Mercurial > dropbear
annotate cli-main.c @ 1145:5709b15a1b57
Fix segfault with restricted authorized_key files without forced command
author | Guilhem Moulin <guilhem@fripost.org> |
---|---|
date | Fri, 07 Aug 2015 23:00:08 +0800 |
parents | 23103e1e9548 |
children | fb58cf341951 |
rev | line source |
---|---|
74
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
40
diff
changeset
|
1 /* |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
40
diff
changeset
|
2 * Dropbear - a SSH2 server |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
40
diff
changeset
|
3 * SSH client implementation |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
40
diff
changeset
|
4 * |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
40
diff
changeset
|
5 * Copyright (c) 2002,2003 Matt Johnston |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
40
diff
changeset
|
6 * Copyright (c) 2004 by Mihnea Stoenescu |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
40
diff
changeset
|
7 * All rights reserved. |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
40
diff
changeset
|
8 * |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
40
diff
changeset
|
9 * Permission is hereby granted, free of charge, to any person obtaining a copy |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
40
diff
changeset
|
10 * of this software and associated documentation files (the "Software"), to deal |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
40
diff
changeset
|
11 * in the Software without restriction, including without limitation the rights |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
40
diff
changeset
|
12 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
40
diff
changeset
|
13 * copies of the Software, and to permit persons to whom the Software is |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
40
diff
changeset
|
14 * furnished to do so, subject to the following conditions: |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
40
diff
changeset
|
15 * |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
40
diff
changeset
|
16 * The above copyright notice and this permission notice shall be included in |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
40
diff
changeset
|
17 * all copies or substantial portions of the Software. |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
40
diff
changeset
|
18 * |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
40
diff
changeset
|
19 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
40
diff
changeset
|
20 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
40
diff
changeset
|
21 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
40
diff
changeset
|
22 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
40
diff
changeset
|
23 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
40
diff
changeset
|
24 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
40
diff
changeset
|
25 * SOFTWARE. */ |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
40
diff
changeset
|
26 |
33 | 27 #include "includes.h" |
28 #include "dbutil.h" | |
29 #include "runopts.h" | |
30 #include "session.h" | |
858
220f55d540ae
rename random.h to dbrandom.h since some OSes have a system random.h
Matt Johnston <matt@ucc.asn.au>
parents:
857
diff
changeset
|
31 #include "dbrandom.h" |
795 | 32 #include "crypto_desc.h" |
1032
0da8ba489c23
Move generic network routines to netio.c
Matt Johnston <matt@ucc.asn.au>
parents:
1027
diff
changeset
|
33 #include "netio.h" |
26 | 34 |
614
00eca37e47e8
Add noreturn and format attribute hints for some functions.
Matt Johnston <matt@ucc.asn.au>
parents:
594
diff
changeset
|
35 static void cli_dropbear_exit(int exitcode, const char* format, va_list param) ATTRIB_NORETURN; |
33 | 36 static void cli_dropbear_log(int priority, const char* format, va_list param); |
37 | |
542
c9128994a2d6
Wrap proxycmd function in ENABLE_CLI_PROXYCMD #ifdef
Matt Johnston <matt@ucc.asn.au>
parents:
484
diff
changeset
|
38 #ifdef ENABLE_CLI_PROXYCMD |
483
738313e73b1c
- "-J 'nc localhost 22'" kind of works, needs fixing hostkeys, ptys etc.
Matt Johnston <matt@ucc.asn.au>
parents:
479
diff
changeset
|
39 static void cli_proxy_cmd(int *sock_in, int *sock_out); |
542
c9128994a2d6
Wrap proxycmd function in ENABLE_CLI_PROXYCMD #ifdef
Matt Johnston <matt@ucc.asn.au>
parents:
484
diff
changeset
|
40 #endif |
483
738313e73b1c
- "-J 'nc localhost 22'" kind of works, needs fixing hostkeys, ptys etc.
