annotate svr-runopts.c @ 1938:77bc00dcc19f default tip main master

Bump version to 2022.82
author Matt Johnston <matt@ucc.asn.au>
date Fri, 01 Apr 2022 14:43:27 +0800
parents 4528afefe45d
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1 /*
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
2 * Dropbear - a SSH2 server
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
3 *
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
4 * Copyright (c) 2002,2003 Matt Johnston
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
5 * All rights reserved.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
6 *
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
7 * Permission is hereby granted, free of charge, to any person obtaining a copy
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
8 * of this software and associated documentation files (the "Software"), to deal
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
9 * in the Software without restriction, including without limitation the rights
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
11 * copies of the Software, and to permit persons to whom the Software is
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
12 * furnished to do so, subject to the following conditions:
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
13 *
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
14 * The above copyright notice and this permission notice shall be included in
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
15 * all copies or substantial portions of the Software.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
16 *
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
20 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
23 * SOFTWARE. */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
24
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
25 #include "includes.h"
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
26 #include "runopts.h"
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
27 #include "signkey.h"
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
28 #include "buffer.h"
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
29 #include "dbutil.h"
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
30 #include "algo.h"
795
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
31 #include "ecdsa.h"
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
32
1534
ed930fd6f60f Added the -G option to allow logins only for users that are members of a certain group. This allows finer control of an instance on who can and cannot login over a certain instance (e.g. password and not key). Needs double-checking and ensuring it meets platform requirements.
stellarpower <stellarpower@googlemail.com>
parents: 1499
diff changeset
33 #include <grp.h>
ed930fd6f60f Added the -G option to allow logins only for users that are members of a certain group. This allows finer control of an instance on who can and cannot login over a certain instance (e.g. password and not key). Needs double-checking and ensuring it meets platform requirements.
stellarpower <stellarpower@googlemail.com>
parents: 1499
diff changeset
34
24
469950e86d0f switching to global vars
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
35 svr_runopts svr_opts; /* GLOBAL */
469950e86d0f switching to global vars
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
36
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
37 static void printhelp(const char * progname);
1197
86a9e0204c03 ports and addresses must be malloced to avoid segfault on exit
Matt Johnston <matt@ucc.asn.au>
parents: 1177
diff changeset
38 static void addportandaddress(const char* spec);
795
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
39 static void loadhostkey(const char *keyfile, int fatal_duplicate);
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
40 static void addhostkey(const char *keyfile);
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
41
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
42 static void printhelp(const char * progname) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
43
716
af4ef98b8591 Add URL to usage text
Matt Johnston <matt@ucc.asn.au>
parents: 706
diff changeset
44 fprintf(stderr, "Dropbear server v%s https://matt.ucc.asn.au/dropbear/dropbear.html\n"
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
45 "Usage: %s [options]\n"
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
46 "-b bannerfile Display the contents of bannerfile"
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
47 " before user login\n"
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
48 " (default: none)\n"
1653
76189c9ffea2 External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents: 1603
diff changeset
49 "-r keyfile Specify hostkeys (repeatable)\n"
847
f4bb964c8678 Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents: 846
diff changeset
50 " defaults: \n"
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1290
diff changeset
51 #if DROPBEAR_DSS
1653
76189c9ffea2 External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents: 1603
diff changeset
52 " - dss %s\n"
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
53 #endif
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1290
diff changeset
54 #if DROPBEAR_RSA
1653
76189c9ffea2 External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents: 1603
diff changeset
55 " - rsa %s\n"
847
f4bb964c8678 Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents: 846
diff changeset
56 #endif
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1290
diff changeset
57 #if DROPBEAR_ECDSA
1653
76189c9ffea2 External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents: 1603
diff changeset
58 " - ecdsa %s\n"
847
f4bb964c8678 Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents: 846
diff changeset
59 #endif
1659
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1654
diff changeset
60 #if DROPBEAR_ED25519
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1654
diff changeset
61 " - ed25519 %s\n"
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1654
diff changeset
62 #endif
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1290
diff changeset
63 #if DROPBEAR_DELAY_HOSTKEY
847
f4bb964c8678 Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents: 846
diff changeset
64 "-R Create hostkeys as required\n"
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
65 #endif
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
66 "-F Don't fork into background\n"
1819
5120e22882de pass on sever process environment to child processes (option -e) (#118)
Roland Vollgraf <30869947+rvollgraf@users.noreply.github.com>
parents: 1681
diff changeset
67 "-e Pass on server process environment to child process\n"
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
68 #ifdef DISABLE_SYSLOG
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
69 "(Syslog support not compiled in, using stderr)\n"
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
70 #else
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
71 "-E Log to stderr rather than syslog\n"
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
72 #endif
1499
2d450c1056e3 options: Complete the transition to numeric toggles (`#if')
Michael Witten <mfwitten@gmail.com>
parents: 1445
diff changeset
73 #if DO_MOTD
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
74 "-m Don't display the motd on login\n"
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
75 #endif
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
76 "-w Disallow root logins\n"
1551
1acbdf64088e add guard HAVE_GETGROUPLIST
Matt Johnston <matt@ucc.asn.au>
parents: 1538
diff changeset
77 #ifdef HAVE_GETGROUPLIST
1537
6a83b1944432 Fix restricted group code for BSDs, move to separate function
Matt Johnston <matt@ucc.asn.au>
parents: 1535
diff changeset
78 "-G Restrict logins to members of specified group\n"
1551
1acbdf64088e add guard HAVE_GETGROUPLIST
Matt Johnston <matt@ucc.asn.au>
parents: 1538
diff changeset
79 #endif
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1290
diff changeset
80 #if DROPBEAR_SVR_PASSWORD_AUTH || DROPBEAR_SVR_PAM_AUTH
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
81 "-s Disable password logins\n"
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
82 "-g Disable password logins for root\n"
692
c58a15983808 Allow configuring "allow blank password option" at runtime
Paul Eggleton <paul.eggleton@linux.intel.com>
parents: 671
diff changeset
83 "-B Allow blank password logins\n"
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
84 #endif
1445
a3a96dbf9a58 Use MAX_AUTH_TRIES rather than DEFAULT_AUTH_TRIES, don't limit argument range
Matt Johnston <matt@ucc.asn.au>
parents: 1442
diff changeset
85 "-T Maximum authentication tries (default %d)\n"
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1290
diff changeset
86 #if DROPBEAR_SVR_LOCALTCPFWD
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
87 "-j Disable local port forwarding\n"
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
88 #endif
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1290
diff changeset
89 #if DROPBEAR_SVR_REMOTETCPFWD
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
90 "-k Disable remote port forwarding\n"
258
306499676384 * add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents: 165
diff changeset
91 "-a Allow connections to forwarded ports from any host\n"
1289
a23386821e9f Add -c <command> option to force a specific command
Jeremy Kerr <jk@ozlabs.org>
parents: 1210
diff changeset
92 "-c command Force executed command\n"
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
93 #endif
434
0aaaf68e97dc Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents: 271
diff changeset
94 "-p [address:]port\n"
0aaaf68e97dc Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents: 271
diff changeset
95 " Listen on specified tcp port (and optionally address),\n"
0aaaf68e97dc Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents: 271
diff changeset
96 " up to %d can be specified\n"
0aaaf68e97dc Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents: 271
diff changeset
97 " (default port is %s if none specified)\n"
323
3bfbe95f9a14 Add -P pidfile patch from Swen Schillig
Matt Johnston <matt@ucc.asn.au>
parents: 271
diff changeset
98 "-P PidFile Create pid file PidFile\n"
3bfbe95f9a14 Add -P pidfile patch from Swen Schillig
Matt Johnston <matt@ucc.asn.au>
parents: 271
diff changeset
99 " (default %s)\n"
1499
2d450c1056e3 options: Complete the transition to numeric toggles (`#if')
Michael Witten <mfwitten@gmail.com>
parents: 1445
diff changeset
100 #if INETD_MODE
71
ac96bc733e71 adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
101 "-i Start for inetd\n"
ac96bc733e71 adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
102 #endif
1834
94dc11094e26 Increase max window size to 10MB, fallback rather than
Matt Johnston <matt@codeconstruct.com.au>
