Mercurial > dropbear
comparison svr-runopts.c @ 1318:10e2a7727253 coverity
merge coverity
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Fri, 22 Jul 2016 00:08:02 +0800 |
parents | 750ec4ec4cbe |
children | 3fdd8c5a0195 e8f67918fdc9 |
comparison
equal
deleted
inserted
replaced
1286:7d02b83c61fd | 1318:10e2a7727253 |
---|---|
44 "-b bannerfile Display the contents of bannerfile" | 44 "-b bannerfile Display the contents of bannerfile" |
45 " before user login\n" | 45 " before user login\n" |
46 " (default: none)\n" | 46 " (default: none)\n" |
47 "-r keyfile Specify hostkeys (repeatable)\n" | 47 "-r keyfile Specify hostkeys (repeatable)\n" |
48 " defaults: \n" | 48 " defaults: \n" |
49 #ifdef DROPBEAR_DSS | 49 #if DROPBEAR_DSS |
50 " dss %s\n" | 50 " dss %s\n" |
51 #endif | 51 #endif |
52 #ifdef DROPBEAR_RSA | 52 #if DROPBEAR_RSA |
53 " rsa %s\n" | 53 " rsa %s\n" |
54 #endif | 54 #endif |
55 #ifdef DROPBEAR_ECDSA | 55 #if DROPBEAR_ECDSA |
56 " ecdsa %s\n" | 56 " ecdsa %s\n" |
57 #endif | 57 #endif |
58 #ifdef DROPBEAR_DELAY_HOSTKEY | 58 #if DROPBEAR_DELAY_HOSTKEY |
59 "-R Create hostkeys as required\n" | 59 "-R Create hostkeys as required\n" |
60 #endif | 60 #endif |
61 "-F Don't fork into background\n" | 61 "-F Don't fork into background\n" |
62 #ifdef DISABLE_SYSLOG | 62 #ifdef DISABLE_SYSLOG |
63 "(Syslog support not compiled in, using stderr)\n" | 63 "(Syslog support not compiled in, using stderr)\n" |
66 #endif | 66 #endif |
67 #ifdef DO_MOTD | 67 #ifdef DO_MOTD |
68 "-m Don't display the motd on login\n" | 68 "-m Don't display the motd on login\n" |
69 #endif | 69 #endif |
70 "-w Disallow root logins\n" | 70 "-w Disallow root logins\n" |
71 #if defined(ENABLE_SVR_PASSWORD_AUTH) || defined(ENABLE_SVR_PAM_AUTH) | 71 #if DROPBEAR_SVR_PASSWORD_AUTH || DROPBEAR_SVR_PAM_AUTH |
72 "-s Disable password logins\n" | 72 "-s Disable password logins\n" |
73 "-g Disable password logins for root\n" | 73 "-g Disable password logins for root\n" |
74 "-B Allow blank password logins\n" | 74 "-B Allow blank password logins\n" |
75 #endif | 75 #endif |
76 #ifdef ENABLE_SVR_LOCALTCPFWD | 76 #if DROPBEAR_SVR_LOCALTCPFWD |
77 "-j Disable local port forwarding\n" | 77 "-j Disable local port forwarding\n" |
78 #endif | 78 #endif |
79 #ifdef ENABLE_SVR_REMOTETCPFWD | 79 #if DROPBEAR_SVR_REMOTETCPFWD |
80 "-k Disable remote port forwarding\n" | 80 "-k Disable remote port forwarding\n" |
81 "-a Allow connections to forwarded ports from any host\n" | 81 "-a Allow connections to forwarded ports from any host\n" |
82 "-c command Force executed command\n" | |
82 #endif | 83 #endif |
