bear to an initramfs I am building for PXE. No matter what I >> do, dropbear appears to require an ssh passphrase and I really don't know >> how to handle this. It doesn't ask me for a passphrase when I create the >> key. >> >> It appears to ask for the passphrase when I use ssh but it simply asks >> for a password when I use dbclient. What am I doing wrong? >> >> Any direction would be welcome. >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/attachments/20140429/9046f3a0/attachment.htm From loggiew at gmail.com Wed Apr 30 23:15:43 2014 From: loggiew at gmail.com (Logan Anderson) Date: Wed, 30 Apr 2014 11:15:43 -0400 Subject: Dropbear requiring passphrase In-Reply-To: References: Message-ID: SUCCESS! Login attempt for nonexistent user. I looked around and found the link below. http://comments.gmane.org/gmane.network.ssh.dropbear/1170 Ultimately, I had to include several libraries including some I believe were not mentioned on that list. Attaching results of `find /lib` to clarify the list. I know a lot of that isn't necessary for dropbear but it is my /lib none the less. It was also necessary for me to move /etc/passwd (and I happened to move /etc/shadow in case) and I needed to edit /etc/passwd to have root shell as /bin/sh instead of /bin/bash. I think that's relatively complete. It works now. dropbear -E -F was highly useful. I will be pairing down my /lib later. Thanks for the assistance, it is functional now. On Tue, Apr 29, 2014 at 7:27 PM, Logan Anderson wrote: > That sounds highly accurate. Thanks for the info. I'll let you know > tomorrow how it goes. > > Logan > > > On Tue, Apr 29, 2014 at 7:19 PM, Matt Johnston wrote: > >> Hi, >> >> Dropbear has its own key format and doesn't support passphrases >> (encrypted keys). OpenSSH might be getting confused by the unknown format >> so asks for a passphrase, while dbclient just falls back to password >> authentication? dropbearconvert can convert the formats. >> >> Have a look at the Dropbear log /var/log/auth.log if you can, or run with >> "dropbear -F -E" interactively to log to stdout. In a boot script you >> should be able to run "dropbear -E" for just the logging to the console. >> >> Cheers, >> Matt >> >> >> On 29 April 2014 5:03:29 pm AWST, Logan Anderson >> wrote: >>> >>> Guys, >>> >>> I added drop bear to an initramfs I am building for PXE. No matter what >>> I do, dropbear appears to require an ssh passphrase and I really don't know >>> how to handle this. It doesn't ask me for a passphrase when I create the >>> key. >>> >>> It appears to ask for the passphrase when I use ssh but it simply asks >>> for a password when I use dbclient. What am I doing wrong? >>> >>> Any direction would be welcome. >>> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/attachments/20140430/21ff1d9e/attachment.htm -------------- next part -------------- lib lib/udev lib/udev/rules.d lib/udev/rules.d/50-firmware.rules lib/udev/rules.d/60-persistent-storage-dm.rules lib/udev/rules.d/50-udev-default.rules lib/udev/rules.d/55-dm.rules lib/udev/rules.d/80-drivers.rules lib/udev/rules.d/95-udev-late.rules lib/udev/rules.d/60-persistent-storage.rules lib/udev/firmware lib/udev/ata_id lib/udev/scsi_id lib/udev/blkid lib/libgcc_s-4.6.3-20120306.so.1 lib/libmount.so.1.1.0 lib/libcrypt-2.14.90.so lib/libm.so.6 lib/libcidn.so.1 lib/firmware lib/firmware/3.2.0-58-virtual lib/firmware/3.2.0-58-virtual/qlogic lib/firmware/3.2.0-58-virtual/qlogic/1040.bin lib/firmware/3.2.0-58-virtual/qlogic/1280.bin lib/firmware/3.2.0-58-virtual/qlogic/12160.bin lib/libnss_myhostname.so.2 lib/libcryptsetup.so.1 lib/libfreebl3.chk lib/modules lib/modules/3.2.0-58-virtual lib/modules/3.2.0-58-virtual/modules.symbols lib/modules/3.2.0-58-virtual/modules.order lib/modules/3.2.0-58-virtual/modules.softdep lib/modules/3.2.0-58-virtual/modules.alias.bin lib/modules/3.2.0-58-virtual/modules.dep.bin lib/modules/3.2.0-58-virtual/modules.devname lib/modules/3.2.0-58-virtual/modules.symbols.bin lib/modules/3.2.0-58-virtual/modules.alias lib/modules/3.2.0-58-virtual/modules.dep lib/modules/3.2.0-58-virtual/kernel lib/modules/3.2.0-58-virtual/kernel/lib lib/modules/3.2.0-58-virtual/kernel/lib/crc-ccitt.ko lib/modules/3.2.0-58-virtual/kernel/lib/crc-itu-t.ko lib/modules/3.2.0-58-virtual/kernel/lib/libcrc32c.ko lib/modules/3.2.0-58-virtual/kernel/lib/zlib_deflate lib/modules/3.2.0-58-virtual/kernel/lib/zlib_deflate/zlib_deflate.ko lib/modules/3.2.0-58-virtual/kernel/fs lib/modules/3.2.0-58-virtual/kernel/fs/isofs lib/modules/3.2.0-58-virtual/kernel/fs/isofs/isofs.ko lib/modules/3.2.0-58-virtual/kernel/fs/btrfs lib/modules/3.2.0-58-virtual/kernel/fs/btrfs/btrfs.ko lib/modules/3.2.0-58-virtual/kernel/fs/configfs lib/modules/3.2.0-58-virtual/kernel/fs/configfs/configfs.ko lib/modules/3.2.0-58-virtual/kernel/fs/fscache lib/modules/3.2.0-58-virtual/kernel/fs/fscache/fscache.ko lib/modules/3.2.0-58-virtual/kernel/fs/nfs_common lib/modules/3.2.0-58-virtual/kernel/fs/nfs_common/nfs_acl.ko lib/modules/3.2.0-58-virtual/kernel/fs/fat lib/modules/3.2.0-58-virtual/kernel/fs/fat/vfat.ko lib/modules/3.2.0-58-virtual/kernel/fs/fat/fat.ko lib/modules/3.2.0-58-virtual/kernel/fs/nfs lib/modules/3.2.0-58-virtual/kernel/fs/nfs/nfs.ko lib/modules/3.2.0-58-virtual/kernel/fs/xfs lib/modules/3.2.0-58-virtual/kernel/fs/xfs/xfs.ko lib/modules/3.2.0-58-virtual/kernel/fs/nls lib/modules/3.2.0-58-virtual/kernel/fs/nls/nls_cp437.ko lib/modules/3.2.0-58-virtual/kernel/fs/nls/nls_iso8859-1.ko lib/modules/3.2.0-58-virtual/kernel/fs/ext2 lib/modules/3.2.0-58-virtual/kernel/fs/ext2/ext2.ko lib/modules/3.2.0-58-virtual/kernel/fs/lockd lib/modules/3.2.0-58-virtual/kernel/fs/lockd/lockd.ko lib/modules/3.2.0-58-virtual/kernel/fs/udf lib/modules/3.2.0-58-virtual/kernel/fs/udf/udf.ko lib/modules/3.2.0-58-virtual/kernel/drivers lib/modules/3.2.0-58-virtual/kernel/drivers/scsi lib/modules/3.2.0-58-virtual/kernel/drivers/scsi/scsi_tgt.ko lib/modules/3.2.0-58-virtual/kernel/drivers/scsi/libsas lib/modules/3.2.0-58-virtual/kernel/drivers/scsi/libsas/libsas.ko lib/modules/3.2.0-58-virtual/kernel/drivers/scsi/BusLogic.ko lib/modules/3.2.0-58-virtual/kernel/drivers/scsi/raid_class.ko lib/modules/3.2.0-58-virtual/kernel/drivers/scsi/osd lib/modules/3.2.0-58-virtual/kernel/drivers/scsi/osd/osd.ko lib/modules/3.2.0-58-virtual/kernel/drivers/scsi/osd/libosd.ko lib/modules/3.2.0-58-virtual/kernel/drivers/scsi/scsi_transport_sas.ko lib/modules/3.2.0-58-virtual/kernel/drivers/scsi/hv_storvsc.ko lib/modules/3.2.0-58-virtual/kernel/drivers/scsi/iscsi_tcp.ko lib/modules/3.2.0-58-virtual/kernel/drivers/scsi/scsi_transport_iscsi.ko lib/modules/3.2.0-58-virtual/kernel/drivers/scsi/scsi_transport_fc.ko lib/modules/3.2.0-58-virtual/kernel/drivers/scsi/libiscsi_tcp.ko lib/modules/3.2.0-58-virtual/kernel/drivers/scsi/scsi_wait_scan.ko lib/modules/3.2.0-58-virtual/kernel/drivers/scsi/qla1280.ko lib/modules/3.2.0-58-virtual/kernel/drivers/scsi/libiscsi.ko lib/modules/3.2.0-58-virtual/kernel/drivers/scsi/vmw_pvscsi.ko lib/modules/3.2.0-58-virtual/kernel/drivers/message lib/modules/3.2.0-58-virtual/kernel/drivers/message/fusion