Mercurial > dropbear

comparison svr-runopts.c @ 1355:3fdd8c5a0195 fuzz

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
merge main to fuzz
author Matt Johnston <matt@ucc.asn.au>
date Thu, 18 May 2017 23:45:10 +0800
parents 5c2899e35b63 750ec4ec4cbe
children 798854f62430
comparison
equal deleted inserted replaced
1354:7618759e9327 1355:3fdd8c5a0195
44 "-b bannerfile Display the contents of bannerfile" 44 "-b bannerfile Display the contents of bannerfile"
45 " before user login\n" 45 " before user login\n"
46 " (default: none)\n" 46 " (default: none)\n"
47 "-r keyfile Specify hostkeys (repeatable)\n" 47 "-r keyfile Specify hostkeys (repeatable)\n"
48 " defaults: \n" 48 " defaults: \n"
49 #ifdef DROPBEAR_DSS 49 #if DROPBEAR_DSS
50 " dss %s\n" 50 " dss %s\n"
51 #endif 51 #endif
52 #ifdef DROPBEAR_RSA 52 #if DROPBEAR_RSA
53 " rsa %s\n" 53 " rsa %s\n"
54 #endif 54 #endif
55 #ifdef DROPBEAR_ECDSA 55 #if DROPBEAR_ECDSA
56 " ecdsa %s\n" 56 " ecdsa %s\n"
57 #endif 57 #endif
58 #ifdef DROPBEAR_DELAY_HOSTKEY 58 #if DROPBEAR_DELAY_HOSTKEY
59 "-R Create hostkeys as required\n" 59 "-R Create hostkeys as required\n"
60 #endif 60 #endif
61 "-F Don't fork into background\n" 61 "-F Don't fork into background\n"
62 #ifdef DISABLE_SYSLOG 62 #ifdef DISABLE_SYSLOG
63 "(Syslog support not compiled in, using stderr)\n" 63 "(Syslog support not compiled in, using stderr)\n"
66 #endif 66 #endif
67 #ifdef DO_MOTD 67 #ifdef DO_MOTD
68 "-m Don't display the motd on login\n" 68 "-m Don't display the motd on login\n"
69 #endif 69 #endif
70 "-w Disallow root logins\n" 70 "-w Disallow root logins\n"
71 #if defined(ENABLE_SVR_PASSWORD_AUTH) || defined(ENABLE_SVR_PAM_AUTH) 71 #if DROPBEAR_SVR_PASSWORD_AUTH || DROPBEAR_SVR_PAM_AUTH
72 "-s Disable password logins\n" 72 "-s Disable password logins\n"
73 "-g Disable password logins for root\n" 73 "-g Disable password logins for root\n"
74 "-B Allow blank password logins\n" 74 "-B Allow blank password logins\n"
75 #endif 75 #endif
76 #ifdef ENABLE_SVR_LOCALTCPFWD 76 #if DROPBEAR_SVR_LOCALTCPFWD
77 "-j Disable local port forwarding\n" 77 "-j Disable local port forwarding\n"
78 #endif 78 #endif
79 #ifdef ENABLE_SVR_REMOTETCPFWD 79 #if DROPBEAR_SVR_REMOTETCPFWD
80 "-k Disable remote port forwarding\n" 80 "-k Disable remote port forwarding\n"
81 "-a Allow connections to forwarded ports from any host\n" 81 "-a Allow connections to forwarded ports from any host\n"
82 "-c command Force executed command\n"
82 #endif 83 #endif
83 "-p [address:]port\n" 84 "-p [address:]port\n"
84 " Listen on specified tcp port (and optionally address),\n" 85 " Listen on specified tcp port (and optionally address),\n"
85 " up to %d can be specified\n" 86 " up to %d can be specified\n"
86 " (default port is %s if none specified)\n" 87 " (default port is %s if none specified)\n"
91 #endif 92 #endif
92 "-W <receive_window_buffer> (default %d, larger may be faster, max 1MB)\n" 93 "-W <receive_window_buffer> (default %d, larger may be faster, max 1MB)\n"
