Mercurial > dropbear

comparison svr-runopts.c @ 1318:10e2a7727253 coverity

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
merge coverity
author Matt Johnston <matt@ucc.asn.au>
date Fri, 22 Jul 2016 00:08:02 +0800
parents 750ec4ec4cbe
children 3fdd8c5a0195 e8f67918fdc9
comparison
equal deleted inserted replaced
1286:7d02b83c61fd 1318:10e2a7727253
44 "-b bannerfile Display the contents of bannerfile" 44 "-b bannerfile Display the contents of bannerfile"
45 " before user login\n" 45 " before user login\n"
46 " (default: none)\n" 46 " (default: none)\n"
47 "-r keyfile Specify hostkeys (repeatable)\n" 47 "-r keyfile Specify hostkeys (repeatable)\n"
48 " defaults: \n" 48 " defaults: \n"
49 #ifdef DROPBEAR_DSS 49 #if DROPBEAR_DSS
50 " dss %s\n" 50 " dss %s\n"
51 #endif 51 #endif
52 #ifdef DROPBEAR_RSA 52 #if DROPBEAR_RSA
53 " rsa %s\n" 53 " rsa %s\n"
54 #endif 54 #endif
55 #ifdef DROPBEAR_ECDSA 55 #if DROPBEAR_ECDSA
56 " ecdsa %s\n" 56 " ecdsa %s\n"
57 #endif 57 #endif
58 #ifdef DROPBEAR_DELAY_HOSTKEY 58 #if DROPBEAR_DELAY_HOSTKEY
59 "-R Create hostkeys as required\n" 59 "-R Create hostkeys as required\n"
60 #endif 60 #endif
61 "-F Don't fork into background\n" 61 "-F Don't fork into background\n"
62 #ifdef DISABLE_SYSLOG 62 #ifdef DISABLE_SYSLOG
63 "(Syslog support not compiled in, using stderr)\n" 63 "(Syslog support not compiled in, using stderr)\n"
66 #endif 66 #endif
67 #ifdef DO_MOTD 67 #ifdef DO_MOTD
68 "-m Don't display the motd on login\n" 68 "-m Don't display the motd on login\n"
69 #endif 69 #endif
70 "-w Disallow root logins\n" 70 "-w Disallow root logins\n"
71 #if defined(ENABLE_SVR_PASSWORD_AUTH) || defined(ENABLE_SVR_PAM_AUTH) 71 #if DROPBEAR_SVR_PASSWORD_AUTH || DROPBEAR_SVR_PAM_AUTH
72 "-s Disable password logins\n" 72 "-s Disable password logins\n"
73 "-g Disable password logins for root\n" 73 "-g Disable password logins for root\n"
74 "-B Allow blank password logins\n" 74 "-B Allow blank password logins\n"
75 #endif 75 #endif
76 #ifdef ENABLE_SVR_LOCALTCPFWD 76 #if DROPBEAR_SVR_LOCALTCPFWD
77 "-j Disable local port forwarding\n" 77 "-j Disable local port forwarding\n"
78 #endif 78 #endif
79 #ifdef ENABLE_SVR_REMOTETCPFWD 79 #if DROPBEAR_SVR_REMOTETCPFWD
80 "-k Disable remote port forwarding\n" 80 "-k Disable remote port forwarding\n"
81 "-a Allow connections to forwarded ports from any host\n" 81 "-a Allow connections to forwarded ports from any host\n"
82 "-c command Force executed command\n"
82 #endif 83 #endif
83 "-p [address:]port\n" 84 "-p [address:]port\n"
84 " Listen on specified tcp port (and optionally address),\n" 85 " Listen on specified tcp port (and optionally address),\n"
85 " up to %d can be specified\n" 86 " up to %d can be specified\n"
86 " (default port is %s if none specified)\n" 87 " (default port is %s if none specified)\n"
91 #endif 92 #endif
92 "-W <receive_window_buffer> (default %d, larger may be faster, max 1MB)\n" 93 "-W <receive_window_buffer> (default %d, larger may be faster, max 1MB)\n"
