comparison svr-runopts.c @ 1546:bb8eaa26bc93 fuzz

merge from main
author Matt Johnston <matt@ucc.asn.au>
date Mon, 26 Feb 2018 22:44:48 +0800
parents 5916af64acd4 f20038b513a5
children 61a793b6e471
comparison
equal deleted inserted replaced
1530:63fa53d3b6c7 1546:bb8eaa26bc93
28 #include "buffer.h" 28 #include "buffer.h"
29 #include "dbutil.h" 29 #include "dbutil.h"
30 #include "algo.h" 30 #include "algo.h"
31 #include "ecdsa.h" 31 #include "ecdsa.h"
32 32
33 #include <grp.h>
34
33 svr_runopts svr_opts; /* GLOBAL */ 35 svr_runopts svr_opts; /* GLOBAL */
34 36
35 static void printhelp(const char * progname); 37 static void printhelp(const char * progname);
36 static void addportandaddress(const char* spec); 38 static void addportandaddress(const char* spec);
37 static void loadhostkey(const char *keyfile, int fatal_duplicate); 39 static void loadhostkey(const char *keyfile, int fatal_duplicate);
66 #endif 68 #endif
67 #if DO_MOTD 69 #if DO_MOTD
68 "-m Don't display the motd on login\n" 70 "-m Don't display the motd on login\n"
69 #endif 71 #endif
70 "-w Disallow root logins\n" 72 "-w Disallow root logins\n"
73 "-G Restrict logins to members of specified group\n"
71 #if DROPBEAR_SVR_PASSWORD_AUTH || DROPBEAR_SVR_PAM_AUTH 74 #if DROPBEAR_SVR_PASSWORD_AUTH || DROPBEAR_SVR_PAM_AUTH
72 "-s Disable password logins\n" 75 "-s Disable password logins\n"
73 "-g Disable password logins for root\n" 76 "-g Disable password logins for root\n"
74 "-B Allow blank password logins\n" 77 "-B Allow blank password logins\n"
75 #endif 78 #endif
130 svr_opts.bannerfile = NULL; 133 svr_opts.bannerfile = NULL;
131 svr_opts.banner = NULL; 134 svr_opts.banner = NULL;
132 svr_opts.forced_command = NULL; 135 svr_opts.forced_command = NULL;
133 svr_opts.forkbg = 1; 136 svr_opts.forkbg = 1;
134 svr_opts.norootlogin = 0; 137 svr_opts.norootlogin = 0;
138 svr_opts.restrict_group = NULL;
139 svr_opts.restrict_group_gid = 0;
135 svr_opts.noauthpass = 0; 140 svr_opts.noauthpass = 0;
136 svr_opts.norootpass = 0; 141 svr_opts.norootpass = 0;
137 svr_opts.allowblankpass = 0; 142 svr_opts.allowblankpass = 0;
138 svr_opts.maxauthtries = MAX_AUTH_TRIES; 143 svr_opts.maxauthtries = MAX_AUTH_TRIES;
139 svr_opts.inetdmode = 0; 144 svr_opts.inetdmode = 0;
228 break; 233 break;
229 #endif 234 #endif
230 case 'w': 235 case 'w':
231 svr_opts.norootlogin = 1; 236 svr_opts.norootlogin = 1;
232 break; 237 break;
238 case 'G':
239 next = &svr_opts.restrict_group;
240 break;
233 case 'W': 241 case 'W':
234 next = &recv_window_arg; 242 next = &recv_window_arg;
235 break; 243 break;
236 case 'K': 244 case 'K':
237 next = &keepalive_arg; 245 next = &keepalive_arg;
328 if (buf_readfile(svr_opts.banner, svr_opts.bannerfile)!=DROPBEAR_SUCCESS) { 336 if (buf_readfile(svr_opts.banner, svr_opts.bannerfile)!=DROPBEAR_SUCCESS) {
329 dropbear_exit("Error reading banner file '%s'", 337 dropbear_exit("Error reading banner file '%s'",
330 svr_opts.bannerfile); 338 svr_opts.bannerfile);
331 } 339 }
332 buf_setpos(svr_opts.banner, 0); 340 buf_setpos(svr_opts.banner, 0);
341 }
342
343 if (svr_opts.restrict_group) {
344 struct group *restrictedgroup = getgrnam(svr_opts.restrict_group);
345
346 if (restrictedgroup){
347 svr_opts.restrict_group_gid = restrictedgroup->gr_gid;
348 } else {
349 dropbear_exit("Cannot restrict logins to group '%s' as the group does not exist", svr_opts.restrict_group);
350 }
351
333 } 352 }
334 353
335 if (recv_window_arg) { 354 if (recv_window_arg) {
336 opts.recv_window = atol(recv_window_arg); 355 opts.recv_window = atol(recv_window_arg);
337 if (opts.recv_window == 0 || opts.recv_window > MAX_RECV_WINDOW) { 356 if (opts.recv_window == 0 || opts.recv_window > MAX_RECV_WINDOW) {
509 char *hostkey_file = svr_opts.hostkey_files[i]; 528 char *hostkey_file = svr_opts.hostkey_files[i];
510 loadhostkey(hostkey_file, 1); 529 loadhostkey(hostkey_file, 1);
511 m_free(hostkey_file); 530 m_free(hostkey_file);
512 } 531 }
513 532
533 /* Only load default host keys if a host key is not specified by the user */
534 if (svr_opts.num_hostkey_files == 0) {
514 #if DROPBEAR_RSA 535 #if DROPBEAR_RSA
515 loadhostkey(RSA_PRIV_FILENAME, 0); 536 loadhostkey(RSA_PRIV_FILENAME, 0);
516 #endif 537 #endif
517 538
518 #if DROPBEAR_DSS 539 #if DROPBEAR_DSS
519 loadhostkey(DSS_PRIV_FILENAME, 0); 540 loadhostkey(DSS_PRIV_FILENAME, 0);
520 #endif 541 #endif
521 542
522 #if DROPBEAR_ECDSA 543 #if DROPBEAR_ECDSA
523 loadhostkey(ECDSA_PRIV_FILENAME, 0); 544 loadhostkey(ECDSA_PRIV_FILENAME, 0);
524 #endif 545 #endif
546 }
525 547
526 #if DROPBEAR_DELAY_HOSTKEY 548 #if DROPBEAR_DELAY_HOSTKEY
527 if (svr_opts.delay_hostkey) { 549 if (svr_opts.delay_hostkey) {
528 disable_unset_keys = 0; 550 disable_unset_keys = 0;
529 } 551 }