93 "-K <keepalive> (0 is never, default %d, in seconds)\n" 94 "-K <keepalive> (0 is never, default %d, in seconds)\n"
94 "-I <idle_timeout> (0 is never, default %d, in seconds)\n" 95 "-I <idle_timeout> (0 is never, default %d, in seconds)\n"
95 "-V Version\n" 96 "-V Version\n"
96 #ifdef DEBUG_TRACE 97 #if DEBUG_TRACE
97 "-v verbose (compiled with DEBUG_TRACE)\n" 98 "-v verbose (compiled with DEBUG_TRACE)\n"
98 #endif 99 #endif
99 ,DROPBEAR_VERSION, progname, 100 ,DROPBEAR_VERSION, progname,
100 #ifdef DROPBEAR_DSS 101 #if DROPBEAR_DSS
101 DSS_PRIV_FILENAME, 102 DSS_PRIV_FILENAME,
102 #endif 103 #endif
103 #ifdef DROPBEAR_RSA 104 #if DROPBEAR_RSA
104 RSA_PRIV_FILENAME, 105 RSA_PRIV_FILENAME,
105 #endif 106 #endif
106 #ifdef DROPBEAR_ECDSA 107 #if DROPBEAR_ECDSA
107 ECDSA_PRIV_FILENAME, 108 ECDSA_PRIV_FILENAME,
108 #endif 109 #endif
109 DROPBEAR_MAX_PORTS, DROPBEAR_DEFPORT, DROPBEAR_PIDFILE, 110 DROPBEAR_MAX_PORTS, DROPBEAR_DEFPORT, DROPBEAR_PIDFILE,
110 DEFAULT_RECV_WINDOW, DEFAULT_KEEPALIVE, DEFAULT_IDLE_TIMEOUT); 111 DEFAULT_RECV_WINDOW, DEFAULT_KEEPALIVE, DEFAULT_IDLE_TIMEOUT);
111 } 112 }
123 124
124 125
125 /* see printhelp() for options */ 126 /* see printhelp() for options */
126 svr_opts.bannerfile = NULL; 127 svr_opts.bannerfile = NULL;
127 svr_opts.banner = NULL; 128 svr_opts.banner = NULL;
129 svr_opts.forced_command = NULL;
128 svr_opts.forkbg = 1; 130 svr_opts.forkbg = 1;
129 svr_opts.norootlogin = 0; 131 svr_opts.norootlogin = 0;
130 svr_opts.noauthpass = 0; 132 svr_opts.noauthpass = 0;
131 svr_opts.norootpass = 0; 133 svr_opts.norootpass = 0;
132 svr_opts.allowblankpass = 0; 134 svr_opts.allowblankpass = 0;
133 svr_opts.inetdmode = 0; 135 svr_opts.inetdmode = 0;
134 svr_opts.portcount = 0; 136 svr_opts.portcount = 0;
135 svr_opts.hostkey = NULL; 137 svr_opts.hostkey = NULL;
136 svr_opts.delay_hostkey = 0; 138 svr_opts.delay_hostkey = 0;
137 svr_opts.pidfile = DROPBEAR_PIDFILE; 139 svr_opts.pidfile = DROPBEAR_PIDFILE;
138 #ifdef ENABLE_SVR_LOCALTCPFWD 140 #if DROPBEAR_SVR_LOCALTCPFWD
139 svr_opts.nolocaltcp = 0; 141 svr_opts.nolocaltcp = 0;
140 #endif 142 #endif
141 #ifdef ENABLE_SVR_REMOTETCPFWD 143 #if DROPBEAR_SVR_REMOTETCPFWD
142 svr_opts.noremotetcp = 0; 144 svr_opts.noremotetcp = 0;
143 #endif 145 #endif
144 146
145 #ifndef DISABLE_ZLIB 147 #ifndef DISABLE_ZLIB
146 #if DROPBEAR_SERVER_DELAY_ZLIB
147 opts.compress_mode = DROPBEAR_COMPRESS_DELAYED; 148 opts.compress_mode = DROPBEAR_COMPRESS_DELAYED;
148 #else
149 opts.compress_mode = DROPBEAR_COMPRESS_ON;
150 #endif
151 #endif 149 #endif
152 150
153 /* not yet 151 /* not yet
154 opts.ipv4 = 1; 152 opts.ipv4 = 1;
155 opts.ipv6 = 1; 153 opts.ipv6 = 1;
162 #endif 160 #endif
163 opts.recv_window = DEFAULT_RECV_WINDOW; 161 opts.recv_window = DEFAULT_RECV_WINDOW;
164 opts.keepalive_secs = DEFAULT_KEEPALIVE; 162 opts.keepalive_secs = DEFAULT_KEEPALIVE;