93 "-K <keepalive> (0 is never, default %d, in seconds)\n" 94 "-K <keepalive> (0 is never, default %d, in seconds)\n"
94 "-I <idle_timeout> (0 is never, default %d, in seconds)\n" 95 "-I <idle_timeout> (0 is never, default %d, in seconds)\n"
95 "-V Version\n" 96 "-V Version\n"
96 #ifdef DEBUG_TRACE 97 #if DEBUG_TRACE
97 "-v verbose (compiled with DEBUG_TRACE)\n" 98 "-v verbose (compiled with DEBUG_TRACE)\n"
98 #endif 99 #endif
99 ,DROPBEAR_VERSION, progname, 100 ,DROPBEAR_VERSION, progname,
100 #ifdef DROPBEAR_DSS 101 #if DROPBEAR_DSS
101 DSS_PRIV_FILENAME, 102 DSS_PRIV_FILENAME,
102 #endif 103 #endif
103 #ifdef DROPBEAR_RSA 104 #if DROPBEAR_RSA
104 RSA_PRIV_FILENAME, 105 RSA_PRIV_FILENAME,
105 #endif 106 #endif
106 #ifdef DROPBEAR_ECDSA 107 #if DROPBEAR_ECDSA
107 ECDSA_PRIV_FILENAME, 108 ECDSA_PRIV_FILENAME,
108 #endif 109 #endif
109 DROPBEAR_MAX_PORTS, DROPBEAR_DEFPORT, DROPBEAR_PIDFILE, 110 DROPBEAR_MAX_PORTS, DROPBEAR_DEFPORT, DROPBEAR_PIDFILE,
110 DEFAULT_RECV_WINDOW, DEFAULT_KEEPALIVE, DEFAULT_IDLE_TIMEOUT); 111 DEFAULT_RECV_WINDOW, DEFAULT_KEEPALIVE, DEFAULT_IDLE_TIMEOUT);
111 } 112 }
123 124
124 125
125 /* see printhelp() for options */ 126 /* see printhelp() for options */
126 svr_opts.bannerfile = NULL; 127 svr_opts.bannerfile = NULL;
127 svr_opts.banner = NULL; 128 svr_opts.banner = NULL;
129 svr_opts.forced_command = NULL;
128 svr_opts.forkbg = 1; 130 svr_opts.forkbg = 1;
129 svr_opts.norootlogin = 0; 131 svr_opts.norootlogin = 0;
130 svr_opts.noauthpass = 0; 132 svr_opts.noauthpass = 0;
131 svr_opts.norootpass = 0; 133 svr_opts.norootpass = 0;
132 svr_opts.allowblankpass = 0; 134 svr_opts.allowblankpass = 0;
133 svr_opts.inetdmode = 0; 135 svr_opts.inetdmode = 0;
134 svr_opts.portcount = 0; 136 svr_opts.portcount = 0;
135 svr_opts.hostkey = NULL; 137 svr_opts.hostkey = NULL;
136 svr_opts.delay_hostkey = 0; 138 svr_opts.delay_hostkey = 0;
137 svr_opts.pidfile = DROPBEAR_PIDFILE; 139 svr_opts.pidfile = DROPBEAR_PIDFILE;
138 #ifdef ENABLE_SVR_LOCALTCPFWD 140 #if DROPBEAR_SVR_LOCALTCPFWD
139 svr_opts.nolocaltcp = 0; 141 svr_opts.nolocaltcp = 0;
140 #endif 142 #endif
141 #ifdef ENABLE_SVR_REMOTETCPFWD 143 #if DROPBEAR_SVR_REMOTETCPFWD
142 svr_opts.noremotetcp = 0; 144 svr_opts.noremotetcp = 0;
143 #endif 145 #endif
144 146
145 #ifndef DISABLE_ZLIB 147 #ifndef DISABLE_ZLIB
146 #if DROPBEAR_SERVER_DELAY_ZLIB
147 opts.compress_mode = DROPBEAR_COMPRESS_DELAYED; 148 opts.compress_mode = DROPBEAR_COMPRESS_DELAYED;
148 #else
149 opts.compress_mode = DROPBEAR_COMPRESS_ON;
150 #endif
151 #endif 149 #endif
152 150
153 /* not yet 151 /* not yet
154 opts.ipv4 = 1; 152 opts.ipv4 = 1;
155 opts.ipv6 = 1; 153 opts.ipv6 = 1;
162 #endif 160 #endif
163 opts.recv_window = DEFAULT_RECV_WINDOW; 161 opts.recv_window = DEFAULT_RECV_WINDOW;
164 opts.keepalive_secs = DEFAULT_KEEPALIVE; 162 opts.keepalive_secs = DEFAULT_KEEPALIVE;