parents: 1819
diff changeset
103 "-W <receive_window_buffer> (default %d, larger may be faster, max 10MB)\n"
622
e27d7fb23376 Mention that the value is in seconds
Matt Johnston <matt@ucc.asn.au>
parents: 594
diff changeset
104 "-K <keepalive> (0 is never, default %d, in seconds)\n"
e27d7fb23376 Mention that the value is in seconds
Matt Johnston <matt@ucc.asn.au>
parents: 594
diff changeset
105 "-I <idle_timeout> (0 is never, default %d, in seconds)\n"
1654
cc0fc5131c5c Rename EPKA -> Plugin
Matt Johnston <matt@ucc.asn.au>
parents: 1653
diff changeset
106 #if DROPBEAR_PLUGIN
1653
76189c9ffea2 External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents: 1603
diff changeset
107 "-A <authplugin>[,<options>]\n"
76189c9ffea2 External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents: 1603
diff changeset
108 " Enable external public key auth through <authplugin>\n"
76189c9ffea2 External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents: 1603
diff changeset
109 #endif
946
17d874ae93a1 Add '-V' for version
Matt Johnston <matt@ucc.asn.au>
parents: 876
diff changeset
110 "-V Version\n"
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1290
diff changeset
111 #if DEBUG_TRACE
1904
be236878efcf Add -v variable debug levels for server too
Matt Johnston <matt@ucc.asn.au>
parents: 1902
diff changeset
112 "-v verbose (repeat for more verbose)\n"
94
c85c88500ea6 DEBUG_TRACE now only triggers with -v on the cmdline
Matt Johnston <matt@ucc.asn.au>
parents: 91
diff changeset
113 #endif
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
114 ,DROPBEAR_VERSION, progname,
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1290
diff changeset
115 #if DROPBEAR_DSS
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
116 DSS_PRIV_FILENAME,
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
117 #endif
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1290
diff changeset
118 #if DROPBEAR_RSA
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
119 RSA_PRIV_FILENAME,
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
120 #endif
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1290
diff changeset
121 #if DROPBEAR_ECDSA
847
f4bb964c8678 Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents: 846
diff changeset
122 ECDSA_PRIV_FILENAME,
f4bb964c8678 Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents: 846
diff changeset
123 #endif
1659
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1654
diff changeset
124 #if DROPBEAR_ED25519
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1654
diff changeset
125 ED25519_PRIV_FILENAME,
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1654
diff changeset
126 #endif
1445
a3a96dbf9a58 Use MAX_AUTH_TRIES rather than DEFAULT_AUTH_TRIES, don't limit argument range
Matt Johnston <matt@ucc.asn.au>
parents: 1442
diff changeset
127 MAX_AUTH_TRIES,
454
7e43f5e473b9 - Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents: 449
diff changeset
128 DROPBEAR_MAX_PORTS, DROPBEAR_DEFPORT, DROPBEAR_PIDFILE,
513
a3748e54273c Idle timeout patch from Farrell Aultman. Needs testing, unsure if server
Matt Johnston <matt@ucc.asn.au>
parents: 510
diff changeset
129 DEFAULT_RECV_WINDOW, DEFAULT_KEEPALIVE, DEFAULT_IDLE_TIMEOUT);
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
130 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
131
24
469950e86d0f switching to global vars
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
132 void svr_getopts(int argc, char ** argv) {
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
133
1164
8b6cba298768 Enable bundling
Guilhem Moulin <guilhem@fripost.org>
parents: 1160
diff changeset
134 unsigned int i, j;
1404
e8f67918fdc9 when pointer, use NULL instead of 0
Francois Perrad <francois.perrad@gadz.org>
parents: 1295
diff changeset
135 char ** next = NULL;
434
0aaaf68e97dc Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents: 271
diff changeset
136 int nextisport = 0;
454
7e43f5e473b9 - Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents: 449
diff changeset
137 char* recv_window_arg = NULL;
7e43f5e473b9 - Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents: 449
diff changeset
138 char* keepalive_arg = NULL;
513
a3748e54273c Idle timeout patch from Farrell Aultman. Needs testing, unsure if server
Matt Johnston <matt@ucc.asn.au>
parents: 510
diff changeset
139 char* idle_timeout_arg = NULL;
1442
517c67cbcd31 dropbear server: support -T max auth tries
Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
parents: 1404
diff changeset
140 char* maxauthtries_arg = NULL;
795
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
141 char* keyfile = NULL;
1164
8b6cba298768 Enable bundling
Guilhem Moulin <guilhem@fripost.org>
parents: 1160
diff changeset
142 char c;
1654
cc0fc5131c5c Rename EPKA -> Plugin
Matt Johnston <matt@ucc.asn.au>
parents: 1653
diff changeset
143 #if DROPBEAR_PLUGIN
1653
76189c9ffea2 External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents: 1603
diff changeset
144 char* pubkey_plugin = NULL;
76189c9ffea2 External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents: 1603
diff changeset
145 #endif
795
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
146
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
147
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
148 /* see printhelp() for options */
24
469950e86d0f switching to global vars
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
149 svr_opts.bannerfile = NULL;
469950e86d0f switching to global vars
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
150 svr_opts.banner = NULL;
1289
a23386821e9f Add -c <command> option to force a specific command
Jeremy Kerr <jk@ozlabs.org>
parents: 1210
diff changeset
151 svr_opts.forced_command = NULL;
24
469950e86d0f switching to global vars
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
152 svr_opts.forkbg = 1;
469950e86d0f switching to global vars
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
153 svr_opts.norootlogin = 0;
1551
1acbdf64088e add guard HAVE_GETGROUPLIST
Matt Johnston <matt@ucc.asn.au>
parents: 1538
diff changeset
154 #ifdef HAVE_GETGROUPLIST
1537
6a83b1944432 Fix restricted group code for BSDs, move to separate function
Matt Johnston <matt@ucc.asn.au>
parents: 1535
diff changeset
155 svr_opts.restrict_group = NULL;
6a83b1944432 Fix restricted group code for BSDs, move to separate function
Matt Johnston <matt@ucc.asn.au>
parents: 1535
diff changeset
156 svr_opts.restrict_group_gid = 0;
1551
1acbdf64088e add guard HAVE_GETGROUPLIST
Matt Johnston <matt@ucc.asn.au>
parents: 1538
diff changeset
157 #endif
24
469950e86d0f switching to global vars
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
158 svr_opts.noauthpass = 0;
469950e86d0f switching to global vars
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
159 svr_opts.norootpass = 0;
692
c58a15983808 Allow configuring "allow blank password option" at runtime
Paul Eggleton <paul.eggleton@linux.intel.com>
parents: 671
diff changeset
160 svr_opts.allowblankpass = 0;
1445
a3a96dbf9a58 Use MAX_AUTH_TRIES rather than DEFAULT_AUTH_TRIES, don't limit argument range
Matt Johnston <matt@ucc.asn.au>
parents: 1442
diff changeset
161 svr_opts.maxauthtries = MAX_AUTH_TRIES;
71
ac96bc733e71 adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
162 svr_opts.inetdmode = 0;
101
72dc22f56858 Change the way we load keys/ports so we don't print error messages into our
Matt Johnston <matt@ucc.asn.au>
parents: 94
diff changeset
163 svr_opts.portcount = 0;
72dc22f56858 Change the way we load keys/ports so we don't print error messages into our
Matt Johnston <matt@ucc.asn.au>
parents: 94
diff changeset
164 svr_opts.hostkey = NULL;
847
f4bb964c8678 Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents: 846
diff changeset
165 svr_opts.delay_hostkey = 0;
1921
284c3837891c Allow user space file locations (rootless support)
Begley Brothers Inc <begleybrothers@gmail.com>
parents: 1904
diff changeset
166 svr_opts.pidfile = expand_homedir_path(DROPBEAR_PIDFILE);
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1290
diff changeset
167 #if DROPBEAR_SVR_LOCALTCPFWD
258
306499676384 * add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents: 165
diff changeset
168 svr_opts.nolocaltcp = 0;
271
be18c7dd486e Fix up #ifdefs for tcp forwarding
Matt Johnston <matt@ucc.asn.au>
parents: 258
diff changeset
169 #endif
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1290
diff changeset
170 #if DROPBEAR_SVR_REMOTETCPFWD
258
306499676384 * add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents: 165
diff changeset
171 svr_opts.noremotetcp = 0;
271
be18c7dd486e Fix up #ifdefs for tcp forwarding
Matt Johnston <matt@ucc.asn.au>
parents: 258
diff changeset
172 #endif
1654
cc0fc5131c5c Rename EPKA -> Plugin
Matt Johnston <matt@ucc.asn.au>
parents: 1653
diff changeset
173 #if DROPBEAR_PLUGIN
1653
76189c9ffea2 External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents: 1603
diff changeset
174 svr_opts.pubkey_plugin = NULL;
76189c9ffea2 External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents: 1603
diff changeset
175 svr_opts.pubkey_plugin_options = NULL;
76189c9ffea2 External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents: 1603
diff changeset
176 #endif
1819
5120e22882de pass on sever process environment to child processes (option -e) (#118)
Roland Vollgraf <30869947+rvollgraf@users.noreply.github.com>
parents: 1681
diff changeset
177 svr_opts.pass_on_env = 0;
996
47643024fc90 Disable non-delayed zlib for server
Matt Johnston <matt@ucc.asn.au>
parents: 976
diff changeset
178
575
f9b5dc0cba61 - Disable compression for non-final multihops
Matt Johnston <matt@ucc.asn.au>
parents: 568
diff changeset
179 #ifndef DISABLE_ZLIB
996
47643024fc90 Disable non-delayed zlib for server
Matt Johnston <matt@ucc.asn.au>
parents: 976
diff changeset
180 opts.compress_mode = DROPBEAR_COMPRESS_DELAYED;
47643024fc90 Disable non-delayed zlib for server
Matt Johnston <matt@ucc.asn.au>
parents: 976
diff changeset
181 #endif
47643024fc90 Disable non-delayed zlib for server
Matt Johnston <matt@ucc.asn.au>
parents: 976
diff changeset
182
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
183 /* not yet
33
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents: 24
diff changeset
184 opts.ipv4 = 1;
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents: 24
diff changeset
185 opts.ipv6 = 1;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
186 */
1499
2d450c1056e3 options: Complete the transition to numeric toggles (`#if')
Michael Witten <mfwitten@gmail.com>
parents: 1445
diff changeset
187 #if DO_MOTD
24
469950e86d0f switching to global vars
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
188 svr_opts.domotd = 1;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
189 #endif
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
190 #ifndef DISABLE_SYSLOG
1210
64a50eac1030 Moved usingsyslog from svr_runopts to runopts.