165 opts.idle_timeout_secs = DEFAULT_IDLE_TIMEOUT; 163 opts.idle_timeout_secs = DEFAULT_IDLE_TIMEOUT;
166 164
167 #ifdef ENABLE_SVR_REMOTETCPFWD 165 #if DROPBEAR_SVR_REMOTETCPFWD
168 opts.listen_fwd_all = 0; 166 opts.listen_fwd_all = 0;
169 #endif 167 #endif
170 168
171 for (i = 1; i < (unsigned int)argc; i++) { 169 for (i = 1; i < (unsigned int)argc; i++) {
172 if (argv[i][0] != '-' || argv[i][1] == '\0') 170 if (argv[i][0] != '-' || argv[i][1] == '\0')
175 for (j = 1; (c = argv[i][j]) != '\0' && !next && !nextisport; j++) { 173 for (j = 1; (c = argv[i][j]) != '\0' && !next && !nextisport; j++) {
176 switch (c) { 174 switch (c) {
177 case 'b': 175 case 'b':
178 next = &svr_opts.bannerfile; 176 next = &svr_opts.bannerfile;
179 break; 177 break;
178 case 'c':
179 next = &svr_opts.forced_command;
180 break;
180 case 'd': 181 case 'd':
181 case 'r': 182 case 'r':
182 next = &keyfile; 183 next = &keyfile;
183 break; 184 break;
184 case 'R': 185 case 'R':
190 #ifndef DISABLE_SYSLOG 191 #ifndef DISABLE_SYSLOG
191 case 'E': 192 case 'E':
192 opts.usingsyslog = 0; 193 opts.usingsyslog = 0;
193 break; 194 break;
194 #endif 195 #endif
195 #ifdef ENABLE_SVR_LOCALTCPFWD 196 #if DROPBEAR_SVR_LOCALTCPFWD
196 case 'j': 197 case 'j':
197 svr_opts.nolocaltcp = 1; 198 svr_opts.nolocaltcp = 1;
198 break; 199 break;
199 #endif 200 #endif
200 #ifdef ENABLE_SVR_REMOTETCPFWD 201 #if DROPBEAR_SVR_REMOTETCPFWD
201 case 'k': 202 case 'k':
202 svr_opts.noremotetcp = 1; 203 svr_opts.noremotetcp = 1;
203 break; 204 break;
204 case 'a': 205 case 'a':
205 opts.listen_fwd_all = 1; 206 opts.listen_fwd_all = 1;
232 next = &keepalive_arg; 233 next = &keepalive_arg;
233 break; 234 break;
234 case 'I': 235 case 'I':
235 next = &idle_timeout_arg; 236 next = &idle_timeout_arg;
236 break; 237 break;
237 #if defined(ENABLE_SVR_PASSWORD_AUTH) || defined(ENABLE_SVR_PAM_AUTH) 238 #if DROPBEAR_SVR_PASSWORD_AUTH || DROPBEAR_SVR_PAM_AUTH
238 case 's': 239 case 's':
239 svr_opts.noauthpass = 1; 240 svr_opts.noauthpass = 1;
240 break; 241 break;
241 case 'g': 242 case 'g':
242 svr_opts.norootpass = 1; 243 svr_opts.norootpass = 1;
250 exit(EXIT_SUCCESS); 251 exit(EXIT_SUCCESS);
251 break; 252 break;
252 case 'u': 253 case 'u':
253 /* backwards compatibility with old urandom option */ 254 /* backwards compatibility with old urandom option */
254 break; 255 break;
255 #ifdef DEBUG_TRACE 256 #if DEBUG_TRACE
256 case 'v': 257 case 'v':
257 debug_trace = 1; 258 debug_trace = 1;
258 break; 259 break;
259 #endif 260 #endif
260 case 'V': 261 case 'V':
343 unsigned int val; 344 unsigned int val;
344 if (m_str_to_uint(idle_timeout_arg, &val) == DROPBEAR_FAILURE) { 345 if (m_str_to_uint(idle_timeout_arg, &val) == DROPBEAR_FAILURE) {
345 dropbear_exit("Bad idle_timeout '%s'", idle_timeout_arg); 346 dropbear_exit("Bad idle_timeout '%s'", idle_timeout_arg);
346 } 347 }
347 opts.idle_timeout_secs = val; 348 opts.idle_timeout_secs = val;