lib/modules/3.2.0-58-virtual/kernel/drivers/message/fusion/mptspi.ko lib/modules/3.2.0-58-virtual/kernel/drivers/message/fusion/mptsas.ko lib/modules/3.2.0-58-virtual/kernel/drivers/message/fusion/mptbase.ko lib/modules/3.2.0-58-virtual/kernel/drivers/message/fusion/mptfc.ko lib/modules/3.2.0-58-virtual/kernel/drivers/message/fusion/mptscsih.ko lib/modules/3.2.0-58-virtual/kernel/drivers/usb lib/modules/3.2.0-58-virtual/kernel/drivers/usb/storage lib/modules/3.2.0-58-virtual/kernel/drivers/usb/storage/usb-storage.ko lib/modules/3.2.0-58-virtual/kernel/drivers/block lib/modules/3.2.0-58-virtual/kernel/drivers/block/rbd.ko lib/modules/3.2.0-58-virtual/kernel/drivers/block/floppy.ko lib/modules/3.2.0-58-virtual/kernel/drivers/block/cryptoloop.ko lib/modules/3.2.0-58-virtual/kernel/drivers/block/nbd.ko lib/modules/3.2.0-58-virtual/kernel/drivers/hv lib/modules/3.2.0-58-virtual/kernel/drivers/hv/hv_utils.ko lib/modules/3.2.0-58-virtual/kernel/drivers/hv/hv_vmbus.ko lib/modules/3.2.0-58-virtual/kernel/drivers/net lib/modules/3.2.0-58-virtual/kernel/drivers/net/ethernet lib/modules/3.2.0-58-virtual/kernel/drivers/net/ethernet/dec lib/modules/3.2.0-58-virtual/kernel/drivers/net/ethernet/dec/tulip lib/modules/3.2.0-58-virtual/kernel/drivers/net/ethernet/dec/tulip/de4x5.ko lib/modules/3.2.0-58-virtual/kernel/drivers/net/ethernet/dec/tulip/tulip.ko lib/modules/3.2.0-58-virtual/kernel/drivers/net/ethernet/dec/tulip/xircom_cb.ko lib/modules/3.2.0-58-virtual/kernel/drivers/net/ethernet/dec/tulip/de2104x.ko lib/modules/3.2.0-58-virtual/kernel/drivers/net/ethernet/dec/tulip/winbond-840.ko lib/modules/3.2.0-58-virtual/kernel/drivers/net/ethernet/dec/tulip/uli526x.ko lib/modules/3.2.0-58-virtual/kernel/drivers/net/ethernet/dec/tulip/dmfe.ko lib/modules/3.2.0-58-virtual/kernel/drivers/net/ethernet/amd lib/modules/3.2.0-58-virtual/kernel/drivers/net/ethernet/amd/pcnet32.ko lib/modules/3.2.0-58-virtual/kernel/drivers/net/ethernet/intel lib/modules/3.2.0-58-virtual/kernel/drivers/net/ethernet/intel/ixgbevf lib/modules/3.2.0-58-virtual/kernel/drivers/net/ethernet/intel/ixgbevf/ixgbevf.ko lib/modules/3.2.0-58-virtual/kernel/drivers/net/ethernet/intel/igbvf lib/modules/3.2.0-58-virtual/kernel/drivers/net/ethernet/intel/igbvf/igbvf.ko lib/modules/3.2.0-58-virtual/kernel/drivers/net/ethernet/intel/e1000 lib/modules/3.2.0-58-virtual/kernel/drivers/net/ethernet/intel/e1000/e1000.ko lib/modules/3.2.0-58-virtual/kernel/drivers/net/ethernet/intel/e1000e lib/modules/3.2.0-58-virtual/kernel/drivers/net/ethernet/intel/e1000e/e1000e.ko lib/modules/3.2.0-58-virtual/kernel/drivers/net/ethernet/realtek lib/modules/3.2.0-58-virtual/kernel/drivers/net/ethernet/realtek/8139cp.ko lib/modules/3.2.0-58-virtual/kernel/drivers/net/ethernet/realtek/8139too.ko lib/modules/3.2.0-58-virtual/kernel/drivers/net/ethernet/8390 lib/modules/3.2.0-58-virtual/kernel/drivers/net/ethernet/8390/ne2k-pci.ko lib/modules/3.2.0-58-virtual/kernel/drivers/net/ethernet/8390/8390.ko lib/modules/3.2.0-58-virtual/kernel/drivers/net/macvtap.ko lib/modules/3.2.0-58-virtual/kernel/drivers/net/ifb.ko lib/modules/3.2.0-58-virtual/kernel/drivers/net/xen-netback lib/modules/3.2.0-58-virtual/kernel/drivers/net/xen-netback/xen-netback.ko lib/modules/3.2.0-58-virtual/kernel/drivers/net/eql.ko lib/modules/3.2.0-58-virtual/kernel/drivers/net/veth.ko lib/modules/3.2.0-58-virtual/kernel/drivers/net/macvlan.ko lib/modules/3.2.0-58-virtual/kernel/drivers/net/hyperv lib/modules/3.2.0-58-virtual/kernel/drivers/net/hyperv/hv_netvsc.ko lib/modules/3.2.0-58-virtual/kernel/drivers/net/netconsole.ko lib/modules/3.2.0-58-virtual/kernel/drivers/net/dummy.ko lib/modules/3.2.0-58-virtual/kernel/drivers/net/vmxnet3 lib/modules/3.2.0-58-virtual/kernel/drivers/net/vmxnet3/vmxnet3.ko lib/modules/3.2.0-58-virtual/kernel/drivers/net/slip lib/modules/3.2.0-58-virtual/kernel/drivers/net/slip/slip.ko lib/modules/3.2.0-58-virtual/kernel/drivers/net/ppp lib/modules/3.2.0-58-virtual/kernel/drivers/net/ppp/pppoe.ko lib/modules/3.2.0-58-virtual/kernel/drivers/net/ppp/pptp.ko lib/modules/3.2.0-58-virtual/kernel/drivers/net/ppp/ppp_async.ko lib/modules/3.2.0-58-virtual/kernel/drivers/net/ppp/ppp_mppe.ko lib/modules/3.2.0-58-virtual/kernel/drivers/net/ppp/bsd_comp.ko lib/modules/3.2.0-58-virtual/kernel/drivers/net/ppp/ppp_deflate.ko lib/modules/3.2.0-58-virtual/kernel/drivers/net/ppp/ppp_synctty.ko lib/modules/3.2.0-58-virtual/kernel/drivers/net/ppp/pppox.ko lib/modules/3.2.0-58-virtual/kernel/net lib/modules/3.2.0-58-virtual/kernel/net/ceph lib/modules/3.2.0-58-virtual/kernel/net/ceph/libceph.ko lib/modules/3.2.0-58-virtual/kernel/net/ipv4 lib/modules/3.2.0-58-virtual/kernel/net/ipv4/gre.ko lib/modules/3.2.0-58-virtual/kernel/net/sunrpc lib/modules/3.2.0-58-virtual/kernel/net/sunrpc/sunrpc.ko lib/modules/3.2.0-58-virtual/kernel/net/sunrpc/auth_gss lib/modules/3.2.0-58-virtual/kernel/net/sunrpc/auth_gss/auth_rpcgss.ko lib/modules/2.6.34.14 lib/modules/2.6.34.14/modules.usbmap lib/modules/2.6.34.14/modules.order lib/modules/2.6.34.14/modules.softdep lib/modules/2.6.34.14/modules.ofmap lib/modules/2.6.34.14/modules.devname lib/modules/2.6.34.14/modules.symbols.bin lib/modules/2.6.34.14/modules.ccwmap lib/modules/2.6.34.14/modules.builtin lib/modules/2.6.34.14/modules.dep lib/modules/2.6.34.14/kernel lib/modules/2.6.34.14/kernel/drivers lib/modules/2.6.34.14/kernel/drivers/leds lib/modules/2.6.34.14/kernel/drivers/leds/leds-lp3944.ko lib/modules/2.6.34.14/kernel/drivers/leds/ledtrig-heartbeat.ko lib/modules/2.6.34.14/kernel/drivers/leds/leds-clevo-mail.ko lib/modules/2.6.34.14/kernel/drivers/leds/ledtrig-default-on.ko lib/modules/2.6.34.14/kernel/drivers/leds/ledtrig-timer.ko lib/modules/2.6.34.14/kernel/drivers/leds/dell-led.ko lib/modules/2.6.34.14/kernel/drivers/leds/leds-ss4200.ko lib/modules/2.6.34.14/kernel/drivers/leds/ledtrig-backlight.ko lib/modules/2.6.34.14/kernel/drivers/uwb lib/modules/2.6.34.14/kernel/drivers/uwb/whci.ko lib/modules/2.6.34.14/kernel/drivers/uwb/hwa-rc.ko lib/modules/2.6.34.14/kernel/drivers/uwb/whc-rc.ko lib/modules/2.6.34.14/kernel/drivers/uwb/umc.ko lib/modules/2.6.34.14/kernel/drivers/message lib/modules/2.6.34.14/kernel/drivers/message/fusion lib/modules/2.6.34.14/kernel/drivers/message/fusion/mptspi.ko lib/modules/2.6.34.14/kernel/drivers/message/fusion/mptsas.ko lib/modules/2.6.34.14/kernel/drivers/message/fusion/mptbase.ko lib/modules/2.6.34.14/kernel/drivers/message/fusion/mptctl.ko lib/modules/2.6.34.14/kernel/drivers/message/fusion/mptfc.ko lib/modules/2.6.34.14/kernel/drivers/message/fusion/mptscsih.ko lib/modules/2.6.34.14/kernel/drivers/pps lib/modules/2.6.34.14/kernel/drivers/pps/clients lib/modules/2.6.34.14/kernel/drivers/pps/clients/pps-ldisc.ko lib/modules/2.6.34.14/kernel/drivers/pps/pps_core.ko lib/modules/2.6.34.14/kernel/drivers/mfd lib/modules/2.6.34.14/kernel/drivers/mfd/sm501.ko lib/modules/2.6.34.14/kernel/drivers/atm lib/modules/2.6.34.14/kernel/drivers/atm/he.ko lib/modules/2.6.34.14/kernel/drivers/atm/solos-pci.ko lib/modules/2.6.34.14/kernel/drivers/atm/suni.ko lib/modules/2.6.34.14/kernel/drivers/atm/firestream.ko