Matt Johnston <matt@ucc.asn.au>
parents:
479
diff
changeset
|
41 |
33 | 42 #if defined(DBMULTI_dbclient) || !defined(DROPBEAR_MULTI) |
43 #if defined(DBMULTI_dbclient) && defined(DROPBEAR_MULTI) | |
44 int cli_main(int argc, char ** argv) { | |
45 #else | |
26 | 46 int main(int argc, char ** argv) { |
33 | 47 #endif |
26 | 48 |
479
e3db1f7a2e43
- Split main socket var into ses.sock_in/ses.sock_out in preparation
Matt Johnston <matt@ucc.asn.au>
parents:
425
diff
changeset
|
49 int sock_in, sock_out; |
1027
daf21fd50abf
In theory TFO should work. Needs platform cleanup and testing
Matt Johnston <matt@ucc.asn.au>
parents:
1025
diff
changeset
|
50 struct dropbear_progress_connection *progress = NULL; |
26 | 51 |
52 _dropbear_exit = cli_dropbear_exit; | |
53 _dropbear_log = cli_dropbear_log; | |
54 | |
425 | 55 disallow_core(); |
56 | |
795 | 57 seedrandom(); |
58 crypto_init(); | |
59 | |
26 | 60 cli_getopts(argc, argv); |
61 | |
33 | 62 TRACE(("user='%s' host='%s' port='%s'", cli_opts.username, |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
109
diff
changeset
|
63 cli_opts.remotehost, cli_opts.remoteport)) |
33 | 64 |
109
2e9d1f29c50f
merge of 50be59810e462f9f44f55e421227d6aa0b31982b
Matt Johnston <matt@ucc.asn.au>
parents:
108
diff
changeset
|
65 if (signal(SIGPIPE, SIG_IGN) == SIG_ERR) { |
2e9d1f29c50f
merge of 50be59810e462f9f44f55e421227d6aa0b31982b
Matt Johnston <matt@ucc.asn.au>
parents:
108
diff
changeset
|
66 dropbear_exit("signal() error"); |
2e9d1f29c50f
merge of 50be59810e462f9f44f55e421227d6aa0b31982b
Matt Johnston <matt@ucc.asn.au>
parents:
108
diff
changeset
|
67 } |
2e9d1f29c50f
merge of 50be59810e462f9f44f55e421227d6aa0b31982b
Matt Johnston <matt@ucc.asn.au>
parents:
108
diff
changeset
|
68 |
483
738313e73b1c
- "-J 'nc localhost 22'" kind of works, needs fixing hostkeys, ptys etc.
Matt Johnston <matt@ucc.asn.au>
parents:
479
diff
changeset
|
69 #ifdef ENABLE_CLI_PROXYCMD |
738313e73b1c
- "-J 'nc localhost 22'" kind of works, needs fixing hostkeys, ptys etc.
Matt Johnston <matt@ucc.asn.au>
parents:
479
diff
changeset
|
70 if (cli_opts.proxycmd) { |
738313e73b1c
- "-J 'nc localhost 22'" kind of works, needs fixing hostkeys, ptys etc.
Matt Johnston <matt@ucc.asn.au>
parents:
479
diff
changeset
|
71 cli_proxy_cmd(&sock_in, &sock_out); |
544
9e51707cd6f2
- Make -i and -W pass through multihop arguments
Matt Johnston <matt@ucc.asn.au>
parents:
542
diff
changeset
|
72 m_free(cli_opts.proxycmd); |
479
e3db1f7a2e43
- Split main socket var into ses.sock_in/ses.sock_out in preparation
Matt Johnston <matt@ucc.asn.au>
parents:
425
diff
changeset
|
73 } else |
e3db1f7a2e43
- Split main socket var into ses.sock_in/ses.sock_out in preparation
Matt Johnston <matt@ucc.asn.au>
parents:
425
diff
changeset
|
74 #endif |
e3db1f7a2e43
- Split main socket var into ses.sock_in/ses.sock_out in preparation
Matt Johnston <matt@ucc.asn.au>
parents:
425
diff
changeset
|
75 { |
1032
0da8ba489c23
Move generic network routines to netio.c
Matt Johnston <matt@ucc.asn.au>
parents:
1027
diff
changeset
|
76 progress = connect_remote(cli_opts.remotehost, cli_opts.remoteport, cli_connected, &ses); |
1025 | 77 sock_in = sock_out = -1; |
26 | 78 } |
79 | |
1027
daf21fd50abf
In theory TFO should work. Needs platform cleanup and testing
Matt Johnston <matt@ucc.asn.au>
parents:
1025
diff
changeset
|
80 cli_session(sock_in, sock_out, progress); |
26 | 81 |
82 /* not reached */ | |
83 return -1; | |
84 } | |
33 | 85 #endif /* DBMULTI stuff */ |
86 | |
87 static void cli_dropbear_exit(int exitcode, const char* format, va_list param) { | |
88 | |
89 char fmtbuf[300]; | |
1065
23103e1e9548
Fix error handling for dbclient async connect
Matt Johnston <matt@ucc.asn.au>
parents:
1032
diff
changeset
|
90 char exitmsg[500]; |
33 | 91 |
92 if (!sessinitdone) { | |