83 "-p [address:]port\n" | 84 "-p [address:]port\n" |
84 " Listen on specified tcp port (and optionally address),\n" | 85 " Listen on specified tcp port (and optionally address),\n" |
85 " up to %d can be specified\n" | 86 " up to %d can be specified\n" |
86 " (default port is %s if none specified)\n" | 87 " (default port is %s if none specified)\n" |
91 #endif | 92 #endif |
92 "-W <receive_window_buffer> (default %d, larger may be faster, max 1MB)\n" | 93 "-W <receive_window_buffer> (default %d, larger may be faster, max 1MB)\n" |
93 "-K <keepalive> (0 is never, default %d, in seconds)\n" | 94 "-K <keepalive> (0 is never, default %d, in seconds)\n" |
94 "-I <idle_timeout> (0 is never, default %d, in seconds)\n" | 95 "-I <idle_timeout> (0 is never, default %d, in seconds)\n" |
95 "-V Version\n" | 96 "-V Version\n" |
96 #ifdef DEBUG_TRACE | 97 #if DEBUG_TRACE |
97 "-v verbose (compiled with DEBUG_TRACE)\n" | 98 "-v verbose (compiled with DEBUG_TRACE)\n" |
98 #endif | 99 #endif |
99 ,DROPBEAR_VERSION, progname, | 100 ,DROPBEAR_VERSION, progname, |
100 #ifdef DROPBEAR_DSS | 101 #if DROPBEAR_DSS |
101 DSS_PRIV_FILENAME, | 102 DSS_PRIV_FILENAME, |
102 #endif | 103 #endif |
103 #ifdef DROPBEAR_RSA | 104 #if DROPBEAR_RSA |
104 RSA_PRIV_FILENAME, | 105 RSA_PRIV_FILENAME, |
105 #endif | 106 #endif |
106 #ifdef DROPBEAR_ECDSA | 107 #if DROPBEAR_ECDSA |
107 ECDSA_PRIV_FILENAME, | 108 ECDSA_PRIV_FILENAME, |
108 #endif | 109 #endif |
109 DROPBEAR_MAX_PORTS, DROPBEAR_DEFPORT, DROPBEAR_PIDFILE, | 110 DROPBEAR_MAX_PORTS, DROPBEAR_DEFPORT, DROPBEAR_PIDFILE, |
110 DEFAULT_RECV_WINDOW, DEFAULT_KEEPALIVE, DEFAULT_IDLE_TIMEOUT); | 111 DEFAULT_RECV_WINDOW, DEFAULT_KEEPALIVE, DEFAULT_IDLE_TIMEOUT); |
111 } | 112 } |
123 | 124 |
124 | 125 |
125 /* see printhelp() for options */ | 126 /* see printhelp() for options */ |
126 svr_opts.bannerfile = NULL; | 127 svr_opts.bannerfile = NULL; |
127 svr_opts.banner = NULL; | 128 svr_opts.banner = NULL; |
129 svr_opts.forced_command = NULL; | |
128 svr_opts.forkbg = 1; | 130 svr_opts.forkbg = 1; |
129 svr_opts.norootlogin = 0; | 131 svr_opts.norootlogin = 0; |
130 svr_opts.noauthpass = 0; | 132 svr_opts.noauthpass = 0; |
131 svr_opts.norootpass = 0; | 133 svr_opts.norootpass = 0; |
132 svr_opts.allowblankpass = 0; | 134 svr_opts.allowblankpass = 0; |
133 svr_opts.inetdmode = 0; | 135 svr_opts.inetdmode = 0; |
134 svr_opts.portcount = 0; | 136 svr_opts.portcount = 0; |
135 svr_opts.hostkey = NULL; | 137 svr_opts.hostkey = NULL; |
136 svr_opts.delay_hostkey = 0; | 138 svr_opts.delay_hostkey = 0; |
137 svr_opts.pidfile = DROPBEAR_PIDFILE; | 139 svr_opts.pidfile = DROPBEAR_PIDFILE; |
