Mercurial > dropbear
comparison svr-runopts.c @ 391:00fcf5045160
propagate from branch 'au.asn.ucc.matt.ltc.dropbear' (head c1db4398d56c56c6d06ae1e20c1e0d04dbb598ed)
to branch 'au.asn.ucc.matt.dropbear' (head d26d5eb2837f46b56a33fb0e7573aa0201abd4d5)
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Thu, 11 Jan 2007 04:29:08 +0000 |
parents | 3bfbe95f9a14 |
children | 337c45621e81 |
comparison
equal
deleted
inserted
replaced
390:d8e44bef7917 | 391:00fcf5045160 |
---|---|
1 /* | |
2 * Dropbear - a SSH2 server | |
3 * | |
4 * Copyright (c) 2002,2003 Matt Johnston | |
5 * All rights reserved. | |
6 * | |
7 * Permission is hereby granted, free of charge, to any person obtaining a copy | |
8 * of this software and associated documentation files (the "Software"), to deal | |
9 * in the Software without restriction, including without limitation the rights | |
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | |
11 * copies of the Software, and to permit persons to whom the Software is | |
12 * furnished to do so, subject to the following conditions: | |
13 * | |
14 * The above copyright notice and this permission notice shall be included in | |
15 * all copies or substantial portions of the Software. | |
16 * | |
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | |
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | |
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE | |
20 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | |
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, | |
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE | |
23 * SOFTWARE. */ | |
24 | |
25 #include "includes.h" | |
26 #include "runopts.h" | |
27 #include "signkey.h" | |
28 #include "buffer.h" | |
29 #include "dbutil.h" | |
30 #include "algo.h" | |
31 | |
32 svr_runopts svr_opts; /* GLOBAL */ | |
33 | |
34 static void printhelp(const char * progname); | |
35 | |
36 static void printhelp(const char * progname) { | |
37 | |
38 fprintf(stderr, "Dropbear sshd v%s\n" | |
39 "Usage: %s [options]\n" | |
40 "Options are:\n" | |
41 "-b bannerfile Display the contents of bannerfile" | |
42 " before user login\n" | |
43 " (default: none)\n" | |
44 #ifdef DROPBEAR_DSS | |
45 "-d dsskeyfile Use dsskeyfile for the dss host key\n" | |
46 " (default: %s)\n" | |
47 #endif | |
48 #ifdef DROPBEAR_RSA | |
49 "-r rsakeyfile Use rsakeyfile for the rsa host key\n" | |
50 " (default: %s)\n" | |
51 #endif | |
52 "-F Don't fork into background\n" | |
53 #ifdef DISABLE_SYSLOG | |
54 "(Syslog support not compiled in, using stderr)\n" | |
55 #else | |
56 "-E Log to stderr rather than syslog\n" | |
57 #endif | |
58 #ifdef DO_MOTD | |
59 "-m Don't display the motd on login\n" | |
60 #endif | |
61 "-w Disallow root logins\n" | |
62 #if defined(ENABLE_SVR_PASSWORD_AUTH) || defined(ENABLE_SVR_PAM_AUTH) | |
63 "-s Disable password logins\n" | |
64 "-g Disable password logins for root\n" | |
65 #endif | |
66 #ifdef ENABLE_SVR_LOCALTCPFWD | |
67 "-j Disable local port forwarding\n" | |
68 #endif | |
69 #ifdef ENABLE_SVR_REMOTETCPFWD | |
70 "-k Disable remote port forwarding\n" | |
71 "-a Allow connections to forwarded ports from any host\n" | |
72 #endif | |
73 "-p port Listen on specified tcp port, up to %d can be specified\n" | |
74 " (default %s if none specified)\n" | |
75 "-P PidFile Create pid file PidFile\n" | |