Konstantin Tokarev <ktokarev@smartlabs.tv>
parents: 1197
diff changeset
191 opts.usingsyslog = 1;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
192 #endif
449
3e6c536bc023 Add -W <windowsize> argument and document it.
Matt Johnston <matt@ucc.asn.au>
parents: 446
diff changeset
193 opts.recv_window = DEFAULT_RECV_WINDOW;
513
a3748e54273c Idle timeout patch from Farrell Aultman. Needs testing, unsure if server
Matt Johnston <matt@ucc.asn.au>
parents: 510
diff changeset
194 opts.keepalive_secs = DEFAULT_KEEPALIVE;
a3748e54273c Idle timeout patch from Farrell Aultman. Needs testing, unsure if server
Matt Johnston <matt@ucc.asn.au>
parents: 510
diff changeset
195 opts.idle_timeout_secs = DEFAULT_IDLE_TIMEOUT;
454
7e43f5e473b9 - Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents: 449
diff changeset
196
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1290
diff changeset
197 #if DROPBEAR_SVR_REMOTETCPFWD
258
306499676384 * add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents: 165
diff changeset
198 opts.listen_fwd_all = 0;
306499676384 * add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents: 165
diff changeset
199 #endif
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
200
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
201 for (i = 1; i < (unsigned int)argc; i++) {
1164
8b6cba298768 Enable bundling
Guilhem Moulin <guilhem@fripost.org>
parents: 1160
diff changeset
202 if (argv[i][0] != '-' || argv[i][1] == '\0')
8b6cba298768 Enable bundling
Guilhem Moulin <guilhem@fripost.org>
parents: 1160
diff changeset
203 dropbear_exit("Invalid argument: %s", argv[i]);
795
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
204
1164
8b6cba298768 Enable bundling
Guilhem Moulin <guilhem@fripost.org>
parents: 1160
diff changeset
205 for (j = 1; (c = argv[i][j]) != '\0' && !next && !nextisport; j++) {
1153
67d8a904f5a9 don't silently ignore extra flag arguments
Matt Johnston <matt@ucc.asn.au>
parents: 996
diff changeset
206 switch (c) {
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
207 case 'b':
24
469950e86d0f switching to global vars
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
208 next = &svr_opts.bannerfile;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
209 break;
1289
a23386821e9f Add -c <command> option to force a specific command
Jeremy Kerr <jk@ozlabs.org>
parents: 1210
diff changeset
210 case 'c':
a23386821e9f Add -c <command> option to force a specific command
Jeremy Kerr <jk@ozlabs.org>
parents: 1210
diff changeset
211 next = &svr_opts.forced_command;
a23386821e9f Add -c <command> option to force a specific command
Jeremy Kerr <jk@ozlabs.org>
parents: 1210
diff changeset
212 break;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
213 case 'd':
795
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
214 case 'r':
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
215 next = &keyfile;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
216 break;
847
f4bb964c8678 Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents: 846
diff changeset
217 case 'R':
f4bb964c8678 Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents: 846
diff changeset
218 svr_opts.delay_hostkey = 1;
f4bb964c8678 Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents: 846
diff changeset
219 break;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
220 case 'F':
24
469950e86d0f switching to global vars
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
221 svr_opts.forkbg = 0;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
222 break;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
223 #ifndef DISABLE_SYSLOG
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
224 case 'E':
1210
64a50eac1030 Moved usingsyslog from svr_runopts to runopts.
Konstantin Tokarev <ktokarev@smartlabs.tv>
parents: 1197
diff changeset
225 opts.usingsyslog = 0;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
226 break;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
227 #endif
1819
5120e22882de pass on sever process environment to child processes (option -e) (#118)
Roland Vollgraf <30869947+rvollgraf@users.noreply.github.com>
parents: 1681
diff changeset
228 case 'e':
5120e22882de pass on sever process environment to child processes (option -e) (#118)
Roland Vollgraf <30869947+rvollgraf@users.noreply.github.com>
parents: 1681
diff changeset
229 svr_opts.pass_on_env = 1;
5120e22882de pass on sever process environment to child processes (option -e) (#118)
Roland Vollgraf <30869947+rvollgraf@users.noreply.github.com>
parents: 1681
diff changeset
230 break;
5120e22882de pass on sever process environment to child processes (option -e) (#118)
Roland Vollgraf <30869947+rvollgraf@users.noreply.github.com>
parents: 1681
diff changeset
231
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1290
diff changeset
232 #if DROPBEAR_SVR_LOCALTCPFWD
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
233 case 'j':
258
306499676384 * add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents: 165
diff changeset
234 svr_opts.nolocaltcp = 1;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
235 break;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
236 #endif
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1290
diff changeset
237 #if DROPBEAR_SVR_REMOTETCPFWD
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
238 case 'k':
258
306499676384 * add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents: 165
diff changeset
239 svr_opts.noremotetcp = 1;
306499676384 * add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents: 165
diff changeset
240 break;
306499676384 * add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents: 165
diff changeset
241 case 'a':
306499676384 * add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents: 165
diff changeset
242 opts.listen_fwd_all = 1;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
243 break;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
244 #endif
1499
2d450c1056e3 options: Complete the transition to numeric toggles (`#if')
Michael Witten <mfwitten@gmail.com>
parents: 1445
diff changeset
245 #if INETD_MODE
71
ac96bc733e71 adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
246 case 'i':
ac96bc733e71 adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
247 svr_opts.inetdmode = 1;
ac96bc733e71 adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
248 break;
ac96bc733e71 adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
249 #endif
1861
2b3a8026a6ce Add re-exec for server
Matt Johnston <matt@ucc.asn.au>
parents: 1856
diff changeset
250 #if DROPBEAR_DO_REEXEC && NON_INETD_MODE
2b3a8026a6ce Add re-exec for server
Matt Johnston <matt@ucc.asn.au>
parents: 1856
diff changeset
251 /* For internal use by re-exec */
2b3a8026a6ce Add re-exec for server
Matt Johnston <matt@ucc.asn.au>
parents: 1856
diff changeset
252 case '2':
2b3a8026a6ce Add re-exec for server
Matt Johnston <matt@ucc.asn.au>
parents: 1856
diff changeset
253 svr_opts.reexec_child = 1;
2b3a8026a6ce Add re-exec for server
Matt Johnston <matt@ucc.asn.au>
parents: 1856
diff changeset
254 break;
2b3a8026a6ce Add re-exec for server
Matt Johnston <matt@ucc.asn.au>
parents: 1856
diff changeset
255 #endif
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
256 case 'p':
434
0aaaf68e97dc Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents: 271
diff changeset
257 nextisport = 1;
0aaaf68e97dc Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents: 271
diff changeset
258 break;
323
3bfbe95f9a14 Add -P pidfile patch from Swen Schillig
Matt Johnston <matt@ucc.asn.au>
parents: 271
diff changeset
259 case 'P':
3bfbe95f9a14 Add -P pidfile patch from Swen Schillig
Matt Johnston <matt@ucc.asn.au>
parents: 271
diff changeset
260 next = &svr_opts.pidfile;
3bfbe95f9a14 Add -P pidfile patch from Swen Schillig
Matt Johnston <matt@ucc.asn.au>
parents: 271
diff changeset
261 break;
1499
2d450c1056e3 options: Complete the transition to numeric toggles (`#if')
Michael Witten <mfwitten@gmail.com>
parents: 1445
diff changeset
262 #if DO_MOTD
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
263 /* motd is displayed by default, -m turns it off */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
264 case 'm':
24
469950e86d0f switching to global vars
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
265 svr_opts.domotd = 0;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
266 break;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
267 #endif
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
268 case 'w':
24
469950e86d0f switching to global vars
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
269 svr_opts.norootlogin = 1;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
270 break;
1551
1acbdf64088e add guard HAVE_GETGROUPLIST
Matt Johnston <matt@ucc.asn.au>
parents: 1538
diff changeset
271 #ifdef HAVE_GETGROUPLIST
1537
6a83b1944432 Fix restricted group code for BSDs, move to separate function
Matt Johnston <matt@ucc.asn.au>
parents: 1535
diff changeset
272 case 'G':
6a83b1944432 Fix restricted group code for BSDs, move to separate function
Matt Johnston <matt@ucc.asn.au>
parents: 1535
diff changeset
273 next = &svr_opts.restrict_group;
6a83b1944432 Fix restricted group code for BSDs, move to separate function
Matt Johnston <matt@ucc.asn.au>
parents: 1535
diff changeset
274 break;
1551
1acbdf64088e add guard HAVE_GETGROUPLIST
Matt Johnston <matt@ucc.asn.au>
parents: 1538
diff changeset
275 #endif
449
3e6c536bc023 Add -W <windowsize> argument and document it.
Matt Johnston <matt@ucc.asn.au>
parents: 446
diff changeset
276 case 'W':
3e6c536bc023 Add -W <windowsize> argument and document it.
Matt Johnston <matt@ucc.asn.au>
parents: 446
diff changeset
277 next = &recv_window_arg;
3e6c536bc023 Add -W <windowsize> argument and document it.
