Mercurial > dropbear
comparison svr-runopts.c @ 847:f4bb964c8678 keyondemand
Add '-R' for delayed hostkey option
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Thu, 07 Nov 2013 23:49:37 +0800 |
| parents | b298bb438625 |
| children | 7540c0822374 |
comparison
equal
deleted
inserted
replaced
| 846:b298bb438625 | 847:f4bb964c8678 |
|---|---|
| 42 fprintf(stderr, "Dropbear server v%s https://matt.ucc.asn.au/dropbear/dropbear.html\n" | 42 fprintf(stderr, "Dropbear server v%s https://matt.ucc.asn.au/dropbear/dropbear.html\n" |
| 43 "Usage: %s [options]\n" | 43 "Usage: %s [options]\n" |
| 44 "-b bannerfile Display the contents of bannerfile" | 44 "-b bannerfile Display the contents of bannerfile" |
| 45 " before user login\n" | 45 " before user login\n" |
| 46 " (default: none)\n" | 46 " (default: none)\n" |
| 47 "-r keyfile Specify hostkeys (repeatable)\n" | |
| 48 " defaults: \n" | |
| 47 #ifdef DROPBEAR_DSS | 49 #ifdef DROPBEAR_DSS |
| 48 "-d dsskeyfile Use dsskeyfile for the DSS host key\n" | 50 " dss %s\n" |
| 49 " (default: %s)\n" | |
| 50 #endif | 51 #endif |
| 51 #ifdef DROPBEAR_RSA | 52 #ifdef DROPBEAR_RSA |
| 52 "-r rsakeyfile Use rsakeyfile for the RSA host key\n" | 53 " rsa %s\n" |
| 53 " (default: %s)\n" | 54 #endif |
| 55 #ifdef DROPBEAR_ECDSA | |
| 56 " ecdsa %s\n" | |
| 57 #endif | |
| 58 #ifdef DROPBEAR_DELAY_HOSTKEY | |
| 59 "-R Create hostkeys as required\n" | |
| 54 #endif | 60 #endif |
| 55 "-F Don't fork into background\n" | 61 "-F Don't fork into background\n" |
| 56 #ifdef DISABLE_SYSLOG | 62 #ifdef DISABLE_SYSLOG |
| 57 "(Syslog support not compiled in, using stderr)\n" | 63 "(Syslog support not compiled in, using stderr)\n" |
| 58 #else | 64 #else |
| 93 #ifdef DROPBEAR_DSS | 99 #ifdef DROPBEAR_DSS |
| 94 DSS_PRIV_FILENAME, | 100 DSS_PRIV_FILENAME, |
| 95 #endif | 101 #endif |
| 96 #ifdef DROPBEAR_RSA | 102 #ifdef DROPBEAR_RSA |
| 97 RSA_PRIV_FILENAME, | 103 RSA_PRIV_FILENAME, |
| 104 #endif | |
| 105 #ifdef DROPBEAR_ECDSA | |
| 106 ECDSA_PRIV_FILENAME, | |
| 98 #endif | 107 #endif |
| 99 DROPBEAR_MAX_PORTS, DROPBEAR_DEFPORT, DROPBEAR_PIDFILE, | 108 DROPBEAR_MAX_PORTS, DROPBEAR_DEFPORT, DROPBEAR_PIDFILE, |
| 100 DEFAULT_RECV_WINDOW, DEFAULT_KEEPALIVE, DEFAULT_IDLE_TIMEOUT); | 109 DEFAULT_RECV_WINDOW, DEFAULT_KEEPALIVE, DEFAULT_IDLE_TIMEOUT); |
| 101 } | 110 } |
| 102 | 111 |
| 120 svr_opts.norootpass = 0; | 129 svr_opts.norootpass = 0; |
| 121 svr_opts.allowblankpass = 0; | 130 svr_opts.allowblankpass = 0; |
| 122 svr_opts.inetdmode = 0; | 131 svr_opts.inetdmode = 0; |
| 123 svr_opts.portcount = 0; | 132 svr_opts.portcount = 0; |
| 124 svr_opts.hostkey = NULL; | 133 svr_opts.hostkey = NULL; |
| 134 svr_opts.delay_hostkey = 0; | |
| 125 svr_opts.pidfile = DROPBEAR_PIDFILE; | 135 svr_opts.pidfile = DROPBEAR_PIDFILE; |
| 126 #ifdef ENABLE_SVR_LOCALTCPFWD | 136 #ifdef ENABLE_SVR_LOCALTCPFWD |
| 127 svr_opts.nolocaltcp = 0; | 137 svr_opts.nolocaltcp = 0; |
| 128 #endif | 138 #endif |
| 129 #ifdef ENABLE_SVR_REMOTETCPFWD | 139 #ifdef ENABLE_SVR_REMOTETCPFWD |
| 177 next = &svr_opts.bannerfile; | 187 next = &svr_opts.bannerfile; |
| 178 break; | 188 break; |
| 179 case 'd': | 189 case 'd': |
| 180 case 'r': | 190 case 'r': |
| 181 next = &keyfile; | 191 next = &keyfile; |
| 192 break; | |
| 193 case 'R': | |
| 194 svr_opts.delay_hostkey = 1; | |
| 182 break; | 195 break; |
| 183 case 'F': | 196 case 'F': |
| 184 svr_opts.forkbg = 0; | 197 svr_opts.forkbg = 0; |
| 185 break; | 198 break; |
| 186 #ifndef DISABLE_SYSLOG | 199 #ifndef DISABLE_SYSLOG |
| 388 } | 401 } |
| 389 | 402 |