lib/modules/2.6.34.14/kernel/drivers/atm/eni.ko lib/modules/2.6.34.14/kernel/drivers/atm/atmtcp.ko lib/modules/2.6.34.14/kernel/drivers/cpufreq lib/modules/2.6.34.14/kernel/drivers/cpufreq/cpufreq_stats.ko lib/modules/2.6.34.14/kernel/drivers/block lib/modules/2.6.34.14/kernel/drivers/block/sx8.ko lib/modules/2.6.34.14/kernel/drivers/block/osdblk.ko lib/modules/2.6.34.14/kernel/drivers/ata lib/modules/2.6.34.14/kernel/drivers/ata/sata_svw.ko lib/modules/2.6.34.14/kernel/drivers/ata/sata_sil24.ko lib/modules/2.6.34.14/kernel/drivers/crypto lib/modules/2.6.34.14/kernel/drivers/crypto/padlock-aes.ko lib/modules/2.6.34.14/kernel/drivers/crypto/padlock-sha.ko lib/libcap.so.2 lib/libnss_ldap.so.2 lib/libfreebl3.so lib/libnss_files-2.14.90.so lib/libnss_compat-2.14.90.so lib/libnss_db-2.14.90.so lib/libnss_nisplus-2.14.90.so lib/libnss_db.so.2 lib/libcryptsetup.so.1.2.0 lib/libnss_hesiod.so.2 lib/libfuse.so.2 lib/libnss_compat.so.2 lib/klibc-bhN-zLH5wUTKSCGch2ba2xqTtLE.so lib/libmount.so.1 lib/libnss_dns-2.14.90.so lib/libutil-2.14.90.so lib/libz.so.1.2.5 lib/libcgroup.so.1 lib/libcap.so.2.22 lib/libcrypt.so.1 lib/libcom_err.so.2 lib/libcgroup.so.1.0.37 lib/libnspr4.so lib/libdevmapper.so.1.02.1 lib/libgcc_s.so.1 lib/libnsl-2.14.90.so lib/libc-2.14.90.so lib/libcom_err.so.2.1 lib/libcrypto.so.1.0.0j lib/libcap-ng.so.0.0.0 lib/libnss_dns.so.2 lib/ld-linux-x86-64.so.2 lib/libnss_nis.so.2 lib/libnss_wins.so.2 lib/libnss_files.so.2 lib/libnss_nis-2.14.90.so lib/libnss_hesiod-2.14.90.so lib/libcrypto.so.10 lib/libcidn-2.14.90.so lib/libutil.so.1 lib/libcap-ng.so.0 lib/x86_64-linux-gnu lib/x86_64-linux-gnu/libext2fs.so.2 lib/x86_64-linux-gnu/libudev.so.0 lib/x86_64-linux-gnu/libe2p.so.2 lib/x86_64-linux-gnu/libblkid.so.1 lib/x86_64-linux-gnu/libdl.so.2 lib/x86_64-linux-gnu/libselinux.so.1 lib/x86_64-linux-gnu/libcom_err.so.2 lib/x86_64-linux-gnu/libntfs-3g.so.831 lib/x86_64-linux-gnu/libpthread.so.0 lib/x86_64-linux-gnu/libuuid.so.1 lib/x86_64-linux-gnu/librt.so.1 lib/x86_64-linux-gnu/libc.so.6 lib/libc.so.6 lib/libnss_winbind.so.2 lib/libm-2.14.90.so lib/libnss_nisplus.so.2 lib/libnsl.so.1 lib/libz.so.1 From ronny.meeus at gmail.com Mon May 19 14:20:27 2014 From: ronny.meeus at gmail.com (ronny.meeus at gmail.com) Date: Mon, 19 May 2014 08:20:27 +0200 Subject: [PATCH] Print errno information in write_packet Message-ID: <771015fdef13c2349bf7.1400480427@devws108> This patch put the error information into the log output to have a better view on the reason of a packet write failure. Signed-off-by: Ronny Meeus diff --git a/packet.c b/packet.c --- a/packet.c +++ b/packet.c @@ -90,7 +90,7 @@ void write_packet() { TRACE2(("leave write_packet: EINTR")) return; } else { - dropbear_exit("Error writing"); + dropbear_exit("Error writing %s", strerror(errno)); } } @@ -131,7 +131,7 @@ void write_packet() { TRACE2(("leave writepacket: EINTR")) return; } else { - dropbear_exit("Error writing"); + dropbear_exit("Error writing %s", strerror(errno)); } } all_ignore = (packet_type == SSH_MSG_IGNORE); From ronny.meeus at gmail.com Mon May 19 14:22:19 2014 From: ronny.meeus at gmail.com (ronny.meeus at gmail.com) Date: Mon, 19 May 2014 08:22:19 +0200 Subject: [PATCH] Limit size of the iovect passed to writev in packet.c Message-ID: <7a3c3328ef228c92d418.1400480539@devws108> The writev allows only a limited number of entries to be present in the iovector. This number depends on the OS. If more entries are passed, the writev operation fails and the connection is closed. This patch limits the size of the vector to the maximum number accepted by the OS. On some operating systems IOV_MAX is not defined, if this is the case UIO_MAXIOV is being used as the maximum value. In the problematic scenario the Linux box, running dropbear, has a slow uplink. If an ssh is done to the box and a command is executed that generates a lot of small fragments (for example a 'find .' in the root), a lot of small interactions are seen between dropbear and the shell process. The observation was that the amount of entries pending in the queue could go up to 7500. Since all entries present in the queue will be passed to writev an error will be returned since Linux only accepts 1024 entries to be present in the vector. The result is that the connection is being closed. Signed-off-by: Ronny Meeus diff --git a/packet.c b/packet.c --- a/packet.c +++ b/packet.c @@ -64,13 +64,24 @@ void write_packet() { struct iovec *iov = NULL; int i; struct Link *l; + int iov_max_count; #endif TRACE2(("enter write_packet")) dropbear_assert(!isempty(&ses.writequeue)); #ifdef HAVE_WRITEV - iov = m_malloc(sizeof(*iov) * ses.writequeue.count); + +#ifndef IOV_MAX +#define IOV_MAX UIO_MAXIOV +#endif + + /* Make sure the size of the iov is below the maximum allowed by the OS. */ + iov_max_count = ses.writequeue.count; + if (iov_max_count > IOV_MAX) + iov_max_count = IOV_MAX; + + iov = m_malloc(sizeof(*iov) * iov_max_count); for (l = ses.writequeue.head, i = 0; l; l = l->link, i++) { writebuf = (buffer*)l->item; @@ -83,7 +94,7 @@ void write_packet() { iov[i].iov_base = buf_getptr(writebuf, len); iov[i].iov_len = len; } - written = writev(ses.sock_out, iov, ses.writequeue.count); + written = writev(ses.sock_out, iov, iov_max_count); if (written < 0) { if (errno == EINTR) { m_free(iov); From matt at ucc.asn.au Tue May 20 21:23:30 2014 From: matt at ucc.asn.au (Matt Johnston) Date: Tue, 20 May 2014 21:23:30 +0800 Subject: [PATCH] Limit size of the iovect passed to writev in packet.c In-Reply-To: <7a3c3328ef228c92d418.1400480539@devws108> References: <7a3c3328ef228c92d418.1400480539@devws108> Message-ID: <20140520132330.GZ18884@ucc.gu.uwa.edu.au> Hi Ronny, Thanks for those patches, I've applied them. Definitely a nasty bug. Cheers, Matt On Mon, May 19, 2014 at 08:22:19AM +0200, ronny.meeus at gmail.com wrote: > The writev allows only a limited number of entries to be present in the > iovector. This number depends on the OS. If more entries are passed, the > writev operation fails and the connection is closed. > > This patch limits the size of the vector to the maximum number accepted > by the OS. On some operating systems IOV_MAX is not defined, if this is > the case UIO_MAXIOV is being used as the maximum value. > > In the problematic scenario the Linux box, running dropbear, has a slow > uplink. If an ssh is done to the box and a command is executed that > generates a lot of small fragments (for example a 'find .' in the root), > a lot of small interactions are seen between dropbear and the shell process. > The observation was that the amount of entries pending in the queue could > go up to 7500. Since all entries present in the queue will be passed to > writev an error will be returned since Linux only accepts 1024 entries to > be present in the vector. The result is that the connection is being closed. From pratiksingh86 at gmail.com Thu May 22 22:44:20 2014 From: pratiksingh86 at gmail.com (pratik singh) Date: Thu, 22 May 2014 20:14:20 +0530 Subject: SFTP Client support required for dropbear v0.48 Message-ID: Hi all, I am running the default dropbear (version 0.48) found in the