Mercurial > dropbear

comparison svr-runopts.c @ 1653:76189c9ffea2

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
External Public-Key Authentication API (#72) * Implemented dynamic loading of an external plug-in shared library to delegate public key authentication * Moved conditional compilation of the plugin infrastructure into the configure.ac script to be able to add -ldl to dropbear build only when the flag is enabled * Added tags file to the ignore list * Updated API to have the constructor to return function pointers in the pliugin instance. Added support for passing user name to the checkpubkey function. Added options to the session returned by the plugin and have dropbear to parse and process them * Added -rdynamic to the linker flags when EPKA is enabled * Changed the API to pass a previously created session to the checkPubKey function (created during preauth) * Added documentation to the API * Added parameter addrstring to plugin creation function * Modified the API to retrieve the auth options. Instead of having them as field of the EPKASession struct, they are stored internally (plugin-dependent) in the plugin/session and retrieved through a pointer to a function (in the session) * Changed option string to be a simple char * instead of unsigned char *
author fabriziobertocci <fabriziobertocci@gmail.com>
date Wed, 15 May 2019 09:43:57 -0400
parents 0dc3103a5900
children cc0fc5131c5c
comparison
equal deleted inserted replaced
1652:d2753238f35f 1653:76189c9ffea2
44 fprintf(stderr, "Dropbear server v%s https://matt.ucc.asn.au/dropbear/dropbear.html\n" 44 fprintf(stderr, "Dropbear server v%s https://matt.ucc.asn.au/dropbear/dropbear.html\n"
45 "Usage: %s [options]\n" 45 "Usage: %s [options]\n"
46 "-b bannerfile Display the contents of bannerfile" 46 "-b bannerfile Display the contents of bannerfile"
47 " before user login\n" 47 " before user login\n"
48 " (default: none)\n" 48 " (default: none)\n"
49 "-r keyfile Specify hostkeys (repeatable)\n" 49 "-r keyfile Specify hostkeys (repeatable)\n"
50 " defaults: \n" 50 " defaults: \n"
51 #if DROPBEAR_DSS 51 #if DROPBEAR_DSS
52 " dss %s\n" 52 " - dss %s\n"
53 #endif 53 #endif
54 #if DROPBEAR_RSA 54 #if DROPBEAR_RSA
55 " rsa %s\n" 55 " - rsa %s\n"
56 #endif 56 #endif
57 #if DROPBEAR_ECDSA 57 #if DROPBEAR_ECDSA
58 " ecdsa %s\n" 58 " - ecdsa %s\n"
59 #endif 59 #endif
60 #if DROPBEAR_DELAY_HOSTKEY 60 #if DROPBEAR_DELAY_HOSTKEY
61 "-R Create hostkeys as required\n" 61 "-R Create hostkeys as required\n"
62 #endif 62 #endif
63 "-F Don't fork into background\n" 63 "-F Don't fork into background\n"
97 "-i Start for inetd\n" 97 "-i Start for inetd\n"
98 #endif 98 #endif
99 "-W <receive_window_buffer> (default %d, larger may be faster, max 1MB)\n" 99 "-W <receive_window_buffer> (default %d, larger may be faster, max 1MB)\n"
100 "-K <keepalive> (0 is never, default %d, in seconds)\n" 100 "-K <keepalive> (0 is never, default %d, in seconds)\n"
101 "-I <idle_timeout> (0 is never, default %d, in seconds)\n" 101 "-I <idle_timeout> (0 is never, default %d, in seconds)\n"
102 #if DROPBEAR_EPKA
103 "-A <authplugin>[,<options>]\n"
104 " Enable external public key auth through <authplugin>\n"
105 #endif
102 "-V Version\n" 106 "-V Version\n"
103 #if DEBUG_TRACE 107 #if DEBUG_TRACE
104 "-v verbose (compiled with DEBUG_TRACE)\n" 108 "-v verbose (compiled with DEBUG_TRACE)\n"
105 #endif 109 #endif
106 ,DROPBEAR_VERSION, progname, 110 ,DROPBEAR_VERSION, progname,
127 char* keepalive_arg = NULL; 131 char* keepalive_arg = NULL;
128 char* idle_timeout_arg = NULL; 132 char* idle_timeout_arg = NULL;
129 char* maxauthtries_arg = NULL; 133 char* maxauthtries_arg = NULL;
130 char* keyfile = NULL; 134 char* keyfile = NULL;
131 char c; 135 char c;
136 #if DROPBEAR_EPKA
137 char* pubkey_plugin = NULL;
138 #endif
132 139
133 140
134 /* see printhelp() for options */ 141 /* see printhelp() for options */
135 svr_opts.bannerfile = NULL; 142 svr_opts.bannerfile = NULL;
136 svr_opts.banner = NULL; 143 svr_opts.banner = NULL;
154 svr_opts.nolocaltcp = 0; 161 svr_opts.nolocaltcp = 0;
155 #endif 162 #endif
156 #if DROPBEAR_SVR_REMOTETCPFWD 163 #if DROPBEAR_SVR_REMOTETCPFWD
157 svr_opts.noremotetcp = 0; 164 svr_opts.noremotetcp = 0;
158 #endif 165 #endif
166 #if DROPBEAR_EPKA
167 svr_opts.pubkey_plugin = NULL;
168 svr_opts.pubkey_plugin_options = NULL;
169 #endif
159 170
160 #ifndef DISABLE_ZLIB 171 #ifndef DISABLE_ZLIB
161 opts.compress_mode = DROPBEAR_COMPRESS_DELAYED; 172 opts.compress_mode = DROPBEAR_COMPRESS_DELAYED;
162 #endif 173 #endif
163 174
272 exit(EXIT_SUCCESS); 283 exit(EXIT_SUCCESS);
273 break; 284 break;
274 case 'u': 285 case 'u':
275 /* backwards compatibility with old urandom option */ 286 /* backwards compatibility with old urandom option */
276 break; 287 break;
288 #if DROPBEAR_EPKA
289 case 'A':
290 next = &pubkey_plugin;
291 break;
292 #endif
277 #if DEBUG_TRACE 293 #if DEBUG_TRACE
278 case 'v': 294 case 'v':
279 debug_trace = 1; 295 debug_trace = 1;
280 break; 296 break;
281 #endif 297 #endif
392 } 408 }
393 409
394 if (svr_opts.forced_command) { 410 if (svr_opts.forced_command) {
395 dropbear_log(LOG_INFO, "Forced command set to '%s'", svr_opts.forced_command); 411 dropbear_log(LOG_INFO, "Forced command set to '%s'", svr_opts.forced_command);
396 } 412 }
413 #if DROPBEAR_EPKA
414 if (pubkey_plugin) {
415 char *args = strchr(pubkey_plugin, ',');
416 if (args) {
417 *args='\0';
418 ++args;
419 }
420 svr_opts.pubkey_plugin = pubkey_plugin;
421 svr_opts.pubkey_plugin_options = args;
422 }
423 #endif
397 } 424 }
398 425
399 static void addportandaddress(const char* spec) { 426 static void addportandaddress(const char* spec) {
400 char *spec_copy = NULL, *myspec = NULL, *port = NULL, *address = NULL; 427 char *spec_copy = NULL, *myspec = NULL, *port = NULL, *address = NULL;
401 428