Mercurial > dropbear
comparison svr-runopts.c @ 285:1b9e69c058d2
propagate from branch 'au.asn.ucc.matt.ltc.dropbear' (head 20dccfc09627970a312d77fb41dc2970b62689c3)
to branch 'au.asn.ucc.matt.dropbear' (head fdf4a7a3b97ae5046139915de7e40399cceb2c01)
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Wed, 08 Mar 2006 13:23:58 +0000 |
parents | be18c7dd486e |
children | 973fccb59ea4 3bfbe95f9a14 0aaaf68e97dc |
comparison
equal
deleted
inserted
replaced
281:997e6f7dc01e | 285:1b9e69c058d2 |
---|---|
1 /* | |
2 * Dropbear - a SSH2 server | |
3 * | |
4 * Copyright (c) 2002,2003 Matt Johnston | |
5 * All rights reserved. | |
6 * | |
7 * Permission is hereby granted, free of charge, to any person obtaining a copy | |
8 * of this software and associated documentation files (the "Software"), to deal | |
9 * in the Software without restriction, including without limitation the rights | |
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | |
11 * copies of the Software, and to permit persons to whom the Software is | |
12 * furnished to do so, subject to the following conditions: | |
13 * | |
14 * The above copyright notice and this permission notice shall be included in | |
15 * all copies or substantial portions of the Software. | |
16 * | |
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | |
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | |
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE | |
20 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | |
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, | |
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE | |
23 * SOFTWARE. */ | |
24 | |
25 #include "includes.h" | |
26 #include "runopts.h" | |
27 #include "signkey.h" | |
28 #include "buffer.h" | |
29 #include "dbutil.h" | |
30 #include "algo.h" | |
31 | |
32 svr_runopts svr_opts; /* GLOBAL */ | |
33 | |
34 static void printhelp(const char * progname); | |
35 | |
36 static void printhelp(const char * progname) { | |
37 | |
38 fprintf(stderr, "Dropbear sshd v%s\n" | |
39 "Usage: %s [options]\n" | |
40 "Options are:\n" | |
41 "-b bannerfile Display the contents of bannerfile" | |
42 " before user login\n" | |
43 " (default: none)\n" | |
44 #ifdef DROPBEAR_DSS | |
45 "-d dsskeyfile Use dsskeyfile for the dss host key\n" | |
46 " (default: %s)\n" | |
47 #endif | |
48 #ifdef DROPBEAR_RSA | |
49 "-r rsakeyfile Use rsakeyfile for the rsa host key\n" | |
50 " (default: %s)\n" | |
51 #endif | |
52 "-F Don't fork into background\n" | |
53 #ifdef DISABLE_SYSLOG | |
54 "(Syslog support not compiled in, using stderr)\n" | |
55 #else | |
56 "-E Log to stderr rather than syslog\n" | |
57 #endif | |
58 #ifdef DO_MOTD | |
59 "-m Don't display the motd on login\n" | |
60 #endif | |
61 "-w Disallow root logins\n" | |
62 #if defined(ENABLE_SVR_PASSWORD_AUTH) || defined(ENABLE_SVR_PAM_AUTH) | |
63 "-s Disable password logins\n" | |
64 "-g Disable password logins for root\n" | |
65 #endif | |
66 #ifdef ENABLE_SVR_LOCALTCPFWD | |
67 "-j Disable local port forwarding\n" | |
68 #endif | |
69 #ifdef ENABLE_SVR_REMOTETCPFWD | |
70 "-k Disable remote port forwarding\n" | |
71 "-a Allow connections to forwarded ports from any host\n" | |
72 #endif | |
73 "-p port Listen on specified tcp port, up to %d can be specified\n" | |