349 }
350
351 if (svr_opts.forced_command) {
352 dropbear_log(LOG_INFO, "Forced command set to '%s'", svr_opts.forced_command);
348 } 353 }
349 } 354 }
350 355
351 static void addportandaddress(const char* spec) { 356 static void addportandaddress(const char* spec) {
352 char *spec_copy = NULL, *myspec = NULL, *port = NULL, *address = NULL; 357 char *spec_copy = NULL, *myspec = NULL, *port = NULL, *address = NULL;
432 if (!svr_opts.delay_hostkey) { 437 if (!svr_opts.delay_hostkey) {
433 dropbear_log(LOG_WARNING, "Failed loading %s", keyfile); 438 dropbear_log(LOG_WARNING, "Failed loading %s", keyfile);
434 } 439 }
435 } 440 }
436 441
437 #ifdef DROPBEAR_RSA 442 #if DROPBEAR_RSA
438 if (type == DROPBEAR_SIGNKEY_RSA) { 443 if (type == DROPBEAR_SIGNKEY_RSA) {
439 loadhostkey_helper("RSA", (void**)&read_key->rsakey, (void**)&svr_opts.hostkey->rsakey, fatal_duplicate); 444 loadhostkey_helper("RSA", (void**)&read_key->rsakey, (void**)&svr_opts.hostkey->rsakey, fatal_duplicate);
440 } 445 }
441 #endif 446 #endif
442 447
443 #ifdef DROPBEAR_DSS 448 #if DROPBEAR_DSS
444 if (type == DROPBEAR_SIGNKEY_DSS) { 449 if (type == DROPBEAR_SIGNKEY_DSS) {
445 loadhostkey_helper("DSS", (void**)&read_key->dsskey, (void**)&svr_opts.hostkey->dsskey, fatal_duplicate); 450 loadhostkey_helper("DSS", (void**)&read_key->dsskey, (void**)&svr_opts.hostkey->dsskey, fatal_duplicate);
446 } 451 }
447 #endif 452 #endif
448 453
449 #ifdef DROPBEAR_ECDSA 454 #if DROPBEAR_ECDSA
450 #ifdef DROPBEAR_ECC_256 455 #if DROPBEAR_ECC_256
451 if (type == DROPBEAR_SIGNKEY_ECDSA_NISTP256) { 456 if (type == DROPBEAR_SIGNKEY_ECDSA_NISTP256) {
452 loadhostkey_helper("ECDSA256", (void**)&read_key->ecckey256, (void**)&svr_opts.hostkey->ecckey256, fatal_duplicate); 457 loadhostkey_helper("ECDSA256", (void**)&read_key->ecckey256, (void**)&svr_opts.hostkey->ecckey256, fatal_duplicate);
453 } 458 }
454 #endif 459 #endif
455 #ifdef DROPBEAR_ECC_384 460 #if DROPBEAR_ECC_384
456 if (type == DROPBEAR_SIGNKEY_ECDSA_NISTP384) { 461 if (type == DROPBEAR_SIGNKEY_ECDSA_NISTP384) {
457 loadhostkey_helper("ECDSA384", (void**)&read_key->ecckey384, (void**)&svr_opts.hostkey->ecckey384, fatal_duplicate); 462 loadhostkey_helper("ECDSA384", (void**)&read_key->ecckey384, (void**)&svr_opts.hostkey->ecckey384, fatal_duplicate);
458 } 463 }
459 #endif 464 #endif
460 #ifdef DROPBEAR_ECC_521 465 #if DROPBEAR_ECC_521
461 if (type == DROPBEAR_SIGNKEY_ECDSA_NISTP521) { 466 if (type == DROPBEAR_SIGNKEY_ECDSA_NISTP521) {
462 loadhostkey_helper("ECDSA521", (void**)&read_key->ecckey521, (void**)&svr_opts.hostkey->ecckey521, fatal_duplicate); 467 loadhostkey_helper("ECDSA521", (void**)&read_key->ecckey521, (void**)&svr_opts.hostkey->ecckey521, fatal_duplicate);
463 } 468 }
464 #endif 469 #endif
465 #endif /* DROPBEAR_ECDSA */ 470 #endif /* DROPBEAR_ECDSA */
487 char *hostkey_file = svr_opts.hostkey_files[i]; 492 char *hostkey_file = svr_opts.hostkey_files[i];