Matt Johnston <matt@ucc.asn.au>
parents: 446
diff changeset
278 break;
454
7e43f5e473b9 - Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents: 449
diff changeset
279 case 'K':
7e43f5e473b9 - Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents: 449
diff changeset
280 next = &keepalive_arg;
7e43f5e473b9 - Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents: 449
diff changeset
281 break;
513
a3748e54273c Idle timeout patch from Farrell Aultman. Needs testing, unsure if server
Matt Johnston <matt@ucc.asn.au>
parents: 510
diff changeset
282 case 'I':
a3748e54273c Idle timeout patch from Farrell Aultman. Needs testing, unsure if server
Matt Johnston <matt@ucc.asn.au>
parents: 510
diff changeset
283 next = &idle_timeout_arg;
a3748e54273c Idle timeout patch from Farrell Aultman. Needs testing, unsure if server
Matt Johnston <matt@ucc.asn.au>
parents: 510
diff changeset
284 break;
1442
517c67cbcd31 dropbear server: support -T max auth tries
Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
parents: 1404
diff changeset
285 case 'T':
517c67cbcd31 dropbear server: support -T max auth tries
Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
parents: 1404
diff changeset
286 next = &maxauthtries_arg;
517c67cbcd31 dropbear server: support -T max auth tries
Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
parents: 1404
diff changeset
287 break;
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1290
diff changeset
288 #if DROPBEAR_SVR_PASSWORD_AUTH || DROPBEAR_SVR_PAM_AUTH
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
289 case 's':
24
469950e86d0f switching to global vars
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
290 svr_opts.noauthpass = 1;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
291 break;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
292 case 'g':
24
469950e86d0f switching to global vars
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
293 svr_opts.norootpass = 1;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
294 break;
692
c58a15983808 Allow configuring "allow blank password option" at runtime
Paul Eggleton <paul.eggleton@linux.intel.com>
parents: 671
diff changeset
295 case 'B':
c58a15983808 Allow configuring "allow blank password option" at runtime
Paul Eggleton <paul.eggleton@linux.intel.com>
parents: 671
diff changeset
296 svr_opts.allowblankpass = 1;
c58a15983808 Allow configuring "allow blank password option" at runtime
Paul Eggleton <paul.eggleton@linux.intel.com>
parents: 671
diff changeset
297 break;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
298 #endif
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
299 case 'h':
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
300 printhelp(argv[0]);
946
17d874ae93a1 Add '-V' for version
Matt Johnston <matt@ucc.asn.au>
parents: 876
diff changeset
301 exit(EXIT_SUCCESS);
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
302 break;
442
d82a2a44c684 Add -u option to specify /dev/urandom instead
Matt Johnston <matt@ucc.asn.au>
parents: 435
diff changeset
303 case 'u':
446
2cd2edfa11ee Just use /dev/urandom since that's what everyone ends up using anyway.
Matt Johnston <matt@ucc.asn.au>
parents: 442
diff changeset
304 /* backwards compatibility with old urandom option */
442
d82a2a44c684 Add -u option to specify /dev/urandom instead
Matt Johnston <matt@ucc.asn.au>
parents: 435
diff changeset
305 break;
1654
cc0fc5131c5c Rename EPKA -> Plugin
Matt Johnston <matt@ucc.asn.au>
parents: 1653
diff changeset
306 #if DROPBEAR_PLUGIN
1653
76189c9ffea2 External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents: 1603
diff changeset
307 case 'A':
76189c9ffea2 External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents: 1603
diff changeset
308 next = &pubkey_plugin;
76189c9ffea2 External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents: 1603
diff changeset
309 break;
76189c9ffea2 External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents: 1603
diff changeset
310 #endif
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1290
diff changeset
311 #if DEBUG_TRACE
94
c85c88500ea6 DEBUG_TRACE now only triggers with -v on the cmdline
Matt Johnston <matt@ucc.asn.au>
parents: 91
diff changeset
312 case 'v':
1904
be236878efcf Add -v variable debug levels for server too
Matt Johnston <matt@ucc.asn.au>
parents: 1902
diff changeset
313 debug_trace++;
94
c85c88500ea6 DEBUG_TRACE now only triggers with -v on the cmdline
Matt Johnston <matt@ucc.asn.au>
parents: 91
diff changeset
314 break;
c85c88500ea6 DEBUG_TRACE now only triggers with -v on the cmdline
Matt Johnston <matt@ucc.asn.au>
parents: 91
diff changeset
315 #endif
946
17d874ae93a1 Add '-V' for version
Matt Johnston <matt@ucc.asn.au>
parents: 876
diff changeset
316 case 'V':
948
f92eb625c48d - Don't use multichar constants since recent gcc complains
Matt Johnston <matt@ucc.asn.au>
parents: 946
diff changeset
317 print_version();
946
17d874ae93a1 Add '-V' for version
Matt Johnston <matt@ucc.asn.au>
parents: 876
diff changeset
318 exit(EXIT_SUCCESS);
17d874ae93a1 Add '-V' for version
Matt Johnston <matt@ucc.asn.au>
parents: 876
diff changeset
319 break;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
320 default:
1164
8b6cba298768 Enable bundling
Guilhem Moulin <guilhem@fripost.org>
parents: 1160
diff changeset
321 fprintf(stderr, "Invalid option -%c\n", c);
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
322 printhelp(argv[0]);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
323 exit(EXIT_FAILURE);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
324 break;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
325 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
326 }
1164
8b6cba298768 Enable bundling
Guilhem Moulin <guilhem@fripost.org>
parents: 1160
diff changeset
327
8b6cba298768 Enable bundling
Guilhem Moulin <guilhem@fripost.org>
parents: 1160
diff changeset
328 if (!next && !nextisport)
8b6cba298768 Enable bundling
Guilhem Moulin <guilhem@fripost.org>
parents: 1160
diff changeset
329 continue;
8b6cba298768 Enable bundling
Guilhem Moulin <guilhem@fripost.org>
parents: 1160
diff changeset
330
8b6cba298768 Enable bundling
Guilhem Moulin <guilhem@fripost.org>
parents: 1160
diff changeset
331 if (c == '\0') {
8b6cba298768 Enable bundling
Guilhem Moulin <guilhem@fripost.org>
parents: 1160
diff changeset
332 i++;
8b6cba298768 Enable bundling
Guilhem Moulin <guilhem@fripost.org>
parents: 1160
diff changeset
333 j = 0;
8b6cba298768 Enable bundling
Guilhem Moulin <guilhem@fripost.org>
parents: 1160
diff changeset
334 if (!argv[i]) {
8b6cba298768 Enable bundling
Guilhem Moulin <guilhem@fripost.org>
parents: 1160
diff changeset
335 dropbear_exit("Missing argument");
8b6cba298768 Enable bundling
Guilhem Moulin <guilhem@fripost.org>
parents: 1160
diff changeset
336 }
8b6cba298768 Enable bundling
Guilhem Moulin <guilhem@fripost.org>
parents: 1160
diff changeset
337 }
8b6cba298768 Enable bundling
Guilhem Moulin <guilhem@fripost.org>
parents: 1160
diff changeset
338
8b6cba298768 Enable bundling
Guilhem Moulin <guilhem@fripost.org>
parents: 1160
diff changeset
339 if (nextisport) {
8b6cba298768 Enable bundling
Guilhem Moulin <guilhem@fripost.org>
parents: 1160
diff changeset
340 addportandaddress(&argv[i][j]);
8b6cba298768 Enable bundling
Guilhem Moulin <guilhem@fripost.org>
parents: 1160
diff changeset
341 nextisport = 0;
8b6cba298768 Enable bundling
Guilhem Moulin <guilhem@fripost.org>
parents: 1160
diff changeset
342 } else if (next) {
8b6cba298768 Enable bundling
Guilhem Moulin <guilhem@fripost.org>
parents: 1160
diff changeset
343 *next = &argv[i][j];
8b6cba298768 Enable bundling
Guilhem Moulin <guilhem@fripost.org>
parents: 1160
diff changeset
344 if (*next == NULL) {
8b6cba298768 Enable bundling
Guilhem Moulin <guilhem@fripost.org>
parents: 1160
diff changeset
345 dropbear_exit("Invalid null argument");
8b6cba298768 Enable bundling
Guilhem Moulin <guilhem@fripost.org>
parents: 1160
diff changeset
346 }
1404
e8f67918fdc9 when pointer, use NULL instead of 0
Francois Perrad <francois.perrad@gadz.org>
parents: 1295
diff changeset
347 next = NULL;
1164
8b6cba298768 Enable bundling
Guilhem Moulin <guilhem@fripost.org>
parents: 1160
diff changeset
348
8b6cba298768 Enable bundling
Guilhem Moulin <guilhem@fripost.org>
parents: 1160
diff changeset
349 if (keyfile) {
8b6cba298768 Enable bundling
Guilhem Moulin <guilhem@fripost.org>
parents: 1160
diff changeset
350 addhostkey(keyfile);
8b6cba298768 Enable bundling
Guilhem Moulin <guilhem@fripost.org>
parents: 1160
diff changeset
351 keyfile = NULL;
8b6cba298768 Enable bundling
Guilhem Moulin <guilhem@fripost.org>
parents: 1160
diff changeset
352 }
8b6cba298768 Enable bundling
Guilhem Moulin <guilhem@fripost.org>
parents: 1160
diff changeset
353 }
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
354 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
355
101
72dc22f56858 Change the way we load keys/ports so we don't print error messages into our
Matt Johnston <matt@ucc.asn.au>
parents: 94
diff changeset
356 /* Set up listening ports */
72dc22f56858 Change the way we load keys/ports so we don't print error messages into our
Matt Johnston <matt@ucc.asn.au>
parents: 94
diff changeset
357 if (svr_opts.portcount == 0) {
72dc22f56858 Change the way we load keys/ports so we don't print error messages into our
Matt Johnston <matt@ucc.asn.au>
parents: 94
diff changeset
358 svr_opts.ports[0] = m_strdup(DROPBEAR_DEFPORT);
434
0aaaf68e97dc Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents: 271
diff changeset
359 svr_opts.addresses[0] = m_strdup(DROPBEAR_DEFADDRESS);
101
72dc22f56858 Change the way we load keys/ports so we don't print error messages into our
Matt Johnston <matt@ucc.asn.au>
parents: 94
diff changeset
360 svr_opts.portcount = 1;
72dc22f56858 Change the way we load keys/ports so we don't print error messages into our
Matt Johnston <matt@ucc.asn.au>
parents: 94
diff changeset
361 }
513
a3748e54273c Idle timeout patch from Farrell Aultman. Needs testing, unsure if server
Matt Johnston <matt@ucc.asn.au>
parents: 510
diff changeset
362
24
469950e86d0f switching to global vars
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
363 if (svr_opts.bannerfile) {
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
364 struct stat buf;
24
469950e86d0f switching to global vars
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
365 if (stat(svr_opts.bannerfile, &buf) != 0) {
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
366 dropbear_exit("Error opening banner file '%s'",
24
469950e86d0f switching to global vars
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
367 svr_opts.bannerfile);
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
368 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
369
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
370 if (buf.st_size > MAX_BANNER_SIZE) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
371 dropbear_exit("Banner file too large, max is %d bytes",
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
372 MAX_BANNER_SIZE);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
373 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
374
24
469950e86d0f switching to global vars
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
375 svr_opts.banner = buf_new(buf.st_size);
469950e86d0f switching to global vars
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
376 if (buf_readfile(svr_opts.banner, svr_opts.bannerfile)!=DROPBEAR_SUCCESS) {
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
377 dropbear_exit("Error reading banner file '%s'",
24
469950e86d0f switching to global vars
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
378 svr_opts.bannerfile);
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
379 }
24
469950e86d0f switching to global vars
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
380 buf_setpos(svr_opts.banner, 0);
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
381 }
1534
ed930fd6f60f Added the -G option to allow logins only for users that are members of a certain group. This allows finer control of an instance on who can and cannot login over a certain instance (e.g. password and not key). Needs double-checking and ensuring it meets platform requirements.
