Mercurial > dropbear
annotate svr-runopts.c @ 1629:258b57b208ae
Fix for issue successfull login of disabled user (#78)
This commit introduces fix for scenario:
1. Root login disabled on dropbear
2. PAM authentication model enabled
While login as root user, after prompt for password
user is being notified about login failrue, but
after second attempt of prompt for password within
same session, login becames succesfull.
Signed-off-by: Pawel Rapkiewicz <[email protected]>
author | vincentto13 <33652988+vincentto13@users.noreply.github.com> |
---|---|
date | Wed, 20 Mar 2019 15:03:40 +0100 |
parents | 0dc3103a5900 |
children | 76189c9ffea2 |
rev | line source |
---|---|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1 /* |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
2 * Dropbear - a SSH2 server |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
3 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
4 * Copyright (c) 2002,2003 Matt Johnston |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
5 * All rights reserved. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
6 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
7 * Permission is hereby granted, free of charge, to any person obtaining a copy |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
8 * of this software and associated documentation files (the "Software"), to deal |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
9 * in the Software without restriction, including without limitation the rights |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
11 * copies of the Software, and to permit persons to whom the Software is |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
12 * furnished to do so, subject to the following conditions: |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
13 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
14 * The above copyright notice and this permission notice shall be included in |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
15 * all copies or substantial portions of the Software. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
16 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
20 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
23 * SOFTWARE. */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
24 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
25 #include "includes.h" |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
26 #include "runopts.h" |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
27 #include "signkey.h" |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
28 #include "buffer.h" |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
29 #include "dbutil.h" |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
30 #include "algo.h" |
795 | 31 #include "ecdsa.h" |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
32 |
1534
ed930fd6f60f
Added the -G option to allow logins only for users that are members of a certain group. This allows finer control of an instance on who can and cannot login over a certain instance (e.g. password and not key). Needs double-checking and ensuring it meets platform requirements.
stellarpower <stellarpower@googlemail.com>
parents:
1499
diff
changeset
|
33 #include <grp.h> |
ed930fd6f60f
Added the -G option to allow logins only for users that are members of a certain group. This allows finer control of an instance on who can and cannot login over a certain instance (e.g. password and not key). Needs double-checking and ensuring it meets platform requirements.
stellarpower <stellarpower@googlemail.com>
parents:
1499
diff
changeset
|
34 |
24 | 35 svr_runopts svr_opts; /* GLOBAL */ |
36 | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
37 static void printhelp(const char * progname); |
1197
86a9e0204c03
ports and addresses must be malloced to avoid segfault on exit
Matt Johnston <matt@ucc.asn.au>
parents:
1177
diff
changeset
|
38 static void addportandaddress(const char* spec); |
795 | 39 static void loadhostkey(const char *keyfile, int fatal_duplicate); |
40 static void addhostkey(const char *keyfile); | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
41 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
42 static void printhelp(const char * progname) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
43 |
716 | 44 fprintf(stderr, "Dropbear server v%s https://matt.ucc.asn.au/dropbear/dropbear.html\n" |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
45 "Usage: %s [options]\n" |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
46 "-b bannerfile Display the contents of bannerfile" |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
47 " before user login\n" |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
48 " (default: none)\n" |
847
f4bb964c8678
Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents:
846
diff
changeset
|
49 "-r keyfile Specify hostkeys (repeatable)\n" |
f4bb964c8678
Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents:
846
diff
changeset
|
50 " defaults: \n" |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1290
diff
changeset
|
51 #if DROPBEAR_DSS |
847
f4bb964c8678
Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents:
846
diff
changeset
|
52 " dss %s\n" |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
53 #endif |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1290
diff
changeset
|
54 #if DROPBEAR_RSA |
847
f4bb964c8678
Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents:
846
diff
changeset
|
55 " rsa %s\n" |
f4bb964c8678
Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents:
846
diff
changeset
|
56 #endif |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1290
diff
changeset
|
57 #if DROPBEAR_ECDSA |
847
f4bb964c8678
Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents:
846
diff
changeset
|
58 " ecdsa %s\n" |
f4bb964c8678
Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents:
846
diff
changeset
|
59 #endif |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1290
diff
changeset
|
60 #if DROPBEAR_DELAY_HOSTKEY |
847
f4bb964c8678
Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents:
846
diff
changeset
|
61 "-R Create hostkeys as required\n" |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
62 #endif |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
63 "-F Don't fork into background\n" |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
64 #ifdef DISABLE_SYSLOG |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
65 "(Syslog support not compiled in, using stderr)\n" |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
66 #else |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
67 "-E Log to stderr rather than syslog\n" |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
68 #endif |
1499
2d450c1056e3
options: Complete the transition to numeric toggles (`#if')
Michael Witten <mfwitten@gmail.com>
parents:
1445
diff
changeset
|
69 #if DO_MOTD |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
70 "-m Don't display the motd on login\n" |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
71 #endif |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
72 "-w Disallow root logins\n" |
1551
1acbdf64088e
add guard HAVE_GETGROUPLIST
Matt Johnston <matt@ucc.asn.au>
parents:
1538
diff
changeset
|
73 #ifdef HAVE_GETGROUPLIST |
1537
6a83b1944432
Fix restricted group code for BSDs, move to separate function
Matt Johnston <matt@ucc.asn.au>
parents:
1535
diff
changeset
|
74 "-G Restrict logins to members of specified group\n" |
1551
1acbdf64088e
add guard HAVE_GETGROUPLIST
Matt Johnston <matt@ucc.asn.au>
parents:
1538
diff
changeset
|
75 #endif |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1290
diff
changeset
|
76 #if DROPBEAR_SVR_PASSWORD_AUTH || DROPBEAR_SVR_PAM_AUTH |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
77 "-s Disable password logins\n" |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
78 "-g Disable password logins for root\n" |
692
c58a15983808
Allow configuring "allow blank password option" at runtime
Paul Eggleton <paul.eggleton@linux.intel.com>
parents:
671
diff
changeset
|
79 "-B Allow blank password logins\n" |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
80 #endif |
1445
a3a96dbf9a58
Use MAX_AUTH_TRIES rather than DEFAULT_AUTH_TRIES, don't limit argument range
Matt Johnston <matt@ucc.asn.au>
parents:
1442
diff
changeset
|
81 "-T Maximum authentication tries (default %d)\n" |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1290
diff
changeset
|
82 #if DROPBEAR_SVR_LOCALTCPFWD |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
83 "-j Disable local port forwarding\n" |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
84 #endif |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1290
diff
changeset
|
85 #if DROPBEAR_SVR_REMOTETCPFWD |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
86 "-k Disable remote port forwarding\n" |
258
306499676384
* add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents:
165
diff
changeset
|
87 "-a Allow connections to forwarded ports from any host\n" |
1289
a23386821e9f
Add -c <command> option to force a specific command
Jeremy Kerr <jk@ozlabs.org>
parents:
