[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH 5/6] examples: Add no default keys options to ssh_server_fork


It seems useful to be able to run ssh_server_fork without being
required to load some key of RSA and DSA keytypes.  However, with the
current ssh_server_fork, you need to have some keys as some default
value is set by default and you can't unset the value for a keytype
(e.g. by using NULL as an argument).  So the "no default keys"
argument turns off the default key assignments.

Signed-off-by: Alan Dunn <amdunn@xxxxxxxxx>
---
 examples/ssh_server_fork.c |   45 +++++++++++++++++++++++++++++++++++++++-----
 1 file changed, 40 insertions(+), 5 deletions(-)

diff --git a/examples/ssh_server_fork.c b/examples/ssh_server_fork.c
index 1093965..1582b38 100644
--- a/examples/ssh_server_fork.c
+++ b/examples/ssh_server_fork.c
@@ -53,6 +53,19 @@ The goal is to show the API in action.
 #define SESSION_END (SSH_CLOSED | SSH_CLOSED_ERROR)
 #define SFTP_SERVER_PATH "/usr/lib/sftp-server"
 
+static void set_default_keys(ssh_bind sshbind,
+                             int rsa_already_set,
+                             int dsa_already_set) {
+    if (!rsa_already_set) {
+        ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_RSAKEY,
+                             KEYS_FOLDER "ssh_host_rsa_key");
+    }
+    if (!dsa_already_set) {
+        ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_DSAKEY,
+                             KEYS_FOLDER "ssh_host_dsa_key");
+    }
+}
+
 #ifdef HAVE_ARGP_H
 const char *argp_program_version = "libssh server example "
 SSH_STRINGIFY(LIBSSH_VERSION);
@@ -99,6 +112,14 @@ static struct argp_option options[] = {
         .group = 0
     },
     {
+        .name  = "no-default-keys",
+        .key   = 'n',
+        .arg   = NULL,
+        .flags = 0,
+        .doc   = "Do not set default key locations.",
+        .group = 0
+    },
+    {
         .name  = "verbose",
         .key   = 'v',
         .arg   = NULL,
@@ -114,19 +135,29 @@ static error_t parse_opt (int key, char *arg, struct argp_state *state) {
     /* Get the input argument from argp_parse, which we
      * know is a pointer to our arguments structure. */
     ssh_bind sshbind = state->input;
+    static int no_default_keys = 0;
+    static int rsa_already_set = 0, dsa_already_set = 0;
 
     switch (key) {
+        case 'n':
+            no_default_keys = 1;
+            break;
         case 'p':
             ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_BINDPORT_STR, arg);
             break;
         case 'd':
             ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_DSAKEY, arg);
+            dsa_already_set = 1;
             break;
         case 'k':
+            /* This currently sets the public key algorithms the
+               server is willing to use, not which key files it will
+               load */
             ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, arg);
             break;
         case 'r':
             ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_RSAKEY, arg);
+            rsa_already_set = 1;
             break;
         case 'v':
             ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_LOG_VERBOSITY_STR,
@@ -144,6 +175,13 @@ static error_t parse_opt (int key, char *arg, struct argp_state *state) {
                 /* Not enough arguments. */
                 argp_usage (state);
             }
+
+            if (!no_default_keys) {
+                set_default_keys(sshbind,
+                                 rsa_already_set,
+                                 dsa_already_set);
+            }
+
             break;
         default:
             return ARGP_ERR_UNKNOWN;
@@ -576,16 +614,13 @@ int main(int argc, char **argv) {
     ssh_init();
     sshbind = ssh_bind_new();
 
-    ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_DSAKEY,
-                         KEYS_FOLDER "ssh_host_dsa_key");
-    ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_RSAKEY,
-                         KEYS_FOLDER "ssh_host_rsa_key");
-
 #ifdef HAVE_ARGP_H
     argp_parse(&argp, argc, argv, 0, 0, sshbind);
 #else
     (void) argc;
     (void) argv;
+
+    set_default_keys(sshbind, 0, 0);
 #endif /* HAVE_ARGP_H */
 
     if(ssh_bind_listen(sshbind) < 0) {
-- 
1.7.9.5


References:
[PATCH 0/6] Fix ability to use ECDSA keysAlan Dunn <amdunn@xxxxxxxxx>
Archive administrator: postmaster@lists.cynapses.org