search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
dropbar: Update to version 2013.60.1.
[tomato.git] / release / src / router / dropbear / svr-runopts.c
blobf6ce86cebd69d7b7902887a71f148fbbdb7073bc
1 /*
2 * Dropbear - a SSH2 server
3 *
4 * Copyright (c) 2002,2003 Matt Johnston
5 * All rights reserved.
6 *
7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
13 *
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
16 *
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
20 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
23 * SOFTWARE. */
24
25 #include "includes.h"
26 #include "runopts.h"
27 #include "signkey.h"
28 #include "buffer.h"
29 #include "dbutil.h"
30 #include "algo.h"
31
32 svr_runopts svr_opts; /* GLOBAL */
33
34 static void printhelp(const char * progname);
35 static void addportandaddress(char* spec);
36
37 static void printhelp(const char * progname) {
38
39 fprintf(stderr, "Dropbear server v%s https://matt.ucc.asn.au/dropbear/dropbear.html\n"
40 "Usage: %s [options]\n"
41 "-b bannerfile Display the contents of bannerfile"
42 " before user login\n"
43 " (default: none)\n"
44 #ifdef DROPBEAR_DSS
45 "-d dsskeyfile Use dsskeyfile for the DSS host key\n"
46 " (default: %s)\n"
47 #endif
48 #ifdef DROPBEAR_RSA
49 "-r rsakeyfile Use rsakeyfile for the RSA host key\n"
50 " (default: %s)\n"
51 #endif
52 "-F Don't fork into background\n"
53 #ifdef DISABLE_SYSLOG
54 "(Syslog support not compiled in, using stderr)\n"
55 #else
56 "-E Log to stderr rather than syslog\n"
57 #endif
58 #ifdef DO_MOTD
59 "-m Don't display the motd on login\n"
60 #endif
61 "-w Disallow root logins\n"
62 #if defined(ENABLE_SVR_PASSWORD_AUTH) || defined(ENABLE_SVR_PAM_AUTH)
63 "-s Disable password logins\n"
64 "-g Disable password logins for root\n"
65 "-B Allow blank password logins\n"
66 #endif
67 #ifdef ENABLE_SVR_LOCALTCPFWD
68 "-j Disable local port forwarding\n"
69 #endif
70 #ifdef ENABLE_SVR_REMOTETCPFWD
71 "-k Disable remote port forwarding\n"
72 "-a Allow connections to forwarded ports from any host\n"
73 #endif
74 "-p [address:]port\n"
75 " Listen on specified tcp port (and optionally address),\n"
76 " up to %d can be specified\n"
77 " (default port is %s if none specified)\n"
78 "-P PidFile Create pid file PidFile\n"
79 " (default %s)\n"
80 #ifdef INETD_MODE
81 "-i Start for inetd\n"
82 #endif
83 "-W <receive_window_buffer> (default %d, larger may be faster, max 1MB)\n"
84 "-K <keepalive> (0 is never, default %d, in seconds)\n"
85 "-I <idle_timeout> (0 is never, default %d, in seconds)\n"
86 #ifdef DEBUG_TRACE
87 "-v verbose (compiled with DEBUG_TRACE)\n"
88 #endif
89 ,DROPBEAR_VERSION, progname,
90 #ifdef DROPBEAR_DSS
91 DSS_PRIV_FILENAME,
92 #endif
93 #ifdef DROPBEAR_RSA
94 RSA_PRIV_FILENAME,
95 #endif
96 DROPBEAR_MAX_PORTS, DROPBEAR_DEFPORT, DROPBEAR_PIDFILE,
