Mercurial > dropbear

comparison svr-runopts.c @ 285:1b9e69c058d2

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
propagate from branch 'au.asn.ucc.matt.ltc.dropbear' (head 20dccfc09627970a312d77fb41dc2970b62689c3) to branch 'au.asn.ucc.matt.dropbear' (head fdf4a7a3b97ae5046139915de7e40399cceb2c01)
author Matt Johnston <matt@ucc.asn.au>
date Wed, 08 Mar 2006 13:23:58 +0000
parents be18c7dd486e
children 973fccb59ea4 3bfbe95f9a14 0aaaf68e97dc
comparison
equal deleted inserted replaced
281:997e6f7dc01e 285:1b9e69c058d2
1 /*
2 * Dropbear - a SSH2 server
3 *
4 * Copyright (c) 2002,2003 Matt Johnston
5 * All rights reserved.
6 *
7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
13 *
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
16 *
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
20 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
23 * SOFTWARE. */
24
25 #include "includes.h"
26 #include "runopts.h"
27 #include "signkey.h"
28 #include "buffer.h"
29 #include "dbutil.h"
30 #include "algo.h"
31
32 svr_runopts svr_opts; /* GLOBAL */
33
34 static void printhelp(const char * progname);
35
36 static void printhelp(const char * progname) {
37
38 fprintf(stderr, "Dropbear sshd v%s\n"
39 "Usage: %s [options]\n"
40 "Options are:\n"
41 "-b bannerfile Display the contents of bannerfile"
42 " before user login\n"
43 " (default: none)\n"
44 #ifdef DROPBEAR_DSS
45 "-d dsskeyfile Use dsskeyfile for the dss host key\n"
46 " (default: %s)\n"
47 #endif
48 #ifdef DROPBEAR_RSA
49 "-r rsakeyfile Use rsakeyfile for the rsa host key\n"
50 " (default: %s)\n"
51 #endif
52 "-F Don't fork into background\n"
53 #ifdef DISABLE_SYSLOG
54 "(Syslog support not compiled in, using stderr)\n"
55 #else
56 "-E Log to stderr rather than syslog\n"
57 #endif
58 #ifdef DO_MOTD
59 "-m Don't display the motd on login\n"
60 #endif
61 "-w Disallow root logins\n"
62 #if defined(ENABLE_SVR_PASSWORD_AUTH) || defined(ENABLE_SVR_PAM_AUTH)
63 "-s Disable password logins\n"
64 "-g Disable password logins for root\n"
65 #endif
66 #ifdef ENABLE_SVR_LOCALTCPFWD
67 "-j Disable local port forwarding\n"
68 #endif
69 #ifdef ENABLE_SVR_REMOTETCPFWD
70 "-k Disable remote port forwarding\n"
71 "-a Allow connections to forwarded ports from any host\n"
72 #endif
73 "-p port Listen on specified tcp port, up to %d can be specified\n"
74 " (default %s if none specified)\n"
75 #ifdef INETD_MODE
76 "-i Start for inetd\n"
77 #endif
78 #ifdef DEBUG_TRACE
79 "-v verbose\n"
80 #endif
81 ,DROPBEAR_VERSION, progname,
82 #ifdef DROPBEAR_DSS
83 DSS_PRIV_FILENAME,
84 #endif
85 #ifdef DROPBEAR_RSA
86 RSA_PRIV_FILENAME,
87 #endif
88 DROPBEAR_MAX_PORTS, DROPBEAR_DEFPORT);
89 }
90
91 void svr_getopts(int argc, char ** argv) {
92
93 unsigned int i;
94 char ** next = 0;
95
96 /* see printhelp() for options */
97 svr_opts.rsakeyfile = NULL;
98 svr_opts.dsskeyfile = NULL;
99 svr_opts.bannerfile = NULL;
100 svr_opts.banner = NULL;
101 svr_opts.forkbg = 1;
102 svr_opts.norootlogin = 0;
103 svr_opts.noauthpass = 0;
104 svr_opts.norootpass = 0;
105 svr_opts.inetdmode = 0;
106 svr_opts.portcount = 0;
107 svr_opts.hostkey = NULL;
108 #ifdef ENABLE_SVR_LOCALTCPFWD
109 svr_opts.nolocaltcp = 0;
110 #endif
111 #ifdef ENABLE_SVR_REMOTETCPFWD
112 svr_opts.noremotetcp = 0;
113 #endif
114 /* not yet
115 opts.ipv4 = 1;
116 opts.ipv6 = 1;
117 */
118 #ifdef DO_MOTD
119 svr_opts.domotd = 1;
120 #endif
121 #ifndef DISABLE_SYSLOG
122 svr_opts.usingsyslog = 1;
123 #endif
124 #ifdef ENABLE_SVR_REMOTETCPFWD
125 opts.listen_fwd_all = 0;
126 #endif
127
128 for (i = 1; i < (unsigned int)argc; i++) {
129 if (next) {
130 *next = argv[i];
131 if (*next == NULL) {
132 dropbear_exit("Invalid null argument");
133 }
134 next = 0x00;
135 continue;
136 }
137
138 if (argv[i][0] == '-') {
139 switch (argv[i][1]) {
140 case 'b':
141 next = &svr_opts.bannerfile;
142 break;
143 #ifdef DROPBEAR_DSS
144 case 'd':
145 next = &svr_opts.dsskeyfile;
146 break;
147 #endif