1210
diff
changeset
|
88 "-c command Force executed command\n" |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
89 #endif |
434
0aaaf68e97dc
Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents:
271
diff
changeset
|
90 "-p [address:]port\n" |
0aaaf68e97dc
Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents:
271
diff
changeset
|
91 " Listen on specified tcp port (and optionally address),\n" |
0aaaf68e97dc
Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents:
271
diff
changeset
|
92 " up to %d can be specified\n" |
0aaaf68e97dc
Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents:
271
diff
changeset
|
93 " (default port is %s if none specified)\n" |
323
3bfbe95f9a14
Add -P pidfile patch from Swen Schillig
Matt Johnston <matt@ucc.asn.au>
parents:
271
diff
changeset
|
94 "-P PidFile Create pid file PidFile\n" |
3bfbe95f9a14
Add -P pidfile patch from Swen Schillig
Matt Johnston <matt@ucc.asn.au>
parents:
271
diff
changeset
|
95 " (default %s)\n" |
1499
2d450c1056e3
options: Complete the transition to numeric toggles (`#if')
Michael Witten <mfwitten@gmail.com>
parents:
1445
diff
changeset
|
96 #if INETD_MODE |
71
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
97 "-i Start for inetd\n" |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
98 #endif |
454
7e43f5e473b9
- Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
449
diff
changeset
|
99 "-W <receive_window_buffer> (default %d, larger may be faster, max 1MB)\n" |
622
e27d7fb23376
Mention that the value is in seconds
Matt Johnston <matt@ucc.asn.au>
parents:
594
diff
changeset
|
100 "-K <keepalive> (0 is never, default %d, in seconds)\n" |
e27d7fb23376
Mention that the value is in seconds
Matt Johnston <matt@ucc.asn.au>
parents:
594
diff
changeset
|
101 "-I <idle_timeout> (0 is never, default %d, in seconds)\n" |
946 | 102 "-V Version\n" |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1290
diff
changeset
|
103 #if DEBUG_TRACE |
510
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
492
diff
changeset
|
104 "-v verbose (compiled with DEBUG_TRACE)\n" |
94
c85c88500ea6
DEBUG_TRACE now only triggers with -v on the cmdline
Matt Johnston <matt@ucc.asn.au>
parents:
91
diff
changeset
|
105 #endif |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
106 ,DROPBEAR_VERSION, progname, |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1290
diff
changeset
|
107 #if DROPBEAR_DSS |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
108 DSS_PRIV_FILENAME, |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
109 #endif |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1290
diff
changeset
|
110 #if DROPBEAR_RSA |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
111 RSA_PRIV_FILENAME, |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
112 #endif |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1290
diff
changeset
|
113 #if DROPBEAR_ECDSA |
847
f4bb964c8678
Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents:
846
diff
changeset
|
114 ECDSA_PRIV_FILENAME, |
f4bb964c8678
Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents:
846
diff
changeset
|
115 #endif |
1445
a3a96dbf9a58
Use MAX_AUTH_TRIES rather than DEFAULT_AUTH_TRIES, don't limit argument range
Matt Johnston <matt@ucc.asn.au>
parents:
1442
diff
changeset
|
116 MAX_AUTH_TRIES, |
454
7e43f5e473b9
- Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
449
diff
changeset
|
117 DROPBEAR_MAX_PORTS, DROPBEAR_DEFPORT, DROPBEAR_PIDFILE, |
513
a3748e54273c
Idle timeout patch from Farrell Aultman. Needs testing, unsure if server
Matt Johnston <matt@ucc.asn.au>
parents:
510
diff
changeset
|
118 DEFAULT_RECV_WINDOW, DEFAULT_KEEPALIVE, DEFAULT_IDLE_TIMEOUT); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
119 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
120 |
24 | 121 void svr_getopts(int argc, char ** argv) { |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
122 |
1164 | 123 unsigned int i, j; |
1404
e8f67918fdc9
when pointer, use NULL instead of 0
Francois Perrad <francois.perrad@gadz.org>
parents:
1295
diff
changeset
|
124 char ** next = NULL; |
434
0aaaf68e97dc
Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents:
271
diff
changeset
|
125 int nextisport = 0; |
454
7e43f5e473b9
- Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
449
diff
changeset
|
126 char* recv_window_arg = NULL; |
7e43f5e473b9
- Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
449
diff
changeset
|
127 char* keepalive_arg = NULL; |
513
a3748e54273c
Idle timeout patch from Farrell Aultman. Needs testing, unsure if server
Matt Johnston <matt@ucc.asn.au>
parents:
510
diff
changeset
|
128 char* idle_timeout_arg = NULL; |
1442
517c67cbcd31
dropbear server: support -T max auth tries
Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
parents:
1404
diff
changeset
|
129 char* maxauthtries_arg = NULL; |
795 | 130 char* keyfile = NULL; |
1164 | 131 char c; |
795 | 132 |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
133 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
134 /* see printhelp() for options */ |
24 | 135 svr_opts.bannerfile = NULL; |
136 svr_opts.banner = NULL; | |
1289
a23386821e9f
Add -c <command> option to force a specific command
Jeremy Kerr <jk@ozlabs.org>
parents:
1210
diff
changeset
|
137 svr_opts.forced_command = NULL; |
24 | 138 svr_opts.forkbg = 1; |
139 svr_opts.norootlogin = 0; | |
1551
1acbdf64088e
add guard HAVE_GETGROUPLIST
Matt Johnston <matt@ucc.asn.au>
parents:
1538
diff
changeset
|
140 #ifdef HAVE_GETGROUPLIST |
1537
6a83b1944432
Fix restricted group code for BSDs, move to separate function
Matt Johnston <matt@ucc.asn.au>
parents:
1535
diff
changeset
|
141 svr_opts.restrict_group = NULL; |
6a83b1944432
Fix restricted group code for BSDs, move to separate function
Matt Johnston <matt@ucc.asn.au>
parents:
1535
diff
changeset
|
142 svr_opts.restrict_group_gid = 0; |
1551
1acbdf64088e
add guard HAVE_GETGROUPLIST
Matt Johnston <matt@ucc.asn.au>
parents:
1538
diff
changeset
|
143 #endif |
24 | 144 svr_opts.noauthpass = 0; |
145 svr_opts.norootpass = 0; | |
692
c58a15983808
Allow configuring "allow blank password option" at runtime
Paul Eggleton <paul.eggleton@linux.intel.com>
parents:
671
diff
changeset
|
146 svr_opts.allowblankpass = 0; |
1445
a3a96dbf9a58
Use MAX_AUTH_TRIES rather than DEFAULT_AUTH_TRIES, don't limit argument range
Matt Johnston <matt@ucc.asn.au>
parents:
1442
diff
changeset
|
147 svr_opts.maxauthtries = MAX_AUTH_TRIES; |
71
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
148 svr_opts.inetdmode = 0; |
101
72dc22f56858
Change the way we load keys/ports so we don't print error messages into our
Matt Johnston <matt@ucc.asn.au>
parents:
94
diff
changeset
|
149 svr_opts.portcount = 0; |
72dc22f56858
Change the way we load keys/ports so we don't print error messages into our
Matt Johnston <matt@ucc.asn.au>
parents:
94
diff
changeset
|
150 svr_opts.hostkey = NULL; |
847
f4bb964c8678
Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents:
846
diff
changeset
|
151 svr_opts.delay_hostkey = 0; |
323
3bfbe95f9a14
Add -P pidfile patch from Swen Schillig
Matt Johnston <matt@ucc.asn.au>
parents:
271
diff
changeset
|
152 svr_opts.pidfile = DROPBEAR_PIDFILE; |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1290
diff
changeset
|
153 #if DROPBEAR_SVR_LOCALTCPFWD |
258
306499676384
* add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents:
165
diff
changeset
|
154 svr_opts.nolocaltcp = 0; |
271
be18c7dd486e
Fix up #ifdefs for tcp forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
155 #endif |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1290
diff
changeset
|
156 #if DROPBEAR_SVR_REMOTETCPFWD |
258
306499676384
* add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents:
165
diff
changeset
|
157 svr_opts.noremotetcp = 0; |
271
be18c7dd486e
Fix up #ifdefs for tcp forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
158 #endif |
996
47643024fc90
Disable non-delayed zlib for server
Matt Johnston <matt@ucc.asn.au>
parents:
976
diff
changeset
|
159 |
575
f9b5dc0cba61
- Disable compression for non-final multihops
Matt Johnston <matt@ucc.asn.au>
parents:
568
diff
changeset
|
160 #ifndef DISABLE_ZLIB |
996
47643024fc90
Disable non-delayed zlib for server
Matt Johnston <matt@ucc.asn.au>
parents:
976
diff
changeset
|
161 opts.compress_mode = DROPBEAR_COMPRESS_DELAYED; |
47643024fc90
Disable non-delayed zlib for server
Matt Johnston <matt@ucc.asn.au>
parents:
976
diff
changeset
|
162 #endif |
47643024fc90
Disable non-delayed zlib for server
Matt Johnston <matt@ucc.asn.au>
parents:
976
diff
changeset
|
163 |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
164 /* not yet |
33 | 165 opts.ipv4 = 1; |
166 opts.ipv6 = 1; | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
167 */ |
1499
2d450c1056e3
options: Complete the transition to numeric toggles (`#if')
Michael Witten <mfwitten@gmail.com>
parents:
1445
diff
changeset
|
168 #if DO_MOTD |
24 | 169 svr_opts.domotd = 1; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
170 #endif |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
171 #ifndef DISABLE_SYSLOG |
1210
64a50eac1030
Moved usingsyslog from svr_runopts to runopts.