97 DEFAULT_RECV_WINDOW, DEFAULT_KEEPALIVE, DEFAULT_IDLE_TIMEOUT);
98 }
99
100 void svr_getopts(int argc, char ** argv) {
101
102 unsigned int i;
103 char ** next = 0;
104 int nextisport = 0;
105 char* recv_window_arg = NULL;
106 char* keepalive_arg = NULL;
107 char* idle_timeout_arg = NULL;
108
109 /* see printhelp() for options */
110 svr_opts.rsakeyfile = NULL;
111 svr_opts.dsskeyfile = NULL;
112 svr_opts.bannerfile = NULL;
113 svr_opts.banner = NULL;
114 svr_opts.forkbg = 1;
115 svr_opts.norootlogin = 0;
116 svr_opts.noauthpass = 0;
117 svr_opts.norootpass = 0;
118 svr_opts.allowblankpass = 0;
119 svr_opts.inetdmode = 0;
120 svr_opts.portcount = 0;
121 svr_opts.hostkey = NULL;
122 svr_opts.pidfile = DROPBEAR_PIDFILE;
123 #ifdef ENABLE_SVR_LOCALTCPFWD
124 svr_opts.nolocaltcp = 0;
125 #endif
126 #ifdef ENABLE_SVR_REMOTETCPFWD
127 svr_opts.noremotetcp = 0;
128 #endif
129 #ifndef DISABLE_ZLIB
130 opts.enable_compress = 1;
131 #endif
132 /* not yet
133 opts.ipv4 = 1;
134 opts.ipv6 = 1;
135 */
136 #ifdef DO_MOTD
137 svr_opts.domotd = 1;
138 #endif
139 #ifndef DISABLE_SYSLOG
140 svr_opts.usingsyslog = 1;
141 #endif
142 opts.recv_window = DEFAULT_RECV_WINDOW;
143 opts.keepalive_secs = DEFAULT_KEEPALIVE;
144 opts.idle_timeout_secs = DEFAULT_IDLE_TIMEOUT;
145
146 #ifdef ENABLE_SVR_REMOTETCPFWD
147 opts.listen_fwd_all = 0;
148 #endif
149
150 for (i = 1; i < (unsigned int)argc; i++) {
151 if (nextisport) {
152 addportandaddress(argv[i]);
153 nextisport = 0;
154 continue;
155 }
156
157 if (next) {
158 *next = argv[i];
159 if (*next == NULL) {
160 dropbear_exit("Invalid null argument");
161 }
162 next = 0x00;
163 continue;
164 }
165
166 if (argv[i][0] == '-') {
167 switch (argv[i][1]) {
168 case 'b':
169 next = &svr_opts.bannerfile;
170 break;
171 #ifdef DROPBEAR_DSS
172 case 'd':
173 next = &svr_opts.dsskeyfile;
174 break;
175 #endif
176 #ifdef DROPBEAR_RSA
177 case 'r':
178 next = &svr_opts.rsakeyfile;
179 break;
180 #endif
181 case 'F':
182 svr_opts.forkbg = 0;
183 break;
184 #ifndef DISABLE_SYSLOG
185 case 'E':
186 svr_opts.usingsyslog = 0;
187 break;
188 #endif
189 #ifdef ENABLE_SVR_LOCALTCPFWD
190 case 'j':
191 svr_opts.nolocaltcp = 1;
192 break;
193 #endif
194 #ifdef ENABLE_SVR_REMOTETCPFWD
195 case 'k':
196 svr_opts.noremotetcp = 1;
197 break;
198 case 'a':
199 opts.listen_fwd_all = 1;
200 break;
201 #endif
202 #ifdef INETD_MODE
203 case 'i':
204 svr_opts.inetdmode = 1;
205 break;
206 #endif
207 case 'p':
208 nextisport = 1;
209 break;
210 case 'P':
211 next = &svr_opts.pidfile;
212 break;
213 #ifdef DO_MOTD
214 /* motd is displayed by default, -m turns it off */
215 case 'm':
216 svr_opts.domotd = 0;
217 break;
218 #endif
219 case 'w':
220 svr_opts.norootlogin = 1;
221 break;
222 case 'W':
223 next = &recv_window_arg;
224 break;