76 " (default %s)\n" | |
77 #ifdef INETD_MODE | |
78 "-i Start for inetd\n" | |
79 #endif | |
80 #ifdef DEBUG_TRACE | |
81 "-v verbose\n" | |
82 #endif | |
83 ,DROPBEAR_VERSION, progname, | |
84 #ifdef DROPBEAR_DSS | |
85 DSS_PRIV_FILENAME, | |
86 #endif | |
87 #ifdef DROPBEAR_RSA | |
88 RSA_PRIV_FILENAME, | |
89 #endif | |
90 DROPBEAR_MAX_PORTS, DROPBEAR_DEFPORT, DROPBEAR_PIDFILE); | |
91 } | |
92 | |
93 void svr_getopts(int argc, char ** argv) { | |
94 | |
95 unsigned int i; | |
96 char ** next = 0; | |
97 | |
98 /* see printhelp() for options */ | |
99 svr_opts.rsakeyfile = NULL; | |
100 svr_opts.dsskeyfile = NULL; | |
101 svr_opts.bannerfile = NULL; | |
102 svr_opts.banner = NULL; | |
103 svr_opts.forkbg = 1; | |
104 svr_opts.norootlogin = 0; | |
105 svr_opts.noauthpass = 0; | |
106 svr_opts.norootpass = 0; | |
107 svr_opts.inetdmode = 0; | |
108 svr_opts.portcount = 0; | |
109 svr_opts.hostkey = NULL; | |
110 svr_opts.pidfile = DROPBEAR_PIDFILE; | |
111 #ifdef ENABLE_SVR_LOCALTCPFWD | |
112 svr_opts.nolocaltcp = 0; | |
113 #endif | |
114 #ifdef ENABLE_SVR_REMOTETCPFWD | |
115 svr_opts.noremotetcp = 0; | |
116 #endif | |
117 /* not yet | |
118 opts.ipv4 = 1; | |
119 opts.ipv6 = 1; | |
120 */ | |
121 #ifdef DO_MOTD | |
122 svr_opts.domotd = 1; | |
123 #endif | |
124 #ifndef DISABLE_SYSLOG | |
125 svr_opts.usingsyslog = 1; | |
126 #endif | |
127 #ifdef ENABLE_SVR_REMOTETCPFWD | |
128 opts.listen_fwd_all = 0; | |
129 #endif | |
130 | |
131 for (i = 1; i < (unsigned int)argc; i++) { | |
132 if (next) { | |
133 *next = argv[i]; | |
134 if (*next == NULL) { | |
135 dropbear_exit("Invalid null argument"); | |
136 } | |
137 next = 0x00; | |
138 continue; | |
139 } | |
140 | |
141 if (argv[i][0] == '-') { | |
142 switch (argv[i][1]) { | |
143 case 'b': | |
144 next = &svr_opts.bannerfile; | |
145 break; | |
146 #ifdef DROPBEAR_DSS | |
147 case 'd': | |
148 next = &svr_opts.dsskeyfile; | |
149 break; | |
150 #endif | |
151 #ifdef DROPBEAR_RSA | |
152 case 'r': | |
153 next = &svr_opts.rsakeyfile; | |
154 break; | |
155 #endif | |
156 case 'F': | |
157 svr_opts.forkbg = 0; | |
158 break; | |
159 #ifndef DISABLE_SYSLOG | |
160 case 'E': | |
161 svr_opts.usingsyslog = 0; | |
162 break; | |
163 #endif | |
164 #ifdef ENABLE_SVR_LOCALTCPFWD | |
165 case 'j': | |
166 svr_opts.nolocaltcp = 1; | |
167 break; | |
168 #endif | |
169 #ifdef ENABLE_SVR_REMOTETCPFWD | |
170 case 'k': | |
171 svr_opts.noremotetcp = 1; | |
172 break; | |
173 case 'a': | |
174 opts.listen_fwd_all = 1; | |
175 break; | |
176 #endif | |
177 #ifdef INETD_MODE | |
178 case 'i': | |
179 svr_opts.inetdmode = 1; | |
180 break; | |
181 #endif | |
182 case 'p': | |
183 if (svr_opts.portcount < DROPBEAR_MAX_PORTS) { | |
184 svr_opts.ports[svr_opts.portcount] = NULL; | |
185 next = &svr_opts.ports[svr_opts.portcount]; | |
186 /* Note: if it doesn't actually get set, we'll | |
187 * decrement it after the loop */ | |
188 svr_opts.portcount++; | |
189 } | |
190 break; | |
191 case 'P': | |
192 next = &svr_opts.pidfile; | |
193 break; | |
194 #ifdef DO_MOTD | |
195 /* motd is displayed by default, -m turns it off */ | |
196 case 'm': | |
197 svr_opts.domotd = 0; | |
198 break; | |
199 #endif | |
200 case 'w': | |
201 svr_opts.norootlogin = 1; | |
202 break; | |
203 #if defined(ENABLE_SVR_PASSWORD_AUTH) || defined(ENABLE_SVR_PAM_AUTH) | |