Konstantin Tokarev <ktokarev@smartlabs.tv>
parents:
1197
diff
changeset
|
172 opts.usingsyslog = 1; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
173 #endif |
449
3e6c536bc023
Add -W <windowsize> argument and document it.
Matt Johnston <matt@ucc.asn.au>
parents:
446
diff
changeset
|
174 opts.recv_window = DEFAULT_RECV_WINDOW; |
513
a3748e54273c
Idle timeout patch from Farrell Aultman. Needs testing, unsure if server
Matt Johnston <matt@ucc.asn.au>
parents:
510
diff
changeset
|
175 opts.keepalive_secs = DEFAULT_KEEPALIVE; |
a3748e54273c
Idle timeout patch from Farrell Aultman. Needs testing, unsure if server
Matt Johnston <matt@ucc.asn.au>
parents:
510
diff
changeset
|
176 opts.idle_timeout_secs = DEFAULT_IDLE_TIMEOUT; |
454
7e43f5e473b9
- Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
449
diff
changeset
|
177 |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1290
diff
changeset
|
178 #if DROPBEAR_SVR_REMOTETCPFWD |
258
306499676384
* add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents:
165
diff
changeset
|
179 opts.listen_fwd_all = 0; |
306499676384
* add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents:
165
diff
changeset
|
180 #endif |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
181 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
182 for (i = 1; i < (unsigned int)argc; i++) { |
1164 | 183 if (argv[i][0] != '-' || argv[i][1] == '\0') |
184 dropbear_exit("Invalid argument: %s", argv[i]); | |
795 | 185 |
1164 | 186 for (j = 1; (c = argv[i][j]) != '\0' && !next && !nextisport; j++) { |
1153
67d8a904f5a9
don't silently ignore extra flag arguments
Matt Johnston <matt@ucc.asn.au>
parents:
996
diff
changeset
|
187 switch (c) { |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
188 case 'b': |
24 | 189 next = &svr_opts.bannerfile; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
190 break; |
1289
a23386821e9f
Add -c <command> option to force a specific command
Jeremy Kerr <jk@ozlabs.org>
parents:
1210
diff
changeset
|
191 case 'c': |
a23386821e9f
Add -c <command> option to force a specific command
Jeremy Kerr <jk@ozlabs.org>
parents:
1210
diff
changeset
|
192 next = &svr_opts.forced_command; |
a23386821e9f
Add -c <command> option to force a specific command
Jeremy Kerr <jk@ozlabs.org>
parents:
1210
diff
changeset
|
193 break; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
194 case 'd': |
795 | 195 case 'r': |
196 next = &keyfile; | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
197 break; |
847
f4bb964c8678
Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents:
846
diff
changeset
|
198 case 'R': |
f4bb964c8678
Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents:
846
diff
changeset
|
199 svr_opts.delay_hostkey = 1; |
f4bb964c8678
Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents:
846
diff
changeset
|
200 break; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
201 case 'F': |
24 | 202 svr_opts.forkbg = 0; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
203 break; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
204 #ifndef DISABLE_SYSLOG |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
205 case 'E': |
1210
64a50eac1030
Moved usingsyslog from svr_runopts to runopts.
Konstantin Tokarev <ktokarev@smartlabs.tv>
parents:
1197
diff
changeset
|
206 opts.usingsyslog = 0; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
207 break; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
208 #endif |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1290
diff
changeset
|
209 #if DROPBEAR_SVR_LOCALTCPFWD |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
210 case 'j': |
258
306499676384
* add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents:
165
diff
changeset
|
211 svr_opts.nolocaltcp = 1; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
212 break; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
213 #endif |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1290
diff
changeset
|
214 #if DROPBEAR_SVR_REMOTETCPFWD |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
215 case 'k': |
258
306499676384
* add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents:
165
diff
changeset
|
216 svr_opts.noremotetcp = 1; |
306499676384
* add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents:
165
diff
changeset
|
217 break; |
306499676384
* add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents:
165
diff
changeset
|
218 case 'a': |
306499676384
* add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents:
165
diff
changeset
|
219 opts.listen_fwd_all = 1; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
220 break; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
221 #endif |
1499
2d450c1056e3
options: Complete the transition to numeric toggles (`#if')
Michael Witten <mfwitten@gmail.com>
parents:
1445
diff
changeset
|
222 #if INETD_MODE |
71
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
223 case 'i': |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
224 svr_opts.inetdmode = 1; |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
225 break; |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
226 #endif |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
227 case 'p': |
434
0aaaf68e97dc
Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents:
271
diff
changeset
|
228 nextisport = 1; |
0aaaf68e97dc
Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents:
271
diff
changeset
|
229 break; |
323
3bfbe95f9a14
Add -P pidfile patch from Swen Schillig
Matt Johnston <matt@ucc.asn.au>
parents:
271
diff
changeset
|
230 case 'P': |
3bfbe95f9a14
Add -P pidfile patch from Swen Schillig
Matt Johnston <matt@ucc.asn.au>
parents:
271
diff
changeset
|
231 next = &svr_opts.pidfile; |
3bfbe95f9a14
Add -P pidfile patch from Swen Schillig
Matt Johnston <matt@ucc.asn.au>
parents:
271
diff
changeset
|
232 break; |
1499
2d450c1056e3
options: Complete the transition to numeric toggles (`#if')
Michael Witten <mfwitten@gmail.com>
parents:
1445
diff
changeset
|
233 #if DO_MOTD |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
234 /* motd is displayed by default, -m turns it off */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
235 case 'm': |
24 | 236 svr_opts.domotd = 0; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
237 break; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
238 #endif |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
239 case 'w': |
24 | 240 svr_opts.norootlogin = 1; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
241 break; |
1551
1acbdf64088e
add guard HAVE_GETGROUPLIST
Matt Johnston <matt@ucc.asn.au>
parents:
1538
diff
changeset
|
242 #ifdef HAVE_GETGROUPLIST |
1537
6a83b1944432
Fix restricted group code for BSDs, move to separate function
Matt Johnston <matt@ucc.asn.au>
parents:
1535
diff
changeset
|
243 case 'G': |
6a83b1944432
Fix restricted group code for BSDs, move to separate function
Matt Johnston <matt@ucc.asn.au>
parents:
1535
diff
changeset
|
244 next = &svr_opts.restrict_group; |
6a83b1944432
Fix restricted group code for BSDs, move to separate function
Matt Johnston <matt@ucc.asn.au>
parents:
1535
diff
changeset
|
245 break; |
1551
1acbdf64088e
add guard HAVE_GETGROUPLIST
Matt Johnston <matt@ucc.asn.au>
parents:
1538
diff
changeset
|
246 #endif |
449
3e6c536bc023
Add -W <windowsize> argument and document it.
Matt Johnston <matt@ucc.asn.au>
parents:
446
diff
changeset
|
247 case 'W': |
3e6c536bc023
Add -W <windowsize> argument and document it.
Matt Johnston <matt@ucc.asn.au>
parents:
446
diff
changeset
|
248 next = &recv_window_arg; |
3e6c536bc023
Add -W <windowsize> argument and document it.
