Hi,
Disabling ENABLE_SVR_AGENTFWD and ENABLE_CLI_AGENTFWD in options.h leads to
various compilation failures such as
cli-authpubkey.c: In function 'cli_auth_pubkey':
cli-authpubkey.c:190: error: 'cli_runopts' has no member named
'agent_keys_loaded'
cli-authpubkey.c:193: error: 'cli_runopts' has no member named
'agent_keys_loaded'
svr-chansession.c: In function 'newchansess':
svr-chansession.c:247: error: 'struct ChanSess' has no member named
'agentlistener'
svr-chansession.c:248: error: 'struct ChanSess' has no member named 'agentfile'
svr-chansession.c:249: error: 'struct ChanSess' has no member named 'agentdir'
The attached patch compilation_fix.patch fixes these failures for both usual
and multicall binaries.
My changes in options.h are attached as a separate patch (options.diff).
--
Andrey Mazo.
# HG changeset patch
# User Andrey Mazo <[email protected]>
# Date 1332764236 -14400
# Node ID 232179b4a0d58a57e10649309093b1443f443347
# Parent d392f5a61a48ce6427ad33fcc8540b3b55b560cc
Fixed compilation with unset ENABLE_{SVR,CLI}_AGENTFWD.
Got rid of ENABLE_AGENTFWD macro.
diff --git a/agentfwd.h b/agentfwd.h
--- a/agentfwd.h
+++ b/agentfwd.h
@@ -30,22 +30,19 @@
#include "auth.h"
#include "list.h"
+#ifdef ENABLE_CLI_AGENTFWD
+
/* An agent reply can be reasonably large, as it can
* contain a list of all public keys held by the agent.
* 10000 is arbitrary */
#define MAX_AGENT_REPLY 10000
-int svr_agentreq(struct ChanSess * chansess);
-void svr_agentcleanup(struct ChanSess * chansess);
-void svr_agentset(struct ChanSess *chansess);
-
/* client functions */
void cli_load_agent_keys(m_list * ret_list);
void agent_buf_sign(buffer *sigblob, sign_key *key,
const unsigned char *data, unsigned int len);
void cli_setup_agent(struct Channel *channel);
-
#ifdef __hpux
#define seteuid(a) setresuid(-1, (a), -1)
#define setegid(a) setresgid(-1, (a), -1)
@@ -53,4 +50,14 @@
extern const struct ChanType cli_chan_agent;
+#endif /* ENABLE_CLI_AGENTFWD */
+
+#ifdef ENABLE_SVR_AGENTFWD
+
+int svr_agentreq(struct ChanSess * chansess);
+void svr_agentcleanup(struct ChanSess * chansess);
+void svr_agentset(struct ChanSess *chansess);
+
+#endif /* ENABLE_SVR_AGENTFWD */
+
#endif /* _AGENTFWD_H_ */
diff --git a/cli-authpubkey.c b/cli-authpubkey.c
--- a/cli-authpubkey.c
+++ b/cli-authpubkey.c
@@ -123,6 +123,7 @@
void cli_buf_put_sign(buffer* buf, sign_key *key, int type,
const unsigned char *data, unsigned int len)
{
+#ifdef ENABLE_CLI_AGENTFWD
if (key->source == SIGNKEY_SOURCE_AGENT) {
/* Format the agent signature ourselves, as buf_put_sign would. */
buffer *sigblob;
@@ -134,8 +135,11 @@
buf_free(sigblob);
} else {
+#endif
buf_put_sign(buf, key, type, data, len);
+#ifdef ENABLE_CLI_AGENTFWD
}
+#endif
}
@@ -187,11 +191,13 @@
TRACE(("enter cli_auth_pubkey"))
+#ifdef ENABLE_CLI_AGENTFWD
if (!cli_opts.agent_keys_loaded) {
/* get the list of available keys from the agent */
cli_load_agent_keys(cli_opts.privkeys);
cli_opts.agent_keys_loaded = 1;
}
+#endif
if (cli_opts.privkeys->first) {
sign_key * key = (sign_key*)cli_opts.privkeys->first->item;
diff --git a/svr-authpubkeyoptions.c b/svr-authpubkeyoptions.c
--- a/svr-authpubkeyoptions.c
+++ b/svr-authpubkeyoptions.c
@@ -143,7 +143,7 @@
ses.authstate.pubkey_options->no_port_forwarding_flag = 1;
goto next_option;
}
-#ifdef ENABLE_AGENTFWD
+#ifdef ENABLE_SVR_AGENTFWD
if (match_option(options_buf, "no-agent-forwarding") == DROPBEAR_SUCCESS) {
dropbear_log(LOG_WARNING, "Agent forwarding disabled.");
ses.authstate.pubkey_options->no_agent_forwarding_flag = 1;
diff --git a/svr-chansession.c b/svr-chansession.c
--- a/svr-chansession.c
+++ b/svr-chansession.c
@@ -243,7 +243,7 @@
chansess->x11authcookie = NULL;
#endif
-#ifdef ENABLE_AGENTFWD
+#ifdef ENABLE_SVR_AGENTFWD
chansess->agentlistener = NULL;
chansess->agentfile = NULL;
chansess->agentdir = NULL;
@@ -300,7 +300,7 @@
x11cleanup(chansess);
#endif
-#ifdef ENABLE_AGENTFWD