488 loadhostkey(hostkey_file, 1); 493 loadhostkey(hostkey_file, 1);
489 m_free(hostkey_file); 494 m_free(hostkey_file);
490 } 495 }
491 496
492 #ifdef DROPBEAR_RSA 497 #if DROPBEAR_RSA
493 loadhostkey(RSA_PRIV_FILENAME, 0); 498 loadhostkey(RSA_PRIV_FILENAME, 0);
494 #endif 499 #endif
495 500
496 #ifdef DROPBEAR_DSS 501 #if DROPBEAR_DSS
497 loadhostkey(DSS_PRIV_FILENAME, 0); 502 loadhostkey(DSS_PRIV_FILENAME, 0);
498 #endif 503 #endif
499 504
500 #ifdef DROPBEAR_ECDSA 505 #if DROPBEAR_ECDSA
501 loadhostkey(ECDSA_PRIV_FILENAME, 0); 506 loadhostkey(ECDSA_PRIV_FILENAME, 0);
502 #endif 507 #endif
503 508
504 #ifdef DROPBEAR_DELAY_HOSTKEY 509 #if DROPBEAR_DELAY_HOSTKEY
505 if (svr_opts.delay_hostkey) { 510 if (svr_opts.delay_hostkey) {
506 disable_unset_keys = 0; 511 disable_unset_keys = 0;
507 } 512 }
508 #endif 513 #endif
509 514
510 #ifdef DROPBEAR_RSA 515 #if DROPBEAR_RSA
511 if (disable_unset_keys && !svr_opts.hostkey->rsakey) { 516 if (disable_unset_keys && !svr_opts.hostkey->rsakey) {
512 disablekey(DROPBEAR_SIGNKEY_RSA); 517 disablekey(DROPBEAR_SIGNKEY_RSA);
513 } else { 518 } else {
514 any_keys = 1; 519 any_keys = 1;
515 } 520 }
516 #endif 521 #endif
517 522
518 #ifdef DROPBEAR_DSS 523 #if DROPBEAR_DSS
519 if (disable_unset_keys && !svr_opts.hostkey->dsskey) { 524 if (disable_unset_keys && !svr_opts.hostkey->dsskey) {
520 disablekey(DROPBEAR_SIGNKEY_DSS); 525 disablekey(DROPBEAR_SIGNKEY_DSS);
521 } else { 526 } else {
522 any_keys = 1; 527 any_keys = 1;
523 } 528 }
524 #endif 529 #endif
525 530
526 531
527 #ifdef DROPBEAR_ECDSA 532 #if DROPBEAR_ECDSA
528 #ifdef DROPBEAR_ECC_256 533 #if DROPBEAR_ECC_256
529 if ((disable_unset_keys || ECDSA_DEFAULT_SIZE != 256) 534 if ((disable_unset_keys || ECDSA_DEFAULT_SIZE != 256)
530 && !svr_opts.hostkey->ecckey256) { 535 && !svr_opts.hostkey->ecckey256) {
531 disablekey(DROPBEAR_SIGNKEY_ECDSA_NISTP256); 536 disablekey(DROPBEAR_SIGNKEY_ECDSA_NISTP256);
532 } else { 537 } else {
533 any_keys = 1; 538 any_keys = 1;
534 } 539 }
535 #endif 540 #endif
536 541
537 #ifdef DROPBEAR_ECC_384 542 #if DROPBEAR_ECC_384
538 if ((disable_unset_keys || ECDSA_DEFAULT_SIZE != 384) 543 if ((disable_unset_keys || ECDSA_DEFAULT_SIZE != 384)
539 && !svr_opts.hostkey->ecckey384) { 544 && !svr_opts.hostkey->ecckey384) {
540 disablekey(DROPBEAR_SIGNKEY_ECDSA_NISTP384); 545 disablekey(DROPBEAR_SIGNKEY_ECDSA_NISTP384);
541 } else { 546 } else {
542 any_keys = 1; 547 any_keys = 1;
543 } 548 }
544 #endif 549 #endif
545 550
546 #ifdef DROPBEAR_ECC_521 551 #if DROPBEAR_ECC_521
547 if ((disable_unset_keys || ECDSA_DEFAULT_SIZE != 521) 552 if ((disable_unset_keys || ECDSA_DEFAULT_SIZE != 521)
548 && !svr_opts.hostkey->ecckey521) { 553 && !svr_opts.hostkey->ecckey521) {
549 disablekey(DROPBEAR_SIGNKEY_ECDSA_NISTP521); 554 disablekey(DROPBEAR_SIGNKEY_ECDSA_NISTP521);
550 } else { 555 } else {
551 any_keys = 1; 556 any_keys = 1;