Matt Johnston <matt@ucc.asn.au>
parents:
446
diff
changeset
|
249 break; |
454
7e43f5e473b9
- Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
449
diff
changeset
|
250 case 'K': |
7e43f5e473b9
- Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
449
diff
changeset
|
251 next = &keepalive_arg; |
7e43f5e473b9
- Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
449
diff
changeset
|
252 break; |
513
a3748e54273c
Idle timeout patch from Farrell Aultman. Needs testing, unsure if server
Matt Johnston <matt@ucc.asn.au>
parents:
510
diff
changeset
|
253 case 'I': |
a3748e54273c
Idle timeout patch from Farrell Aultman. Needs testing, unsure if server
Matt Johnston <matt@ucc.asn.au>
parents:
510
diff
changeset
|
254 next = &idle_timeout_arg; |
a3748e54273c
Idle timeout patch from Farrell Aultman. Needs testing, unsure if server
Matt Johnston <matt@ucc.asn.au>
parents:
510
diff
changeset
|
255 break; |
1442
517c67cbcd31
dropbear server: support -T max auth tries
Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
parents:
1404
diff
changeset
|
256 case 'T': |
517c67cbcd31
dropbear server: support -T max auth tries
Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
parents:
1404
diff
changeset
|
257 next = &maxauthtries_arg; |
517c67cbcd31
dropbear server: support -T max auth tries
Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
parents:
1404
diff
changeset
|
258 break; |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1290
diff
changeset
|
259 #if DROPBEAR_SVR_PASSWORD_AUTH || DROPBEAR_SVR_PAM_AUTH |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
260 case 's': |
24 | 261 svr_opts.noauthpass = 1; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
262 break; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
263 case 'g': |
24 | 264 svr_opts.norootpass = 1; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
265 break; |
692
c58a15983808
Allow configuring "allow blank password option" at runtime
Paul Eggleton <paul.eggleton@linux.intel.com>
parents:
671
diff
changeset
|
266 case 'B': |
c58a15983808
Allow configuring "allow blank password option" at runtime
Paul Eggleton <paul.eggleton@linux.intel.com>
parents:
671
diff
changeset
|
267 svr_opts.allowblankpass = 1; |
c58a15983808
Allow configuring "allow blank password option" at runtime
Paul Eggleton <paul.eggleton@linux.intel.com>
parents:
671
diff
changeset
|
268 break; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
269 #endif |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
270 case 'h': |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
271 printhelp(argv[0]); |
946 | 272 exit(EXIT_SUCCESS); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
273 break; |
442
d82a2a44c684
Add -u option to specify /dev/urandom instead
Matt Johnston <matt@ucc.asn.au>
parents:
435
diff
changeset
|
274 case 'u': |
446
2cd2edfa11ee
Just use /dev/urandom since that's what everyone ends up using anyway.
Matt Johnston <matt@ucc.asn.au>
parents:
442
diff
changeset
|
275 /* backwards compatibility with old urandom option */ |
442
d82a2a44c684
Add -u option to specify /dev/urandom instead
Matt Johnston <matt@ucc.asn.au>
parents:
435
diff
changeset
|
276 break; |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1290
diff
changeset
|
277 #if DEBUG_TRACE |
94
c85c88500ea6
DEBUG_TRACE now only triggers with -v on the cmdline
Matt Johnston <matt@ucc.asn.au>
parents:
91
diff
changeset
|
278 case 'v': |
c85c88500ea6
DEBUG_TRACE now only triggers with -v on the cmdline
Matt Johnston <matt@ucc.asn.au>
parents:
91
diff
changeset
|
279 debug_trace = 1; |
c85c88500ea6
DEBUG_TRACE now only triggers with -v on the cmdline
Matt Johnston <matt@ucc.asn.au>
parents:
91
diff
changeset
|
280 break; |
c85c88500ea6
DEBUG_TRACE now only triggers with -v on the cmdline
Matt Johnston <matt@ucc.asn.au>
parents:
91
diff
changeset
|
281 #endif |
946 | 282 case 'V': |
948
f92eb625c48d
- Don't use multichar constants since recent gcc complains
Matt Johnston <matt@ucc.asn.au>
parents:
946
diff
changeset
|
283 print_version(); |
946 | 284 exit(EXIT_SUCCESS); |
285 break; | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
286 default: |
1164 | 287 fprintf(stderr, "Invalid option -%c\n", c); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
288 printhelp(argv[0]); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
289 exit(EXIT_FAILURE); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
290 break; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
291 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
292 } |
1164 | 293 |
294 if (!next && !nextisport) | |
295 continue; | |
296 | |
297 if (c == '\0') { | |
298 i++; | |
299 j = 0; | |
300 if (!argv[i]) { | |
301 dropbear_exit("Missing argument"); | |
302 } | |
303 } | |
304 | |
305 if (nextisport) { | |
306 addportandaddress(&argv[i][j]); | |
307 nextisport = 0; | |
308 } else if (next) { | |
309 *next = &argv[i][j]; | |
310 if (*next == NULL) { | |
311 dropbear_exit("Invalid null argument"); | |
312 } | |
1404
e8f67918fdc9
when pointer, use NULL instead of 0
Francois Perrad <francois.perrad@gadz.org>
parents:
1295
diff
changeset
|
313 next = NULL; |
1164 | 314 |
315 if (keyfile) { | |
316 addhostkey(keyfile); | |
317 keyfile = NULL; | |
318 } | |
319 } | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
320 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
321 |
101
72dc22f56858
Change the way we load keys/ports so we don't print error messages into our
Matt Johnston <matt@ucc.asn.au>
parents:
94
diff
changeset
|
322 /* Set up listening ports */ |
72dc22f56858
Change the way we load keys/ports so we don't print error messages into our
Matt Johnston <matt@ucc.asn.au>
parents:
94
diff
changeset
|
323 if (svr_opts.portcount == 0) { |
72dc22f56858
Change the way we load keys/ports so we don't print error messages into our
Matt Johnston <matt@ucc.asn.au>
parents:
94
diff
changeset
|
324 svr_opts.ports[0] = m_strdup(DROPBEAR_DEFPORT); |
434
0aaaf68e97dc
Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents:
271
diff
changeset
|
325 svr_opts.addresses[0] = m_strdup(DROPBEAR_DEFADDRESS); |
101
72dc22f56858
Change the way we load keys/ports so we don't print error messages into our
Matt Johnston <matt@ucc.asn.au>
parents:
94
diff
changeset
|
326 svr_opts.portcount = 1; |
72dc22f56858
Change the way we load keys/ports so we don't print error messages into our
Matt Johnston <matt@ucc.asn.au>
parents:
94
diff
changeset
|
327 } |
513
a3748e54273c
Idle timeout patch from Farrell Aultman. Needs testing, unsure if server
Matt Johnston <matt@ucc.asn.au>
parents:
510
diff
changeset
|
328 |
24 | 329 if (svr_opts.bannerfile) { |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
330 struct stat buf; |
24 | 331 if (stat(svr_opts.bannerfile, &buf) != 0) { |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
332 dropbear_exit("Error opening banner file '%s'", |
24 | 333 svr_opts.bannerfile); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
334 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
335 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
336 if (buf.st_size > MAX_BANNER_SIZE) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
337 dropbear_exit("Banner file too large, max is %d bytes", |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
338 MAX_BANNER_SIZE); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
339 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
340 |
24 | 341 svr_opts.banner = buf_new(buf.st_size); |
342 if (buf_readfile(svr_opts.banner, svr_opts.bannerfile)!=DROPBEAR_SUCCESS) { | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
343 dropbear_exit("Error reading banner file '%s'", |
24 | 344 svr_opts.bannerfile); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
345 } |
24 | 346 buf_setpos(svr_opts.banner, 0); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
347 } |
1534
ed930fd6f60f
Added the -G option to allow logins only for users that are members of a certain group. This allows finer control of an instance on who can and cannot login over a certain instance (e.g. password and not key). Needs double-checking and ensuring it meets platform requirements.
stellarpower <stellarpower@googlemail.com>
parents:
1499
diff
changeset
|
348 |
1551
1acbdf64088e
add guard HAVE_GETGROUPLIST
Matt Johnston <matt@ucc.asn.au>
parents:
1538
diff
changeset
|
349 #ifdef HAVE_GETGROUPLIST |
1537
6a83b1944432
Fix restricted group code for BSDs, move to separate function
Matt Johnston <matt@ucc.asn.au>
parents:
1535
diff
changeset
|
350 if (svr_opts.restrict_group) { |
6a83b1944432
Fix restricted group code for BSDs, move to separate function
Matt Johnston <matt@ucc.asn.au>
parents:
1535
diff
changeset
|
351 struct group *restrictedgroup = getgrnam(svr_opts.restrict_group); |
1534
ed930fd6f60f
Added the -G option to allow logins only for users that are members of a certain group. This allows finer control of an instance on who can and cannot login over a certain instance (e.g. password and not key). Needs double-checking and ensuring it meets platform requirements.
