Mercurial > dropbear
comparison svr-runopts.c @ 844:68facbc41273
merge again
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Fri, 01 Nov 2013 00:19:25 +0800 |
parents | 75509065db53 |
children | b298bb438625 |
comparison
equal
deleted
inserted
replaced
834:e378da7eae5d | 844:68facbc41273 |
---|---|
26 #include "runopts.h" | 26 #include "runopts.h" |
27 #include "signkey.h" | 27 #include "signkey.h" |
28 #include "buffer.h" | 28 #include "buffer.h" |
29 #include "dbutil.h" | 29 #include "dbutil.h" |
30 #include "algo.h" | 30 #include "algo.h" |
31 #include "ecdsa.h" | |
31 | 32 |
32 svr_runopts svr_opts; /* GLOBAL */ | 33 svr_runopts svr_opts; /* GLOBAL */ |
33 | 34 |
34 static void printhelp(const char * progname); | 35 static void printhelp(const char * progname); |
35 static void addportandaddress(char* spec); | 36 static void addportandaddress(char* spec); |
37 static void loadhostkey(const char *keyfile, int fatal_duplicate); | |
38 static void addhostkey(const char *keyfile); | |
36 | 39 |
37 static void printhelp(const char * progname) { | 40 static void printhelp(const char * progname) { |
38 | 41 |
39 fprintf(stderr, "Dropbear server v%s https://matt.ucc.asn.au/dropbear/dropbear.html\n" | 42 fprintf(stderr, "Dropbear server v%s https://matt.ucc.asn.au/dropbear/dropbear.html\n" |
40 "Usage: %s [options]\n" | 43 "Usage: %s [options]\n" |
103 char ** next = 0; | 106 char ** next = 0; |
104 int nextisport = 0; | 107 int nextisport = 0; |
105 char* recv_window_arg = NULL; | 108 char* recv_window_arg = NULL; |
106 char* keepalive_arg = NULL; | 109 char* keepalive_arg = NULL; |
107 char* idle_timeout_arg = NULL; | 110 char* idle_timeout_arg = NULL; |
111 char* keyfile = NULL; | |
112 | |
108 | 113 |
109 /* see printhelp() for options */ | 114 /* see printhelp() for options */ |
110 svr_opts.rsakeyfile = NULL; | |
111 svr_opts.dsskeyfile = NULL; | |
112 svr_opts.bannerfile = NULL; | 115 svr_opts.bannerfile = NULL; |
113 svr_opts.banner = NULL; | 116 svr_opts.banner = NULL; |
114 svr_opts.forkbg = 1; | 117 svr_opts.forkbg = 1; |
115 svr_opts.norootlogin = 0; | 118 svr_opts.norootlogin = 0; |
116 svr_opts.noauthpass = 0; | 119 svr_opts.noauthpass = 0; |
158 *next = argv[i]; | 161 *next = argv[i]; |
159 if (*next == NULL) { | 162 if (*next == NULL) { |
160 dropbear_exit("Invalid null argument"); | 163 dropbear_exit("Invalid null argument"); |
161 } | 164 } |
162 next = 0x00; | 165 next = 0x00; |
166 | |
167 if (keyfile) { | |
168 addhostkey(keyfile); | |
169 keyfile = NULL; | |
170 } | |
163 continue; | 171 continue; |
164 } | 172 } |
165 | 173 |
166 if (argv[i][0] == '-') { | 174 if (argv[i][0] == '-') { |
167 switch (argv[i][1]) { | 175 switch (argv[i][1]) { |
168 case 'b': | 176 case 'b': |
169 next = &svr_opts.bannerfile; | 177 next = &svr_opts.bannerfile; |
170 break; | 178 break; |
171 #ifdef DROPBEAR_DSS | |
172 case 'd': | 179 case 'd': |
173 next = &svr_opts.dsskeyfile; | |
174 break; | |
175 #endif | |
176 #ifdef DROPBEAR_RSA | |
177 case 'r': | 180 case 'r': |
178 next = &svr_opts.rsakeyfile; | 181 next = &keyfile; |
179 break; | 182 break; |
180 #endif | |
181 case 'F': | 183 case 'F': |
182 svr_opts.forkbg = 0; | 184 svr_opts.forkbg = 0; |
183 break; | 185 break; |
184 #ifndef DISABLE_SYSLOG | 186 #ifndef DISABLE_SYSLOG |
185 case 'E': | 187 case 'E': |
265 svr_opts.ports[0] = m_strdup(DROPBEAR_DEFPORT); | 267 svr_opts.ports[0] = m_strdup(DROPBEAR_DEFPORT); |