148 #ifdef DROPBEAR_RSA
149 case 'r':
150 next = &svr_opts.rsakeyfile;
151 break;
152 #endif
153 case 'F':
154 svr_opts.forkbg = 0;
155 break;
156 #ifndef DISABLE_SYSLOG
157 case 'E':
158 svr_opts.usingsyslog = 0;
159 break;
160 #endif
161 #ifdef ENABLE_SVR_LOCALTCPFWD
162 case 'j':
163 svr_opts.nolocaltcp = 1;
164 break;
165 #endif
166 #ifdef ENABLE_SVR_REMOTETCPFWD
167 case 'k':
168 svr_opts.noremotetcp = 1;
169 break;
170 case 'a':
171 opts.listen_fwd_all = 1;
172 break;
173 #endif
174 #ifdef INETD_MODE
175 case 'i':
176 svr_opts.inetdmode = 1;
177 break;
178 #endif
179 case 'p':
180 if (svr_opts.portcount < DROPBEAR_MAX_PORTS) {
181 svr_opts.ports[svr_opts.portcount] = NULL;
182 next = &svr_opts.ports[svr_opts.portcount];
183 /* Note: if it doesn't actually get set, we'll
184 * decrement it after the loop */
185 svr_opts.portcount++;
186 }
187 break;
188 #ifdef DO_MOTD
189 /* motd is displayed by default, -m turns it off */
190 case 'm':
191 svr_opts.domotd = 0;
192 break;
193 #endif
194 case 'w':
195 svr_opts.norootlogin = 1;
196 break;
197 #if defined(ENABLE_SVR_PASSWORD_AUTH) || defined(ENABLE_SVR_PAM_AUTH)
198 case 's':
199 svr_opts.noauthpass = 1;
200 break;
201 case 'g':
202 svr_opts.norootpass = 1;
203 break;
204 #endif
205 case 'h':
206 printhelp(argv[0]);
207 exit(EXIT_FAILURE);
208 break;
209 #ifdef DEBUG_TRACE
210 case 'v':
211 debug_trace = 1;
212 break;
213 #endif
214 default:
215 fprintf(stderr, "Unknown argument %s\n", argv[i]);
216 printhelp(argv[0]);
217 exit(EXIT_FAILURE);
218 break;
219 }
220 }
221 }
222
223 /* Set up listening ports */
224 if (svr_opts.portcount == 0) {
225 svr_opts.ports[0] = m_strdup(DROPBEAR_DEFPORT);
226 svr_opts.portcount = 1;
227 } else {
228 /* we may have been given a -p option but no argument to go with
229 * it */
230 if (svr_opts.ports[svr_opts.portcount-1] == NULL) {
231 svr_opts.portcount--;
232 }
233 }
234
235 if (svr_opts.dsskeyfile == NULL) {
236 svr_opts.dsskeyfile = DSS_PRIV_FILENAME;
237 }
238 if (svr_opts.rsakeyfile == NULL) {
239 svr_opts.rsakeyfile = RSA_PRIV_FILENAME;
240 }
241
242 if (svr_opts.bannerfile) {
243 struct stat buf;
244 if (stat(svr_opts.bannerfile, &buf) != 0) {
245 dropbear_exit("Error opening banner file '%s'",
246 svr_opts.bannerfile);
247 }
248
249 if (buf.st_size > MAX_BANNER_SIZE) {
250 dropbear_exit("Banner file too large, max is %d bytes",
251 MAX_BANNER_SIZE);
252 }
253
254 svr_opts.banner = buf_new(buf.st_size);
255 if (buf_readfile(svr_opts.banner, svr_opts.bannerfile)!=DROPBEAR_SUCCESS) {
256 dropbear_exit("Error reading banner file '%s'",
257 svr_opts.bannerfile);
258 }
259 buf_setpos(svr_opts.banner, 0);
260 }
261
262 }
263
264 static void disablekey(int type, const char* filename) {
265
266 int i;
267
268 for (i = 0; sshhostkey[i].name != NULL; i++) {
269 if (sshhostkey[i].val == type) {
270 sshhostkey[i].usable = 0;
271 break;
272 }
273 }
274 dropbear_log(LOG_WARNING, "Failed reading '%s', disabling %s", filename,
275 type == DROPBEAR_SIGNKEY_DSS ? "DSS" : "RSA");
276 }
277
278 /* Must be called after syslog/etc is working */
279 void loadhostkeys() {
280
281 int ret;
282 int type;
283
284 TRACE(("enter loadhostkeys"))
285
286 svr_opts.hostkey = new_sign_key();
287
288 #ifdef DROPBEAR_RSA
289 type = DROPBEAR_SIGNKEY_RSA;
290 ret = readhostkey(svr_opts.rsakeyfile, svr_opts.hostkey, &type);
291 if (ret == DROPBEAR_FAILURE) {
292 disablekey(DROPBEAR_SIGNKEY_RSA, svr_opts.rsakeyfile);
293 }
294 #endif
295 #ifdef DROPBEAR_DSS
296 type = DROPBEAR_SIGNKEY_DSS;
297 ret = readhostkey(svr_opts.dsskeyfile, svr_opts.hostkey, &type);
298 if (ret == DROPBEAR_FAILURE) {
299 disablekey(DROPBEAR_SIGNKEY_DSS, svr_opts.dsskeyfile);
300 }
301 #endif
302
303 if ( 1
304 #ifdef DROPBEAR_DSS
305 && svr_opts.hostkey->dsskey == NULL
306 #endif
307 #ifdef DROPBEAR_RSA
308 && svr_opts.hostkey->rsakey == NULL
309 #endif
310 ) {
311 dropbear_exit("No hostkeys available");
312 }
313
314 TRACE(("leave loadhostkeys"))
315 }