stellarpower <stellarpower@googlemail.com>
parents:
1499
diff
changeset
|
352 |
1537
6a83b1944432
Fix restricted group code for BSDs, move to separate function
Matt Johnston <matt@ucc.asn.au>
parents:
1535
diff
changeset
|
353 if (restrictedgroup){ |
6a83b1944432
Fix restricted group code for BSDs, move to separate function
Matt Johnston <matt@ucc.asn.au>
parents:
1535
diff
changeset
|
354 svr_opts.restrict_group_gid = restrictedgroup->gr_gid; |
6a83b1944432
Fix restricted group code for BSDs, move to separate function
Matt Johnston <matt@ucc.asn.au>
parents:
1535
diff
changeset
|
355 } else { |
6a83b1944432
Fix restricted group code for BSDs, move to separate function
Matt Johnston <matt@ucc.asn.au>
parents:
1535
diff
changeset
|
356 dropbear_exit("Cannot restrict logins to group '%s' as the group does not exist", svr_opts.restrict_group); |
6a83b1944432
Fix restricted group code for BSDs, move to separate function
Matt Johnston <matt@ucc.asn.au>
parents:
1535
diff
changeset
|
357 } |
6a83b1944432
Fix restricted group code for BSDs, move to separate function
Matt Johnston <matt@ucc.asn.au>
parents:
1535
diff
changeset
|
358 } |
1551
1acbdf64088e
add guard HAVE_GETGROUPLIST
Matt Johnston <matt@ucc.asn.au>
parents:
1538
diff
changeset
|
359 #endif |
449
3e6c536bc023
Add -W <windowsize> argument and document it.
Matt Johnston <matt@ucc.asn.au>
parents:
446
diff
changeset
|
360 |
454
7e43f5e473b9
- Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
449
diff
changeset
|
361 if (recv_window_arg) { |
449
3e6c536bc023
Add -W <windowsize> argument and document it.
Matt Johnston <matt@ucc.asn.au>
parents:
446
diff
changeset
|
362 opts.recv_window = atol(recv_window_arg); |
492
b956d6151600
Replace calls to strtoul() with a helper m_str_to_uint()
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
363 if (opts.recv_window == 0 || opts.recv_window > MAX_RECV_WINDOW) { |
449
3e6c536bc023
Add -W <windowsize> argument and document it.
Matt Johnston <matt@ucc.asn.au>
parents:
446
diff
changeset
|
364 dropbear_exit("Bad recv window '%s'", recv_window_arg); |
3e6c536bc023
Add -W <windowsize> argument and document it.
Matt Johnston <matt@ucc.asn.au>
parents:
446
diff
changeset
|
365 } |
3e6c536bc023
Add -W <windowsize> argument and document it.
Matt Johnston <matt@ucc.asn.au>
parents:
446
diff
changeset
|
366 } |
1442
517c67cbcd31
dropbear server: support -T max auth tries
Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
parents:
1404
diff
changeset
|
367 |
517c67cbcd31
dropbear server: support -T max auth tries
Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
parents:
1404
diff
changeset
|
368 if (maxauthtries_arg) { |
517c67cbcd31
dropbear server: support -T max auth tries
Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
parents:
1404
diff
changeset
|
369 unsigned int val = 0; |
1445
a3a96dbf9a58
Use MAX_AUTH_TRIES rather than DEFAULT_AUTH_TRIES, don't limit argument range
Matt Johnston <matt@ucc.asn.au>
parents:
1442
diff
changeset
|
370 if (m_str_to_uint(maxauthtries_arg, &val) == DROPBEAR_FAILURE |
a3a96dbf9a58
Use MAX_AUTH_TRIES rather than DEFAULT_AUTH_TRIES, don't limit argument range
Matt Johnston <matt@ucc.asn.au>
parents:
1442
diff
changeset
|
371 || val == 0) { |
1442
517c67cbcd31
dropbear server: support -T max auth tries
Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
parents:
1404
diff
changeset
|
372 dropbear_exit("Bad maxauthtries '%s'", maxauthtries_arg); |
517c67cbcd31
dropbear server: support -T max auth tries
Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
parents:
1404
diff
changeset
|
373 } |
517c67cbcd31
dropbear server: support -T max auth tries
Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
parents:
1404
diff
changeset
|
374 svr_opts.maxauthtries = val; |
517c67cbcd31
dropbear server: support -T max auth tries
Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
parents:
1404
diff
changeset
|
375 } |
517c67cbcd31
dropbear server: support -T max auth tries
Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
parents:
1404
diff
changeset
|
376 |
454
7e43f5e473b9
- Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
449
diff
changeset
|
377 |
7e43f5e473b9
- Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
449
diff
changeset
|
378 if (keepalive_arg) { |
568
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
513
diff
changeset
|
379 unsigned int val; |
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
513
diff
changeset
|
380 if (m_str_to_uint(keepalive_arg, &val) == DROPBEAR_FAILURE) { |
454
7e43f5e473b9
- Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
449
diff
changeset
|
381 dropbear_exit("Bad keepalive '%s'", keepalive_arg); |
7e43f5e473b9
- Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
449
diff
changeset
|
382 } |
568
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
513
diff
changeset
|
383 opts.keepalive_secs = val; |
454
7e43f5e473b9
- Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
449
diff
changeset
|
384 } |
513
a3748e54273c
Idle timeout patch from Farrell Aultman. Needs testing, unsure if server
Matt Johnston <matt@ucc.asn.au>
parents:
510
diff
changeset
|
385 |
a3748e54273c
Idle timeout patch from Farrell Aultman. Needs testing, unsure if server
Matt Johnston <matt@ucc.asn.au>
parents:
510
diff
changeset
|
386 if (idle_timeout_arg) { |
568
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
513
diff
changeset
|
387 unsigned int val; |
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
513
diff
changeset
|
388 if (m_str_to_uint(idle_timeout_arg, &val) == DROPBEAR_FAILURE) { |
513
a3748e54273c
Idle timeout patch from Farrell Aultman. Needs testing, unsure if server
Matt Johnston <matt@ucc.asn.au>
parents:
510
diff
changeset
|
389 dropbear_exit("Bad idle_timeout '%s'", idle_timeout_arg); |
a3748e54273c
Idle timeout patch from Farrell Aultman. Needs testing, unsure if server
Matt Johnston <matt@ucc.asn.au>
parents:
510
diff
changeset
|
390 } |
568
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
513
diff
changeset
|
391 opts.idle_timeout_secs = val; |
513
a3748e54273c
Idle timeout patch from Farrell Aultman. Needs testing, unsure if server
Matt Johnston <matt@ucc.asn.au>
parents:
510
diff
changeset
|
392 } |
1290
ee2ffa044c7e
Add manpage and log for forced_command
Matt Johnston <matt@ucc.asn.au>
parents:
1289
diff
changeset
|
393 |
ee2ffa044c7e
Add manpage and log for forced_command
Matt Johnston <matt@ucc.asn.au>
parents:
1289
diff
changeset
|
394 if (svr_opts.forced_command) { |
ee2ffa044c7e
Add manpage and log for forced_command
Matt Johnston <matt@ucc.asn.au>
parents:
1289
diff
changeset
|
395 dropbear_log(LOG_INFO, "Forced command set to '%s'", svr_opts.forced_command); |
ee2ffa044c7e
Add manpage and log for forced_command
Matt Johnston <matt@ucc.asn.au>
parents:
1289
diff
changeset
|
396 } |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
397 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
398 |
1197
86a9e0204c03
ports and addresses must be malloced to avoid segfault on exit
Matt Johnston <matt@ucc.asn.au>
parents:
1177
diff
changeset
|
399 static void addportandaddress(const char* spec) { |
86a9e0204c03
ports and addresses must be malloced to avoid segfault on exit
Matt Johnston <matt@ucc.asn.au>
parents:
1177
diff
changeset
|
400 char *spec_copy = NULL, *myspec = NULL, *port = NULL, *address = NULL; |
434
0aaaf68e97dc
Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents:
271
diff
changeset
|
401 |
0aaaf68e97dc
Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents:
271
diff
changeset
|
402 if (svr_opts.portcount < DROPBEAR_MAX_PORTS) { |
0aaaf68e97dc
Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents:
271
diff
changeset
|
403 |
0aaaf68e97dc
Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents:
271
diff
changeset