138 #ifdef ENABLE_SVR_LOCALTCPFWD | 140 #if DROPBEAR_SVR_LOCALTCPFWD |
139 svr_opts.nolocaltcp = 0; | 141 svr_opts.nolocaltcp = 0; |
140 #endif | 142 #endif |
141 #ifdef ENABLE_SVR_REMOTETCPFWD | 143 #if DROPBEAR_SVR_REMOTETCPFWD |
142 svr_opts.noremotetcp = 0; | 144 svr_opts.noremotetcp = 0; |
143 #endif | 145 #endif |
144 | 146 |
145 #ifndef DISABLE_ZLIB | 147 #ifndef DISABLE_ZLIB |
146 #if DROPBEAR_SERVER_DELAY_ZLIB | |
147 opts.compress_mode = DROPBEAR_COMPRESS_DELAYED; | 148 opts.compress_mode = DROPBEAR_COMPRESS_DELAYED; |
148 #else | |
149 opts.compress_mode = DROPBEAR_COMPRESS_ON; | |
150 #endif | |
151 #endif | 149 #endif |
152 | 150 |
153 /* not yet | 151 /* not yet |
154 opts.ipv4 = 1; | 152 opts.ipv4 = 1; |
155 opts.ipv6 = 1; | 153 opts.ipv6 = 1; |
162 #endif | 160 #endif |
163 opts.recv_window = DEFAULT_RECV_WINDOW; | 161 opts.recv_window = DEFAULT_RECV_WINDOW; |
164 opts.keepalive_secs = DEFAULT_KEEPALIVE; | 162 opts.keepalive_secs = DEFAULT_KEEPALIVE; |
165 opts.idle_timeout_secs = DEFAULT_IDLE_TIMEOUT; | 163 opts.idle_timeout_secs = DEFAULT_IDLE_TIMEOUT; |
166 | 164 |
167 #ifdef ENABLE_SVR_REMOTETCPFWD | 165 #if DROPBEAR_SVR_REMOTETCPFWD |
168 opts.listen_fwd_all = 0; | 166 opts.listen_fwd_all = 0; |
169 #endif | 167 #endif |
170 | 168 |
171 for (i = 1; i < (unsigned int)argc; i++) { | 169 for (i = 1; i < (unsigned int)argc; i++) { |
172 if (argv[i][0] != '-' || argv[i][1] == '\0') | 170 if (argv[i][0] != '-' || argv[i][1] == '\0') |
175 for (j = 1; (c = argv[i][j]) != '\0' && !next && !nextisport; j++) { | 173 for (j = 1; (c = argv[i][j]) != '\0' && !next && !nextisport; j++) { |
176 switch (c) { | 174 switch (c) { |
177 case 'b': | 175 case 'b': |
178 next = &svr_opts.bannerfile; | 176 next = &svr_opts.bannerfile; |
179 break; | 177 break; |
178 case 'c': | |
179 next = &svr_opts.forced_command; | |
180 break; | |
180 case 'd': | 181 case 'd': |
181 case 'r': | 182 case 'r': |
182 next = &keyfile; | 183 next = &keyfile; |
183 break; | 184 break; |
184 case 'R': | 185 case 'R': |
190 #ifndef DISABLE_SYSLOG | 191 #ifndef DISABLE_SYSLOG |
191 case 'E': | 192 case 'E': |
192 opts.usingsyslog = 0; | 193 opts.usingsyslog = 0; |
193 break; | 194 break; |
194 #endif | 195 #endif |
195 #ifdef ENABLE_SVR_LOCALTCPFWD | 196 #if DROPBEAR_SVR_LOCALTCPFWD |
196 case 'j': | 197 case 'j': |
197 svr_opts.nolocaltcp = 1; | 198 svr_opts.nolocaltcp = 1; |
198 break; | 199 break; |
199 #endif | 200 #endif |
200 #ifdef ENABLE_SVR_REMOTETCPFWD | 201 #if DROPBEAR_SVR_REMOTETCPFWD |
201 case 'k': | 202 case 'k': |