266 svr_opts.addresses[0] = m_strdup(DROPBEAR_DEFADDRESS); | 268 svr_opts.addresses[0] = m_strdup(DROPBEAR_DEFADDRESS); |
267 svr_opts.portcount = 1; | 269 svr_opts.portcount = 1; |
268 } | 270 } |
269 | 271 |
270 if (svr_opts.dsskeyfile == NULL) { | |
271 svr_opts.dsskeyfile = DSS_PRIV_FILENAME; | |
272 } | |
273 if (svr_opts.rsakeyfile == NULL) { | |
274 svr_opts.rsakeyfile = RSA_PRIV_FILENAME; | |
275 } | |
276 | |
277 if (svr_opts.bannerfile) { | 272 if (svr_opts.bannerfile) { |
278 struct stat buf; | 273 struct stat buf; |
279 if (stat(svr_opts.bannerfile, &buf) != 0) { | 274 if (stat(svr_opts.bannerfile, &buf) != 0) { |
280 dropbear_exit("Error opening banner file '%s'", | 275 dropbear_exit("Error opening banner file '%s'", |
281 svr_opts.bannerfile); | 276 svr_opts.bannerfile); |
290 if (buf_readfile(svr_opts.banner, svr_opts.bannerfile)!=DROPBEAR_SUCCESS) { | 285 if (buf_readfile(svr_opts.banner, svr_opts.bannerfile)!=DROPBEAR_SUCCESS) { |
291 dropbear_exit("Error reading banner file '%s'", | 286 dropbear_exit("Error reading banner file '%s'", |
292 svr_opts.bannerfile); | 287 svr_opts.bannerfile); |
293 } | 288 } |
294 buf_setpos(svr_opts.banner, 0); | 289 buf_setpos(svr_opts.banner, 0); |
295 | |
296 } | 290 } |
297 | 291 |
298 if (recv_window_arg) { | 292 if (recv_window_arg) { |
299 opts.recv_window = atol(recv_window_arg); | 293 opts.recv_window = atol(recv_window_arg); |
300 if (opts.recv_window == 0 || opts.recv_window > MAX_RECV_WINDOW) { | 294 if (opts.recv_window == 0 || opts.recv_window > MAX_RECV_WINDOW) { |
368 | 362 |
369 svr_opts.portcount++; | 363 svr_opts.portcount++; |
370 } | 364 } |
371 } | 365 } |
372 | 366 |
373 static void disablekey(int type, const char* filename) { | 367 static void disablekey(int type) { |
374 | |
375 int i; | 368 int i; |
376 | 369 TRACE(("Disabling key type %d", type)) |
377 for (i = 0; sshhostkey[i].name != NULL; i++) { | 370 for (i = 0; sshhostkey[i].name != NULL; i++) { |
378 if (sshhostkey[i].val == type) { | 371 if (sshhostkey[i].val == type) { |
379 sshhostkey[i].usable = 0; | 372 sshhostkey[i].usable = 0; |
380 break; | 373 break; |
381 } | 374 } |
382 } | 375 } |
383 dropbear_log(LOG_WARNING, "Failed reading '%s', disabling %s", filename, | 376 } |
384 type == DROPBEAR_SIGNKEY_DSS ? "DSS" : "RSA"); | 377 |
378 static void loadhostkey_helper(const char *name, void** src, void** dst, int fatal_duplicate) { | |
379 if (*dst) { | |
380 if (fatal_duplicate) { | |
381 dropbear_exit("Only one %s key can be specified", name); | |
382 } | |
383 } else { | |
384 *dst = *src; | |
385 *src = NULL; | |
386 } | |
387 | |
385 } | 388 } |
386 | 389 |
387 /* Must be called after syslog/etc is working */ | 390 /* Must be called after syslog/etc is working */ |
388 void loadhostkeys() { | 391 static void loadhostkey(const char *keyfile, int fatal_duplicate) { |
389 | 392 sign_key * read_key = new_sign_key(); |
390 int ret; | 393 int type = DROPBEAR_SIGNKEY_ANY; |
391 int type; | 394 if (readhostkey(keyfile, read_key, &type) == DROPBEAR_FAILURE) { |
392 | 395 dropbear_log(LOG_WARNING, "Failed loading %s", keyfile); |
393 TRACE(("enter loadhostkeys")) | 396 } |
397 | |
398 #ifdef DROPBEAR_RSA | |
399 if (type == DROPBEAR_SIGNKEY_RSA) { | |
400 loadhostkey_helper("RSA", &read_key->rsakey, &svr_opts.hostkey->rsakey, fatal_duplicate); | |
401 } | |
402 #endif | |
403 | |
404 #ifdef DROPBEAR_DSS | |
405 if (type == DROPBEAR_SIGNKEY_DSS) { | |