uClinux-dist distribution with my microblaze as the processor. Currently it does not support sftp client. Please let me know how i can run the sftp client on this? Appreciate your reply. -- Thanks & Regards Pratik Singh -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/attachments/20140522/0946471b/attachment.htm From matt at ucc.asn.au Fri May 23 19:25:00 2014 From: matt at ucc.asn.au (Matt Johnston) Date: Fri, 23 May 2014 19:25:00 +0800 Subject: SFTP Client support required for dropbear v0.48 In-Reply-To: References: Message-ID: <20140523112500.GC18884@ucc.gu.uwa.edu.au> Hi, Dropbear doesn't come with a SFTP server. You might be able to build the OpenSSH sftp-server to use, have a look through the mailing list archives. Cheers, Matt On Thu, May 22, 2014 at 08:14:20PM +0530, pratik singh wrote: > Hi all, > > I am running the default dropbear (version 0.48) found in the > uClinux-dist distribution with my microblaze as the processor. > Currently it does not support sftp client. Please let me know how i > can run the sftp client on this? > > Appreciate your reply. > > > > -- > Thanks & Regards > Pratik Singh From pratiksingh86 at gmail.com Sat May 24 02:19:55 2014 From: pratiksingh86 at gmail.com (pratik singh) Date: Fri, 23 May 2014 23:49:55 +0530 Subject: SFTP Client support required for dropbear v0.48 In-Reply-To: <20140523112500.GC18884@ucc.gu.uwa.edu.au> References: <20140523112500.GC18884@ucc.gu.uwa.edu.au> Message-ID: Hi Matt, Thanks for the response. I think there is some misunderstanding. I want sftp-client support instead of sftp-server. It would be great if I can get any help for the same. Thanks Pratik On Fri, May 23, 2014 at 4:55 PM, Matt Johnston wrote: > Hi, > > Dropbear doesn't come with a SFTP server. You might be able > to build the OpenSSH sftp-server to use, have a look through > the mailing list archives. > > Cheers, > Matt > > On Thu, May 22, 2014 at 08:14:20PM +0530, pratik singh wrote: > > Hi all, > > > > I am running the default dropbear (version 0.48) found in the > > uClinux-dist distribution with my microblaze as the processor. > > Currently it does not support sftp client. Please let me know how i > > can run the sftp client on this? > > > > Appreciate your reply. > > > > > > > > -- > > Thanks & Regards > > Pratik Singh > -- Thanks & Regards Pratik Singh -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/attachments/20140523/1e9510c7/attachment.htm From matt at ucc.asn.au Sat May 24 09:30:17 2014 From: matt at ucc.asn.au (Matt Johnston) Date: Sat, 24 May 2014 09:30:17 +0800 Subject: SFTP Client support required for dropbear v0.48 In-Reply-To: References: <20140523112500.GC18884@ucc.gu.uwa.edu.au> Message-ID: <20140524013017.GD18884@ucc.gu.uwa.edu.au> Hi, sftp-client should be similar - once you have a working sftp binary you just run "sftp -S /path/to/dbclient" Cheers, Matt On Fri, May 23, 2014 at 11:49:55PM +0530, pratik singh wrote: > Hi Matt, > > Thanks for the response. > > I think there is some misunderstanding. I want sftp-client support instead > of sftp-server. It would be great if I can get any help for the same. > > Thanks > Pratik > > > On Fri, May 23, 2014 at 4:55 PM, Matt Johnston wrote: > > > Hi, > > > > Dropbear doesn't come with a SFTP server. You might be able > > to build the OpenSSH sftp-server to use, have a look through > > the mailing list archives. > > > > Cheers, > > Matt > > > > On Thu, May 22, 2014 at 08:14:20PM +0530, pratik singh wrote: > > > Hi all, > > > > > > I am running the default dropbear (version 0.48) found in the > > > uClinux-dist distribution with my microblaze as the processor. > > > Currently it does not support sftp client. Please let me know how i > > > can run the sftp client on this? > > > > > > Appreciate your reply. > > > > > > > > > > > > -- > > > Thanks & Regards > > > Pratik Singh > > > > > > -- > Thanks & Regards > Pratik Singh From Martin.Osterloh at dartmouth.edu Thu May 29 04:16:23 2014 From: Martin.Osterloh at dartmouth.edu (Martin Osterloh) Date: Wed, 28 May 2014 20:16:23 +0000 Subject: Dropbear and crypt() implementation Message-ID: <1401308183543.40629@dartmouth.edu> Hi All, I am in the process of porting dropbear to my own operating system (x86 64 architecture). So far, I am happy with the progress. However, I just discovered that svr-authpasswd.c uses crypt(). I am using newlib as a general C library. I am not being provided with crypt() unfortunately. Is there any general consensus what people do in this case? So far I am just returning "send_msg_userauth_success()" which is .... well not that great. Any input would be greatly appreciated! Thanks, --Martin -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/attachments/20140528/07ddc35e/attachment.htm From matt at ucc.asn.au Thu May 29 08:17:24 2014 From: matt at ucc.asn.au (Matt Johnston) Date: Thu, 29 May 2014 08:17:24 +0800 Subject: Dropbear and crypt() implementation In-Reply-To: <1401308183543.40629@dartmouth.edu> References: <1401308183543.40629@dartmouth.edu> Message-ID: <20140529001724.GH18884@ucc.gu.uwa.edu.au> Hi Martin, How does your operating system authenticate users? crypt() is kind of specific to how many unix-style systems store passwords in /etc/passwd or /etc/shadow. You could modify your svr-authpasswd.c to compare the hash of "password" with your stored hashed password, or something similar. Cheers, Matt On Wed, May 28, 2014 at 08:16:23PM +0000, Martin Osterloh wrote: > Hi All, > > > I am in the process of porting dropbear to my own operating system (x86 64 architecture). So far, I am happy with the progress. > > > However, I just discovered that svr-authpasswd.c uses crypt(). I am using newlib as a general C library. I am not being provided with crypt() unfortunately. Is there any general consensus what people do in this case? So far I am just returning "send_msg_userauth_success()" which is .... well not that great. > > > Any input would be greatly appreciated! > > > Thanks, > > --Martin > From pratiksingh86 at gmail.com Wed Jun 4 15:49:33 2014 From: pratiksingh86 at gmail.com (pratik singh) Date: Wed, 4 Jun 2014 13:19:33 +0530 Subject: Need SCP Client support with dropbear V0.48 Message-ID: Hi All, I am running the default dropbear (version 0.48) found in the uClinux-dist distribution with my microblaze as the processor. I want to use scp with dropbear. Please let me know how can i achieve this? Appreciate your reply. -- Thanks & Regards Pratik Singh -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/attachments/20140604/a3222e92/attachment.htm From matt at ucc.asn.au Wed Jun 4 21:46:13 2014 From: matt at ucc.asn.au (Matt Johnston) Date: Wed, 4 Jun 2014 21:46:13 +0800 Subject: Need SCP Client support with dropbear V0.48 In-Reply-To: References: Message-ID: <20140604134613.GR18884@ucc.gu.uwa.edu.au> On Wed, Jun 04, 2014 at 01:19:33PM +0530, pratik singh wrote: > Hi All, > > I am running the default dropbear (version 0.48) found in the > uClinux-dist distribution with my microblaze as the processor. I want > to use scp with dropbear. Please let me know how can i achieve this? You should be able to