Mercurial > dropbear
comparison svr-runopts.c @ 1546:bb8eaa26bc93 fuzz
merge from main
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Mon, 26 Feb 2018 22:44:48 +0800 |
| parents | 5916af64acd4 f20038b513a5 |
| children | 61a793b6e471 |
comparison
equal
deleted
inserted
replaced
| 1530:63fa53d3b6c7 | 1546:bb8eaa26bc93 |
|---|---|
| 28 #include "buffer.h" | 28 #include "buffer.h" |
| 29 #include "dbutil.h" | 29 #include "dbutil.h" |
| 30 #include "algo.h" | 30 #include "algo.h" |
| 31 #include "ecdsa.h" | 31 #include "ecdsa.h" |
| 32 | 32 |
| 33 #include <grp.h> | |
| 34 | |
| 33 svr_runopts svr_opts; /* GLOBAL */ | 35 svr_runopts svr_opts; /* GLOBAL */ |
| 34 | 36 |
| 35 static void printhelp(const char * progname); | 37 static void printhelp(const char * progname); |
| 36 static void addportandaddress(const char* spec); | 38 static void addportandaddress(const char* spec); |
| 37 static void loadhostkey(const char *keyfile, int fatal_duplicate); | 39 static void loadhostkey(const char *keyfile, int fatal_duplicate); |
| 66 #endif | 68 #endif |
| 67 #if DO_MOTD | 69 #if DO_MOTD |
| 68 "-m Don't display the motd on login\n" | 70 "-m Don't display the motd on login\n" |
| 69 #endif | 71 #endif |
| 70 "-w Disallow root logins\n" | 72 "-w Disallow root logins\n" |
| 73 "-G Restrict logins to members of specified group\n" | |
| 71 #if DROPBEAR_SVR_PASSWORD_AUTH || DROPBEAR_SVR_PAM_AUTH | 74 #if DROPBEAR_SVR_PASSWORD_AUTH || DROPBEAR_SVR_PAM_AUTH |
| 72 "-s Disable password logins\n" | 75 "-s Disable password logins\n" |
| 73 "-g Disable password logins for root\n" | 76 "-g Disable password logins for root\n" |
| 74 "-B Allow blank password logins\n" | 77 "-B Allow blank password logins\n" |
| 75 #endif | 78 #endif |
| 130 svr_opts.bannerfile = NULL; | 133 svr_opts.bannerfile = NULL; |
| 131 svr_opts.banner = NULL; | 134 svr_opts.banner = NULL; |
| 132 svr_opts.forced_command = NULL; | 135 svr_opts.forced_command = NULL; |
| 133 svr_opts.forkbg = 1; | 136 svr_opts.forkbg = 1; |
| 134 svr_opts.norootlogin = 0; | 137 svr_opts.norootlogin = 0; |
| 138 svr_opts.restrict_group = NULL; | |
| 139 svr_opts.restrict_group_gid = 0; | |
| 135 svr_opts.noauthpass = 0; | 140 svr_opts.noauthpass = 0; |
| 136 svr_opts.norootpass = 0; | 141 svr_opts.norootpass = 0; |
| 137 svr_opts.allowblankpass = 0; | 142 svr_opts.allowblankpass = 0; |
| 138 svr_opts.maxauthtries = MAX_AUTH_TRIES; | 143 svr_opts.maxauthtries = MAX_AUTH_TRIES; |
| 139 svr_opts.inetdmode = 0; | 144 svr_opts.inetdmode = 0; |
| 228 break; | 233 break; |
| 229 #endif | 234 #endif |
| 230 case 'w': | 235 case 'w': |
| 231 svr_opts.norootlogin = 1; | 236 svr_opts.norootlogin = 1; |
| 232 break; | 237 break; |
| 238 case 'G': | |
| 239 next = &svr_opts.restrict_group; | |
| 240 break; | |
| 233 case 'W': | 241 case 'W': |
| 234 next = &recv_window_arg; | 242 next = &recv_window_arg; |
| 235 break; | 243 break; |
| 236 case 'K': | 244 case 'K': |
| 237 next = &keepalive_arg; | 245 next = &keepalive_arg; |
| 328 if (buf_readfile(svr_opts.banner, svr_opts.bannerfile)!=DROPBEAR_SUCCESS) { | 336 if (buf_readfile(svr_opts.banner, svr_opts.bannerfile)!=DROPBEAR_SUCCESS) { |
| 329 dropbear_exit("Error reading banner file '%s'", | 337 dropbear_exit("Error reading banner file '%s'", |
| 330 svr_opts.bannerfile); | 338 svr_opts.bannerfile); |
| 331 } | 339 } |
| 332 buf_setpos(svr_opts.banner, 0); | 340 buf_setpos(svr_opts.banner, 0); |
| 341 } | |
| 342 | |
| 343 if (svr_opts.restrict_group) { | |
| 344 struct group *restrictedgroup = getgrnam(svr_opts.restrict_group); | |
| 345 | |
| 346 if (restrictedgroup){ | |
| 347 svr_opts.restrict_group_gid = restrictedgroup->gr_gid; | |
| 348 } else { | |
| 349 dropbear_exit("Cannot restrict logins to group '%s' as the group does not exist", svr_opts.restrict_group); | |
| 350 } | |
| 351 | |
| 333 } | 352 } |
| 334 | 353 |
| 335 if (recv_window_arg) { | 354 if (recv_window_arg) { |
| 336 opts.recv_window = atol(recv_window_arg); | 355 opts.recv_window = atol(recv_window_arg); |
| 337 if (opts.recv_window == 0 || opts.recv_window > MAX_RECV_WINDOW) { | 356 if (opts.recv_window == 0 || opts.recv_window > MAX_RECV_WINDOW) { |
| 509 char *hostkey_file = svr_opts.hostkey_files[i]; | 528 char *hostkey_file = svr_opts.hostkey_files[i]; |
| 510 loadhostkey(hostkey_file, 1); | 529 loadhostkey(hostkey_file, 1); |
| 511 m_free(hostkey_file); | 530 m_free(hostkey_file); |
| 512 } | 531 } |
| 513 | 532 |
| 533 /* Only load default host keys if a host key is not specified by the user */ | |
| 534 if (svr_opts.num_hostkey_files == 0) { | |
| 514 #if DROPBEAR_RSA | 535 #if DROPBEAR_RSA |
| 515 loadhostkey(RSA_PRIV_FILENAME, 0); | 536 loadhostkey(RSA_PRIV_FILENAME, 0); |
| 516 #endif | 537 #endif |
| 517 | 538 |
| 518 #if DROPBEAR_DSS | 539 #if DROPBEAR_DSS |
| 519 loadhostkey(DSS_PRIV_FILENAME, 0); | 540 loadhostkey(DSS_PRIV_FILENAME, 0); |
| 520 #endif | 541 #endif |
| 521 | 542 |
| 522 #if DROPBEAR_ECDSA | 543 #if DROPBEAR_ECDSA |
| 523 loadhostkey(ECDSA_PRIV_FILENAME, 0); | 544 loadhostkey(ECDSA_PRIV_FILENAME, 0); |
| 524 #endif | 545 #endif |
| 546 } | |
| 525 | 547 |
| 526 #if DROPBEAR_DELAY_HOSTKEY | 548 #if DROPBEAR_DELAY_HOSTKEY |
| 527 if (svr_opts.delay_hostkey) { | 549 if (svr_opts.delay_hostkey) { |
| 528 disable_unset_keys = 0; | 550 disable_unset_keys = 0; |
| 529 } | 551 } |