Mercurial > dropbear
comparison svr-runopts.c @ 849:754d7bee1068 ecc
Merge
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Fri, 08 Nov 2013 23:32:13 +0800 |
parents | f4bb964c8678 |
children | 7540c0822374 |
comparison
equal
deleted
inserted
replaced
848:6c69e7df3621 | 849:754d7bee1068 |
---|---|
42 fprintf(stderr, "Dropbear server v%s https://matt.ucc.asn.au/dropbear/dropbear.html\n" | 42 fprintf(stderr, "Dropbear server v%s https://matt.ucc.asn.au/dropbear/dropbear.html\n" |
43 "Usage: %s [options]\n" | 43 "Usage: %s [options]\n" |
44 "-b bannerfile Display the contents of bannerfile" | 44 "-b bannerfile Display the contents of bannerfile" |
45 " before user login\n" | 45 " before user login\n" |
46 " (default: none)\n" | 46 " (default: none)\n" |
47 "-r keyfile Specify hostkeys (repeatable)\n" | |
48 " defaults: \n" | |
47 #ifdef DROPBEAR_DSS | 49 #ifdef DROPBEAR_DSS |
48 "-d dsskeyfile Use dsskeyfile for the DSS host key\n" | 50 " dss %s\n" |
49 " (default: %s)\n" | |
50 #endif | 51 #endif |
51 #ifdef DROPBEAR_RSA | 52 #ifdef DROPBEAR_RSA |
52 "-r rsakeyfile Use rsakeyfile for the RSA host key\n" | 53 " rsa %s\n" |
53 " (default: %s)\n" | 54 #endif |
55 #ifdef DROPBEAR_ECDSA | |
56 " ecdsa %s\n" | |
57 #endif | |
58 #ifdef DROPBEAR_DELAY_HOSTKEY | |
59 "-R Create hostkeys as required\n" | |
54 #endif | 60 #endif |
55 "-F Don't fork into background\n" | 61 "-F Don't fork into background\n" |
56 #ifdef DISABLE_SYSLOG | 62 #ifdef DISABLE_SYSLOG |
57 "(Syslog support not compiled in, using stderr)\n" | 63 "(Syslog support not compiled in, using stderr)\n" |
58 #else | 64 #else |
93 #ifdef DROPBEAR_DSS | 99 #ifdef DROPBEAR_DSS |
94 DSS_PRIV_FILENAME, | 100 DSS_PRIV_FILENAME, |
95 #endif | 101 #endif |
96 #ifdef DROPBEAR_RSA | 102 #ifdef DROPBEAR_RSA |
97 RSA_PRIV_FILENAME, | 103 RSA_PRIV_FILENAME, |
104 #endif | |
105 #ifdef DROPBEAR_ECDSA | |
106 ECDSA_PRIV_FILENAME, | |
98 #endif | 107 #endif |
99 DROPBEAR_MAX_PORTS, DROPBEAR_DEFPORT, DROPBEAR_PIDFILE, | 108 DROPBEAR_MAX_PORTS, DROPBEAR_DEFPORT, DROPBEAR_PIDFILE, |
100 DEFAULT_RECV_WINDOW, DEFAULT_KEEPALIVE, DEFAULT_IDLE_TIMEOUT); | 109 DEFAULT_RECV_WINDOW, DEFAULT_KEEPALIVE, DEFAULT_IDLE_TIMEOUT); |
101 } | 110 } |
102 | 111 |
120 svr_opts.norootpass = 0; | 129 svr_opts.norootpass = 0; |
121 svr_opts.allowblankpass = 0; | 130 svr_opts.allowblankpass = 0; |
122 svr_opts.inetdmode = 0; | 131 svr_opts.inetdmode = 0; |
123 svr_opts.portcount = 0; | 132 svr_opts.portcount = 0; |
124 svr_opts.hostkey = NULL; | 133 svr_opts.hostkey = NULL; |
134 svr_opts.delay_hostkey = 0; | |
125 svr_opts.pidfile = DROPBEAR_PIDFILE; | 135 svr_opts.pidfile = DROPBEAR_PIDFILE; |
126 #ifdef ENABLE_SVR_LOCALTCPFWD | 136 #ifdef ENABLE_SVR_LOCALTCPFWD |
127 svr_opts.nolocaltcp = 0; | 137 svr_opts.nolocaltcp = 0; |
128 #endif | 138 #endif |
129 #ifdef ENABLE_SVR_REMOTETCPFWD | 139 #ifdef ENABLE_SVR_REMOTETCPFWD |
177 next = &svr_opts.bannerfile; | 187 next = &svr_opts.bannerfile; |
178 break; | 188 break; |
179 case 'd': | 189 case 'd': |
180 case 'r': | 190 case 'r': |
181 next = &keyfile; | 191 next = &keyfile; |
192 break; | |
193 case 'R': | |
194 svr_opts.delay_hostkey = 1; | |
182 break; | 195 break; |
183 case 'F': | 196 case 'F': |
184 svr_opts.forkbg = 0; | 197 svr_opts.forkbg = 0; |
185 break; | 198 break; |
186 #ifndef DISABLE_SYSLOG | 199 #ifndef DISABLE_SYSLOG |
388 } | 401 } |
389 | 402 |