74 " (default %s if none specified)\n" | |
75 #ifdef INETD_MODE | |
76 "-i Start for inetd\n" | |
77 #endif | |
78 #ifdef DEBUG_TRACE | |
79 "-v verbose\n" | |
80 #endif | |
81 ,DROPBEAR_VERSION, progname, | |
82 #ifdef DROPBEAR_DSS | |
83 DSS_PRIV_FILENAME, | |
84 #endif | |
85 #ifdef DROPBEAR_RSA | |
86 RSA_PRIV_FILENAME, | |
87 #endif | |
88 DROPBEAR_MAX_PORTS, DROPBEAR_DEFPORT); | |
89 } | |
90 | |
91 void svr_getopts(int argc, char ** argv) { | |
92 | |
93 unsigned int i; | |
94 char ** next = 0; | |
95 | |
96 /* see printhelp() for options */ | |
97 svr_opts.rsakeyfile = NULL; | |
98 svr_opts.dsskeyfile = NULL; | |
99 svr_opts.bannerfile = NULL; | |
100 svr_opts.banner = NULL; | |
101 svr_opts.forkbg = 1; | |
102 svr_opts.norootlogin = 0; | |
103 svr_opts.noauthpass = 0; | |
104 svr_opts.norootpass = 0; | |
105 svr_opts.inetdmode = 0; | |
106 svr_opts.portcount = 0; | |
107 svr_opts.hostkey = NULL; | |
108 #ifdef ENABLE_SVR_LOCALTCPFWD | |
109 svr_opts.nolocaltcp = 0; | |
110 #endif | |
111 #ifdef ENABLE_SVR_REMOTETCPFWD | |
112 svr_opts.noremotetcp = 0; | |
113 #endif | |
114 /* not yet | |
115 opts.ipv4 = 1; | |
116 opts.ipv6 = 1; | |
117 */ | |
118 #ifdef DO_MOTD | |
119 svr_opts.domotd = 1; | |
120 #endif | |
121 #ifndef DISABLE_SYSLOG | |
122 svr_opts.usingsyslog = 1; | |
123 #endif | |
124 #ifdef ENABLE_SVR_REMOTETCPFWD | |
125 opts.listen_fwd_all = 0; | |
126 #endif | |
127 | |
128 for (i = 1; i < (unsigned int)argc; i++) { | |
129 if (next) { | |
130 *next = argv[i]; | |
131 if (*next == NULL) { | |
132 dropbear_exit("Invalid null argument"); | |
133 } | |
134 next = 0x00; | |
135 continue; | |
136 } | |
137 | |
138 if (argv[i][0] == '-') { | |
139 switch (argv[i][1]) { | |
140 case 'b': | |
141 next = &svr_opts.bannerfile; | |
142 break; | |
143 #ifdef DROPBEAR_DSS | |
144 case 'd': | |
145 next = &svr_opts.dsskeyfile; | |
146 break; | |
147 #endif | |
148 #ifdef DROPBEAR_RSA | |
149 case 'r': | |
150 next = &svr_opts.rsakeyfile; | |
151 break; | |
152 #endif | |
153 case 'F': | |
154 svr_opts.forkbg = 0; | |
155 break; | |
156 #ifndef DISABLE_SYSLOG | |
157 case 'E': | |
158 svr_opts.usingsyslog = 0; | |
159 break; | |
160 #endif | |
161 #ifdef ENABLE_SVR_LOCALTCPFWD | |
162 case 'j': | |
163 svr_opts.nolocaltcp = 1; | |
164 break; | |
165 #endif | |
166 #ifdef ENABLE_SVR_REMOTETCPFWD | |
167 case 'k': | |
168 svr_opts.noremotetcp = 1; | |
169 break; | |
170 case 'a': | |
171 opts.listen_fwd_all = 1; | |
172 break; | |
173 #endif | |
174 #ifdef INETD_MODE | |
175 case 'i': | |
176 svr_opts.inetdmode = 1; | |
177 break; | |
178 #endif | |
179 case 'p': | |
180 if (svr_opts.portcount < DROPBEAR_MAX_PORTS) { | |
181 svr_opts.ports[svr_opts.portcount] = NULL; | |
182 next = &svr_opts.ports[svr_opts.portcount]; | |
183 /* Note: if it doesn't actually get set, we'll | |
184 * decrement it after the loop */ | |
185 svr_opts.portcount++; | |
186 } | |
187 break; | |
188 #ifdef DO_MOTD | |
189 /* motd is displayed by default, -m turns it off */ | |
190 case 'm': | |
191 svr_opts.domotd = 0; | |
192 break; | |
193 #endif | |
194 case 'w': | |
195 svr_opts.norootlogin = 1; | |
196 break; | |
197 #if defined(ENABLE_SVR_PASSWORD_AUTH) || defined(ENABLE_SVR_PAM_AUTH) | |
198 case 's': | |