204 case 's': | |
205 svr_opts.noauthpass = 1; | |
206 break; | |
207 case 'g': | |
208 svr_opts.norootpass = 1; | |
209 break; | |
210 #endif | |
211 case 'h': | |
212 printhelp(argv[0]); | |
213 exit(EXIT_FAILURE); | |
214 break; | |
215 #ifdef DEBUG_TRACE | |
216 case 'v': | |
217 debug_trace = 1; | |
218 break; | |
219 #endif | |
220 default: | |
221 fprintf(stderr, "Unknown argument %s\n", argv[i]); | |
222 printhelp(argv[0]); | |
223 exit(EXIT_FAILURE); | |
224 break; | |
225 } | |
226 } | |
227 } | |
228 | |
229 /* Set up listening ports */ | |
230 if (svr_opts.portcount == 0) { | |
231 svr_opts.ports[0] = m_strdup(DROPBEAR_DEFPORT); | |
232 svr_opts.portcount = 1; | |
233 } else { | |
234 /* we may have been given a -p option but no argument to go with | |
235 * it */ | |
236 if (svr_opts.ports[svr_opts.portcount-1] == NULL) { | |
237 svr_opts.portcount--; | |
238 } | |
239 } | |
240 | |
241 if (svr_opts.dsskeyfile == NULL) { | |
242 svr_opts.dsskeyfile = DSS_PRIV_FILENAME; | |
243 } | |
244 if (svr_opts.rsakeyfile == NULL) { | |
245 svr_opts.rsakeyfile = RSA_PRIV_FILENAME; | |
246 } | |
247 | |
248 if (svr_opts.bannerfile) { | |
249 struct stat buf; | |
250 if (stat(svr_opts.bannerfile, &buf) != 0) { | |
251 dropbear_exit("Error opening banner file '%s'", | |
252 svr_opts.bannerfile); | |
253 } | |
254 | |
255 if (buf.st_size > MAX_BANNER_SIZE) { | |
256 dropbear_exit("Banner file too large, max is %d bytes", | |
257 MAX_BANNER_SIZE); | |
258 } | |
259 | |
260 svr_opts.banner = buf_new(buf.st_size); | |
261 if (buf_readfile(svr_opts.banner, svr_opts.bannerfile)!=DROPBEAR_SUCCESS) { | |
262 dropbear_exit("Error reading banner file '%s'", | |
263 svr_opts.bannerfile); | |
264 } | |
265 buf_setpos(svr_opts.banner, 0); | |
266 } | |
267 | |
268 } | |
269 | |
270 static void disablekey(int type, const char* filename) { | |
271 | |
272 int i; | |
273 | |
274 for (i = 0; sshhostkey[i].name != NULL; i++) { | |
275 if (sshhostkey[i].val == type) { | |
276 sshhostkey[i].usable = 0; | |
277 break; | |
278 } | |
279 } | |
280 dropbear_log(LOG_WARNING, "Failed reading '%s', disabling %s", filename, | |
281 type == DROPBEAR_SIGNKEY_DSS ? "DSS" : "RSA"); | |
282 } | |
283 | |
284 /* Must be called after syslog/etc is working */ | |
285 void loadhostkeys() { | |
286 | |
287 int ret; | |
288 int type; | |
289 | |
290 TRACE(("enter loadhostkeys")) | |
291 | |
292 svr_opts.hostkey = new_sign_key(); | |
293 | |
294 #ifdef DROPBEAR_RSA | |
295 type = DROPBEAR_SIGNKEY_RSA; | |
296 ret = readhostkey(svr_opts.rsakeyfile, svr_opts.hostkey, &type); | |
297 if (ret == DROPBEAR_FAILURE) { | |
298 disablekey(DROPBEAR_SIGNKEY_RSA, svr_opts.rsakeyfile); | |
299 } | |
300 #endif | |
301 #ifdef DROPBEAR_DSS | |
302 type = DROPBEAR_SIGNKEY_DSS; | |
303 ret = readhostkey(svr_opts.dsskeyfile, svr_opts.hostkey, &type); | |
304 if (ret == DROPBEAR_FAILURE) { | |
305 disablekey(DROPBEAR_SIGNKEY_DSS, svr_opts.dsskeyfile); | |
306 } | |
307 #endif | |
308 | |
309 if ( 1 | |
310 #ifdef DROPBEAR_DSS | |
311 && svr_opts.hostkey->dsskey == NULL | |
312 #endif | |
313 #ifdef DROPBEAR_RSA | |
314 && svr_opts.hostkey->rsakey == NULL | |
315 #endif | |
316 ) { | |
317 dropbear_exit("No hostkeys available"); | |
318 } | |
319 | |
320 TRACE(("leave loadhostkeys")) | |
321 } |