stellarpower <stellarpower@googlemail.com>
parents: 1499
diff changeset
382
1551
1acbdf64088e add guard HAVE_GETGROUPLIST
Matt Johnston <matt@ucc.asn.au>
parents: 1538
diff changeset
383 #ifdef HAVE_GETGROUPLIST
1537
6a83b1944432 Fix restricted group code for BSDs, move to separate function
Matt Johnston <matt@ucc.asn.au>
parents: 1535
diff changeset
384 if (svr_opts.restrict_group) {
6a83b1944432 Fix restricted group code for BSDs, move to separate function
Matt Johnston <matt@ucc.asn.au>
parents: 1535
diff changeset
385 struct group *restrictedgroup = getgrnam(svr_opts.restrict_group);
1534
ed930fd6f60f Added the -G option to allow logins only for users that are members of a certain group. This allows finer control of an instance on who can and cannot login over a certain instance (e.g. password and not key). Needs double-checking and ensuring it meets platform requirements.
stellarpower <stellarpower@googlemail.com>
parents: 1499
diff changeset
386
1537
6a83b1944432 Fix restricted group code for BSDs, move to separate function
Matt Johnston <matt@ucc.asn.au>
parents: 1535
diff changeset
387 if (restrictedgroup){
6a83b1944432 Fix restricted group code for BSDs, move to separate function
Matt Johnston <matt@ucc.asn.au>
parents: 1535
diff changeset
388 svr_opts.restrict_group_gid = restrictedgroup->gr_gid;
6a83b1944432 Fix restricted group code for BSDs, move to separate function
Matt Johnston <matt@ucc.asn.au>
parents: 1535
diff changeset
389 } else {
6a83b1944432 Fix restricted group code for BSDs, move to separate function
Matt Johnston <matt@ucc.asn.au>
parents: 1535
diff changeset
390 dropbear_exit("Cannot restrict logins to group '%s' as the group does not exist", svr_opts.restrict_group);
6a83b1944432 Fix restricted group code for BSDs, move to separate function
Matt Johnston <matt@ucc.asn.au>
parents: 1535
diff changeset
391 }
6a83b1944432 Fix restricted group code for BSDs, move to separate function
Matt Johnston <matt@ucc.asn.au>
parents: 1535
diff changeset
392 }
1551
1acbdf64088e add guard HAVE_GETGROUPLIST
Matt Johnston <matt@ucc.asn.au>
parents: 1538
diff changeset
393 #endif
1834
94dc11094e26 Increase max window size to 10MB, fallback rather than
Matt Johnston <matt@codeconstruct.com.au>
parents: 1819
diff changeset
394
454
7e43f5e473b9 - Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents: 449
diff changeset
395 if (recv_window_arg) {
1834
94dc11094e26 Increase max window size to 10MB, fallback rather than
Matt Johnston <matt@codeconstruct.com.au>
parents: 1819
diff changeset
396 parse_recv_window(recv_window_arg);
449
3e6c536bc023 Add -W <windowsize> argument and document it.
Matt Johnston <matt@ucc.asn.au>
parents: 446
diff changeset
397 }
1442
517c67cbcd31 dropbear server: support -T max auth tries
Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
parents: 1404
diff changeset
398
517c67cbcd31 dropbear server: support -T max auth tries
Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
parents: 1404
diff changeset
399 if (maxauthtries_arg) {
517c67cbcd31 dropbear server: support -T max auth tries
Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
parents: 1404
diff changeset
400 unsigned int val = 0;
1445
a3a96dbf9a58 Use MAX_AUTH_TRIES rather than DEFAULT_AUTH_TRIES, don't limit argument range
Matt Johnston <matt@ucc.asn.au>
parents: 1442
diff changeset
401 if (m_str_to_uint(maxauthtries_arg, &val) == DROPBEAR_FAILURE
a3a96dbf9a58 Use MAX_AUTH_TRIES rather than DEFAULT_AUTH_TRIES, don't limit argument range
Matt Johnston <matt@ucc.asn.au>
parents: 1442
diff changeset
402 || val == 0) {
1442
517c67cbcd31 dropbear server: support -T max auth tries
Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
parents: 1404
diff changeset
403 dropbear_exit("Bad maxauthtries '%s'", maxauthtries_arg);
517c67cbcd31 dropbear server: support -T max auth tries
Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
parents: 1404
diff changeset
404 }
517c67cbcd31 dropbear server: support -T max auth tries
Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
parents: 1404
diff changeset
405 svr_opts.maxauthtries = val;
517c67cbcd31 dropbear server: support -T max auth tries
Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
parents: 1404
diff changeset
406 }
517c67cbcd31 dropbear server: support -T max auth tries
Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
parents: 1404
diff changeset
407
1834
94dc11094e26 Increase max window size to 10MB, fallback rather than
Matt Johnston <matt@codeconstruct.com.au>
parents: 1819
diff changeset
408
454
7e43f5e473b9 - Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents: 449
diff changeset
409 if (keepalive_arg) {
568
005530560594 Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents: 513
diff changeset
410 unsigned int val;
005530560594 Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents: 513
diff changeset
411 if (m_str_to_uint(keepalive_arg, &val) == DROPBEAR_FAILURE) {
454
7e43f5e473b9 - Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents: 449
diff changeset
412 dropbear_exit("Bad keepalive '%s'", keepalive_arg);
7e43f5e473b9 - Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents: 449
diff changeset
413 }
568
005530560594 Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents: 513
diff changeset
414 opts.keepalive_secs = val;
454
7e43f5e473b9 - Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents: 449
diff changeset
415 }
513
a3748e54273c Idle timeout patch from Farrell Aultman. Needs testing, unsure if server
Matt Johnston <matt@ucc.asn.au>
parents: 510
diff changeset
416
a3748e54273c Idle timeout patch from Farrell Aultman. Needs testing, unsure if server
Matt Johnston <matt@ucc.asn.au>
parents: 510
diff changeset
417 if (idle_timeout_arg) {
568
005530560594 Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents: 513
diff changeset
418 unsigned int val;
005530560594 Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents: 513
diff changeset
419 if (m_str_to_uint(idle_timeout_arg, &val) == DROPBEAR_FAILURE) {
513
a3748e54273c Idle timeout patch from Farrell Aultman. Needs testing, unsure if server
Matt Johnston <matt@ucc.asn.au>
parents: 510
diff changeset
420 dropbear_exit("Bad idle_timeout '%s'", idle_timeout_arg);
a3748e54273c Idle timeout patch from Farrell Aultman. Needs testing, unsure if server
Matt Johnston <matt@ucc.asn.au>
parents: 510
diff changeset
421 }
568
005530560594 Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents: 513
diff changeset
422 opts.idle_timeout_secs = val;
513
a3748e54273c Idle timeout patch from Farrell Aultman. Needs testing, unsure if server
Matt Johnston <matt@ucc.asn.au>
parents: 510
diff changeset
423 }
1290
ee2ffa044c7e Add manpage and log for forced_command
Matt Johnston <matt@ucc.asn.au>
parents: 1289
diff changeset
424
ee2ffa044c7e Add manpage and log for forced_command
Matt Johnston <matt@ucc.asn.au>
parents: 1289
diff changeset
425 if (svr_opts.forced_command) {
ee2ffa044c7e Add manpage and log for forced_command
Matt Johnston <matt@ucc.asn.au>
parents: 1289
diff changeset
426 dropbear_log(LOG_INFO, "Forced command set to '%s'", svr_opts.forced_command);
ee2ffa044c7e Add manpage and log for forced_command
Matt Johnston <matt@ucc.asn.au>
parents: 1289
diff changeset
427 }
1861
2b3a8026a6ce Add re-exec for server
Matt Johnston <matt@ucc.asn.au>
parents: 1856
diff changeset
428
2b3a8026a6ce Add re-exec for server
Matt Johnston <matt@ucc.asn.au>
parents: 1856
diff changeset
429 #if INETD_MODE
2b3a8026a6ce Add re-exec for server
Matt Johnston <matt@ucc.asn.au>
parents: 1856
diff changeset
430 if (svr_opts.inetdmode && (
2b3a8026a6ce Add re-exec for server
Matt Johnston <matt@ucc.asn.au>
parents: 1856
diff changeset
431 opts.usingsyslog == 0
2b3a8026a6ce Add re-exec for server
Matt Johnston <matt@ucc.asn.au>
parents: 1856
diff changeset
432 #if DEBUG_TRACE
2b3a8026a6ce Add re-exec for server
Matt Johnston <matt@ucc.asn.au>
parents: 1856
diff changeset
433 || debug_trace
2b3a8026a6ce Add re-exec for server
Matt Johnston <matt@ucc.asn.au>
parents: 1856
diff changeset
434 #endif
2b3a8026a6ce Add re-exec for server
Matt Johnston <matt@ucc.asn.au>
parents: 1856
diff changeset
435 )) {
2b3a8026a6ce Add re-exec for server
Matt Johnston <matt@ucc.asn.au>
parents: 1856
diff changeset
436 /* log output goes to stderr which would get sent over the inetd network socket */
2b3a8026a6ce Add re-exec for server
Matt Johnston <matt@ucc.asn.au>
parents: 1856
diff changeset
437 dropbear_exit("Dropbear inetd mode is incompatible with debug -v or non-syslog");
2b3a8026a6ce Add re-exec for server
Matt Johnston <matt@ucc.asn.au>
parents: 1856
diff changeset
438 }
2b3a8026a6ce Add re-exec for server
Matt Johnston <matt@ucc.asn.au>
parents: 1856
diff changeset
439 #endif
2b3a8026a6ce Add re-exec for server
Matt Johnston <matt@ucc.asn.au>
parents: 1856
diff changeset
440
1654
cc0fc5131c5c Rename EPKA -> Plugin
Matt Johnston <matt@ucc.asn.au>
parents: 1653
diff changeset
441 #if DROPBEAR_PLUGIN
1653
76189c9ffea2 External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents: 1603
diff changeset
442 if (pubkey_plugin) {
76189c9ffea2 External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents: 1603
diff changeset
443 char *args = strchr(pubkey_plugin, ',');
76189c9ffea2 External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents: 1603
diff changeset
444 if (args) {
76189c9ffea2 External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents: 1603
diff changeset
445 *args='\0';
76189c9ffea2 External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents: 1603
diff changeset
446 ++args;
76189c9ffea2 External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents: 1603
diff changeset
447 }
76189c9ffea2 External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents: 1603
diff changeset
448 svr_opts.pubkey_plugin = pubkey_plugin;