406 loadhostkey_helper("DSS", &read_key->dsskey, &svr_opts.hostkey->dsskey, fatal_duplicate); | |
407 } | |
408 #endif | |
409 | |
410 #ifdef DROPBEAR_ECDSA | |
411 #ifdef DROPBEAR_ECC_256 | |
412 if (type == DROPBEAR_SIGNKEY_ECDSA_NISTP256) { | |
413 loadhostkey_helper("ECDSA256", &read_key->ecckey256, &svr_opts.hostkey->ecckey256, fatal_duplicate); | |
414 } | |
415 #endif | |
416 #ifdef DROPBEAR_ECC_384 | |
417 if (type == DROPBEAR_SIGNKEY_ECDSA_NISTP384) { | |
418 loadhostkey_helper("ECDSA384", &read_key->ecckey384, &svr_opts.hostkey->ecckey384, fatal_duplicate); | |
419 } | |
420 #endif | |
421 #ifdef DROPBEAR_ECC_521 | |
422 if (type == DROPBEAR_SIGNKEY_ECDSA_NISTP521) { | |
423 loadhostkey_helper("ECDSA521", &read_key->ecckey521, &svr_opts.hostkey->ecckey521, fatal_duplicate); | |
424 } | |
425 #endif | |
426 #endif // DROPBEAR_ECDSA | |
427 sign_key_free(read_key); | |
428 TRACE(("leave loadhostkey")) | |
429 } | |
430 | |
431 static void addhostkey(const char *keyfile) { | |
432 if (svr_opts.num_hostkey_files >= MAX_HOSTKEYS) { | |
433 dropbear_exit("Too many hostkeys"); | |
434 } | |
435 svr_opts.hostkey_files[svr_opts.num_hostkey_files] = m_strdup(keyfile); | |
436 svr_opts.num_hostkey_files++; | |
437 } | |
438 | |
439 void load_all_hostkeys() { | |
440 int i; | |
394 | 441 |
395 svr_opts.hostkey = new_sign_key(); | 442 svr_opts.hostkey = new_sign_key(); |
396 | 443 |
444 for (i = 0; i < svr_opts.num_hostkey_files; i++) { | |
445 char *hostkey_file = svr_opts.hostkey_files[i]; | |
446 loadhostkey(hostkey_file, 1); | |
447 m_free(hostkey_file); | |
448 } | |
449 | |
397 #ifdef DROPBEAR_RSA | 450 #ifdef DROPBEAR_RSA |
398 type = DROPBEAR_SIGNKEY_RSA; | 451 loadhostkey(RSA_PRIV_FILENAME, 0); |
399 ret = readhostkey(svr_opts.rsakeyfile, svr_opts.hostkey, &type); | 452 #endif |
400 if (ret == DROPBEAR_FAILURE) { | 453 |
401 disablekey(DROPBEAR_SIGNKEY_RSA, svr_opts.rsakeyfile); | |
402 } | |
403 #endif | |
404 #ifdef DROPBEAR_DSS | 454 #ifdef DROPBEAR_DSS |
405 type = DROPBEAR_SIGNKEY_DSS; | 455 loadhostkey(DSS_PRIV_FILENAME, 0); |
406 ret = readhostkey(svr_opts.dsskeyfile, svr_opts.hostkey, &type); | 456 #endif |
407 if (ret == DROPBEAR_FAILURE) { | 457 |
408 disablekey(DROPBEAR_SIGNKEY_DSS, svr_opts.dsskeyfile); | 458 #ifdef DROPBEAR_ECDSA |
409 } | 459 loadhostkey(ECDSA_PRIV_FILENAME, 0); |
410 #endif | 460 #endif |
411 | 461 |
412 if ( 1 | 462 #ifdef DROPBEAR_RSA |
463 if (!svr_opts.hostkey->rsakey) { | |
464 disablekey(DROPBEAR_SIGNKEY_RSA); | |
465 } | |
466 #endif | |
413 #ifdef DROPBEAR_DSS | 467 #ifdef DROPBEAR_DSS |
414 && svr_opts.hostkey->dsskey == NULL | 468 if (!svr_opts.hostkey->dsskey) { |
415 #endif | 469 disablekey(DROPBEAR_SIGNKEY_RSA); |
416 #ifdef DROPBEAR_RSA | 470 } |
417 && svr_opts.hostkey->rsakey == NULL | 471 #endif |
418 #endif | 472 #ifdef DROPBEAR_ECDSA |
419 ) { | 473 #ifdef DROPBEAR_ECC_256 |
420 dropbear_exit("No hostkeys available"); | 474 if (!svr_opts.hostkey->ecckey256) { |
421 } | 475 disablekey(DROPBEAR_SIGNKEY_ECDSA_NISTP256); |
422 | 476 } |
423 TRACE(("leave loadhostkeys")) | 477 #endif |
424 } | 478 #ifdef DROPBEAR_ECC_384 |
479 if (!svr_opts.hostkey->ecckey384) { | |
480 disablekey(DROPBEAR_SIGNKEY_ECDSA_NISTP384); | |
481 } | |
482 #endif | |
483 #ifdef DROPBEAR_ECC_521 | |
484 if (!svr_opts.hostkey->ecckey521) { | |
485 disablekey(DROPBEAR_SIGNKEY_ECDSA_NISTP521); | |
486 } | |
487 #endif | |
488 #endif | |
489 } |