202 svr_opts.noremotetcp = 1; | 203 svr_opts.noremotetcp = 1; |
203 break; | 204 break; |
204 case 'a': | 205 case 'a': |
205 opts.listen_fwd_all = 1; | 206 opts.listen_fwd_all = 1; |
232 next = &keepalive_arg; | 233 next = &keepalive_arg; |
233 break; | 234 break; |
234 case 'I': | 235 case 'I': |
235 next = &idle_timeout_arg; | 236 next = &idle_timeout_arg; |
236 break; | 237 break; |
237 #if defined(ENABLE_SVR_PASSWORD_AUTH) || defined(ENABLE_SVR_PAM_AUTH) | 238 #if DROPBEAR_SVR_PASSWORD_AUTH || DROPBEAR_SVR_PAM_AUTH |
238 case 's': | 239 case 's': |
239 svr_opts.noauthpass = 1; | 240 svr_opts.noauthpass = 1; |
240 break; | 241 break; |
241 case 'g': | 242 case 'g': |
242 svr_opts.norootpass = 1; | 243 svr_opts.norootpass = 1; |
250 exit(EXIT_SUCCESS); | 251 exit(EXIT_SUCCESS); |
251 break; | 252 break; |
252 case 'u': | 253 case 'u': |
253 /* backwards compatibility with old urandom option */ | 254 /* backwards compatibility with old urandom option */ |
254 break; | 255 break; |
255 #ifdef DEBUG_TRACE | 256 #if DEBUG_TRACE |
256 case 'v': | 257 case 'v': |
257 debug_trace = 1; | 258 debug_trace = 1; |
258 break; | 259 break; |
259 #endif | 260 #endif |
260 case 'V': | 261 case 'V': |
343 unsigned int val; | 344 unsigned int val; |
344 if (m_str_to_uint(idle_timeout_arg, &val) == DROPBEAR_FAILURE) { | 345 if (m_str_to_uint(idle_timeout_arg, &val) == DROPBEAR_FAILURE) { |
345 dropbear_exit("Bad idle_timeout '%s'", idle_timeout_arg); | 346 dropbear_exit("Bad idle_timeout '%s'", idle_timeout_arg); |
346 } | 347 } |
347 opts.idle_timeout_secs = val; | 348 opts.idle_timeout_secs = val; |
349 } | |
350 | |
351 if (svr_opts.forced_command) { | |
352 dropbear_log(LOG_INFO, "Forced command set to '%s'", svr_opts.forced_command); | |
348 } | 353 } |
349 } | 354 } |
350 | 355 |
351 static void addportandaddress(const char* spec) { | 356 static void addportandaddress(const char* spec) { |
352 char *spec_copy = NULL, *myspec = NULL, *port = NULL, *address = NULL; | 357 char *spec_copy = NULL, *myspec = NULL, *port = NULL, *address = NULL; |
432 if (!svr_opts.delay_hostkey) { | 437 if (!svr_opts.delay_hostkey) { |
433 dropbear_log(LOG_WARNING, "Failed loading %s", keyfile); | 438 dropbear_log(LOG_WARNING, "Failed loading %s", keyfile); |
434 } | 439 } |
435 } | 440 } |
436 | 441 |
437 #ifdef DROPBEAR_RSA | 442 #if DROPBEAR_RSA |
438 if (type == DROPBEAR_SIGNKEY_RSA) { | 443 if (type == DROPBEAR_SIGNKEY_RSA) { |
439 loadhostkey_helper("RSA", (void**)&read_key->rsakey, (void**)&svr_opts.hostkey->rsakey, fatal_duplicate); | 444 loadhostkey_helper("RSA", (void**)&read_key->rsakey, (void**)&svr_opts.hostkey->rsakey, fatal_duplicate); |