76189c9ffea2 External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents: 1603
diff changeset
449 svr_opts.pubkey_plugin_options = args;
76189c9ffea2 External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents: 1603
diff changeset
450 }
76189c9ffea2 External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents: 1603
diff changeset
451 #endif
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
452 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
453
1197
86a9e0204c03 ports and addresses must be malloced to avoid segfault on exit
Matt Johnston <matt@ucc.asn.au>
parents: 1177
diff changeset
454 static void addportandaddress(const char* spec) {
1936
4528afefe45d Fix IPv6 address parsing for dbclient -b
Matt Johnston <matt@ucc.asn.au>
parents: 1921
diff changeset
455 char *port = NULL, *address = NULL;
434
0aaaf68e97dc Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents: 271
diff changeset
456
1936
4528afefe45d Fix IPv6 address parsing for dbclient -b
Matt Johnston <matt@ucc.asn.au>
parents: 1921
diff changeset
457 if (svr_opts.portcount >= DROPBEAR_MAX_PORTS) {
4528afefe45d Fix IPv6 address parsing for dbclient -b
Matt Johnston <matt@ucc.asn.au>
parents: 1921
diff changeset
458 return;
4528afefe45d Fix IPv6 address parsing for dbclient -b
Matt Johnston <matt@ucc.asn.au>
parents: 1921
diff changeset
459 }
4528afefe45d Fix IPv6 address parsing for dbclient -b
Matt Johnston <matt@ucc.asn.au>
parents: 1921
diff changeset
460
4528afefe45d Fix IPv6 address parsing for dbclient -b
Matt Johnston <matt@ucc.asn.au>
parents: 1921
diff changeset
461 if (split_address_port(spec, &address, &port) == DROPBEAR_FAILURE) {
4528afefe45d Fix IPv6 address parsing for dbclient -b
Matt Johnston <matt@ucc.asn.au>
parents: 1921
diff changeset
462 dropbear_exit("Bad -p argument");
4528afefe45d Fix IPv6 address parsing for dbclient -b
Matt Johnston <matt@ucc.asn.au>
parents: 1921
diff changeset
463 }
434
0aaaf68e97dc Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents: 271
diff changeset
464
1936
4528afefe45d Fix IPv6 address parsing for dbclient -b
Matt Johnston <matt@ucc.asn.au>
parents: 1921
diff changeset
465 /* A bare port */
4528afefe45d Fix IPv6 address parsing for dbclient -b
Matt Johnston <matt@ucc.asn.au>
parents: 1921
diff changeset
466 if (!port) {
4528afefe45d Fix IPv6 address parsing for dbclient -b
Matt Johnston <matt@ucc.asn.au>
parents: 1921
diff changeset
467 port = address;
4528afefe45d Fix IPv6 address parsing for dbclient -b
Matt Johnston <matt@ucc.asn.au>
parents: 1921
diff changeset
468 address = NULL;
4528afefe45d Fix IPv6 address parsing for dbclient -b
Matt Johnston <matt@ucc.asn.au>
parents: 1921
diff changeset
469 }
434
0aaaf68e97dc Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents: 271
diff changeset
470
1936
4528afefe45d Fix IPv6 address parsing for dbclient -b
Matt Johnston <matt@ucc.asn.au>
parents: 1921
diff changeset
471 if (!address) {
4528afefe45d Fix IPv6 address parsing for dbclient -b
Matt Johnston <matt@ucc.asn.au>
parents: 1921
diff changeset
472 /* no address given -> fill in the default address */
4528afefe45d Fix IPv6 address parsing for dbclient -b
Matt Johnston <matt@ucc.asn.au>
parents: 1921
diff changeset
473 address = m_strdup(DROPBEAR_DEFADDRESS);
4528afefe45d Fix IPv6 address parsing for dbclient -b
Matt Johnston <matt@ucc.asn.au>
parents: 1921
diff changeset
474 }
434
0aaaf68e97dc Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents: 271
diff changeset
475
1936
4528afefe45d Fix IPv6 address parsing for dbclient -b
Matt Johnston <matt@ucc.asn.au>
parents: 1921
diff changeset
476 if (port[0] == '\0') {
4528afefe45d Fix IPv6 address parsing for dbclient -b
Matt Johnston <matt@ucc.asn.au>
parents: 1921
diff changeset
477 /* empty port -> exit */
4528afefe45d Fix IPv6 address parsing for dbclient -b
Matt Johnston <matt@ucc.asn.au>
parents: 1921
diff changeset
478 dropbear_exit("Bad port");
434
0aaaf68e97dc Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents: 271
diff changeset
479 }
1936
4528afefe45d Fix IPv6 address parsing for dbclient -b
Matt Johnston <matt@ucc.asn.au>
parents: 1921
diff changeset
480 svr_opts.ports[svr_opts.portcount] = port;
4528afefe45d Fix IPv6 address parsing for dbclient -b
Matt Johnston <matt@ucc.asn.au>
parents: 1921
diff changeset
481 svr_opts.addresses[svr_opts.portcount] = address;
4528afefe45d Fix IPv6 address parsing for dbclient -b
Matt Johnston <matt@ucc.asn.au>
parents: 1921
diff changeset
482 svr_opts.portcount++;
434
0aaaf68e97dc Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents: 271
diff changeset
483 }
0aaaf68e97dc Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents: 271
diff changeset
484
795
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
485 static void disablekey(int type) {
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
486 int i;
802
4029d3432a4f Fix broken disablekey()
Matt Johnston <matt@ucc.asn.au>
parents: 795
diff changeset
487 TRACE(("Disabling key type %d", type))
1678
4b4cfc92c5b7 Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents: 1659
diff changeset
488 for (i = 0; sigalgs[i].name != NULL; i++) {
4b4cfc92c5b7 Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents: 1659
diff changeset
489 if (sigalgs[i].val == type) {
4b4cfc92c5b7 Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents: 1659
diff changeset
490 sigalgs[i].usable = 0;
47
4b53a43f0082 - client pubkey auth works
Matt Johnston <matt@ucc.asn.au>
parents: 33
diff changeset
491 break;
4b53a43f0082 - client pubkey auth works
Matt Johnston <matt@ucc.asn.au>
parents: 33
diff changeset
492 }
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
493 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
494 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
495
807
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 802
diff changeset
496 static void loadhostkey_helper(const char *name, void** src, void** dst, int fatal_duplicate) {
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 802
diff changeset
497 if (*dst) {
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 802
diff changeset
498 if (fatal_duplicate) {
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 802
diff changeset
499 dropbear_exit("Only one %s key can be specified", name);
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 802
diff changeset
500 }
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 802
diff changeset
501 } else {
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 802
diff changeset
502 *dst = *src;
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 802
diff changeset
503 *src = NULL;
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 802
diff changeset
504 }
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 802
diff changeset
505
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 802
diff changeset
506 }
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 802
diff changeset
507
101
72dc22f56858 Change the way we load keys/ports so we don't print error messages into our
Matt Johnston <matt@ucc.asn.au>
parents: 94
diff changeset
508 /* Must be called after syslog/etc is working */
795
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
509 static void loadhostkey(const char *keyfile, int fatal_duplicate) {
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
510 sign_key * read_key = new_sign_key();
1921
284c3837891c Allow user space file locations (rootless support)
Begley Brothers Inc <begleybrothers@gmail.com>
parents: 1904
diff changeset
511 char *expand_path = expand_homedir_path(keyfile);
847
f4bb964c8678 Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents: 846
diff changeset
512 enum signkey_type type = DROPBEAR_SIGNKEY_ANY;
1921
284c3837891c Allow user space file locations (rootless support)
Begley Brothers Inc <begleybrothers@gmail.com>
parents: 1904
diff changeset
513 if (readhostkey(expand_path, read_key, &type) == DROPBEAR_FAILURE) {
976
964d41e3aeb2 Don't print "Failed loading hostkey" when -R delayed hostkey option is enabled
Steven Honeyman <stevenhoneyman@gmail.com>
parents: 948
diff changeset
514 if (!svr_opts.delay_hostkey) {
1921
284c3837891c Allow user space file locations (rootless support)
Begley Brothers Inc <begleybrothers@gmail.com>
parents: 1904
diff changeset
515 dropbear_log(LOG_WARNING, "Failed loading %s", expand_path);
976
964d41e3aeb2 Don't print "Failed loading hostkey" when -R delayed hostkey option is enabled
Steven Honeyman <stevenhoneyman@gmail.com>
parents: 948
diff changeset
516 }
795
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
517 }
1921
284c3837891c Allow user space file locations (rootless support)
Begley Brothers Inc <begleybrothers@gmail.com>
parents: 1904
diff changeset
518 m_free(expand_path);
795
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
519
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1290
diff changeset
520 #if DROPBEAR_RSA
795
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
521 if (type == DROPBEAR_SIGNKEY_RSA) {
852
7540c0822374 Various cleanups and fixes for warnings
Matt Johnston <matt@ucc.asn.au>
parents: 847
diff changeset
522 loadhostkey_helper("RSA", (void**)&read_key->rsakey, (void**)&svr_opts.hostkey->rsakey, fatal_duplicate);
795
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
523 }
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
524 #endif
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
525
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1290
diff changeset
526 #if DROPBEAR_DSS
795
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
527 if (type == DROPBEAR_SIGNKEY_DSS) {
852
7540c0822374 Various cleanups and fixes for warnings
Matt Johnston <matt@ucc.asn.au>
parents: 847
diff changeset
528 loadhostkey_helper("DSS", (void**)&read_key->dsskey, (void**)&svr_opts.hostkey->dsskey, fatal_duplicate);