199 svr_opts.noauthpass = 1; | |
200 break; | |
201 case 'g': | |
202 svr_opts.norootpass = 1; | |
203 break; | |
204 #endif | |
205 case 'h': | |
206 printhelp(argv[0]); | |
207 exit(EXIT_FAILURE); | |
208 break; | |
209 #ifdef DEBUG_TRACE | |
210 case 'v': | |
211 debug_trace = 1; | |
212 break; | |
213 #endif | |
214 default: | |
215 fprintf(stderr, "Unknown argument %s\n", argv[i]); | |
216 printhelp(argv[0]); | |
217 exit(EXIT_FAILURE); | |
218 break; | |
219 } | |
220 } | |
221 } | |
222 | |
223 /* Set up listening ports */ | |
224 if (svr_opts.portcount == 0) { | |
225 svr_opts.ports[0] = m_strdup(DROPBEAR_DEFPORT); | |
226 svr_opts.portcount = 1; | |
227 } else { | |
228 /* we may have been given a -p option but no argument to go with | |
229 * it */ | |
230 if (svr_opts.ports[svr_opts.portcount-1] == NULL) { | |
231 svr_opts.portcount--; | |
232 } | |
233 } | |
234 | |
235 if (svr_opts.dsskeyfile == NULL) { | |
236 svr_opts.dsskeyfile = DSS_PRIV_FILENAME; | |
237 } | |
238 if (svr_opts.rsakeyfile == NULL) { | |
239 svr_opts.rsakeyfile = RSA_PRIV_FILENAME; | |
240 } | |
241 | |
242 if (svr_opts.bannerfile) { | |
243 struct stat buf; | |
244 if (stat(svr_opts.bannerfile, &buf) != 0) { | |
245 dropbear_exit("Error opening banner file '%s'", | |
246 svr_opts.bannerfile); | |
247 } | |
248 | |
249 if (buf.st_size > MAX_BANNER_SIZE) { | |
250 dropbear_exit("Banner file too large, max is %d bytes", | |
251 MAX_BANNER_SIZE); | |
252 } | |
253 | |
254 svr_opts.banner = buf_new(buf.st_size); | |
255 if (buf_readfile(svr_opts.banner, svr_opts.bannerfile)!=DROPBEAR_SUCCESS) { | |
256 dropbear_exit("Error reading banner file '%s'", | |
257 svr_opts.bannerfile); | |
258 } | |
259 buf_setpos(svr_opts.banner, 0); | |
260 } | |
261 | |
262 } | |
263 | |
264 static void disablekey(int type, const char* filename) { | |
265 | |
266 int i; | |
267 | |
268 for (i = 0; sshhostkey[i].name != NULL; i++) { | |
269 if (sshhostkey[i].val == type) { | |
270 sshhostkey[i].usable = 0; | |
271 break; | |
272 } | |
273 } | |
274 dropbear_log(LOG_WARNING, "Failed reading '%s', disabling %s", filename, | |
275 type == DROPBEAR_SIGNKEY_DSS ? "DSS" : "RSA"); | |
276 } | |
277 | |
278 /* Must be called after syslog/etc is working */ | |
279 void loadhostkeys() { | |
280 | |
281 int ret; | |
282 int type; | |
283 | |
284 TRACE(("enter loadhostkeys")) | |
285 | |
286 svr_opts.hostkey = new_sign_key(); | |
287 | |
288 #ifdef DROPBEAR_RSA | |
289 type = DROPBEAR_SIGNKEY_RSA; | |
290 ret = readhostkey(svr_opts.rsakeyfile, svr_opts.hostkey, &type); | |
291 if (ret == DROPBEAR_FAILURE) { | |
292 disablekey(DROPBEAR_SIGNKEY_RSA, svr_opts.rsakeyfile); | |
293 } | |
294 #endif | |
295 #ifdef DROPBEAR_DSS | |
296 type = DROPBEAR_SIGNKEY_DSS; | |
297 ret = readhostkey(svr_opts.dsskeyfile, svr_opts.hostkey, &type); | |
298 if (ret == DROPBEAR_FAILURE) { | |
299 disablekey(DROPBEAR_SIGNKEY_DSS, svr_opts.dsskeyfile); | |
300 } | |
301 #endif | |
302 | |
303 if ( 1 | |
304 #ifdef DROPBEAR_DSS | |
305 && svr_opts.hostkey->dsskey == NULL | |
306 #endif | |
307 #ifdef DROPBEAR_RSA | |
308 && svr_opts.hostkey->rsakey == NULL | |
309 #endif | |
310 ) { | |
311 dropbear_exit("No hostkeys available"); | |
312 } | |
313 | |
314 TRACE(("leave loadhostkeys")) | |
315 } |