|
404 /* We don't free it, it becomes part of the runopt state */ |
1197
86a9e0204c03
ports and addresses must be malloced to avoid segfault on exit
Matt Johnston <matt@ucc.asn.au>
parents:
1177
diff
changeset
|
405 spec_copy = m_strdup(spec); |
86a9e0204c03
ports and addresses must be malloced to avoid segfault on exit
Matt Johnston <matt@ucc.asn.au>
parents:
1177
diff
changeset
|
406 myspec = spec_copy; |
434
0aaaf68e97dc
Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents:
271
diff
changeset
|
407 |
706
002cf09827c0
Allow specifying server "-p" options with ipv6 bracket notation,
Matt Johnston <matt@ucc.asn.au>
parents:
692
diff
changeset
|
408 if (myspec[0] == '[') { |
002cf09827c0
Allow specifying server "-p" options with ipv6 bracket notation,
Matt Johnston <matt@ucc.asn.au>
parents:
692
diff
changeset
|
409 myspec++; |
1197
86a9e0204c03
ports and addresses must be malloced to avoid segfault on exit
Matt Johnston <matt@ucc.asn.au>
parents:
1177
diff
changeset
|
410 port = strchr(myspec, ']'); |
86a9e0204c03
ports and addresses must be malloced to avoid segfault on exit
Matt Johnston <matt@ucc.asn.au>
parents:
1177
diff
changeset
|
411 if (!port) { |
706
002cf09827c0
Allow specifying server "-p" options with ipv6 bracket notation,
Matt Johnston <matt@ucc.asn.au>
parents:
692
diff
changeset
|
412 /* Unmatched [ -> exit */ |
002cf09827c0
Allow specifying server "-p" options with ipv6 bracket notation,
Matt Johnston <matt@ucc.asn.au>
parents:
692
diff
changeset
|
413 dropbear_exit("Bad listen address"); |
002cf09827c0
Allow specifying server "-p" options with ipv6 bracket notation,
Matt Johnston <matt@ucc.asn.au>
parents:
692
diff
changeset
|
414 } |
1197
86a9e0204c03
ports and addresses must be malloced to avoid segfault on exit
Matt Johnston <matt@ucc.asn.au>
parents:
1177
diff
changeset
|
415 port[0] = '\0'; |
86a9e0204c03
ports and addresses must be malloced to avoid segfault on exit
Matt Johnston <matt@ucc.asn.au>
parents:
1177
diff
changeset
|
416 port++; |
86a9e0204c03
ports and addresses must be malloced to avoid segfault on exit
Matt Johnston <matt@ucc.asn.au>
parents:
1177
diff
changeset
|
417 if (port[0] != ':') { |
706
002cf09827c0
Allow specifying server "-p" options with ipv6 bracket notation,
Matt Johnston <matt@ucc.asn.au>
parents:
692
diff
changeset
|
418 /* Missing port -> exit */ |
002cf09827c0
Allow specifying server "-p" options with ipv6 bracket notation,
Matt Johnston <matt@ucc.asn.au>
parents:
692
diff
changeset
|
419 dropbear_exit("Missing port"); |
002cf09827c0
Allow specifying server "-p" options with ipv6 bracket notation,
Matt Johnston <matt@ucc.asn.au>
parents:
692
diff
changeset
|
420 } |
002cf09827c0
Allow specifying server "-p" options with ipv6 bracket notation,
Matt Johnston <matt@ucc.asn.au>
parents:
692
diff
changeset
|
421 } else { |
002cf09827c0
Allow specifying server "-p" options with ipv6 bracket notation,
Matt Johnston <matt@ucc.asn.au>
parents:
692
diff
changeset
|
422 /* search for ':', that separates address and port */ |
1197
86a9e0204c03
ports and addresses must be malloced to avoid segfault on exit
Matt Johnston <matt@ucc.asn.au>
parents:
1177
diff
changeset
|
423 port = strrchr(myspec, ':'); |
706
002cf09827c0
Allow specifying server "-p" options with ipv6 bracket notation,
Matt Johnston <matt@ucc.asn.au>
parents:
692
diff
changeset
|
424 } |
434
0aaaf68e97dc
Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents:
271
diff
changeset
|
425 |
1197
86a9e0204c03
ports and addresses must be malloced to avoid segfault on exit
Matt Johnston <matt@ucc.asn.au>
parents:
1177
diff
changeset
|
426 if (!port) { |
434
0aaaf68e97dc
Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents:
271
diff
changeset
|
427 /* no ':' -> the whole string specifies just a port */ |
1197
86a9e0204c03
ports and addresses must be malloced to avoid segfault on exit
Matt Johnston <matt@ucc.asn.au>
parents:
1177
diff
changeset
|
428 port = myspec; |
434
0aaaf68e97dc
Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents:
271
diff
changeset
|
429 } else { |
0aaaf68e97dc
Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents:
271
diff
changeset
|
430 /* Split the address/port */ |
1197
86a9e0204c03
ports and addresses must be malloced to avoid segfault on exit
Matt Johnston <matt@ucc.asn.au>
parents:
1177
diff
changeset
|
431 port[0] = '\0'; |
86a9e0204c03
ports and addresses must be malloced to avoid segfault on exit
Matt Johnston <matt@ucc.asn.au>
parents:
1177
diff
changeset
|
432 port++; |
86a9e0204c03
ports and addresses must be malloced to avoid segfault on exit
Matt Johnston <matt@ucc.asn.au>
parents:
1177
diff
changeset
|
433 address = myspec; |
434
0aaaf68e97dc
Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents:
271
diff
changeset
|
434 } |
0aaaf68e97dc
Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents:
271
diff
changeset
|
435 |
1197
86a9e0204c03
ports and addresses must be malloced to avoid segfault on exit
Matt Johnston <matt@ucc.asn.au>
parents:
1177
diff
changeset
|
436 if (!address) { |
434
0aaaf68e97dc
Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents:
271
diff
changeset
|
437 /* no address given -> fill in the default address */ |
1197
86a9e0204c03
ports and addresses must be malloced to avoid segfault on exit
Matt Johnston <matt@ucc.asn.au>
parents:
1177
diff
changeset
|
438 address = DROPBEAR_DEFADDRESS; |
434
0aaaf68e97dc
Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents:
271
diff
changeset
|
439 } |
0aaaf68e97dc
Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents:
271
diff
changeset
|
440 |
1197
86a9e0204c03
ports and addresses must be malloced to avoid segfault on exit
Matt Johnston <matt@ucc.asn.au>
parents:
1177
diff
changeset
|
441 if (port[0] == '\0') { |
434
0aaaf68e97dc
Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents:
271
diff
changeset
|
442 /* empty port -> exit */ |
0aaaf68e97dc
Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents:
271
diff
changeset
|
443 dropbear_exit("Bad port"); |
0aaaf68e97dc
Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents:
271
diff
changeset
|
444 } |
1197
86a9e0204c03
ports and addresses must be malloced to avoid segfault on exit
Matt Johnston <matt@ucc.asn.au>
parents:
1177
diff
changeset
|
445 svr_opts.ports[svr_opts.portcount] = m_strdup(port); |
86a9e0204c03
ports and addresses must be malloced to avoid segfault on exit
Matt Johnston <matt@ucc.asn.au>
parents:
1177
diff
changeset
|
446 svr_opts.addresses[svr_opts.portcount] = m_strdup(address); |
434
0aaaf68e97dc
Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents:
271
diff
changeset
|
447 svr_opts.portcount++; |
1197
86a9e0204c03
ports and addresses must be malloced to avoid segfault on exit
Matt Johnston <matt@ucc.asn.au>
parents:
1177
diff
changeset
|
448 m_free(spec_copy); |
434
0aaaf68e97dc
Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents:
271
diff
changeset
|
449 } |
0aaaf68e97dc
Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents:
271
diff
changeset
|
450 } |
0aaaf68e97dc
Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents:
271
diff
changeset
|
451 |
795 | 452 static void disablekey(int type) { |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
453 int i; |
802 | 454 TRACE(("Disabling key type %d", type)) |
47 | 455 for (i = 0; sshhostkey[i].name != NULL; i++) { |
456 if (sshhostkey[i].val == type) { | |
802 | 457 sshhostkey[i].usable = 0; |
47 | 458 break; |
459 } | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
460 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
461 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
462 |
807
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
802
diff
changeset
|
463 static void loadhostkey_helper(const char *name, void** src, void** dst, int fatal_duplicate) { |