| 390 /* Must be called after syslog/etc is working */ | 403 /* Must be called after syslog/etc is working */ |
| 391 static void loadhostkey(const char *keyfile, int fatal_duplicate) { | 404 static void loadhostkey(const char *keyfile, int fatal_duplicate) { |
| 392 sign_key * read_key = new_sign_key(); | 405 sign_key * read_key = new_sign_key(); |
| 393 int type = DROPBEAR_SIGNKEY_ANY; | 406 enum signkey_type type = DROPBEAR_SIGNKEY_ANY; |
| 394 if (readhostkey(keyfile, read_key, &type) == DROPBEAR_FAILURE) { | 407 if (readhostkey(keyfile, read_key, &type) == DROPBEAR_FAILURE) { |
| 395 dropbear_log(LOG_WARNING, "Failed loading %s", keyfile); | 408 dropbear_log(LOG_WARNING, "Failed loading %s", keyfile); |
| 396 } | 409 } |
| 397 | 410 |
| 398 #ifdef DROPBEAR_RSA | 411 #ifdef DROPBEAR_RSA |
| 436 svr_opts.num_hostkey_files++; | 449 svr_opts.num_hostkey_files++; |
| 437 } | 450 } |
| 438 | 451 |
| 439 void load_all_hostkeys() { | 452 void load_all_hostkeys() { |
| 440 int i; | 453 int i; |
| 454 int disable_unset_keys = 1; | |
| 441 | 455 |
| 442 svr_opts.hostkey = new_sign_key(); | 456 svr_opts.hostkey = new_sign_key(); |
| 443 | 457 |
| 444 for (i = 0; i < svr_opts.num_hostkey_files; i++) { | 458 for (i = 0; i < svr_opts.num_hostkey_files; i++) { |
| 445 char *hostkey_file = svr_opts.hostkey_files[i]; | 459 char *hostkey_file = svr_opts.hostkey_files[i]; |
| 457 | 471 |
| 458 #ifdef DROPBEAR_ECDSA | 472 #ifdef DROPBEAR_ECDSA |
| 459 loadhostkey(ECDSA_PRIV_FILENAME, 0); | 473 loadhostkey(ECDSA_PRIV_FILENAME, 0); |
| 460 #endif | 474 #endif |
| 461 | 475 |
| 476 #ifdef DROPBEAR_DELAY_HOSTKEY | |
| 477 if (svr_opts.delay_hostkey) | |
| 478 { | |
| 479 disable_unset_keys = 0; | |
| 480 } | |
| 481 #endif | |
| 482 | |
| 462 #ifdef DROPBEAR_RSA | 483 #ifdef DROPBEAR_RSA |
| 463 if (!svr_opts.hostkey->rsakey) { | 484 if (disable_unset_keys && !svr_opts.hostkey->rsakey) { |
| 464 disablekey(DROPBEAR_SIGNKEY_RSA); | 485 disablekey(DROPBEAR_SIGNKEY_RSA); |
| 465 } | 486 } |
| 466 #endif | 487 #endif |
| 488 | |
| 467 #ifdef DROPBEAR_DSS | 489 #ifdef DROPBEAR_DSS |
| 468 if (!svr_opts.hostkey->dsskey) { | 490 if (disable_unset_keys && !svr_opts.hostkey->dsskey) { |
| 469 disablekey(DROPBEAR_SIGNKEY_RSA); | 491 disablekey(DROPBEAR_SIGNKEY_RSA); |
| 470 } | 492 } |
| 471 #endif | 493 #endif |
| 494 | |
| 495 | |
| 472 #ifdef DROPBEAR_ECDSA | 496 #ifdef DROPBEAR_ECDSA |
| 473 #ifdef DROPBEAR_ECC_256 | 497 #ifdef DROPBEAR_ECC_256 |
| 474 if (!svr_opts.hostkey->ecckey256) { | 498 if ((disable_unset_keys || ECDSA_DEFAULT_SIZE != 256) |
| 499 && !svr_opts.hostkey->ecckey256) { | |
| 475 disablekey(DROPBEAR_SIGNKEY_ECDSA_NISTP256); | 500 disablekey(DROPBEAR_SIGNKEY_ECDSA_NISTP256); |
| 476 } | 501 } |
| 477 #endif | 502 #endif |
| 503 | |
| 478 #ifdef DROPBEAR_ECC_384 | 504 #ifdef DROPBEAR_ECC_384 |
| 479 if (!svr_opts.hostkey->ecckey384) { | 505 if ((disable_unset_keys || ECDSA_DEFAULT_SIZE != 384) |
| 506 && !svr_opts.hostkey->ecckey384) { | |
| 480 disablekey(DROPBEAR_SIGNKEY_ECDSA_NISTP384); | 507 disablekey(DROPBEAR_SIGNKEY_ECDSA_NISTP384); |
| 481 } | 508 } |
| 482 #endif | 509 #endif |
| 510 | |
| 483 #ifdef DROPBEAR_ECC_521 | 511 #ifdef DROPBEAR_ECC_521 |
| 484 if (!svr_opts.hostkey->ecckey521) { | 512 if ((disable_unset_keys || ECDSA_DEFAULT_SIZE != 521) |
| 485 //disablekey(DROPBEAR_SIGNKEY_ECDSA_NISTP521); | 513 && !svr_opts.hostkey->ecckey521) { |
| 486 } | 514 disablekey(DROPBEAR_SIGNKEY_ECDSA_NISTP521); |
| 487 #endif | 515 } |
| 488 #endif | 516 #endif |
| 489 } | 517 #endif /* DROPBEAR_ECDSA */ |
| 518 | |
| 519 } |