795
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
529 }
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
530 #endif
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
531
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1290
diff changeset
532 #if DROPBEAR_ECDSA
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1290
diff changeset
533 #if DROPBEAR_ECC_256
807
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 802
diff changeset
534 if (type == DROPBEAR_SIGNKEY_ECDSA_NISTP256) {
852
7540c0822374 Various cleanups and fixes for warnings
Matt Johnston <matt@ucc.asn.au>
parents: 847
diff changeset
535 loadhostkey_helper("ECDSA256", (void**)&read_key->ecckey256, (void**)&svr_opts.hostkey->ecckey256, fatal_duplicate);
795
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
536 }
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
537 #endif
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1290
diff changeset
538 #if DROPBEAR_ECC_384
807
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 802
diff changeset
539 if (type == DROPBEAR_SIGNKEY_ECDSA_NISTP384) {
852
7540c0822374 Various cleanups and fixes for warnings
Matt Johnston <matt@ucc.asn.au>
parents: 847
diff changeset
540 loadhostkey_helper("ECDSA384", (void**)&read_key->ecckey384, (void**)&svr_opts.hostkey->ecckey384, fatal_duplicate);
807
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 802
diff changeset
541 }
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 802
diff changeset
542 #endif
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1290
diff changeset
543 #if DROPBEAR_ECC_521
807
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 802
diff changeset
544 if (type == DROPBEAR_SIGNKEY_ECDSA_NISTP521) {
852
7540c0822374 Various cleanups and fixes for warnings
Matt Johnston <matt@ucc.asn.au>
parents: 847
diff changeset
545 loadhostkey_helper("ECDSA521", (void**)&read_key->ecckey521, (void**)&svr_opts.hostkey->ecckey521, fatal_duplicate);
807
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 802
diff changeset
546 }
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 802
diff changeset
547 #endif
857
c19acba28590 use oldstyle comments
Matt Johnston <matt@ucc.asn.au>
parents: 852
diff changeset
548 #endif /* DROPBEAR_ECDSA */
1659
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1654
diff changeset
549
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1654
diff changeset
550 #if DROPBEAR_ED25519
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1654
diff changeset
551 if (type == DROPBEAR_SIGNKEY_ED25519) {
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1654
diff changeset
552 loadhostkey_helper("ed25519", (void**)&read_key->ed25519key, (void**)&svr_opts.hostkey->ed25519key, fatal_duplicate);
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1654
diff changeset
553 }
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1654
diff changeset
554 #endif
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1654
diff changeset
555
795
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
556 sign_key_free(read_key);
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
557 TRACE(("leave loadhostkey"))
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
558 }
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
559
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
560 static void addhostkey(const char *keyfile) {
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
561 if (svr_opts.num_hostkey_files >= MAX_HOSTKEYS) {
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
562 dropbear_exit("Too many hostkeys");
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
563 }
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
564 svr_opts.hostkey_files[svr_opts.num_hostkey_files] = m_strdup(keyfile);
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
565 svr_opts.num_hostkey_files++;
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
566 }
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
567
1347
b28624698130 copy over some fuzzing code from AFL branch
Matt Johnston <matt@ucc.asn.au>
parents: 1210
diff changeset
568
795
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
569 void load_all_hostkeys() {
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
570 int i;
873
17b15683648d Exit if we don't have keys and -R wasn't specified
Matt Johnston <matt@ucc.asn.au>
parents: 857
diff changeset
571 int any_keys = 0;
1681
435cfb9ec96e send and handle SSH_MSG_EXT_INFO only at the correct point
Matt Johnston <matt@ucc.asn.au>
parents: 1678
diff changeset
572 #if DROPBEAR_ECDSA
1603
0dc3103a5900 Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents: 1557
diff changeset
573 int loaded_any_ecdsa = 0;
0dc3103a5900 Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents: 1557
diff changeset
574 #endif
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
575
101
72dc22f56858 Change the way we load keys/ports so we don't print error messages into our
Matt Johnston <matt@ucc.asn.au>
parents: 94
diff changeset
576 svr_opts.hostkey = new_sign_key();
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
577
795
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
578 for (i = 0; i < svr_opts.num_hostkey_files; i++) {
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
579 char *hostkey_file = svr_opts.hostkey_files[i];
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
580 loadhostkey(hostkey_file, 1);
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
581 m_free(hostkey_file);
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
582 }
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
583
1532
3616ec41d03d Only load dropbear default host keys if a key is not specified
CamVan Nguyen <ctnguyen@us.ibm.com>
parents: 1499
diff changeset
584 /* Only load default host keys if a host key is not specified by the user */
3616ec41d03d Only load dropbear default host keys if a key is not specified
CamVan Nguyen <ctnguyen@us.ibm.com>
parents: 1499
diff changeset
585 if (svr_opts.num_hostkey_files == 0) {
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1290
diff changeset
586 #if DROPBEAR_RSA
1532
3616ec41d03d Only load dropbear default host keys if a key is not specified
CamVan Nguyen <ctnguyen@us.ibm.com>
parents: 1499
diff changeset
587 loadhostkey(RSA_PRIV_FILENAME, 0);
795
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
588 #endif
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
589
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1290
diff changeset
590 #if DROPBEAR_DSS
1532
3616ec41d03d Only load dropbear default host keys if a key is not specified
CamVan Nguyen <ctnguyen@us.ibm.com>
parents: 1499
diff changeset
591 loadhostkey(DSS_PRIV_FILENAME, 0);
795
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
592 #endif
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
593
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1290
diff changeset
594 #if DROPBEAR_ECDSA
1532
3616ec41d03d Only load dropbear default host keys if a key is not specified
CamVan Nguyen <ctnguyen@us.ibm.com>
parents: 1499
diff changeset
595 loadhostkey(ECDSA_PRIV_FILENAME, 0);
795
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
596 #endif
1659
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1654
diff changeset
597 #if DROPBEAR_ED25519
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1654
diff changeset
598 loadhostkey(ED25519_PRIV_FILENAME, 0);
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1654
diff changeset
599 #endif
1538
f20038b513a5 more linting (#58)
François Perrad <francois.perrad@gadz.org>
parents: 1537
diff changeset
600 }
795
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
601
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1290
diff changeset
602 #if DROPBEAR_RSA
1603
0dc3103a5900 Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents: 1557
diff changeset
603 if (!svr_opts.delay_hostkey && !svr_opts.hostkey->rsakey) {
795
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
604 disablekey(DROPBEAR_SIGNKEY_RSA);
876
5bfce5dcd461 Fix disabling DSS key
Matt Johnston <matt@ucc.asn.au>
parents: 873
diff changeset
605 } else {
873
17b15683648d Exit if we don't have keys and -R wasn't specified
Matt Johnston <matt@ucc.asn.au>
parents: 857
diff changeset
606 any_keys = 1;
17b15683648d Exit if we don't have keys and -R wasn't specified
Matt Johnston <matt@ucc.asn.au>
parents: 857
diff changeset
607 }
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
608 #endif
847
f4bb964c8678 Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents: 846
diff changeset
609
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1290
diff changeset
610 #if DROPBEAR_DSS
1603
0dc3103a5900 Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents: 1557
diff changeset
611 if (!svr_opts.delay_hostkey && !svr_opts.hostkey->dsskey) {
876
5bfce5dcd461 Fix disabling DSS key
Matt Johnston <matt@ucc.asn.au>
parents: 873
diff changeset
612 disablekey(DROPBEAR_SIGNKEY_DSS);
5bfce5dcd461 Fix disabling DSS key
Matt Johnston <matt@ucc.asn.au>
parents: 873
diff changeset
613 } else {
873
17b15683648d Exit if we don't have keys and -R wasn't specified
Matt Johnston <matt@ucc.asn.au>
parents: 857
diff changeset
614 any_keys = 1;
17b15683648d Exit if we don't have keys and -R wasn't specified
Matt Johnston <matt@ucc.asn.au>
parents: 857
diff changeset
615 }
795
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
616 #endif
847
f4bb964c8678 Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents: 846
diff changeset
617
1603
0dc3103a5900 Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents: 1557
diff changeset
618 #if DROPBEAR_ECDSA
0dc3103a5900 Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents: 1557
diff changeset
619 /* We want to advertise a single ecdsa algorithm size.
