Mercurial > dropbear

comparison svr-runopts.c @ 391:00fcf5045160

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
propagate from branch 'au.asn.ucc.matt.ltc.dropbear' (head c1db4398d56c56c6d06ae1e20c1e0d04dbb598ed) to branch 'au.asn.ucc.matt.dropbear' (head d26d5eb2837f46b56a33fb0e7573aa0201abd4d5)
author Matt Johnston <matt@ucc.asn.au>
date Thu, 11 Jan 2007 04:29:08 +0000
parents 3bfbe95f9a14
children 337c45621e81
comparison
equal deleted inserted replaced
390:d8e44bef7917 391:00fcf5045160
1 /*
2 * Dropbear - a SSH2 server
3 *
4 * Copyright (c) 2002,2003 Matt Johnston
5 * All rights reserved.
6 *
7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
13 *
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
16 *
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
20 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
23 * SOFTWARE. */
24
25 #include "includes.h"
26 #include "runopts.h"
27 #include "signkey.h"
28 #include "buffer.h"
29 #include "dbutil.h"
30 #include "algo.h"
31
32 svr_runopts svr_opts; /* GLOBAL */
33
34 static void printhelp(const char * progname);
35
36 static void printhelp(const char * progname) {
37
38 fprintf(stderr, "Dropbear sshd v%s\n"
39 "Usage: %s [options]\n"
40 "Options are:\n"
41 "-b bannerfile Display the contents of bannerfile"
42 " before user login\n"
43 " (default: none)\n"
44 #ifdef DROPBEAR_DSS
45 "-d dsskeyfile Use dsskeyfile for the dss host key\n"
46 " (default: %s)\n"
47 #endif
48 #ifdef DROPBEAR_RSA
49 "-r rsakeyfile Use rsakeyfile for the rsa host key\n"
50 " (default: %s)\n"
51 #endif
52 "-F Don't fork into background\n"
53 #ifdef DISABLE_SYSLOG
54 "(Syslog support not compiled in, using stderr)\n"
55 #else
56 "-E Log to stderr rather than syslog\n"
57 #endif
58 #ifdef DO_MOTD
59 "-m Don't display the motd on login\n"
60 #endif
61 "-w Disallow root logins\n"
62 #if defined(ENABLE_SVR_PASSWORD_AUTH) || defined(ENABLE_SVR_PAM_AUTH)
63 "-s Disable password logins\n"
64 "-g Disable password logins for root\n"
65 #endif
66 #ifdef ENABLE_SVR_LOCALTCPFWD
67 "-j Disable local port forwarding\n"
68 #endif
69 #ifdef ENABLE_SVR_REMOTETCPFWD
70 "-k Disable remote port forwarding\n"
71 "-a Allow connections to forwarded ports from any host\n"
72 #endif
73 "-p port Listen on specified tcp port, up to %d can be specified\n"
74 " (default %s if none specified)\n"
75 "-P PidFile Create pid file PidFile\n"
76 " (default %s)\n"
77 #ifdef INETD_MODE
78 "-i Start for inetd\n"
79 #endif
80 #ifdef DEBUG_TRACE
81 "-v verbose\n"
82 #endif
83 ,DROPBEAR_VERSION, progname,
84 #ifdef DROPBEAR_DSS
85 DSS_PRIV_FILENAME,
86 #endif
87 #ifdef DROPBEAR_RSA
88 RSA_PRIV_FILENAME,
89 #endif
90 DROPBEAR_MAX_PORTS, DROPBEAR_DEFPORT, DROPBEAR_PIDFILE);
91 }
92
93 void svr_getopts(int argc, char ** argv) {
94
95 unsigned int i;
96 char ** next = 0;
97
98 /* see printhelp() for options */
99 svr_opts.rsakeyfile = NULL;
100 svr_opts.dsskeyfile = NULL;
101 svr_opts.bannerfile = NULL;
102 svr_opts.banner = NULL;
103 svr_opts.forkbg = 1;
104 svr_opts.norootlogin = 0;
105 svr_opts.noauthpass = 0;
106 svr_opts.norootpass = 0;
107 svr_opts.inetdmode = 0;
108 svr_opts.portcount = 0;
109 svr_opts.hostkey = NULL;
110 svr_opts.pidfile = DROPBEAR_PIDFILE;
111 #ifdef ENABLE_SVR_LOCALTCPFWD
112 svr_opts.nolocaltcp = 0;
113 #endif
114 #ifdef ENABLE_SVR_REMOTETCPFWD
115 svr_opts.noremotetcp = 0;
116 #endif
117 /* not yet
118 opts.ipv4 = 1;
119 opts.ipv6 = 1;
120 */
121 #ifdef DO_MOTD
122 svr_opts.domotd = 1;
123 #endif
124 #ifndef DISABLE_SYSLOG
125 svr_opts.usingsyslog = 1;
126 #endif
127 #ifdef ENABLE_SVR_REMOTETCPFWD
128 opts.listen_fwd_all = 0;
129 #endif
130
131 for (i = 1; i < (unsigned int)argc; i++) {
132 if (next) {
133 *next = argv[i];
134 if (*next == NULL) {
135 dropbear_exit("Invalid null argument");
136 }
137 next = 0x00;
138 continue;
139 }
140
141 if (argv[i][0] == '-') {
142 switch (argv[i][1]) {
143 case 'b':
144 next = &svr_opts.bannerfile;
145 break;
146 #ifdef DROPBEAR_DSS
147 case 'd':
148 next = &svr_opts.dsskeyfile;
149 break;