165 opts.idle_timeout_secs = DEFAULT_IDLE_TIMEOUT; 163 opts.idle_timeout_secs = DEFAULT_IDLE_TIMEOUT;
166 164
167 #ifdef ENABLE_SVR_REMOTETCPFWD 165 #if DROPBEAR_SVR_REMOTETCPFWD
168 opts.listen_fwd_all = 0; 166 opts.listen_fwd_all = 0;
169 #endif 167 #endif
170 168
171 for (i = 1; i < (unsigned int)argc; i++) { 169 for (i = 1; i < (unsigned int)argc; i++) {
172 if (argv[i][0] != '-' || argv[i][1] == '\0') 170 if (argv[i][0] != '-' || argv[i][1] == '\0')
175 for (j = 1; (c = argv[i][j]) != '\0' && !next && !nextisport; j++) { 173 for (j = 1; (c = argv[i][j]) != '\0' && !next && !nextisport; j++) {
176 switch (c) { 174 switch (c) {
177 case 'b': 175 case 'b':
178 next = &svr_opts.bannerfile; 176 next = &svr_opts.bannerfile;
179 break; 177 break;
178 case 'c':
179 next = &svr_opts.forced_command;
180 break;
180 case 'd': 181 case 'd':
181 case 'r': 182 case 'r':
182 next = &keyfile; 183 next = &keyfile;
183 break; 184 break;
184 case 'R': 185 case 'R':
190 #ifndef DISABLE_SYSLOG 191 #ifndef DISABLE_SYSLOG
191 case 'E': 192 case 'E':
192 opts.usingsyslog = 0; 193 opts.usingsyslog = 0;
193 break; 194 break;
194 #endif 195 #endif
195 #ifdef ENABLE_SVR_LOCALTCPFWD 196 #if DROPBEAR_SVR_LOCALTCPFWD
196 case 'j': 197 case 'j':
197 svr_opts.nolocaltcp = 1; 198 svr_opts.nolocaltcp = 1;
198 break; 199 break;
199 #endif 200 #endif
200 #ifdef ENABLE_SVR_REMOTETCPFWD 201 #if DROPBEAR_SVR_REMOTETCPFWD
201 case 'k': 202 case 'k':
202 svr_opts.noremotetcp = 1; 203 svr_opts.noremotetcp = 1;
203 break; 204 break;
204 case 'a': 205 case 'a':
205 opts.listen_fwd_all = 1; 206 opts.listen_fwd_all = 1;
232 next = &keepalive_arg; 233 next = &keepalive_arg;
233 break; 234 break;
234 case 'I': 235 case 'I':
235 next = &idle_timeout_arg; 236 next = &idle_timeout_arg;
236 break; 237 break;
237 #if defined(ENABLE_SVR_PASSWORD_AUTH) || defined(ENABLE_SVR_PAM_AUTH) 238 #if DROPBEAR_SVR_PASSWORD_AUTH || DROPBEAR_SVR_PAM_AUTH
238 case 's': 239 case 's':
239 svr_opts.noauthpass = 1; 240 svr_opts.noauthpass = 1;
240 break; 241 break;
241 case 'g': 242 case 'g':
242 svr_opts.norootpass = 1; 243 svr_opts.norootpass = 1;
250 exit(EXIT_SUCCESS); 251 exit(EXIT_SUCCESS);
251 break; 252 break;
252 case 'u': 253 case 'u':
253 /* backwards compatibility with old urandom option */ 254 /* backwards compatibility with old urandom option */
254 break; 255 break;
255 #ifdef DEBUG_TRACE 256 #if DEBUG_TRACE
256 case 'v': 257 case 'v':
257 debug_trace = 1; 258 debug_trace = 1;
258 break; 259 break;
259 #endif 260 #endif
260 case 'V': 261 case 'V':
343 unsigned int val; 344 unsigned int val;
344 if (m_str_to_uint(idle_timeout_arg, &val) == DROPBEAR_FAILURE) { 345 if (m_str_to_uint(idle_timeout_arg, &val) == DROPBEAR_FAILURE) {
345 dropbear_exit("Bad idle_timeout '%s'", idle_timeout_arg); 346 dropbear_exit("Bad idle_timeout '%s'", idle_timeout_arg);
346 } 347 }
347 opts.idle_timeout_secs = val; 348 opts.idle_timeout_secs = val;