440 } | 445 } |
441 #endif | 446 #endif |
442 | 447 |
443 #ifdef DROPBEAR_DSS | 448 #if DROPBEAR_DSS |
444 if (type == DROPBEAR_SIGNKEY_DSS) { | 449 if (type == DROPBEAR_SIGNKEY_DSS) { |
445 loadhostkey_helper("DSS", (void**)&read_key->dsskey, (void**)&svr_opts.hostkey->dsskey, fatal_duplicate); | 450 loadhostkey_helper("DSS", (void**)&read_key->dsskey, (void**)&svr_opts.hostkey->dsskey, fatal_duplicate); |
446 } | 451 } |
447 #endif | 452 #endif |
448 | 453 |
449 #ifdef DROPBEAR_ECDSA | 454 #if DROPBEAR_ECDSA |
450 #ifdef DROPBEAR_ECC_256 | 455 #if DROPBEAR_ECC_256 |
451 if (type == DROPBEAR_SIGNKEY_ECDSA_NISTP256) { | 456 if (type == DROPBEAR_SIGNKEY_ECDSA_NISTP256) { |
452 loadhostkey_helper("ECDSA256", (void**)&read_key->ecckey256, (void**)&svr_opts.hostkey->ecckey256, fatal_duplicate); | 457 loadhostkey_helper("ECDSA256", (void**)&read_key->ecckey256, (void**)&svr_opts.hostkey->ecckey256, fatal_duplicate); |
453 } | 458 } |
454 #endif | 459 #endif |
455 #ifdef DROPBEAR_ECC_384 | 460 #if DROPBEAR_ECC_384 |
456 if (type == DROPBEAR_SIGNKEY_ECDSA_NISTP384) { | 461 if (type == DROPBEAR_SIGNKEY_ECDSA_NISTP384) { |
457 loadhostkey_helper("ECDSA384", (void**)&read_key->ecckey384, (void**)&svr_opts.hostkey->ecckey384, fatal_duplicate); | 462 loadhostkey_helper("ECDSA384", (void**)&read_key->ecckey384, (void**)&svr_opts.hostkey->ecckey384, fatal_duplicate); |
458 } | 463 } |
459 #endif | 464 #endif |
460 #ifdef DROPBEAR_ECC_521 | 465 #if DROPBEAR_ECC_521 |
461 if (type == DROPBEAR_SIGNKEY_ECDSA_NISTP521) { | 466 if (type == DROPBEAR_SIGNKEY_ECDSA_NISTP521) { |
462 loadhostkey_helper("ECDSA521", (void**)&read_key->ecckey521, (void**)&svr_opts.hostkey->ecckey521, fatal_duplicate); | 467 loadhostkey_helper("ECDSA521", (void**)&read_key->ecckey521, (void**)&svr_opts.hostkey->ecckey521, fatal_duplicate); |
463 } | 468 } |
464 #endif | 469 #endif |
465 #endif /* DROPBEAR_ECDSA */ | 470 #endif /* DROPBEAR_ECDSA */ |
486 char *hostkey_file = svr_opts.hostkey_files[i]; | 491 char *hostkey_file = svr_opts.hostkey_files[i]; |
487 loadhostkey(hostkey_file, 1); | 492 loadhostkey(hostkey_file, 1); |
488 m_free(hostkey_file); | 493 m_free(hostkey_file); |
489 } | 494 } |
490 | 495 |
491 #ifdef DROPBEAR_RSA | 496 #if DROPBEAR_RSA |
492 loadhostkey(RSA_PRIV_FILENAME, 0); | 497 loadhostkey(RSA_PRIV_FILENAME, 0); |
493 #endif | 498 #endif |
494 | 499 |
495 #ifdef DROPBEAR_DSS | 500 #if DROPBEAR_DSS |
496 loadhostkey(DSS_PRIV_FILENAME, 0); | 501 loadhostkey(DSS_PRIV_FILENAME, 0); |
497 #endif | 502 #endif |
498 | 503 |
499 #ifdef DROPBEAR_ECDSA | 504 #if DROPBEAR_ECDSA |