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
802
diff
changeset
|
464 if (*dst) { |
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
802
diff
changeset
|
465 if (fatal_duplicate) { |
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
802
diff
changeset
|
466 dropbear_exit("Only one %s key can be specified", name); |
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
802
diff
changeset
|
467 } |
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
802
diff
changeset
|
468 } else { |
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
802
diff
changeset
|
469 *dst = *src; |
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
802
diff
changeset
|
470 *src = NULL; |
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
802
diff
changeset
|
471 } |
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
802
diff
changeset
|
472 |
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
802
diff
changeset
|
473 } |
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
802
diff
changeset
|
474 |
101
72dc22f56858
Change the way we load keys/ports so we don't print error messages into our
Matt Johnston <matt@ucc.asn.au>
parents:
94
diff
changeset
|
475 /* Must be called after syslog/etc is working */ |
795 | 476 static void loadhostkey(const char *keyfile, int fatal_duplicate) { |
477 sign_key * read_key = new_sign_key(); | |
847
f4bb964c8678
Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents:
846
diff
changeset
|
478 enum signkey_type type = DROPBEAR_SIGNKEY_ANY; |
795 | 479 if (readhostkey(keyfile, read_key, &type) == DROPBEAR_FAILURE) { |
976
964d41e3aeb2
Don't print "Failed loading hostkey" when -R delayed hostkey option is enabled
Steven Honeyman <stevenhoneyman@gmail.com>
parents:
948
diff
changeset
|
480 if (!svr_opts.delay_hostkey) { |
964d41e3aeb2
Don't print "Failed loading hostkey" when -R delayed hostkey option is enabled
Steven Honeyman <stevenhoneyman@gmail.com>
parents:
948
diff
changeset
|
481 dropbear_log(LOG_WARNING, "Failed loading %s", keyfile); |
964d41e3aeb2
Don't print "Failed loading hostkey" when -R delayed hostkey option is enabled
Steven Honeyman <stevenhoneyman@gmail.com>
parents:
948
diff
changeset
|
482 } |
795 | 483 } |
484 | |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1290
diff
changeset
|
485 #if DROPBEAR_RSA |
795 | 486 if (type == DROPBEAR_SIGNKEY_RSA) { |
852
7540c0822374
Various cleanups and fixes for warnings
Matt Johnston <matt@ucc.asn.au>
parents:
847
diff
changeset
|
487 loadhostkey_helper("RSA", (void**)&read_key->rsakey, (void**)&svr_opts.hostkey->rsakey, fatal_duplicate); |
795 | 488 } |
489 #endif | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
490 |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1290
diff
changeset
|
491 #if DROPBEAR_DSS |
795 | 492 if (type == DROPBEAR_SIGNKEY_DSS) { |
852
7540c0822374
Various cleanups and fixes for warnings
Matt Johnston <matt@ucc.asn.au>
parents:
847
diff
changeset
|
493 loadhostkey_helper("DSS", (void**)&read_key->dsskey, (void**)&svr_opts.hostkey->dsskey, fatal_duplicate); |
795 | 494 } |
495 #endif | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
496 |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1290
diff
changeset
|
497 #if DROPBEAR_ECDSA |
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1290
diff
changeset
|
498 #if DROPBEAR_ECC_256 |
807
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
802
diff
changeset
|
499 if (type == DROPBEAR_SIGNKEY_ECDSA_NISTP256) { |
852
7540c0822374
Various cleanups and fixes for warnings
Matt Johnston <matt@ucc.asn.au>
parents:
847
diff
changeset
|
500 loadhostkey_helper("ECDSA256", (void**)&read_key->ecckey256, (void**)&svr_opts.hostkey->ecckey256, fatal_duplicate); |
795 | 501 } |
502 #endif | |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1290
diff
changeset
|
503 #if DROPBEAR_ECC_384 |
807
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
802
diff
changeset
|
504 if (type == DROPBEAR_SIGNKEY_ECDSA_NISTP384) { |
852
7540c0822374
Various cleanups and fixes for warnings
Matt Johnston <matt@ucc.asn.au>
parents:
847
diff
changeset
|
505 loadhostkey_helper("ECDSA384", (void**)&read_key->ecckey384, (void**)&svr_opts.hostkey->ecckey384, fatal_duplicate); |
807
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
802
diff
changeset
|
506 } |
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
802
diff
changeset
|
507 #endif |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1290
diff
changeset
|
508 #if DROPBEAR_ECC_521 |
807
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
802
diff
changeset
|
509 if (type == DROPBEAR_SIGNKEY_ECDSA_NISTP521) { |
852
7540c0822374
Various cleanups and fixes for warnings
Matt Johnston <matt@ucc.asn.au>
parents:
847
diff
changeset
|
510 loadhostkey_helper("ECDSA521", (void**)&read_key->ecckey521, (void**)&svr_opts.hostkey->ecckey521, fatal_duplicate); |
807
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
802
diff
changeset
|
511 } |
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
802
diff
changeset
|
512 #endif |
857 | 513 #endif /* DROPBEAR_ECDSA */ |
795 | 514 sign_key_free(read_key); |
515 TRACE(("leave loadhostkey")) | |
516 } | |
517 | |
518 static void addhostkey(const char *keyfile) { | |
519 if (svr_opts.num_hostkey_files >= MAX_HOSTKEYS) { | |
520 dropbear_exit("Too many hostkeys"); | |
521 } | |
522 svr_opts.hostkey_files[svr_opts.num_hostkey_files] = m_strdup(keyfile); | |
523 svr_opts.num_hostkey_files++; | |
524 } | |
525 | |
1347
b28624698130
copy over some fuzzing code from AFL branch
Matt Johnston <matt@ucc.asn.au>
parents:
1210
diff
changeset
|
526 |
795 | 527 void load_all_hostkeys() { |
528 int i; | |
873
17b15683648d
Exit if we don't have keys and -R wasn't specified
Matt Johnston <matt@ucc.asn.au>
parents:
857
diff
changeset
|
529 int any_keys = 0; |
1603
0dc3103a5900
Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents:
1557
diff
changeset
|
530 #ifdef DROPBEAR_ECDSA |
0dc3103a5900
Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents:
1557
diff
changeset
|
531 int loaded_any_ecdsa = 0; |
0dc3103a5900
Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents:
1557
diff
changeset
|
532 #endif |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
533 |
101
72dc22f56858
Change the way we load keys/ports so we don't print error messages into our
Matt Johnston <matt@ucc.asn.au>
parents:
94
diff
changeset
|
534 svr_opts.hostkey = new_sign_key(); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
535 |
795 | 536 for (i = 0; i < svr_opts.num_hostkey_files; i++) { |
537 char *hostkey_file = svr_opts.hostkey_files[i]; | |
538 loadhostkey(hostkey_file, 1); | |
539 m_free(hostkey_file); | |
540 } | |
541 | |
1532
3616ec41d03d
Only load dropbear default host keys if a key is not specified
CamVan Nguyen <ctnguyen@us.ibm.com>
parents:
1499
diff
changeset
|
542 /* Only load default host keys if a host key is not specified by the user */ |
3616ec41d03d
Only load dropbear default host keys if a key is not specified
CamVan Nguyen <ctnguyen@us.ibm.com>
parents:
1499
diff
changeset
|
543 if (svr_opts.num_hostkey_files == 0) { |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1290
diff
changeset
|
544 #if DROPBEAR_RSA |
1532
3616ec41d03d
Only load dropbear default host keys if a key is not specified
CamVan Nguyen <ctnguyen@us.ibm.com>
parents:
1499
diff
changeset
|
545 loadhostkey(RSA_PRIV_FILENAME, 0); |
795 | 546 #endif |
547 | |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1290
diff
changeset
|
548 #if DROPBEAR_DSS |
1532
3616ec41d03d
Only load dropbear default host keys if a key is not specified
CamVan Nguyen <ctnguyen@us.ibm.com>
parents:
1499
diff
changeset
|
549 loadhostkey(DSS_PRIV_FILENAME, 0); |
795 | 550 #endif |
551 | |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1290