build scp as part of Dropbear with make PROGRAMS="dropbear dbclient scp" Cheers, Matt From pratiksingh86 at gmail.com Thu Jun 5 15:02:32 2014 From: pratiksingh86 at gmail.com (pratik singh) Date: Thu, 5 Jun 2014 12:32:32 +0530 Subject: Need SCP Client support with dropbear V0.48 In-Reply-To: <20140604134613.GR18884@ucc.gu.uwa.edu.au> References: <20140604134613.GR18884@ucc.gu.uwa.edu.au> Message-ID: Hi, Thanks for the reply. I tried with scp and its throwing the following error: # scp pratik at 11.201.24.36:/homes/pratik/test.txt . WARNING: Ignoring unknown argument '-x' WARNING: Ignoring unknown argument '-oForwardAgent no' WARNING: Ignoring unknown argument '-oPermitLocalCommand no' WARNING: Ignoring unknown argument '-oClearAllForwardings yes' /bin/dbclient: Warning: failed creating ~/.ssh: Read-only file system Host '11.201.24.36 ' is not in the trusted hosts file. (fingerprint md5 aa:c4:3e:32:ac:42:5b:21:0e:86:7d:b2:21:db:fb:1c) Do you want to continue connecting? (y/n) y Password: /bin/dbclient: connection to pratik@ 11.201.24.36 exited: remote closed the connection Could you please help me out regarding this. Appreciate your reply. Thanks Pratik On Wed, Jun 4, 2014 at 7:16 PM, Matt Johnston wrote: > On Wed, Jun 04, 2014 at 01:19:33PM +0530, pratik singh wrote: > > Hi All, > > > > I am running the default dropbear (version 0.48) found in the > > uClinux-dist distribution with my microblaze as the processor. I want > > to use scp with dropbear. Please let me know how can i achieve this? > > You should be able to build scp as part of Dropbear with > > make PROGRAMS="dropbear dbclient scp" > > Cheers, > Matt > -- Thanks & Regards Pratik Singh -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/attachments/20140605/ecf73c71/attachment.htm From pratiksingh86 at gmail.com Thu Jun 5 18:34:28 2014 From: pratiksingh86 at gmail.com (pratik singh) Date: Thu, 5 Jun 2014 16:04:28 +0530 Subject: Need SCP Client support with dropbear V0.48 In-Reply-To: References: <20140604134613.GR18884@ucc.gu.uwa.edu.au> Message-ID: Hi, I have changed the path to create ".ssh" and now its created successfully but while doing scp I am getting the following error: # scp pratik at 11.201.24.36:/homes/pratik/test.txt . Host ' 11.201.24.36 ' is not in the trusted hosts file. (fingerprint md5 aa:c4:3e:32:ac:42:5b:21:0e:86:7d:b2:21:db:fb:1c) Do you want to continue connecting? (y/n) y /bin/dbclient: connection to pratik at 11.201.24.36 :22 exited: error writing Please share your inputs. Thanks Pratik On Thu, Jun 5, 2014 at 12:32 PM, pratik singh wrote: > Hi, > > Thanks for the reply. > > I tried with scp and its throwing the following error: > > # scp pratik at 11.201.24.36:/homes/pratik/test.txt > . > > WARNING: Ignoring unknown argument '-x' > > WARNING: Ignoring unknown argument '-oForwardAgent no' > > WARNING: Ignoring unknown argument '-oPermitLocalCommand no' > > WARNING: Ignoring unknown argument '-oClearAllForwardings yes' > > /bin/dbclient: Warning: failed creating ~/.ssh: Read-only file system > > > > Host '11.201.24.36 > ' is not in > the trusted hosts file. > > (fingerprint md5 aa:c4:3e:32:ac:42:5b:21:0e:86:7d:b2:21:db:fb:1c) > > Do you want to continue connecting? (y/n) > > y > > Password: > /bin/dbclient: connection to pratik@ > 11.201.24.36 > exited: > remote closed the connection > > Could you please help me out regarding this. Appreciate your reply. > > Thanks > Pratik > > > On Wed, Jun 4, 2014 at 7:16 PM, Matt Johnston wrote: > >> On Wed, Jun 04, 2014 at 01:19:33PM +0530, pratik singh wrote: >> > Hi All, >> > >> > I am running the default dropbear (version 0.48) found in the >> > uClinux-dist distribution with my microblaze as the processor. I want >> > to use scp with dropbear. Please let me know how can i achieve this? >> >> You should be able to build scp as part of Dropbear with >> >> make PROGRAMS="dropbear dbclient scp" >> >> Cheers, >> Matt >> > > > > -- > Thanks & Regards > Pratik Singh > -- Thanks & Regards Pratik Singh -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/attachments/20140605/0dff50b6/attachment.htm From pratiksingh86 at gmail.com Sat Jun 7 18:47:20 2014 From: pratiksingh86 at gmail.com (pratik singh) Date: Sat, 7 Jun 2014 16:17:20 +0530 Subject: Need SCP Client support with dropbear V0.48 In-Reply-To: References: <20140604134613.GR18884@ucc.gu.uwa.edu.au> Message-ID: Hi, While doing SCP I am getting the follwoing write error: # scp pratik at 11.201.24.36:/homes/pratik/test.txt . Host ' 11.201.24.36>' is not in the trusted hosts file. (fingerprint md5 aa:c4:3e:32:ac:42:5b:21:0e:86:7d:b2:21:db:fb:1c) Do you want to continue connecting? (y/n) y /bin/dbclient: connection to pratik at 11.201.24.36:22 exited: error writing I am not sure why this error is coming. Request you to help me out regarding this issue. Appreciate your reply. Thanks Pratik On Thu, Jun 5, 2014 at 4:04 PM, pratik singh wrote: > Hi, > > I have changed the path to create ".ssh" and now its created successfully > but while doing scp I am getting the following error: > > > # scp pratik at 11.201.24.36:/homes/pratik/test.txt > . > > Host ' 11.201.24.36 > ' is not in > the trusted hosts file. > > (fingerprint md5 aa:c4:3e:32:ac:42:5b:21:0e:86:7d:b2:21:db:fb:1c) > > Do you want to continue connecting? (y/n) > > y > > /bin/dbclient: connection to > pratik at 11.201.24.36 > :22 exited: > error writing > > > Please share your inputs. > > Thanks > > Pratik > > > > On Thu, Jun 5, 2014 at 12:32 PM, pratik singh > wrote: > >> Hi, >> >> Thanks for the reply. >> >> I tried with scp and its throwing the following error: >> >> # scp pratik at 11.201.24.36:/homes/pratik/test.txt >> . >> >> WARNING: Ignoring unknown argument '-x' >> >> WARNING: Ignoring unknown argument '-oForwardAgent no' >> >> WARNING: Ignoring unknown argument '-oPermitLocalCommand no' >> >> WARNING: Ignoring unknown argument '-oClearAllForwardings yes' >> >> /bin/dbclient: Warning: failed creating ~/.ssh: Read-only file system >> >> >> >> Host '11.201.24.36 >> ' is not in >> the trusted hosts file. >> >> (fingerprint md5 aa:c4:3e:32:ac:42:5b:21:0e:86:7d:b2:21:db:fb:1c) >> >> Do you want to continue connecting? (y/n) >> >> y >> >> Password: >> /bin/dbclient: connection to pratik@ >> 11.201.24.36 >> exited: >> remote closed the connection >> >> Could you please help me out regarding this. Appreciate your reply. >> >> Thanks >> Pratik >> >> >> On Wed, Jun 4, 2014 at 7:16 PM, Matt Johnston wrote: >> >>> On Wed, Jun 04, 2014 at 01:19:33PM +0530, pratik singh wrote: >>> > Hi All, >>> > >>> > I am running the default dropbear (version 0.48) found in the >>> > uClinux-dist distribution with my microblaze as the processor. I want >>> > to use scp with dropbear. Please let me know how can i achieve this? >>> >>> You should be able to build scp as part of Dropbear with >>> >>> make PROGRAMS="dropbear dbclient scp" >>> >>> Cheers, >>> Matt >>> >> >> >> >> -- >> Thanks & Regards >> Pratik Singh >> > > > > -- > Thanks & Regards > Pratik Singh > -- Thanks & Regards Pratik Singh -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/attachments/20140607/73ec9e0e/attachment.htm