150 #endif
151 #ifdef DROPBEAR_RSA
152 case 'r':
153 next = &svr_opts.rsakeyfile;
154 break;
155 #endif
156 case 'F':
157 svr_opts.forkbg = 0;
158 break;
159 #ifndef DISABLE_SYSLOG
160 case 'E':
161 svr_opts.usingsyslog = 0;
162 break;
163 #endif
164 #ifdef ENABLE_SVR_LOCALTCPFWD
165 case 'j':
166 svr_opts.nolocaltcp = 1;
167 break;
168 #endif
169 #ifdef ENABLE_SVR_REMOTETCPFWD
170 case 'k':
171 svr_opts.noremotetcp = 1;
172 break;
173 case 'a':
174 opts.listen_fwd_all = 1;
175 break;
176 #endif
177 #ifdef INETD_MODE
178 case 'i':
179 svr_opts.inetdmode = 1;
180 break;
181 #endif
182 case 'p':
183 if (svr_opts.portcount < DROPBEAR_MAX_PORTS) {
184 svr_opts.ports[svr_opts.portcount] = NULL;
185 next = &svr_opts.ports[svr_opts.portcount];
186 /* Note: if it doesn't actually get set, we'll
187 * decrement it after the loop */
188 svr_opts.portcount++;
189 }
190 break;
191 case 'P':
192 next = &svr_opts.pidfile;
193 break;
194 #ifdef DO_MOTD
195 /* motd is displayed by default, -m turns it off */
196 case 'm':
197 svr_opts.domotd = 0;
198 break;
199 #endif
200 case 'w':
201 svr_opts.norootlogin = 1;
202 break;
203 #if defined(ENABLE_SVR_PASSWORD_AUTH) || defined(ENABLE_SVR_PAM_AUTH)
204 case 's':
205 svr_opts.noauthpass = 1;
206 break;
207 case 'g':
208 svr_opts.norootpass = 1;
209 break;
210 #endif
211 case 'h':
212 printhelp(argv[0]);
213 exit(EXIT_FAILURE);
214 break;
215 #ifdef DEBUG_TRACE
216 case 'v':
217 debug_trace = 1;
218 break;
219 #endif
220 default:
221 fprintf(stderr, "Unknown argument %s\n", argv[i]);
222 printhelp(argv[0]);
223 exit(EXIT_FAILURE);
224 break;
225 }
226 }
227 }
228
229 /* Set up listening ports */
230 if (svr_opts.portcount == 0) {
231 svr_opts.ports[0] = m_strdup(DROPBEAR_DEFPORT);
232 svr_opts.portcount = 1;
233 } else {
234 /* we may have been given a -p option but no argument to go with
235 * it */
236 if (svr_opts.ports[svr_opts.portcount-1] == NULL) {
237 svr_opts.portcount--;
238 }
239 }
240
241 if (svr_opts.dsskeyfile == NULL) {
242 svr_opts.dsskeyfile = DSS_PRIV_FILENAME;
243 }
244 if (svr_opts.rsakeyfile == NULL) {
245 svr_opts.rsakeyfile = RSA_PRIV_FILENAME;
246 }
247
248 if (svr_opts.bannerfile) {
249 struct stat buf;
250 if (stat(svr_opts.bannerfile, &buf) != 0) {
251 dropbear_exit("Error opening banner file '%s'",
252 svr_opts.bannerfile);
253 }
254
255 if (buf.st_size > MAX_BANNER_SIZE) {
256 dropbear_exit("Banner file too large, max is %d bytes",
257 MAX_BANNER_SIZE);
258 }
259
260 svr_opts.banner = buf_new(buf.st_size);
261 if (buf_readfile(svr_opts.banner, svr_opts.bannerfile)!=DROPBEAR_SUCCESS) {
262 dropbear_exit("Error reading banner file '%s'",
263 svr_opts.bannerfile);
264 }
265 buf_setpos(svr_opts.banner, 0);
266 }
267
268 }
269
270 static void disablekey(int type, const char* filename) {
271
272 int i;
273
274 for (i = 0; sshhostkey[i].name != NULL; i++) {
275 if (sshhostkey[i].val == type) {
276 sshhostkey[i].usable = 0;
277 break;
278 }
279 }
280 dropbear_log(LOG_WARNING, "Failed reading '%s', disabling %s", filename,
281 type == DROPBEAR_SIGNKEY_DSS ? "DSS" : "RSA");
282 }
283
284 /* Must be called after syslog/etc is working */
285 void loadhostkeys() {
286
287 int ret;
288 int type;
289
290 TRACE(("enter loadhostkeys"))
291
292 svr_opts.hostkey = new_sign_key();
293
294 #ifdef DROPBEAR_RSA
295 type = DROPBEAR_SIGNKEY_RSA;
296 ret = readhostkey(svr_opts.rsakeyfile, svr_opts.hostkey, &type);
297 if (ret == DROPBEAR_FAILURE) {
298 disablekey(DROPBEAR_SIGNKEY_RSA, svr_opts.rsakeyfile);
299 }
300 #endif
301 #ifdef DROPBEAR_DSS
302 type = DROPBEAR_SIGNKEY_DSS;
303 ret = readhostkey(svr_opts.dsskeyfile, svr_opts.hostkey, &type);
304 if (ret == DROPBEAR_FAILURE) {
305 disablekey(DROPBEAR_SIGNKEY_DSS, svr_opts.dsskeyfile);
306 }
307 #endif
308
309 if ( 1
310 #ifdef DROPBEAR_DSS
311 && svr_opts.hostkey->dsskey == NULL
312 #endif
313 #ifdef DROPBEAR_RSA
314 && svr_opts.hostkey->rsakey == NULL
315 #endif
316 ) {
317 dropbear_exit("No hostkeys available");
318 }
319
320 TRACE(("leave loadhostkeys"))
321 }