comparison svr-runopts.c @ 849:754d7bee1068 ecc

Merge
author Matt Johnston <matt@ucc.asn.au>
date Fri, 08 Nov 2013 23:32:13 +0800
parents f4bb964c8678
children 7540c0822374
comparison
equal deleted inserted replaced
848:6c69e7df3621 849:754d7bee1068
42 fprintf(stderr, "Dropbear server v%s https://matt.ucc.asn.au/dropbear/dropbear.html\n" 42 fprintf(stderr, "Dropbear server v%s https://matt.ucc.asn.au/dropbear/dropbear.html\n"
43 "Usage: %s [options]\n" 43 "Usage: %s [options]\n"
44 "-b bannerfile Display the contents of bannerfile" 44 "-b bannerfile Display the contents of bannerfile"
45 " before user login\n" 45 " before user login\n"
46 " (default: none)\n" 46 " (default: none)\n"
47 "-r keyfile Specify hostkeys (repeatable)\n"
48 " defaults: \n"
47 #ifdef DROPBEAR_DSS 49 #ifdef DROPBEAR_DSS
48 "-d dsskeyfile Use dsskeyfile for the DSS host key\n" 50 " dss %s\n"
49 " (default: %s)\n"
50 #endif 51 #endif
51 #ifdef DROPBEAR_RSA 52 #ifdef DROPBEAR_RSA
52 "-r rsakeyfile Use rsakeyfile for the RSA host key\n" 53 " rsa %s\n"
53 " (default: %s)\n" 54 #endif
55 #ifdef DROPBEAR_ECDSA
56 " ecdsa %s\n"
57 #endif
58 #ifdef DROPBEAR_DELAY_HOSTKEY
59 "-R Create hostkeys as required\n"
54 #endif 60 #endif
55 "-F Don't fork into background\n" 61 "-F Don't fork into background\n"
56 #ifdef DISABLE_SYSLOG 62 #ifdef DISABLE_SYSLOG
57 "(Syslog support not compiled in, using stderr)\n" 63 "(Syslog support not compiled in, using stderr)\n"
58 #else 64 #else
93 #ifdef DROPBEAR_DSS 99 #ifdef DROPBEAR_DSS
94 DSS_PRIV_FILENAME, 100 DSS_PRIV_FILENAME,
95 #endif 101 #endif
96 #ifdef DROPBEAR_RSA 102 #ifdef DROPBEAR_RSA
97 RSA_PRIV_FILENAME, 103 RSA_PRIV_FILENAME,
104 #endif
105 #ifdef DROPBEAR_ECDSA
106 ECDSA_PRIV_FILENAME,
98 #endif 107 #endif
99 DROPBEAR_MAX_PORTS, DROPBEAR_DEFPORT, DROPBEAR_PIDFILE, 108 DROPBEAR_MAX_PORTS, DROPBEAR_DEFPORT, DROPBEAR_PIDFILE,
100 DEFAULT_RECV_WINDOW, DEFAULT_KEEPALIVE, DEFAULT_IDLE_TIMEOUT); 109 DEFAULT_RECV_WINDOW, DEFAULT_KEEPALIVE, DEFAULT_IDLE_TIMEOUT);
101 } 110 }
102 111
120 svr_opts.norootpass = 0; 129 svr_opts.norootpass = 0;
121 svr_opts.allowblankpass = 0; 130 svr_opts.allowblankpass = 0;
122 svr_opts.inetdmode = 0; 131 svr_opts.inetdmode = 0;
123 svr_opts.portcount = 0; 132 svr_opts.portcount = 0;
124 svr_opts.hostkey = NULL; 133 svr_opts.hostkey = NULL;
134 svr_opts.delay_hostkey = 0;
125 svr_opts.pidfile = DROPBEAR_PIDFILE; 135 svr_opts.pidfile = DROPBEAR_PIDFILE;
126 #ifdef ENABLE_SVR_LOCALTCPFWD 136 #ifdef ENABLE_SVR_LOCALTCPFWD
127 svr_opts.nolocaltcp = 0; 137 svr_opts.nolocaltcp = 0;
128 #endif 138 #endif
129 #ifdef ENABLE_SVR_REMOTETCPFWD 139 #ifdef ENABLE_SVR_REMOTETCPFWD
177 next = &svr_opts.bannerfile; 187 next = &svr_opts.bannerfile;
178 break; 188 break;
179 case 'd': 189 case 'd':
180 case 'r': 190 case 'r':
181 next = &keyfile; 191 next = &keyfile;
192 break;
193 case 'R':
194 svr_opts.delay_hostkey = 1;
182 break; 195 break;
183 case 'F': 196 case 'F':
184 svr_opts.forkbg = 0; 197 svr_opts.forkbg = 0;
185 break; 198 break;
186 #ifndef DISABLE_SYSLOG 199 #ifndef DISABLE_SYSLOG
388 } 401 }
389 402