diff
changeset
|
552 #if DROPBEAR_ECDSA |
1532
3616ec41d03d
Only load dropbear default host keys if a key is not specified
CamVan Nguyen <ctnguyen@us.ibm.com>
parents:
1499
diff
changeset
|
553 loadhostkey(ECDSA_PRIV_FILENAME, 0); |
795 | 554 #endif |
1538
f20038b513a5
more linting (#58)
François Perrad <francois.perrad@gadz.org>
parents:
1537
diff
changeset
|
555 } |
795 | 556 |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1290
diff
changeset
|
557 #if DROPBEAR_RSA |
1603
0dc3103a5900
Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents:
1557
diff
changeset
|
558 if (!svr_opts.delay_hostkey && !svr_opts.hostkey->rsakey) { |
795 | 559 disablekey(DROPBEAR_SIGNKEY_RSA); |
876 | 560 } else { |
873
17b15683648d
Exit if we don't have keys and -R wasn't specified
Matt Johnston <matt@ucc.asn.au>
parents:
857
diff
changeset
|
561 any_keys = 1; |
17b15683648d
Exit if we don't have keys and -R wasn't specified
Matt Johnston <matt@ucc.asn.au>
parents:
857
diff
changeset
|
562 } |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
563 #endif |
847
f4bb964c8678
Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents:
846
diff
changeset
|
564 |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1290
diff
changeset
|
565 #if DROPBEAR_DSS |
1603
0dc3103a5900
Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents:
1557
diff
changeset
|
566 if (!svr_opts.delay_hostkey && !svr_opts.hostkey->dsskey) { |
876 | 567 disablekey(DROPBEAR_SIGNKEY_DSS); |
568 } else { | |
873
17b15683648d
Exit if we don't have keys and -R wasn't specified
Matt Johnston <matt@ucc.asn.au>
parents:
857
diff
changeset
|
569 any_keys = 1; |
17b15683648d
Exit if we don't have keys and -R wasn't specified
Matt Johnston <matt@ucc.asn.au>
parents:
857
diff
changeset
|
570 } |
795 | 571 #endif |
847
f4bb964c8678
Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents:
846
diff
changeset
|
572 |
1603
0dc3103a5900
Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents:
1557
diff
changeset
|
573 #if DROPBEAR_ECDSA |
0dc3103a5900
Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents:
1557
diff
changeset
|
574 /* We want to advertise a single ecdsa algorithm size. |
0dc3103a5900
Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents:
1557
diff
changeset
|
575 - If there is a ecdsa hostkey at startup we choose that that size. |
0dc3103a5900
Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents:
1557
diff
changeset
|
576 - If we generate at runtime we choose the default ecdsa size. |
0dc3103a5900
Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents:
1557
diff
changeset
|
577 - Otherwise no ecdsa keys will be advertised */ |
847
f4bb964c8678
Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents:
846
diff
changeset
|
578 |
1603
0dc3103a5900
Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents:
1557
diff
changeset
|
579 /* check if any keys were loaded at startup */ |
0dc3103a5900
Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents:
1557
diff
changeset
|
580 loaded_any_ecdsa = |
0dc3103a5900
Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents:
1557
diff
changeset
|
581 0 |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1290
diff
changeset
|
582 #if DROPBEAR_ECC_256 |
1603
0dc3103a5900
Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents:
1557
diff
changeset
|
583 || svr_opts.hostkey->ecckey256 |
0dc3103a5900
Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents:
1557
diff
changeset
|
584 #endif |
0dc3103a5900
Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents:
1557
diff
changeset
|
585 #if DROPBEAR_ECC_384 |
0dc3103a5900
Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents:
1557
diff
changeset
|
586 || svr_opts.hostkey->ecckey384 |
0dc3103a5900
Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents:
1557
diff
changeset
|
587 #endif |
0dc3103a5900
Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents:
1557
diff
changeset
|
588 #if DROPBEAR_ECC_521 |
0dc3103a5900
Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents:
1557
diff
changeset
|
589 || svr_opts.hostkey->ecckey521 |
0dc3103a5900
Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents:
1557
diff
changeset
|
590 #endif |
0dc3103a5900
Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents:
1557
diff
changeset
|
591 ; |
0dc3103a5900
Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents:
1557
diff
changeset
|
592 any_keys |= loaded_any_ecdsa; |
0dc3103a5900
Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents:
1557
diff
changeset
|
593 |
0dc3103a5900
Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents:
1557
diff
changeset
|
594 /* Or an ecdsa key could be generated at runtime */ |
0dc3103a5900
Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents:
1557
diff
changeset
|
595 any_keys |= svr_opts.delay_hostkey; |
0dc3103a5900
Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents:
1557
diff
changeset
|
596 |
0dc3103a5900
Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents:
1557
diff
changeset
|
597 /* At most one ecdsa key size will be left enabled */ |
0dc3103a5900
Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents:
1557
diff
changeset
|
598 #if DROPBEAR_ECC_256 |
0dc3103a5900
Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents:
1557
diff
changeset
|
599 if (!svr_opts.hostkey->ecckey256 |
0dc3103a5900
Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents:
1557
diff
changeset
|
600 && (!svr_opts.delay_hostkey || loaded_any_ecdsa || ECDSA_DEFAULT_SIZE != 256 )) { |
795 | 601 disablekey(DROPBEAR_SIGNKEY_ECDSA_NISTP256); |
873
17b15683648d
Exit if we don't have keys and -R wasn't specified
Matt Johnston <matt@ucc.asn.au>
parents:
857
diff
changeset
|
602 } |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
603 #endif |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1290
diff
changeset
|
604 #if DROPBEAR_ECC_384 |
1603
0dc3103a5900
Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents:
1557
diff
changeset
|
605 if (!svr_opts.hostkey->ecckey384 |
0dc3103a5900
Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents:
1557
diff
changeset
|
606 && (!svr_opts.delay_hostkey || loaded_any_ecdsa || ECDSA_DEFAULT_SIZE != 384 )) { |
795 | 607 disablekey(DROPBEAR_SIGNKEY_ECDSA_NISTP384); |
873
17b15683648d
Exit if we don't have keys and -R wasn't specified
Matt Johnston <matt@ucc.asn.au>
parents:
857
diff
changeset
|
608 } |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
609 #endif |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1290
diff
changeset
|
610 #if DROPBEAR_ECC_521 |
1603
0dc3103a5900
Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents:
1557
diff
changeset
|
611 if (!svr_opts.hostkey->ecckey521 |
0dc3103a5900
Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents:
1557
diff
changeset
|
612 && (!svr_opts.delay_hostkey || loaded_any_ecdsa || ECDSA_DEFAULT_SIZE != 521 )) { |
847
f4bb964c8678
Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents:
846
diff
changeset
|
613 disablekey(DROPBEAR_SIGNKEY_ECDSA_NISTP521); |
873
17b15683648d
Exit if we don't have keys and -R wasn't specified
Matt Johnston <matt@ucc.asn.au>
parents:
857
diff
changeset
|
614 } |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
615 #endif |
847
f4bb964c8678
Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents:
846
diff
changeset
|
616 #endif /* DROPBEAR_ECDSA */ |
f4bb964c8678
Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents:
846
diff
changeset
|
617 |
876 | 618 if (!any_keys) { |
1177 | 619 dropbear_exit("No hostkeys available. 'dropbear -R' may be useful or run dropbearkey."); |
873
17b15683648d
Exit if we don't have keys and -R wasn't specified
Matt Johnston <matt@ucc.asn.au>
parents:
857
diff
changeset
|
620 } |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
621 } |