594
a98a2138364a
Improve capitalisation for all logged strings
Matt Johnston <matt@ucc.asn.au>
parents:
568
diff
changeset
|
93 snprintf(fmtbuf, sizeof(fmtbuf), "Exited: %s", |
33 | 94 format); |
95 } else { | |
96 snprintf(fmtbuf, sizeof(fmtbuf), | |
594
a98a2138364a
Improve capitalisation for all logged strings
Matt Johnston <matt@ucc.asn.au>
parents:
568
diff
changeset
|
97 "Connection to %s@%s:%s exited: %s", |
33 | 98 cli_opts.username, cli_opts.remotehost, |
99 cli_opts.remoteport, format); | |
100 } | |
101 | |
1065
23103e1e9548
Fix error handling for dbclient async connect
Matt Johnston <matt@ucc.asn.au>
parents:
1032
diff
changeset
|
102 /* Arguments to the exit printout may be unsafe to use after session_cleanup() */ |
23103e1e9548
Fix error handling for dbclient async connect
Matt Johnston <matt@ucc.asn.au>
parents:
1032
diff
changeset
|
103 vsnprintf(exitmsg, sizeof(exitmsg), fmtbuf, param); |
23103e1e9548
Fix error handling for dbclient async connect
Matt Johnston <matt@ucc.asn.au>
parents:
1032
diff
changeset
|
104 |
40
b4874d772210
- Added terminal mode handling etc for the client, and window change
Matt Johnston <matt@ucc.asn.au>
parents:
33
diff
changeset
|
105 /* Do the cleanup first, since then the terminal will be reset */ |
733
70811267715c
Run the cleanup handler also when we close due to TCP connection being closed
Matt Johnston <matt@ucc.asn.au>
parents:
614
diff
changeset
|
106 session_cleanup(); |
938
c88dce72f6d2
Make sure client exit messages don't get lost
Matt Johnston <matt@ucc.asn.au>
parents:
871
diff
changeset
|
107 /* Avoid printing onwards from terminal cruft */ |
c88dce72f6d2
Make sure client exit messages don't get lost
Matt Johnston <matt@ucc.asn.au>
parents:
871
diff
changeset
|
108 fprintf(stderr, "\n"); |
40
b4874d772210
- Added terminal mode handling etc for the client, and window change
Matt Johnston <matt@ucc.asn.au>
parents:
33
diff
changeset
|
109 |
1065
23103e1e9548
Fix error handling for dbclient async connect
Matt Johnston <matt@ucc.asn.au>
parents:
1032
diff
changeset
|
110 dropbear_log(LOG_INFO, "%s", exitmsg);; |
33 | 111 exit(exitcode); |
112 } | |
113 | |
108
10f4d3319780
- added circular buffering for channels
Matt Johnston <matt@ucc.asn.au>
parents:
74
diff
changeset
|
114 static void cli_dropbear_log(int UNUSED(priority), |
10f4d3319780
- added circular buffering for channels
Matt Johnston <matt@ucc.asn.au>
parents:
74
diff
changeset
|
115 const char* format, va_list param) { |
33 | 116 |
117 char printbuf[1024]; | |
118 | |
119 vsnprintf(printbuf, sizeof(printbuf), format, param); | |
120 | |
40
b4874d772210
- Added terminal mode handling etc for the client, and window change
Matt Johnston <matt@ucc.asn.au>
parents:
33
diff
changeset
|
121 fprintf(stderr, "%s: %s\n", cli_opts.progname, printbuf); |
938
c88dce72f6d2
Make sure client exit messages don't get lost
Matt Johnston <matt@ucc.asn.au>
parents:
871
diff
changeset
|
122 fflush(stderr); |
33 | 123 } |
483
738313e73b1c
- "-J 'nc localhost 22'" kind of works, needs fixing hostkeys, ptys etc.
Matt Johnston <matt@ucc.asn.au>
parents:
479
diff
changeset
|
124 |
738313e73b1c
- "-J 'nc localhost 22'" kind of works, needs fixing hostkeys, ptys etc.
Matt Johnston <matt@ucc.asn.au>
parents:
479
diff
changeset
|
125 static void exec_proxy_cmd(void *user_data_cmd) { |
738313e73b1c
- "-J 'nc localhost 22'" kind of works, needs fixing hostkeys, ptys etc.
Matt Johnston <matt@ucc.asn.au>
parents:
479
diff
changeset
|
126 const char *cmd = user_data_cmd; |
738313e73b1c
- "-J 'nc localhost 22'" kind of works, needs fixing hostkeys, ptys etc.
Matt Johnston <matt@ucc.asn.au>
parents:
479
diff
changeset
|
127 char *usershell; |
738313e73b1c
- "-J 'nc localhost 22'" kind of works, needs fixing hostkeys, ptys etc.