390 /* Must be called after syslog/etc is working */ 403 /* Must be called after syslog/etc is working */
391 static void loadhostkey(const char *keyfile, int fatal_duplicate) { 404 static void loadhostkey(const char *keyfile, int fatal_duplicate) {
392 sign_key * read_key = new_sign_key(); 405 sign_key * read_key = new_sign_key();
393 int type = DROPBEAR_SIGNKEY_ANY; 406 enum signkey_type type = DROPBEAR_SIGNKEY_ANY;
394 if (readhostkey(keyfile, read_key, &type) == DROPBEAR_FAILURE) { 407 if (readhostkey(keyfile, read_key, &type) == DROPBEAR_FAILURE) {
395 dropbear_log(LOG_WARNING, "Failed loading %s", keyfile); 408 dropbear_log(LOG_WARNING, "Failed loading %s", keyfile);
396 } 409 }
397 410
398 #ifdef DROPBEAR_RSA 411 #ifdef DROPBEAR_RSA
436 svr_opts.num_hostkey_files++; 449 svr_opts.num_hostkey_files++;
437 } 450 }
438 451
439 void load_all_hostkeys() { 452 void load_all_hostkeys() {
440 int i; 453 int i;
454 int disable_unset_keys = 1;
441 455
442 svr_opts.hostkey = new_sign_key(); 456 svr_opts.hostkey = new_sign_key();
443 457
444 for (i = 0; i < svr_opts.num_hostkey_files; i++) { 458 for (i = 0; i < svr_opts.num_hostkey_files; i++) {
445 char *hostkey_file = svr_opts.hostkey_files[i]; 459 char *hostkey_file = svr_opts.hostkey_files[i];
457 471
458 #ifdef DROPBEAR_ECDSA 472 #ifdef DROPBEAR_ECDSA
459 loadhostkey(ECDSA_PRIV_FILENAME, 0); 473 loadhostkey(ECDSA_PRIV_FILENAME, 0);
460 #endif 474 #endif
461 475
476 #ifdef DROPBEAR_DELAY_HOSTKEY
477 if (svr_opts.delay_hostkey)
478 {
479 disable_unset_keys = 0;
480 }
481 #endif
482
462 #ifdef DROPBEAR_RSA 483 #ifdef DROPBEAR_RSA
463 if (!svr_opts.hostkey->rsakey) { 484 if (disable_unset_keys && !svr_opts.hostkey->rsakey) {
464 disablekey(DROPBEAR_SIGNKEY_RSA); 485 disablekey(DROPBEAR_SIGNKEY_RSA);
465 } 486 }
466 #endif 487 #endif
488
467 #ifdef DROPBEAR_DSS 489 #ifdef DROPBEAR_DSS
468 if (!svr_opts.hostkey->dsskey) { 490 if (disable_unset_keys && !svr_opts.hostkey->dsskey) {
469 disablekey(DROPBEAR_SIGNKEY_RSA); 491 disablekey(DROPBEAR_SIGNKEY_RSA);
470 } 492 }
471 #endif 493 #endif
494
495
472 #ifdef DROPBEAR_ECDSA 496 #ifdef DROPBEAR_ECDSA
473 #ifdef DROPBEAR_ECC_256 497 #ifdef DROPBEAR_ECC_256
474 if (!svr_opts.hostkey->ecckey256) { 498 if ((disable_unset_keys || ECDSA_DEFAULT_SIZE != 256)
499 && !svr_opts.hostkey->ecckey256) {
475 disablekey(DROPBEAR_SIGNKEY_ECDSA_NISTP256); 500 disablekey(DROPBEAR_SIGNKEY_ECDSA_NISTP256);
476 } 501 }
477 #endif 502 #endif
503
478 #ifdef DROPBEAR_ECC_384 504 #ifdef DROPBEAR_ECC_384
479 if (!svr_opts.hostkey->ecckey384) { 505 if ((disable_unset_keys || ECDSA_DEFAULT_SIZE != 384)
506 && !svr_opts.hostkey->ecckey384) {
480 disablekey(DROPBEAR_SIGNKEY_ECDSA_NISTP384); 507 disablekey(DROPBEAR_SIGNKEY_ECDSA_NISTP384);
481 } 508 }
482 #endif 509 #endif
510
483 #ifdef DROPBEAR_ECC_521 511 #ifdef DROPBEAR_ECC_521
484 if (!svr_opts.hostkey->ecckey521) { 512 if ((disable_unset_keys || ECDSA_DEFAULT_SIZE != 521)
513 && !svr_opts.hostkey->ecckey521) {
485 disablekey(DROPBEAR_SIGNKEY_ECDSA_NISTP521); 514 disablekey(DROPBEAR_SIGNKEY_ECDSA_NISTP521);
486 } 515 }
487 #endif 516 #endif
488 #endif 517 #endif /* DROPBEAR_ECDSA */
489 } 518
519 }