0dc3103a5900 Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents: 1557
diff changeset
620 - If there is a ecdsa hostkey at startup we choose that that size.
0dc3103a5900 Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents: 1557
diff changeset
621 - If we generate at runtime we choose the default ecdsa size.
0dc3103a5900 Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents: 1557
diff changeset
622 - Otherwise no ecdsa keys will be advertised */
847
f4bb964c8678 Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents: 846
diff changeset
623
1603
0dc3103a5900 Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents: 1557
diff changeset
624 /* check if any keys were loaded at startup */
0dc3103a5900 Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents: 1557
diff changeset
625 loaded_any_ecdsa =
0dc3103a5900 Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents: 1557
diff changeset
626 0
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1290
diff changeset
627 #if DROPBEAR_ECC_256
1603
0dc3103a5900 Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents: 1557
diff changeset
628 || svr_opts.hostkey->ecckey256
0dc3103a5900 Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents: 1557
diff changeset
629 #endif
0dc3103a5900 Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents: 1557
diff changeset
630 #if DROPBEAR_ECC_384
0dc3103a5900 Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents: 1557
diff changeset
631 || svr_opts.hostkey->ecckey384
0dc3103a5900 Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents: 1557
diff changeset
632 #endif
0dc3103a5900 Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents: 1557
diff changeset
633 #if DROPBEAR_ECC_521
0dc3103a5900 Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents: 1557
diff changeset
634 || svr_opts.hostkey->ecckey521
0dc3103a5900 Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents: 1557
diff changeset
635 #endif
0dc3103a5900 Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents: 1557
diff changeset
636 ;
0dc3103a5900 Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents: 1557
diff changeset
637 any_keys |= loaded_any_ecdsa;
0dc3103a5900 Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents: 1557
diff changeset
638
0dc3103a5900 Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents: 1557
diff changeset
639 /* Or an ecdsa key could be generated at runtime */
0dc3103a5900 Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents: 1557
diff changeset
640 any_keys |= svr_opts.delay_hostkey;
0dc3103a5900 Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents: 1557
diff changeset
641
0dc3103a5900 Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents: 1557
diff changeset
642 /* At most one ecdsa key size will be left enabled */
0dc3103a5900 Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents: 1557
diff changeset
643 #if DROPBEAR_ECC_256
0dc3103a5900 Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents: 1557
diff changeset
644 if (!svr_opts.hostkey->ecckey256
0dc3103a5900 Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents: 1557
diff changeset
645 && (!svr_opts.delay_hostkey || loaded_any_ecdsa || ECDSA_DEFAULT_SIZE != 256 )) {
795
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
646 disablekey(DROPBEAR_SIGNKEY_ECDSA_NISTP256);
873
17b15683648d Exit if we don't have keys and -R wasn't specified
Matt Johnston <matt@ucc.asn.au>
parents: 857
diff changeset
647 }
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
648 #endif
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1290
diff changeset
649 #if DROPBEAR_ECC_384
1603
0dc3103a5900 Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents: 1557
diff changeset
650 if (!svr_opts.hostkey->ecckey384
0dc3103a5900 Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents: 1557
diff changeset
651 && (!svr_opts.delay_hostkey || loaded_any_ecdsa || ECDSA_DEFAULT_SIZE != 384 )) {
795
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 716
diff changeset
652 disablekey(DROPBEAR_SIGNKEY_ECDSA_NISTP384);
873
17b15683648d Exit if we don't have keys and -R wasn't specified
Matt Johnston <matt@ucc.asn.au>
parents: 857
diff changeset
653 }
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
654 #endif
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1290
diff changeset
655 #if DROPBEAR_ECC_521
1603
0dc3103a5900 Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents: 1557
diff changeset
656 if (!svr_opts.hostkey->ecckey521
0dc3103a5900 Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents: 1557
diff changeset
657 && (!svr_opts.delay_hostkey || loaded_any_ecdsa || ECDSA_DEFAULT_SIZE != 521 )) {
847
f4bb964c8678 Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents: 846
diff changeset
658 disablekey(DROPBEAR_SIGNKEY_ECDSA_NISTP521);
873
17b15683648d Exit if we don't have keys and -R wasn't specified
Matt Johnston <matt@ucc.asn.au>
parents: 857
diff changeset
659 }
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
660 #endif
847
f4bb964c8678 Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents: 846
diff changeset
661 #endif /* DROPBEAR_ECDSA */
f4bb964c8678 Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents: 846
diff changeset
662
1659
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1654
diff changeset
663 #if DROPBEAR_ED25519
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1654
diff changeset
664 if (!svr_opts.delay_hostkey && !svr_opts.hostkey->ed25519key) {
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1654
diff changeset
665 disablekey(DROPBEAR_SIGNKEY_ED25519);
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1654
diff changeset
666 } else {
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1654
diff changeset
667 any_keys = 1;
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1654
diff changeset
668 }
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1654
diff changeset
669 #endif
1902
4a6725ac957c Revert "Don't include sk keys at all in KEX list"
Matt Johnston <matt@ucc.asn.au>
parents: 1861
diff changeset
670 #if DROPBEAR_SK_ECDSA
4a6725ac957c Revert "Don't include sk keys at all in KEX list"
Matt Johnston <matt@ucc.asn.au>
parents: 1861
diff changeset
671 disablekey(DROPBEAR_SIGNKEY_SK_ECDSA_NISTP256);
4a6725ac957c Revert "Don't include sk keys at all in KEX list"
Matt Johnston <matt@ucc.asn.au>
parents: 1861
diff changeset
672 #endif
4a6725ac957c Revert "Don't include sk keys at all in KEX list"
Matt Johnston <matt@ucc.asn.au>
parents: 1861
diff changeset
673 #if DROPBEAR_SK_ED25519
4a6725ac957c Revert "Don't include sk keys at all in KEX list"
Matt Johnston <matt@ucc.asn.au>
parents: 1861
diff changeset
674 disablekey(DROPBEAR_SIGNKEY_SK_ED25519);
4a6725ac957c Revert "Don't include sk keys at all in KEX list"
Matt Johnston <matt@ucc.asn.au>
parents: 1861
diff changeset
675 #endif
1659
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1654
diff changeset
676
876
5bfce5dcd461 Fix disabling DSS key
Matt Johnston <matt@ucc.asn.au>
parents: 873
diff changeset
677 if (!any_keys) {
1177
53751952ed95 mention dropbearkey too
Matt Johnston <matt@ucc.asn.au>
parents: 1176
diff changeset
678 dropbear_exit("No hostkeys available. 'dropbear -R' may be useful or run dropbearkey.");
873
17b15683648d Exit if we don't have keys and -R wasn't specified
Matt Johnston <matt@ucc.asn.au>
parents: 857
diff changeset
679 }
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
680 }