+#ifdef ENABLE_SVR_AGENTFWD
svr_agentcleanup(chansess);
#endif
@@ -358,7 +358,7 @@
} else if (strcmp(type, "x11-req") == 0) {
ret = x11req(chansess);
#endif
-#ifdef ENABLE_AGENTFWD
+#ifdef ENABLE_SVR_AGENTFWD
} else if (strcmp(type, "[email protected]") == 0) {
ret = svr_agentreq(chansess);
#endif
@@ -945,7 +945,7 @@
/* set up X11 forwarding if enabled */
x11setauth(chansess);
#endif
-#ifdef ENABLE_AGENTFWD
+#ifdef ENABLE_SVR_AGENTFWD
/* set up agent env variable */
svr_agentset(chansess);
#endif
diff --git a/sysoptions.h b/sysoptions.h
--- a/sysoptions.h
+++ b/sysoptions.h
@@ -162,10 +162,6 @@
#define USING_LISTENERS
#endif
-#if defined(ENABLE_SVR_AGENTFWD) || defined(ENABLE_CLI_LOCALTCPFWD)
-#define ENABLE_AGENTFWD
-#endif
-
#if defined(ENABLE_CLI_NETCAT) && defined(ENABLE_CLI_PROXYCMD)
#define ENABLE_CLI_MULTIHOP
#endif
diff --git a/options.h b/options.h
--- a/options.h
+++ b/options.h
@@ -38,7 +38,7 @@
* Both of these flags can be defined at once, don't compile without at least
* one of them. */
#define NON_INETD_MODE
-#define INETD_MODE
+/*#define INETD_MODE*/
/* Setting this disables the fast exptmod bignum code. It saves ~5kB, but is
* perhaps 20% slower for pubkey operations (it is probably worth experimenting
@@ -52,7 +52,7 @@
/*#define DROPBEAR_SMALL_CODE*/
/* Enable X11 Forwarding - server only */
-#define ENABLE_X11FWD
+/*#define ENABLE_X11FWD*/
/* Enable TCP Fowarding */
/* 'Local' is "-L" style (client listening port forwarded via server)
@@ -65,8 +65,8 @@
#define ENABLE_SVR_REMOTETCPFWD
/* Enable Authentication Agent Forwarding */
-#define ENABLE_SVR_AGENTFWD
-#define ENABLE_CLI_AGENTFWD
+/*#define ENABLE_SVR_AGENTFWD*/
+/*#define ENABLE_CLI_AGENTFWD*/
/* Note: Both ENABLE_CLI_PROXYCMD and ENABLE_CLI_NETCAT must be set to
@@ -74,7 +74,7 @@
/* Allow using -J <proxycommand> to run the connection through a
pipe to a program, rather the normal TCP connection */
-#define ENABLE_CLI_PROXYCMD
+/*#define ENABLE_CLI_PROXYCMD*/
/* Enable "Netcat mode" option. This will forward standard input/output
* to a remote TCP-forwarded connection */
@@ -88,9 +88,9 @@
#define DROPBEAR_3DES
#define DROPBEAR_AES256
/* Compiling in Blowfish will add ~6kB to runtime heap memory usage */
-/*#define DROPBEAR_BLOWFISH*/
+#define DROPBEAR_BLOWFISH
#define DROPBEAR_TWOFISH256
-#define DROPBEAR_TWOFISH128
+/*#define DROPBEAR_TWOFISH128*/
/* Enable "Counter Mode" for ciphers. This is more secure than normal
* CBC mode against certain attacks. This adds around 1kB to binary
@@ -110,7 +110,7 @@
* If you disable MD5, Dropbear will fall back to SHA1 fingerprints,
* which are not the standard form. */
#define DROPBEAR_SHA1_HMAC
-#define DROPBEAR_SHA1_96_HMAC
+/*#define DROPBEAR_SHA1_96_HMAC*/
#define DROPBEAR_MD5_HMAC
/* Hostkey/public key algorithms - at least one required, these are used
@@ -144,11 +144,11 @@
#endif
/* Whether to do reverse DNS lookups. */
-#define DO_HOST_LOOKUP
+/*#define DO_HOST_LOOKUP*/
/* Whether to print the message of the day (MOTD). This doesn't add much code
* size */
-#define DO_MOTD
+/*#define DO_MOTD*/
/* The MOTD file path */
#ifndef MOTD_FILENAME
@@ -192,7 +192,7 @@
* note that it will be provided for all "hidden" client-interactive
* style prompts - if you want something more sophisticated, use
* SSH_ASKPASS instead. Comment out this var to remove this functionality.*/
-#define DROPBEAR_PASSWORD_ENV "DROPBEAR_PASSWORD"
+/*#define DROPBEAR_PASSWORD_ENV "DROPBEAR_PASSWORD"*/
/* Define this (as well as ENABLE_CLI_PASSWORD_AUTH) to allow the use of
* a helper program for the ssh client. The helper program should be
@@ -292,7 +292,7 @@
#define DEFAULT_IDLE_TIMEOUT 0
/* The default path. This will often get replaced by the shell */
-#define DEFAULT_PATH "/usr/bin:/bin"
+#define DEFAULT_PATH "/usr/sbin:/usr/bin:/sbin:/bin"
/* Some other defines (that mostly should be left alone) are defined
* in sysoptions.h */
