Mercurial > dropbear
comparison svr-runopts.c @ 1545:0b991dec7ab9 coverity
merge coverity
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Mon, 26 Feb 2018 22:43:12 +0800 |
| parents | f20038b513a5 |
| children | bb8eaa26bc93 1acbdf64088e |
comparison
equal
deleted
inserted
replaced
| 1523:1d163552145f | 1545:0b991dec7ab9 |
|---|---|
| 28 #include "buffer.h" | 28 #include "buffer.h" |
| 29 #include "dbutil.h" | 29 #include "dbutil.h" |
| 30 #include "algo.h" | 30 #include "algo.h" |
| 31 #include "ecdsa.h" | 31 #include "ecdsa.h" |
| 32 | 32 |
| 33 #include <grp.h> | |
| 34 | |
| 33 svr_runopts svr_opts; /* GLOBAL */ | 35 svr_runopts svr_opts; /* GLOBAL */ |
| 34 | 36 |
| 35 static void printhelp(const char * progname); | 37 static void printhelp(const char * progname); |
| 36 static void addportandaddress(const char* spec); | 38 static void addportandaddress(const char* spec); |
| 37 static void loadhostkey(const char *keyfile, int fatal_duplicate); | 39 static void loadhostkey(const char *keyfile, int fatal_duplicate); |
| 66 #endif | 68 #endif |
| 67 #if DO_MOTD | 69 #if DO_MOTD |
| 68 "-m Don't display the motd on login\n" | 70 "-m Don't display the motd on login\n" |
| 69 #endif | 71 #endif |
| 70 "-w Disallow root logins\n" | 72 "-w Disallow root logins\n" |
| 73 "-G Restrict logins to members of specified group\n" | |
| 71 #if DROPBEAR_SVR_PASSWORD_AUTH || DROPBEAR_SVR_PAM_AUTH | 74 #if DROPBEAR_SVR_PASSWORD_AUTH || DROPBEAR_SVR_PAM_AUTH |
| 72 "-s Disable password logins\n" | 75 "-s Disable password logins\n" |
| 73 "-g Disable password logins for root\n" | 76 "-g Disable password logins for root\n" |
| 74 "-B Allow blank password logins\n" | 77 "-B Allow blank password logins\n" |
| 75 #endif | 78 #endif |
| 130 svr_opts.bannerfile = NULL; | 133 svr_opts.bannerfile = NULL; |
| 131 svr_opts.banner = NULL; | 134 svr_opts.banner = NULL; |
| 132 svr_opts.forced_command = NULL; | 135 svr_opts.forced_command = NULL; |
| 133 svr_opts.forkbg = 1; | 136 svr_opts.forkbg = 1; |
| 134 svr_opts.norootlogin = 0; | 137 svr_opts.norootlogin = 0; |
| 138 svr_opts.restrict_group = NULL; | |
| 139 svr_opts.restrict_group_gid = 0; | |
| 135 svr_opts.noauthpass = 0; | 140 svr_opts.noauthpass = 0; |
| 136 svr_opts.norootpass = 0; | 141 svr_opts.norootpass = 0; |
| 137 svr_opts.allowblankpass = 0; | 142 svr_opts.allowblankpass = 0; |
| 138 svr_opts.maxauthtries = MAX_AUTH_TRIES; | 143 svr_opts.maxauthtries = MAX_AUTH_TRIES; |
| 139 svr_opts.inetdmode = 0; | 144 svr_opts.inetdmode = 0; |
| 228 break; | 233 break; |
| 229 #endif | 234 #endif |
| 230 case 'w': | 235 case 'w': |
| 231 svr_opts.norootlogin = 1; | 236 svr_opts.norootlogin = 1; |
| 232 break; | 237 break; |
| 238 case 'G': | |
| 239 next = &svr_opts.restrict_group; | |
| 240 break; | |
| 233 case 'W': | 241 case 'W': |
| 234 next = &recv_window_arg; | 242 next = &recv_window_arg; |
| 235 break; | 243 break; |
| 236 case 'K': | 244 case 'K': |
| 237 next = &keepalive_arg; | 245 next = &keepalive_arg; |
| 328 if (buf_readfile(svr_opts.banner, svr_opts.bannerfile)!=DROPBEAR_SUCCESS) { | 336 if (buf_readfile(svr_opts.banner, svr_opts.bannerfile)!=DROPBEAR_SUCCESS) { |
| 329 dropbear_exit("Error reading banner file '%s'", | 337 dropbear_exit("Error reading banner file '%s'", |
| 330 svr_opts.bannerfile); | 338 svr_opts.bannerfile); |
| 331 } | 339 } |
| 332 buf_setpos(svr_opts.banner, 0); | 340 buf_setpos(svr_opts.banner, 0); |
| 341 } | |
| 342 | |
| 343 if (svr_opts.restrict_group) { | |
| 344 struct group *restrictedgroup = getgrnam(svr_opts.restrict_group); | |
| 345 | |
| 346 if (restrictedgroup){ | |
| 347 svr_opts.restrict_group_gid = restrictedgroup->gr_gid; | |
| 348 } else { | |
| 349 dropbear_exit("Cannot restrict logins to group '%s' as the group does not exist", svr_opts.restrict_group); | |
| 350 } | |
| 351 | |
| 333 } | 352 } |
| 334 | 353 |
| 335 if (recv_window_arg) { | 354 if (recv_window_arg) { |
| 336 opts.recv_window = atol(recv_window_arg); | 355 opts.recv_window = atol(recv_window_arg); |
| 337 if (opts.recv_window == 0 || opts.recv_window > MAX_RECV_WINDOW) { | 356 if (opts.recv_window == 0 || opts.recv_window > MAX_RECV_WINDOW) { |
| 508 char *hostkey_file = svr_opts.hostkey_files[i]; | 527 char *hostkey_file = svr_opts.hostkey_files[i]; |
| 509 loadhostkey(hostkey_file, 1); | 528 loadhostkey(hostkey_file, 1); |
| 510 m_free(hostkey_file); | 529 m_free(hostkey_file); |
| 511 } | 530 } |
| 512 | 531 |
| 532 /* Only load default host keys if a host key is not specified by the user */ | |
| 533 if (svr_opts.num_hostkey_files == 0) { | |
| 513 #if DROPBEAR_RSA | 534 #if DROPBEAR_RSA |
| 514 loadhostkey(RSA_PRIV_FILENAME, 0); | 535 loadhostkey(RSA_PRIV_FILENAME, 0); |
| 515 #endif | 536 #endif |
| 516 | 537 |
| 517 #if DROPBEAR_DSS | 538 #if DROPBEAR_DSS |
| 518 loadhostkey(DSS_PRIV_FILENAME, 0); | 539 loadhostkey(DSS_PRIV_FILENAME, 0); |
| 519 #endif | 540 #endif |
| 520 | 541 |
| 521 #if DROPBEAR_ECDSA | 542 #if DROPBEAR_ECDSA |
| 522 loadhostkey(ECDSA_PRIV_FILENAME, 0); | 543 loadhostkey(ECDSA_PRIV_FILENAME, 0); |
| 523 #endif | 544 #endif |
| 545 } | |
| 524 | 546 |
| 525 #if DROPBEAR_DELAY_HOSTKEY | 547 #if DROPBEAR_DELAY_HOSTKEY |
| 526 if (svr_opts.delay_hostkey) { | 548 if (svr_opts.delay_hostkey) { |
| 527 disable_unset_keys = 0; | 549 disable_unset_keys = 0; |
| 528 } | 550 } |