From roytam at gmail.com Sat Jun 7 18:53:48 2014 From: roytam at gmail.com (Roy Tam) Date: Sat, 7 Jun 2014 18:53:48 +0800 Subject: Need SCP Client support with dropbear V0.48 In-Reply-To: References: <20140604134613.GR18884@ucc.gu.uwa.edu.au> Message-ID: 2014-06-07 18:47 GMT+08:00 pratik singh : > Hi, > > While doing SCP I am getting the follwoing write error: > > > # scp pratik at 11.201.24.36:/homes/pratik/test.txt . > > Host ' 11.201.24.36>' is not in the trusted hosts > file. > > (fingerprint md5 aa:c4:3e:32:ac:42:5b:21:0e:86:7d:b2:21:db:fb:1c) > > Do you want to continue connecting? (y/n) > > y > > /bin/dbclient: connection to pratik at 11.201.24.36:22 exited: error writing > > I am not sure why this error is coming. Request you to help me out regarding > this issue. Appreciate your reply. > Did you tried latest version, 2014.63? Some issues are fixed in later versions. From Tim.Broberg at servicenow.com Sun Jun 8 14:20:33 2014 From: Tim.Broberg at servicenow.com (Tim Broberg) Date: Sun, 8 Jun 2014 06:20:33 +0000 Subject: Need SCP Client support with dropbear V0.48 In-Reply-To: Message-ID: Does pratik have write permission in the /bin directory on 11.201.24.36? Usually, you need elevated privileges to write to /bin. Does scp to your home directory work? If so, it's a general *nix issue you're facing, not scp. - Tim. From: pratik singh > Date: Saturday, June 7, 2014 3:47 AM To: "dropbear at ucc.asn.au" > Subject: Re: Need SCP Client support with dropbear V0.48 Hi, While doing SCP I am getting the follwoing write error: # scp pratik at 11.201.24.36:/homes/pratik/test.txt . Host ' >11.201.24.36>' is not in the trusted hosts file. (fingerprint md5 aa:c4:3e:32:ac:42:5b:21:0e:86:7d:b2:21:db:fb:1c) Do you want to continue connecting? (y/n) y /bin/dbclient: connection to pratik at 11.201.24.36:22 exited: error writing I am not sure why this error is coming. Request you to help me out regarding this issue. Appreciate your reply. Thanks Pratik On Thu, Jun 5, 2014 at 4:04 PM, pratik singh > wrote: Hi, I have changed the path to create ".ssh" and now its created successfully but while doing scp I am getting the following error: # scp pratik at 11.201.24.36:/homes/pratik/test.txt . Host '11.201.24.36' is not in the trusted hosts file. (fingerprint md5 aa:c4:3e:32:ac:42:5b:21:0e:86:7d:b2:21:db:fb:1c) Do you want to continue connecting? (y/n) y /bin/dbclient: connection to pratik at 11.201.24.36:22 exited: error writing Please share your inputs. Thanks Pratik On Thu, Jun 5, 2014 at 12:32 PM, pratik singh > wrote: Hi, Thanks for the reply. I tried with scp and its throwing the following error: # scp pratik at 11.201.24.36:/homes/pratik/test.txt . WARNING: Ignoring unknown argument '-x' WARNING: Ignoring unknown argument '-oForwardAgent no' WARNING: Ignoring unknown argument '-oPermitLocalCommand no' WARNING: Ignoring unknown argument '-oClearAllForwardings yes' /bin/dbclient: Warning: failed creating ~/.ssh: Read-only file system Host '11.201.24.36' is not in the trusted hosts file. (fingerprint md5 aa:c4:3e:32:ac:42:5b:21:0e:86:7d:b2:21:db:fb:1c) Do you want to continue connecting? (y/n) y Password: /bin/dbclient: connection to pratik@11.201.24.36 exited: remote closed the connection Could you please help me out regarding this. Appreciate your reply. Thanks Pratik On Wed, Jun 4, 2014 at 7:16 PM, Matt Johnston > wrote: On Wed, Jun 04, 2014 at 01:19:33PM +0530, pratik singh wrote: > Hi All, > > I am running the default dropbear (version 0.48) found in the > uClinux-dist distribution with my microblaze as the processor. I want > to use scp with dropbear. Please let me know how can i achieve this? You should be able to build scp as part of Dropbear with make PROGRAMS="dropbear dbclient scp" Cheers, Matt -- Thanks & Regards Pratik Singh -- Thanks & Regards Pratik Singh -- Thanks & Regards Pratik Singh -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/attachments/20140608/9da4b876/attachment.htm From pratiksingh86 at gmail.com Sun Jun 8 21:44:05 2014 From: pratiksingh86 at gmail.com (pratik singh) Date: Sun, 8 Jun 2014 19:14:05 +0530 Subject: Need SCP Client support with dropbear V0.48 In-Reply-To: References: Message-ID: Hi Tim, I am not writing to /bin directory. I am facing this issue even when I am copying the file to my home directory. "dbclient" is placed at /bin. Its throwing error in: File: packet.c Function: write_packet () --> value of "written" is <0 On Sun, Jun 8, 2014 at 11:50 AM, Tim Broberg wrote: > Does pratik have write permission in the /bin directory on 11.201.24.36? > > Usually, you need elevated privileges to write to /bin. > > Does scp to your home directory work? If so, it's a general *nix issue > you're facing, not scp. > > - Tim. > > From: pratik singh > Date: Saturday, June 7, 2014 3:47 AM > To: "dropbear at ucc.asn.au" > Subject: Re: Need SCP Client support with dropbear V0.48 > > Hi, > > While doing SCP I am getting the follwoing write error: > > > # scp pratik at 11.201.24.36:/homes/pratik/test.txt . > > Host ' >11.201.24.36>' is not in the trusted hosts file. > > (fingerprint md5 aa:c4:3e:32:ac:42:5b:21:0e:86:7d:b2:21:db:fb:1c) > > Do you want to continue connecting? (y/n) > > y > > /bin/dbclient: connection to pratik at 11.201.24.36:22 exited: error writing > > I am not sure why this error is coming. Request you to help me out regarding this issue. Appreciate your reply. > > Thanks > Pratik > > > > On Thu, Jun 5, 2014 at 4:04 PM, pratik singh > wrote: > >> Hi, >> >> I have changed the path to create ".ssh" and now its created >> successfully but while doing scp I am getting the following error: >> >> >> # scp pratik at 11.201.24.36:/homes/pratik/test.txt >> . >> >> Host ' 11.201.24.36 >> ' is not in >> the trusted hosts file. >> >> (fingerprint md5 aa:c4:3e:32:ac:42:5b:21:0e:86:7d:b2:21:db:fb:1c) >> >> Do you want to continue connecting? (y/n) >> >> y >> >> /bin/dbclient: connection to >> pratik at 11.201.24.36 >> :22 exited: >> error writing >> >> >> Please share your inputs. >> >> Thanks >> >> Pratik >> >> >> >> On Thu, Jun 5, 2014 at 12:32 PM, pratik singh >> wrote: >> >>> Hi, >>> >>> Thanks for the reply. >>> >>> I tried with scp and its throwing the following error: >>> >>> # scp pratik at 11.201.24.36:/homes/pratik/test.txt >>> . >>> >>> WARNING: Ignoring unknown argument '-x' >>> >>> WARNING: Ignoring unknown argument '-oForwardAgent no' >>> >>> WARNING: Ignoring unknown argument '-oPermitLocalCommand no' >>> >>> WARNING: Ignoring unknown argument '-oClearAllForwardings yes' >>> >>> /bin/dbclient: Warning: failed creating ~/.ssh: Read-only file system >>> >>> >>> >>> Host '11.201.24.36 >>> ' is not in >>> the trusted hosts file. >>> >>> (fingerprint md5 aa:c4:3e:32:ac:42:5b:21:0e:86:7d:b2:21:db:fb:1c) >>> >>> Do you want to continue connecting? (y/n) >>> >>> y >>> >>> Password: >>> /bin/dbclient: connection to pratik@ >>> 11.201.24.36 >>> exited: >>> remote closed the connection >>> >>> Could you please help me out regarding this. Appreciate your reply. >>> >>> Thanks >>> Pratik >>> >>> >>> On Wed, Jun 4, 2014 at 7:16 