Mercurial > dropbear
comparison svr-runopts.c @ 1545:0b991dec7ab9 coverity
merge coverity
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Mon, 26 Feb 2018 22:43:12 +0800 |
parents | f20038b513a5 |
children | bb8eaa26bc93 1acbdf64088e |
comparison
equal
deleted
inserted
replaced
1523:1d163552145f | 1545:0b991dec7ab9 |
---|---|
28 #include "buffer.h" | 28 #include "buffer.h" |
29 #include "dbutil.h" | 29 #include "dbutil.h" |
30 #include "algo.h" | 30 #include "algo.h" |
31 #include "ecdsa.h" | 31 #include "ecdsa.h" |
32 | 32 |
33 #include <grp.h> | |
34 | |
33 svr_runopts svr_opts; /* GLOBAL */ | 35 svr_runopts svr_opts; /* GLOBAL */ |
34 | 36 |
35 static void printhelp(const char * progname); | 37 static void printhelp(const char * progname); |
36 static void addportandaddress(const char* spec); | 38 static void addportandaddress(const char* spec); |
37 static void loadhostkey(const char *keyfile, int fatal_duplicate); | 39 static void loadhostkey(const char *keyfile, int fatal_duplicate); |
66 #endif | 68 #endif |
67 #if DO_MOTD | 69 #if DO_MOTD |
68 "-m Don't display the motd on login\n" | 70 "-m Don't display the motd on login\n" |
69 #endif | 71 #endif |
70 "-w Disallow root logins\n" | 72 "-w Disallow root logins\n" |
73 "-G Restrict logins to members of specified group\n" | |
71 #if DROPBEAR_SVR_PASSWORD_AUTH || DROPBEAR_SVR_PAM_AUTH | 74 #if DROPBEAR_SVR_PASSWORD_AUTH || DROPBEAR_SVR_PAM_AUTH |
72 "-s Disable password logins\n" | 75 "-s Disable password logins\n" |
73 "-g Disable password logins for root\n" | 76 "-g Disable password logins for root\n" |
74 "-B Allow blank password logins\n" | 77 "-B Allow blank password logins\n" |
75 #endif | 78 #endif |
130 svr_opts.bannerfile = NULL; | 133 svr_opts.bannerfile = NULL; |
131 svr_opts.banner = NULL; | 134 svr_opts.banner = NULL; |
132 svr_opts.forced_command = NULL; | 135 svr_opts.forced_command = NULL; |
133 svr_opts.forkbg = 1; | 136 svr_opts.forkbg = 1; |
134 svr_opts.norootlogin = 0; | 137 svr_opts.norootlogin = 0; |
138 svr_opts.restrict_group = NULL; | |
139 svr_opts.restrict_group_gid = 0; | |
135 svr_opts.noauthpass = 0; | 140 svr_opts.noauthpass = 0; |
136 svr_opts.norootpass = 0; | 141 svr_opts.norootpass = 0; |
137 svr_opts.allowblankpass = 0; | 142 svr_opts.allowblankpass = 0; |
138 svr_opts.maxauthtries = MAX_AUTH_TRIES; | 143 svr_opts.maxauthtries = MAX_AUTH_TRIES; |
139 svr_opts.inetdmode = 0; | 144 svr_opts.inetdmode = 0; |
228 break; | 233 break; |
229 #endif | 234 #endif |
230 case 'w': | 235 case 'w': |
231 svr_opts.norootlogin = 1; | 236 svr_opts.norootlogin = 1; |
232 break; | 237 break; |
238 case 'G': | |
239 next = &svr_opts.restrict_group; | |
240 break; | |
233 case 'W': | 241 case 'W': |
234 next = &recv_window_arg; | 242 next = &recv_window_arg; |
235 break; | 243 break; |
236 case 'K': | 244 case 'K': |
237 next = &keepalive_arg; | 245 next = &keepalive_arg; |
328 if (buf_readfile(svr_opts.banner, svr_opts.bannerfile)!=DROPBEAR_SUCCESS) { | 336 if (buf_readfile(svr_opts.banner, svr_opts.bannerfile)!=DROPBEAR_SUCCESS) { |
329 dropbear_exit("Error reading banner file '%s'", | 337 dropbear_exit("Error reading banner file '%s'", |
330 svr_opts.bannerfile); | 338 svr_opts.bannerfile); |
331 } | 339 } |
332 buf_setpos(svr_opts.banner, 0); | 340 buf_setpos(svr_opts.banner, 0); |
341 } | |
342 | |
343 if (svr_opts.restrict_group) { | |
344 struct group *restrictedgroup = getgrnam(svr_opts.restrict_group); | |
345 | |
346 if (restrictedgroup){ | |
347 svr_opts.restrict_group_gid = restrictedgroup->gr_gid; | |
348 } else { | |
349 dropbear_exit("Cannot restrict logins to group '%s' as the group does not exist", svr_opts.restrict_group); | |
350 } | |
351 | |
333 } | 352 } |
334 | 353 |
335 if (recv_window_arg) { | 354 if (recv_window_arg) { |
336 opts.recv_window = atol(recv_window_arg); | 355 opts.recv_window = atol(recv_window_arg); |
337 if (opts.recv_window == 0 || opts.recv_window > MAX_RECV_WINDOW) { | 356 if (opts.recv_window == 0 || opts.recv_window > MAX_RECV_WINDOW) { |
508 char *hostkey_file = svr_opts.hostkey_files[i]; | 527 char *hostkey_file = svr_opts.hostkey_files[i]; |
509 loadhostkey(hostkey_file, 1); | 528 loadhostkey(hostkey_file, 1); |
510 m_free(hostkey_file); | 529 m_free(hostkey_file); |
511 } | 530 } |
512 | 531 |
532 /* Only load default host keys if a host key is not specified by the user */ | |
533 if (svr_opts.num_hostkey_files == 0) { | |
513 #if DROPBEAR_RSA | 534 #if DROPBEAR_RSA |
514 loadhostkey(RSA_PRIV_FILENAME, 0); | 535 loadhostkey(RSA_PRIV_FILENAME, 0); |
515 #endif | 536 #endif |
516 | 537 |
517 #if DROPBEAR_DSS | 538 #if DROPBEAR_DSS |
518 loadhostkey(DSS_PRIV_FILENAME, 0); | 539 loadhostkey(DSS_PRIV_FILENAME, 0); |
519 #endif | 540 #endif |
520 | 541 |
521 #if DROPBEAR_ECDSA | 542 #if DROPBEAR_ECDSA |
522 loadhostkey(ECDSA_PRIV_FILENAME, 0); | 543 loadhostkey(ECDSA_PRIV_FILENAME, 0); |
523 #endif | 544 #endif |
545 } | |
524 | 546 |
525 #if DROPBEAR_DELAY_HOSTKEY | 547 #if DROPBEAR_DELAY_HOSTKEY |
526 if (svr_opts.delay_hostkey) { | 548 if (svr_opts.delay_hostkey) { |
527 disable_unset_keys = 0; | 549 disable_unset_keys = 0; |
528 } | 550 } |