500 loadhostkey(ECDSA_PRIV_FILENAME, 0); | 505 loadhostkey(ECDSA_PRIV_FILENAME, 0); |
501 #endif | 506 #endif |
502 | 507 |
503 #ifdef DROPBEAR_DELAY_HOSTKEY | 508 #if DROPBEAR_DELAY_HOSTKEY |
504 if (svr_opts.delay_hostkey) { | 509 if (svr_opts.delay_hostkey) { |
505 disable_unset_keys = 0; | 510 disable_unset_keys = 0; |
506 } | 511 } |
507 #endif | 512 #endif |
508 | 513 |
509 #ifdef DROPBEAR_RSA | 514 #if DROPBEAR_RSA |
510 if (disable_unset_keys && !svr_opts.hostkey->rsakey) { | 515 if (disable_unset_keys && !svr_opts.hostkey->rsakey) { |
511 disablekey(DROPBEAR_SIGNKEY_RSA); | 516 disablekey(DROPBEAR_SIGNKEY_RSA); |
512 } else { | 517 } else { |
513 any_keys = 1; | 518 any_keys = 1; |
514 } | 519 } |
515 #endif | 520 #endif |
516 | 521 |
517 #ifdef DROPBEAR_DSS | 522 #if DROPBEAR_DSS |
518 if (disable_unset_keys && !svr_opts.hostkey->dsskey) { | 523 if (disable_unset_keys && !svr_opts.hostkey->dsskey) { |
519 disablekey(DROPBEAR_SIGNKEY_DSS); | 524 disablekey(DROPBEAR_SIGNKEY_DSS); |
520 } else { | 525 } else { |
521 any_keys = 1; | 526 any_keys = 1; |
522 } | 527 } |
523 #endif | 528 #endif |
524 | 529 |
525 | 530 |
526 #ifdef DROPBEAR_ECDSA | 531 #if DROPBEAR_ECDSA |
527 #ifdef DROPBEAR_ECC_256 | 532 #if DROPBEAR_ECC_256 |
528 if ((disable_unset_keys || ECDSA_DEFAULT_SIZE != 256) | 533 if ((disable_unset_keys || ECDSA_DEFAULT_SIZE != 256) |
529 && !svr_opts.hostkey->ecckey256) { | 534 && !svr_opts.hostkey->ecckey256) { |
530 disablekey(DROPBEAR_SIGNKEY_ECDSA_NISTP256); | 535 disablekey(DROPBEAR_SIGNKEY_ECDSA_NISTP256); |
531 } else { | 536 } else { |
532 any_keys = 1; | 537 any_keys = 1; |
533 } | 538 } |
534 #endif | 539 #endif |
535 | 540 |
536 #ifdef DROPBEAR_ECC_384 | 541 #if DROPBEAR_ECC_384 |
537 if ((disable_unset_keys || ECDSA_DEFAULT_SIZE != 384) | 542 if ((disable_unset_keys || ECDSA_DEFAULT_SIZE != 384) |
538 && !svr_opts.hostkey->ecckey384) { | 543 && !svr_opts.hostkey->ecckey384) { |
539 disablekey(DROPBEAR_SIGNKEY_ECDSA_NISTP384); | 544 disablekey(DROPBEAR_SIGNKEY_ECDSA_NISTP384); |
540 } else { | 545 } else { |
541 any_keys = 1; | 546 any_keys = 1; |
542 } | 547 } |
543 #endif | 548 #endif |
544 | 549 |
545 #ifdef DROPBEAR_ECC_521 | 550 #if DROPBEAR_ECC_521 |
546 if ((disable_unset_keys || ECDSA_DEFAULT_SIZE != 521) | 551 if ((disable_unset_keys || ECDSA_DEFAULT_SIZE != 521) |
547 && !svr_opts.hostkey->ecckey521) { | 552 && !svr_opts.hostkey->ecckey521) { |
548 disablekey(DROPBEAR_SIGNKEY_ECDSA_NISTP521); | 553 disablekey(DROPBEAR_SIGNKEY_ECDSA_NISTP521); |
549 } else { | 554 } else { |
550 any_keys = 1; | 555 any_keys = 1; |