PM, Matt Johnston wrote: >>> >>>> On Wed, Jun 04, 2014 at 01:19:33PM +0530, pratik singh wrote: >>>> > Hi All, >>>> > >>>> > I am running the default dropbear (version 0.48) found in the >>>> > uClinux-dist distribution with my microblaze as the processor. I want >>>> > to use scp with dropbear. Please let me know how can i achieve this? >>>> >>>> You should be able to build scp as part of Dropbear with >>>> >>>> make PROGRAMS="dropbear dbclient scp" >>>> >>>> Cheers, >>>> Matt >>>> >>> >>> >>> >>> -- >>> Thanks & Regards >>> Pratik Singh >>> >> >> >> >> -- >> Thanks & Regards >> Pratik Singh >> > > > > -- > Thanks & Regards > Pratik Singh > -- Thanks & Regards Pratik Singh -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/attachments/20140608/eeb8046e/attachment-0001.htm From utkarshredefined at gmail.com Wed Jun 11 20:03:28 2014 From: utkarshredefined at gmail.com (Utkarsh Kumar) Date: Wed, 11 Jun 2014 17:33:28 +0530 Subject: SSH problem with dropbear on microblaze Message-ID: Hi, I am using the default dropbear version 0.48 with uClinux-dist distribution on microblaze processor. While trying to ssh its taking 60 seconds per session i.e. if only one ssh session is opened it takes 60 seconds to connect but if 2 sessions are opened simultaneously, it takes 120 seconds for the 2nd session. same way for n session it take n*60 seconds for the nth session to connect. Request you to help me achieve the followings: 1. How to reduce the time to connect ssh (currently its taking 60 seconds) 2. How to reduce the time for the subsequent sessions, if opened simultaneously. Please find the logs below: #ssh -v 10.213.12.11 OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to 10.213.12.11 [10.213.12.11] port 22. debug1: Connection established. debug1: identity file /homes/utkarsh/.ssh/identity type -1 debug1: identity file /homes/utkarsh/.ssh/id_rsa type -1 debug1: identity file /homes/utkarsh/.ssh/id_dsa type -1 debug1: loaded 3 keys debug1: Remote protocol version 2.0, remote software version dropbear_0.48 debug1: no match: dropbear_0.48 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_4.3 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-cbc hmac-md5 none debug1: kex: client->server aes128-cbc hmac-md5 none debug1: sending SSH2_MSG_KEXDH_INIT debug1: expecting SSH2_MSG_KEXDH_REPLY *============================ long pause here... about 40+ seconds==============* debug1: Host '10.213.12.11' is known and matches the DSA host key. debug1: Found key in /homes/utkarsh/.ssh/known_hosts:5 debug1: ssh_dss_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentication succeeded (none). debug1: channel 0: new [client-session] debug1: Entering interactive session. debug1: Sending environment. debug1: Sending env LANG = en_US.UTF-8 Appreciate you reply. Thanks Utkarsh -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/attachments/20140611/518c444f/attachment.htm From fredrik at fornwall.net Mon Jun 16 18:24:23 2014 From: fredrik at fornwall.net (Fredrik Fornwall) Date: Mon, 16 Jun 2014 12:24:23 +0200 Subject: [PATCH] Replace obsolete S_IWRITE with S_IWUSR in scp.c Message-ID: S_IWRITE is obsolete and should, judging from the same change in other projects, be safe to replace with S_IWUSR. This fixes compilation on Android. -------------- next part -------------- diff -r 68723d66dec6 scp.c --- a/scp.c Tue May 20 21:21:02 2014 +0800 +++ b/scp.c Mon Jun 16 12:21:59 2014 +0200 @@ -992,7 +992,7 @@ continue; } omode = mode; - mode |= S_IWRITE; + mode |= S_IWUSR; if ((ofd = open(np, O_WRONLY|O_CREAT, mode)) < 0) { bad: run_err("%s: %s", np, strerror(errno)); continue; From meisterlei at googlemail.com Thu Jun 19 18:10:53 2014 From: meisterlei at googlemail.com (Jens Viisauksena) Date: Thu, 19 Jun 2014 12:10:53 +0200 Subject: dropbear -etcpasswd option Message-ID: <68895874-15df-4c1b-a0a2-a7011966325b@email.android.com> While Dropbear is widely used in adding ssh shells for modded AVM Broadband DSL Routers (Fritzbox) like freetz project or fritzmod.net website it would be great to have an opt out for etc/passwd reason: i thing dropbear takes etc/passwd and overrides its users with shadow users.. so avm creates some standard users - and they also could access via port 22 while autostarted in a fritzbox. to prevent using of etc/passwd an option would be great, in general a specific password looking would be great. (did not found any man pages you could deliver all the dropbear options) in german the problem is widely discussed here (as an avm fritzbox problem) http://www.ip-phone-forum.de/showthread.php?t=270774&p=2013842#post2013842 which could be solved by having this opt-out oportunity (for only etc/passwd file) -- bitte benutze PGP verschl?sselung. Meine aktuelle Schl?sselID 93F1A51B zu finden u.a. hier http://pgp.mit.edu/pks/lookup?op=get&search=0x3EEC852A93F1A51B -- Bitte benutze PGP Verschl?sselung Meine Key ID 93F1A51B -----BEGIN PGP PUBLIC KEY BLOCK----- Version: SKS 1.1.4 Comment: Hostname: pgp.mit.edu mQINBFMTzjQBEACfn/nyHwZroTEU32SnE9oQ330cmD1E1ZHD0K6cASzMq94babsUXuyRkS16 1239ph+OHGSCXInBrjFhry9ED+Swhf9OsMkiX+uIoOsgE2PAm6ZPB0j0UK7PAuO/2gLX87rh Ouzd2ZtWGXGR4R2EPFWH5jPvTVMXLgmKi4RetfehCRp79xxU3EPZmUNuPT+DCuNQ/FsKKEau /U+RbQH75zLaVRrT85gMzJosucQs6poornG+M+jFeFXX0cWog2UFSLifGHNIPGm4zpuniLD9 m5aalh8L5RvpMWT4NB1krqJH5wfesvZ6ciOp95x9xnInCgS+JvFV4idgGJZUADUqyKzhFRBv gl3w+n6aR6jHgP7nbCvqZXDTr+AKlxRh4ncl7h5qidi2JDiuJs9th0mYwwE9g7gQHhGKRy/A 17AOHm069NyQBIQB4m2o0TfNubf3qQRO+r3ZkwGMxiIUI1yAgnRJd1Lig2aC6/n8LUQr9jWy WSBpCaCp1qIJ+FEUruSP3Xa4utt8af5tCAXG4bkXlQQ/MtSVjQzWiEBNPMgEixWz6+YQzjvo NXgYUMjqYbJLKTzsP12ZbwaTOF4wqgTcZPepaEjSu6K8TkDPUUuG2CsLYecFJtPExtvAHfYb zriCVRD489ykleQJejAMfK/fcbHmcv8jrA8ig9h9YYbbOwkpyQARAQABtCxKZW5zIFZpaXNh dWtzZW5hIDxtZWlzdGVybGVpQGdvb2dsZW1haWwuY29tPokCOAQTAQIAIgUCUxPONAIbAwYL CQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQPuyFKpPxpRsCOA/7BnHnSuCxXDLP/L2Bn1zV T9SkaeRdOSZD2m2IQ4KkzIs2I0gG/nOGwzxb20hoKvUzzueMB8i/I4kDWKRJvxItCVfZKwtM b1UX4Tr1KvSm0iXIvApTH3qbLHOUfwAX3pvjCQ9YjIdPNrv+hd7EoBGAB2M5G1JYFNpQiScr xXcZL6LGrVyk/zZuvkgmiXkewnnDSZwGqjFoLdpyAGGn+NBUWJ4c0/Z2rfqWesDHymjcy+FD YGYKjIvqi1jwzY2TLsrPVRCP6OGjt9oaE2ysX6VlxXgnKF0VvEE7axY+KNI2u9QB8vBEixkl 5tCUQk/Sdm5UEjPWBmV8a0fdcWFnzYcYNmmBJnhiXW6Ka7nDBacTw+x3EsSImddZAzFNclDP mM6PYJUQyIwVOBLncz85c4QQicGeRi04VrwJVw4YhSNJpJo1VJ0pMNkk1KQuMM9sAoCYO0+c ghp5p5F69HvZXzdEWh2j4glKmyFrIaofnlzoaxso7RwZvTDkvucaOlN2QPlilWAGRWNemqXC NVbT+qfj/inn9fcJaDQrx0ANaEREqZrSOxqHxjuswn1JbpLxkx2EX+5iMSdo0NdpQrilMe19 VTysxhCNmBveU+wTFWkkOOJvCYbvCDlooy8sZpCSEFtz0bcLk7rhT7CohN+69TR7eaiDK02t AZEq/sBg+sg9U2K5Ag0EUxPONAEQAOAdUJ3fkDaq0YfTvxZX7fkjeCyAuJ9G432pc1Vf2Jcu mD49ZIxRi8sW44NXs+5CIzfNYUr9In5nixuSQsEo41cys1SKaUpzUnHXMYDf/npXdx7VY20i YT3Ajfm7mx5+IFrTnvgunHOIDhCq2o0rpxkOQqVt872vYHN1dWgbcyZNeeyC+183xytdJDsv 3krWJic3xFu2FCwDsKAHv0YuXex3AFwt7WvxoLVQp9BI2ERVCkg/mj5yleZdnXBRACy0QuwQ kpMCv8Cp1WGATMfQ0PVhqZKvyADWKdRkT2hrdL0W56EeBQCmcao+us5RkRb+oyeXBgJs4FKv gWaWOhG7+qj2ruZHB3Kp7MUPz+LGN3LjW/8avQndXYTOyVh3U0/d64re5kXcfyPrlQobaw0X /wWAX0hw37X77lHC/qBTkh4uruzoNWsjwQdZEg+ldV9Tfc0+SAOA8jEftd4XaLtUNpvraUhF m/sbHB/BLXBOt7tllxOjfjSJGTQ12POY65F/26bMf+eh7tei19EKFR2z5g3RWu07xixpctrR