390 /* Must be called after syslog/etc is working */ | 403 /* Must be called after syslog/etc is working */ |
391 static void loadhostkey(const char *keyfile, int fatal_duplicate) { | 404 static void loadhostkey(const char *keyfile, int fatal_duplicate) { |
392 sign_key * read_key = new_sign_key(); | 405 sign_key * read_key = new_sign_key(); |
393 int type = DROPBEAR_SIGNKEY_ANY; | 406 enum signkey_type type = DROPBEAR_SIGNKEY_ANY; |
394 if (readhostkey(keyfile, read_key, &type) == DROPBEAR_FAILURE) { | 407 if (readhostkey(keyfile, read_key, &type) == DROPBEAR_FAILURE) { |
395 dropbear_log(LOG_WARNING, "Failed loading %s", keyfile); | 408 dropbear_log(LOG_WARNING, "Failed loading %s", keyfile); |
396 } | 409 } |
397 | 410 |
398 #ifdef DROPBEAR_RSA | 411 #ifdef DROPBEAR_RSA |
436 svr_opts.num_hostkey_files++; | 449 svr_opts.num_hostkey_files++; |
437 } | 450 } |
438 | 451 |
439 void load_all_hostkeys() { | 452 void load_all_hostkeys() { |
440 int i; | 453 int i; |
454 int disable_unset_keys = 1; | |
441 | 455 |
442 svr_opts.hostkey = new_sign_key(); | 456 svr_opts.hostkey = new_sign_key(); |
443 | 457 |
444 for (i = 0; i < svr_opts.num_hostkey_files; i++) { | 458 for (i = 0; i < svr_opts.num_hostkey_files; i++) { |
445 char *hostkey_file = svr_opts.hostkey_files[i]; | 459 char *hostkey_file = svr_opts.hostkey_files[i]; |
457 | 471 |
458 #ifdef DROPBEAR_ECDSA | 472 #ifdef DROPBEAR_ECDSA |
459 loadhostkey(ECDSA_PRIV_FILENAME, 0); | 473 loadhostkey(ECDSA_PRIV_FILENAME, 0); |
460 #endif | 474 #endif |
461 | 475 |
476 #ifdef DROPBEAR_DELAY_HOSTKEY | |
477 if (svr_opts.delay_hostkey) | |
478 { | |
479 disable_unset_keys = 0; | |
480 } | |
481 #endif | |
482 | |
462 #ifdef DROPBEAR_RSA | 483 #ifdef DROPBEAR_RSA |
463 if (!svr_opts.hostkey->rsakey) { | 484 if (disable_unset_keys && !svr_opts.hostkey->rsakey) { |
464 disablekey(DROPBEAR_SIGNKEY_RSA); | 485 disablekey(DROPBEAR_SIGNKEY_RSA); |
465 } | 486 } |
466 #endif | 487 #endif |
488 | |
467 #ifdef DROPBEAR_DSS | 489 #ifdef DROPBEAR_DSS |
468 if (!svr_opts.hostkey->dsskey) { | 490 if (disable_unset_keys && !svr_opts.hostkey->dsskey) { |
469 disablekey(DROPBEAR_SIGNKEY_RSA); | 491 disablekey(DROPBEAR_SIGNKEY_RSA); |
470 } | 492 } |
471 #endif | 493 #endif |
494 | |
495 | |
472 #ifdef DROPBEAR_ECDSA | 496 #ifdef DROPBEAR_ECDSA |
473 #ifdef DROPBEAR_ECC_256 | 497 #ifdef DROPBEAR_ECC_256 |
474 if (!svr_opts.hostkey->ecckey256) { | 498 if ((disable_unset_keys || ECDSA_DEFAULT_SIZE != 256) |
499 && !svr_opts.hostkey->ecckey256) { | |
475 disablekey(DROPBEAR_SIGNKEY_ECDSA_NISTP256); | 500 disablekey(DROPBEAR_SIGNKEY_ECDSA_NISTP256); |
476 } | 501 } |
477 #endif | 502 #endif |
503 | |
478 #ifdef DROPBEAR_ECC_384 | 504 #ifdef DROPBEAR_ECC_384 |
479 if (!svr_opts.hostkey->ecckey384) { | 505 if ((disable_unset_keys || ECDSA_DEFAULT_SIZE != 384) |
506 && !svr_opts.hostkey->ecckey384) { | |
480 disablekey(DROPBEAR_SIGNKEY_ECDSA_NISTP384); | 507 disablekey(DROPBEAR_SIGNKEY_ECDSA_NISTP384); |
481 } | 508 } |
482 #endif | 509 #endif |
510 | |
483 #ifdef DROPBEAR_ECC_521 | 511 #ifdef DROPBEAR_ECC_521 |
484 if (!svr_opts.hostkey->ecckey521) { | 512 if ((disable_unset_keys || ECDSA_DEFAULT_SIZE != 521) |
513 && !svr_opts.hostkey->ecckey521) { | |
485 disablekey(DROPBEAR_SIGNKEY_ECDSA_NISTP521); | 514 disablekey(DROPBEAR_SIGNKEY_ECDSA_NISTP521); |
486 } | 515 } |
487 #endif | 516 #endif |
488 #endif | 517 #endif /* DROPBEAR_ECDSA */ |
489 } | 518 |
519 } |