Matt Johnston <matt@ucc.asn.au>
parents:
479
diff
changeset
|
128 |
738313e73b1c
- "-J 'nc localhost 22'" kind of works, needs fixing hostkeys, ptys etc.
Matt Johnston <matt@ucc.asn.au>
parents:
479
diff
changeset
|
129 usershell = m_strdup(get_user_shell()); |
738313e73b1c
- "-J 'nc localhost 22'" kind of works, needs fixing hostkeys, ptys etc.
Matt Johnston <matt@ucc.asn.au>
parents:
479
diff
changeset
|
130 run_shell_command(cmd, ses.maxfd, usershell); |
738313e73b1c
- "-J 'nc localhost 22'" kind of works, needs fixing hostkeys, ptys etc.
Matt Johnston <matt@ucc.asn.au>
parents:
479
diff
changeset
|
131 dropbear_exit("Failed to run '%s'\n", cmd); |
738313e73b1c
- "-J 'nc localhost 22'" kind of works, needs fixing hostkeys, ptys etc.
Matt Johnston <matt@ucc.asn.au>
parents:
479
diff
changeset
|
132 } |
738313e73b1c
- "-J 'nc localhost 22'" kind of works, needs fixing hostkeys, ptys etc.
Matt Johnston <matt@ucc.asn.au>
parents:
479
diff
changeset
|
133 |
542
c9128994a2d6
Wrap proxycmd function in ENABLE_CLI_PROXYCMD #ifdef
Matt Johnston <matt@ucc.asn.au>
parents:
484
diff
changeset
|
134 #ifdef ENABLE_CLI_PROXYCMD |
483
738313e73b1c
- "-J 'nc localhost 22'" kind of works, needs fixing hostkeys, ptys etc.
Matt Johnston <matt@ucc.asn.au>
parents:
479
diff
changeset
|
135 static void cli_proxy_cmd(int *sock_in, int *sock_out) { |
738313e73b1c
- "-J 'nc localhost 22'" kind of works, needs fixing hostkeys, ptys etc.
Matt Johnston <matt@ucc.asn.au>
parents:
479
diff
changeset
|
136 int ret; |
738313e73b1c
- "-J 'nc localhost 22'" kind of works, needs fixing hostkeys, ptys etc.
Matt Johnston <matt@ucc.asn.au>
parents:
479
diff
changeset
|
137 |
738313e73b1c
- "-J 'nc localhost 22'" kind of works, needs fixing hostkeys, ptys etc.
Matt Johnston <matt@ucc.asn.au>
parents:
479
diff
changeset
|
138 fill_passwd(cli_opts.own_user); |
738313e73b1c
- "-J 'nc localhost 22'" kind of works, needs fixing hostkeys, ptys etc.
Matt Johnston <matt@ucc.asn.au>
parents:
479
diff
changeset
|
139 |
738313e73b1c
- "-J 'nc localhost 22'" kind of works, needs fixing hostkeys, ptys etc.
Matt Johnston <matt@ucc.asn.au>
parents:
479
diff
changeset
|
140 ret = spawn_command(exec_proxy_cmd, cli_opts.proxycmd, |
484
effb4a25b1ae
Don't capture stderr from spawned processes in proxycommand mode
Matt Johnston <matt@ucc.asn.au>
parents:
483
diff
changeset
|
141 sock_out, sock_in, NULL, NULL); |
483
738313e73b1c
- "-J 'nc localhost 22'" kind of works, needs fixing hostkeys, ptys etc.
Matt Johnston <matt@ucc.asn.au>
parents:
479
diff
changeset
|
142 if (ret == DROPBEAR_FAILURE) { |
738313e73b1c
- "-J 'nc localhost 22'" kind of works, needs fixing hostkeys, ptys etc.
Matt Johnston <matt@ucc.asn.au>
parents:
479
diff
changeset
|
143 dropbear_exit("Failed running proxy command"); |
738313e73b1c
- "-J 'nc localhost 22'" kind of works, needs fixing hostkeys, ptys etc.
Matt Johnston <matt@ucc.asn.au>
parents:
479
diff
changeset
|
144 *sock_in = *sock_out = -1; |
738313e73b1c
- "-J 'nc localhost 22'" kind of works, needs fixing hostkeys, ptys etc.
Matt Johnston <matt@ucc.asn.au>
parents:
479
diff
changeset
|
145 } |
738313e73b1c
- "-J 'nc localhost 22'" kind of works, needs fixing hostkeys, ptys etc.
Matt Johnston <matt@ucc.asn.au>
parents:
479
diff
changeset
|
146 } |
857 | 147 #endif /* ENABLE_CLI_PROXYCMD */ |