mKZZRgc6ChJPGxkKMZCeUGIKf3hSI9Y2bYX22xY4jM6ctRHlCzssULLhbUzxhktdoeyUP3iD aMgivifZVvoqULzN3J9OhId9rrB0htbVVXzzHfeshhJTkxu7n0jMDZ8VEQ9cK6nNABEBAAGJ Ah8EGAECAAkFAlMTzjQCGwwACgkQPuyFKpPxpRsBfg//QvAZJ3PhjewI0ltBuYzUzviLHnTS 4+I+R7mEWYlOYnvaHyWoTuQx2w/OUaIdwv6avgduyjFQA2mGCYM7wd61FH0g2GnWL56NUS9v A/wAruNjiUsVtQTJ+H1TnlBXFUljwoOWBA9jR2FT1spwZt51gsjK0qK6hg7/tdvHP1yO8SbA W8P2tQw+Xf+UeOB9iFR8aeGDyUJcQKj+8crhsT8rb4uA0zHcmNjKrO2PclN8UQ5Y0veM/EtN 9z2G2ZJxCOuk3IZugO53IlL85lIWN4xZm8Iqer7fSIGHE9+VSGyYTS0u8Ly8qRJo7baZxvGd NniznJ6g0s+ykmTUJlmB2WS5Pur4irTvNZP+Mp/DEXU5AiRb4BHPRkInfp4RfIBjrvlvFuyZ xq7Ds63GesF0zwPvg2Xu/rwbhME8AJVyOcTbtEncAmZ5PsvCbZfrIaw5fjJfpk/6zjM9jAnj CzccxiMzyS2DX7RxV/YqfLyFqu3yifDjejnQ4Ip/6J45A1UqmzXpTBNZUJkrnfHEfYhYOtY4 yUF2Mo7yuYk2HNYHJT8VGYxeb2co47jLKQn/mR3S36o/O/5e2COuTS12qi8lqJybSDpy+ZSG o504Jm7FzD6LyLUGMlGsTAIo9dWqM2djR0mPIvf+fcsnd8ytHWy8dY0YkN66rgeGa6XGQ1zw 99uK07I= =9ytg -----END PGP PUBLIC KEY BLOCK----- From a at koterpillar.com Fri Jun 20 16:58:06 2014 From: a at koterpillar.com (Alexey Kotlyarov) Date: Fri, 20 Jun 2014 18:58:06 +1000 Subject: [PATCH] Accept pre-configured environment variables Message-ID: <53A3F79E.2000708@koterpillar.com> Read /etc/dropbear/environment for environment variables to add to new client sessions. --- chansession.h | 4 ++++ dbutil.c | 8 +++---- options.h | 9 ++++++++ svr-chansession.c | 62 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 79 insertions(+), 4 deletions(-) diff --git a/chansession.h b/chansession.h index ef252ea..ac68f3c 100644 --- a/chansession.h +++ b/chansession.h @@ -83,6 +83,10 @@ struct ChildPid { void addnewvar(const char* param, const char* var); +#ifdef ENABLE_EXTRA_ENVIRONMENT +void addextravars(); +#endif + void cli_send_chansess_request(); void cli_tty_cleanup(); void cli_chansess_winchange(); diff --git a/dbutil.c b/dbutil.c index 145bc33..e723488 100644 --- a/dbutil.c +++ b/dbutil.c @@ -781,11 +781,11 @@ int buf_readfile(buffer* buf, const char* filename) { return ret; } -/* get a line from the file into buffer in the style expected for an - * authkeys file. +/* get a line from the file into buffer. * Will return DROPBEAR_SUCCESS if data is read, or DROPBEAR_FAILURE on EOF.*/ -/* Only used for ~/.ssh/known_hosts and ~/.ssh/authorized_keys */ -#if defined(DROPBEAR_CLIENT) || defined(ENABLE_SVR_PUBKEY_AUTH) +/* Only used for ~/.ssh/known_hosts, ~/.ssh/authorized_keys and + * /etc/dropbear/environment */ +#if defined(DROPBEAR_CLIENT) || defined(ENABLE_SVR_PUBKEY_AUTH) || defined(ENABLE_EXTRA_ENVIRONMENT) int buf_getline(buffer * line, FILE * authfile) { int c = EOF; diff --git a/options.h b/options.h index 44d6d23..4ff63ba 100644 --- a/options.h +++ b/options.h @@ -30,6 +30,11 @@ #define ECDSA_PRIV_FILENAME "/etc/dropbear/dropbear_ecdsa_host_key" #endif +/* Environment file path */ +#ifndef EXTRA_ENV_FILENAME +#define EXTRA_ENV_FILENAME "/etc/dropbear/environment" +#endif + /* Set NON_INETD_MODE if you require daemon functionality (ie Dropbear listens * on chosen ports and keeps accepting connections. This is the default. * @@ -207,6 +212,10 @@ much traffic. */ #define ENABLE_CLI_PUBKEY_AUTH #define ENABLE_CLI_INTERACT_AUTH +/* Whether to read extra environment from + * /etc/dropbear/environment */ +#define ENABLE_EXTRA_ENVIRONMENT + /* This variable can be used to set a password for client * authentication on the commandline. Beware of platforms * that don't protect environment variables of processes etc. Also diff --git a/svr-chansession.c b/svr-chansession.c index 63e56a8..aead1d7 100644 --- a/svr-chansession.c +++ b/svr-chansession.c @@ -939,6 +939,10 @@ static void execchild(void *user_data) { } #endif +#ifdef ENABLE_EXTRA_ENVIRONMENT + addextravars(); +#endif + /* change directory */ if (chdir(ses.authstate.pw_dir) < 0) { dropbear_exit("Error changing directory"); @@ -1010,3 +1014,61 @@ void addnewvar(const char* param, const char* var) { dropbear_exit("environ error"); } } + +#ifdef ENABLE_EXTRA_ENVIRONMENT +/* add custom environment variables */ +void addextravars() { + FILE * extraenv = NULL; + buffer * buf = NULL; + char * name_value = NULL; + char* value_pos = NULL; + char* name = NULL; + char* value = NULL; + + extraenv = fopen(EXTRA_ENV_FILENAME, "r"); + if (extraenv == NULL) { + goto out; + } + + do { + if (buf) { + buf_free(buf); + buf = NULL; + } + if (name_value) { + m_free(name_value); + } + buf = buf_new(1000); + + if (buf_getline(buf, extraenv) == DROPBEAR_FAILURE) { + break; + } + + name_value = m_malloc(buf->len + 1); + memcpy(name_value, buf_getptr(buf, buf->len), buf->len); + name_value[buf->len] = '\0'; + + value_pos = strchr(name_value, '='); + if (value_pos == NULL) { + continue; + } + + *value_pos = '\0'; + name = name_value; + value = value_pos + 1; + + addnewvar(name, value); + } while (1); + +out: + if (extraenv) { + fclose(extraenv); + } + if (buf) { + buf_free(buf); + } + if (name_value) { + m_free(name_value); + } +} +#endif -- 1.9.3 From luna.id at gmail.com Thu Jun 26 22:53:38 2014 From: luna.id at gmail.com (Nicolas Luna) Date: Thu, 26 Jun 2014 10:53:38 -0400 Subject: Cross-compile for AM335x Message-ID: Hi, I'm trying to cross-compile for ARM Cortex-A8 (AM335x) and I have a weird error. It looks like the toolchain is not supported. What I executed: *./configure --prefix=/home/build-tools/dropbear-build/ CC=arm-linux-gnueabihf-gcc --host=arm -disable-zlib* What I received from configure script: *checking for arm-gcc... arm-linux-gcc* *checking whether the C compiler works... no* *configure: error: C compiler cannot create executables* The version of my toolchain (PSP 6.0 from TI) *#: arm-linux-gnueabihf-gcc -v* *gcc version 4.7.3 20130226 (prerelease) (crosstool-NG linaro-1.13.1-4.7-2013.03-20130313 - Linaro GCC 2013.03)* Any ideas ? Regards, Nicolas -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/attachments/20140626/2b20082b/attachment.htm From matt at ucc.asn.au Thu Jun 26 23:17:47 2014 From: matt at ucc.asn.au (Matt Johnston) Date: Thu, 26 Jun 2014 23:17:47 +0800 Subject: Cross-compile for AM335x In-Reply-To: References: Message-ID: <20140626151747.GA28933@ucc.gu.uwa.edu.au> Hi, Sounds like something is wrong with the compiler. Take a look at config.log, towards the bottom it'll have the commandline and code that failed. Do you mean to set --target=arm perhaps? Cheers, Matt On Thu, Jun 26, 2014 at 10:53:38AM -0400, Nicolas Luna wrote: > Hi, > > I'm trying to cross-compile for ARM Cortex-A8 (AM335x) and I have a weird > error. It looks like the toolchain is not supported. > > What I executed: > *./configure --prefix=/home/build-tools/dropbear-build/ > CC=arm-linux-gnueabihf-gcc --host=arm -disable-zlib* > > What I received from configure script: > *checking for arm-gcc... arm-linux-gcc* > *checking whether the C compiler works... no* > > *configure: error: C compiler cannot create executables* > > The version of my toolchain (PSP 6.0 from TI) > *#: arm-linux-gnueabihf-gcc -v* > *gcc version 4.7.3 20130226 (prerelease) (crosstool-NG > linaro-1.13.1-4.7-2013.03-20130313 - Linaro GCC 2013.03)* > > Any ideas ? > > Regards, > > Nicolas