349 }
350
351 if (svr_opts.forced_command) {
352 dropbear_log(LOG_INFO, "Forced command set to '%s'", svr_opts.forced_command);
348 } 353 }
349 } 354 }
350 355
351 static void addportandaddress(const char* spec) { 356 static void addportandaddress(const char* spec) {
352 char *spec_copy = NULL, *myspec = NULL, *port = NULL, *address = NULL; 357 char *spec_copy = NULL, *myspec = NULL, *port = NULL, *address = NULL;
432 if (!svr_opts.delay_hostkey) { 437 if (!svr_opts.delay_hostkey) {
433 dropbear_log(LOG_WARNING, "Failed loading %s", keyfile); 438 dropbear_log(LOG_WARNING, "Failed loading %s", keyfile);
434 } 439 }
435 } 440 }
436 441
437 #ifdef DROPBEAR_RSA 442 #if DROPBEAR_RSA
438 if (type == DROPBEAR_SIGNKEY_RSA) { 443 if (type == DROPBEAR_SIGNKEY_RSA) {
439 loadhostkey_helper("RSA", (void**)&read_key->rsakey, (void**)&svr_opts.hostkey->rsakey, fatal_duplicate); 444 loadhostkey_helper("RSA", (void**)&read_key->rsakey, (void**)&svr_opts.hostkey->rsakey, fatal_duplicate);
440 } 445 }
441 #endif 446 #endif
442 447
443 #ifdef DROPBEAR_DSS 448 #if DROPBEAR_DSS
444 if (type == DROPBEAR_SIGNKEY_DSS) { 449 if (type == DROPBEAR_SIGNKEY_DSS) {
445 loadhostkey_helper("DSS", (void**)&read_key->dsskey, (void**)&svr_opts.hostkey->dsskey, fatal_duplicate); 450 loadhostkey_helper("DSS", (void**)&read_key->dsskey, (void**)&svr_opts.hostkey->dsskey, fatal_duplicate);
446 } 451 }
447 #endif 452 #endif
448 453
449 #ifdef DROPBEAR_ECDSA 454 #if DROPBEAR_ECDSA
450 #ifdef DROPBEAR_ECC_256 455 #if DROPBEAR_ECC_256
451 if (type == DROPBEAR_SIGNKEY_ECDSA_NISTP256) { 456 if (type == DROPBEAR_SIGNKEY_ECDSA_NISTP256) {
452 loadhostkey_helper("ECDSA256", (void**)&read_key->ecckey256, (void**)&svr_opts.hostkey->ecckey256, fatal_duplicate); 457 loadhostkey_helper("ECDSA256", (void**)&read_key->ecckey256, (void**)&svr_opts.hostkey->ecckey256, fatal_duplicate);
453 } 458 }
454 #endif 459 #endif
455 #ifdef DROPBEAR_ECC_384 460 #if DROPBEAR_ECC_384
456 if (type == DROPBEAR_SIGNKEY_ECDSA_NISTP384) { 461 if (type == DROPBEAR_SIGNKEY_ECDSA_NISTP384) {
457 loadhostkey_helper("ECDSA384", (void**)&read_key->ecckey384, (void**)&svr_opts.hostkey->ecckey384, fatal_duplicate); 462 loadhostkey_helper("ECDSA384", (void**)&read_key->ecckey384, (void**)&svr_opts.hostkey->ecckey384, fatal_duplicate);
458 } 463 }
459 #endif 464 #endif
460 #ifdef DROPBEAR_ECC_521 465 #if DROPBEAR_ECC_521
461 if (type == DROPBEAR_SIGNKEY_ECDSA_NISTP521) { 466 if (type == DROPBEAR_SIGNKEY_ECDSA_NISTP521) {
462 loadhostkey_helper("ECDSA521", (void**)&read_key->ecckey521, (void**)&svr_opts.hostkey->ecckey521, fatal_duplicate); 467 loadhostkey_helper("ECDSA521", (void**)&read_key->ecckey521, (void**)&svr_opts.hostkey->ecckey521, fatal_duplicate);
463 } 468 }
464 #endif 469 #endif
465 #endif /* DROPBEAR_ECDSA */ 470 #endif /* DROPBEAR_ECDSA */
486 char *hostkey_file = svr_opts.hostkey_files[i]; 491 char *hostkey_file = svr_opts.hostkey_files[i];
487 loadhostkey(hostkey_file, 1); 492 loadhostkey(hostkey_file, 1);
488 m_free(hostkey_file); 493 m_free(hostkey_file);
489 } 494 }
490 495
491 #ifdef DROPBEAR_RSA 496 #if DROPBEAR_RSA
492 loadhostkey(RSA_PRIV_FILENAME, 0); 497 loadhostkey(RSA_PRIV_FILENAME, 0);
493 #endif 498 #endif
494 499
495 #ifdef DROPBEAR_DSS 500 #if DROPBEAR_DSS
496 loadhostkey(DSS_PRIV_FILENAME, 0); 501 loadhostkey(DSS_PRIV_FILENAME, 0);
497 #endif 502 #endif
498 503
499 #ifdef DROPBEAR_ECDSA 504 #if DROPBEAR_ECDSA
500 loadhostkey(ECDSA_PRIV_FILENAME, 0); 505 loadhostkey(ECDSA_PRIV_FILENAME, 0);
501 #endif 506 #endif
502 507
503 #ifdef DROPBEAR_DELAY_HOSTKEY 508 #if DROPBEAR_DELAY_HOSTKEY
504 if (svr_opts.delay_hostkey) { 509 if (svr_opts.delay_hostkey) {
505 disable_unset_keys = 0; 510 disable_unset_keys = 0;
506 } 511 }
507 #endif 512 #endif
508 513
509 #ifdef DROPBEAR_RSA 514 #if DROPBEAR_RSA
510 if (disable_unset_keys && !svr_opts.hostkey->rsakey) { 515 if (disable_unset_keys && !svr_opts.hostkey->rsakey) {
511 disablekey(DROPBEAR_SIGNKEY_RSA); 516 disablekey(DROPBEAR_SIGNKEY_RSA);
512 } else { 517 } else {
513 any_keys = 1; 518 any_keys = 1;
514 } 519 }
515 #endif 520 #endif
516 521
517 #ifdef DROPBEAR_DSS 522 #if DROPBEAR_DSS
518 if (disable_unset_keys && !svr_opts.hostkey->dsskey) { 523 if (disable_unset_keys && !svr_opts.hostkey->dsskey) {
519 disablekey(DROPBEAR_SIGNKEY_DSS); 524 disablekey(DROPBEAR_SIGNKEY_DSS);
520 } else { 525 } else {
521 any_keys = 1; 526 any_keys = 1;
522 } 527 }
523 #endif 528 #endif
524 529
525 530
526 #ifdef DROPBEAR_ECDSA 531 #if DROPBEAR_ECDSA
527 #ifdef DROPBEAR_ECC_256 532 #if DROPBEAR_ECC_256
528 if ((disable_unset_keys || ECDSA_DEFAULT_SIZE != 256) 533 if ((disable_unset_keys || ECDSA_DEFAULT_SIZE != 256)
529 && !svr_opts.hostkey->ecckey256) { 534 && !svr_opts.hostkey->ecckey256) {
530 disablekey(DROPBEAR_SIGNKEY_ECDSA_NISTP256); 535 disablekey(DROPBEAR_SIGNKEY_ECDSA_NISTP256);
531 } else { 536 } else {
532 any_keys = 1; 537 any_keys = 1;
533 } 538 }
534 #endif 539 #endif
535 540
536 #ifdef DROPBEAR_ECC_384 541 #if DROPBEAR_ECC_384
537 if ((disable_unset_keys || ECDSA_DEFAULT_SIZE != 384) 542 if ((disable_unset_keys || ECDSA_DEFAULT_SIZE != 384)
538 && !svr_opts.hostkey->ecckey384) { 543 && !svr_opts.hostkey->ecckey384) {
539 disablekey(DROPBEAR_SIGNKEY_ECDSA_NISTP384); 544 disablekey(DROPBEAR_SIGNKEY_ECDSA_NISTP384);
540 } else { 545 } else {
541 any_keys = 1; 546 any_keys = 1;
542 } 547 }
543 #endif 548 #endif
544 549
545 #ifdef DROPBEAR_ECC_521 550 #if DROPBEAR_ECC_521
546 if ((disable_unset_keys || ECDSA_DEFAULT_SIZE != 521) 551 if ((disable_unset_keys || ECDSA_DEFAULT_SIZE != 521)
547 && !svr_opts.hostkey->ecckey521) { 552 && !svr_opts.hostkey->ecckey521) {
548 disablekey(DROPBEAR_SIGNKEY_ECDSA_NISTP521); 553 disablekey(DROPBEAR_SIGNKEY_ECDSA_NISTP521);
549 } else { 554 } else {
550 any_keys = 1; 555 any_keys = 1;