225 case 'K':
226 next = &keepalive_arg;
227 break;
228 case 'I':
229 next = &idle_timeout_arg;
230 break;
231 #if defined(ENABLE_SVR_PASSWORD_AUTH) || defined(ENABLE_SVR_PAM_AUTH)
232 case 's':
233 svr_opts.noauthpass = 1;
234 break;
235 case 'g':
236 svr_opts.norootpass = 1;
237 break;
238 case 'B':
239 svr_opts.allowblankpass = 1;
240 break;
241 #endif
242 case 'h':
243 printhelp(argv[0]);
244 exit(EXIT_FAILURE);
245 break;
246 case 'u':
247 /* backwards compatibility with old urandom option */
248 break;
249 #ifdef DEBUG_TRACE
250 case 'v':
251 debug_trace = 1;
252 break;
253 #endif
254 default:
255 fprintf(stderr, "Unknown argument %s\n", argv[i]);
256 printhelp(argv[0]);
257 exit(EXIT_FAILURE);
258 break;
259 }
260 }
261 }
262
263 /* Set up listening ports */
264 if (svr_opts.portcount == 0) {
265 svr_opts.ports[0] = m_strdup(DROPBEAR_DEFPORT);
266 svr_opts.addresses[0] = m_strdup(DROPBEAR_DEFADDRESS);
267 svr_opts.portcount = 1;
268 }
269
270 if (svr_opts.dsskeyfile == NULL) {
271 svr_opts.dsskeyfile = DSS_PRIV_FILENAME;
272 }
273 if (svr_opts.rsakeyfile == NULL) {
274 svr_opts.rsakeyfile = RSA_PRIV_FILENAME;
275 }
276
277 if (svr_opts.bannerfile) {
278 struct stat buf;
279 if (stat(svr_opts.bannerfile, &buf) != 0) {
280 dropbear_exit("Error opening banner file '%s'",
281 svr_opts.bannerfile);
282 }
283
284 if (buf.st_size > MAX_BANNER_SIZE) {
285 dropbear_exit("Banner file too large, max is %d bytes",
286 MAX_BANNER_SIZE);
287 }
288
289 svr_opts.banner = buf_new(buf.st_size);
290 if (buf_readfile(svr_opts.banner, svr_opts.bannerfile)!=DROPBEAR_SUCCESS) {
291 dropbear_exit("Error reading banner file '%s'",
292 svr_opts.bannerfile);
293 }
294 buf_setpos(svr_opts.banner, 0);
295
296 }
297
298 if (recv_window_arg) {
299 opts.recv_window = atol(recv_window_arg);
300 if (opts.recv_window == 0 || opts.recv_window > MAX_RECV_WINDOW) {
301 dropbear_exit("Bad recv window '%s'", recv_window_arg);
302 }
303 }
304
305 if (keepalive_arg) {
306 unsigned int val;
307 if (m_str_to_uint(keepalive_arg, &val) == DROPBEAR_FAILURE) {
308 dropbear_exit("Bad keepalive '%s'", keepalive_arg);
309 }
310 opts.keepalive_secs = val;
311 }
312
313 if (idle_timeout_arg) {
314 unsigned int val;
315 if (m_str_to_uint(idle_timeout_arg, &val) == DROPBEAR_FAILURE) {
316 dropbear_exit("Bad idle_timeout '%s'", idle_timeout_arg);
317 }
318 opts.idle_timeout_secs = val;
319 }
320 }
321
322 static void addportandaddress(char* spec) {
323
324 char *myspec = NULL;
325
326 if (svr_opts.portcount < DROPBEAR_MAX_PORTS) {
327
328 /* We don't free it, it becomes part of the runopt state */
329 myspec = m_strdup(spec);
330
331 if (myspec[0] == '[') {
332 myspec++;
333 svr_opts.ports[svr_opts.portcount] = strchr(myspec, ']');
334 if (svr_opts.ports[svr_opts.portcount] == NULL) {
335 /* Unmatched [ -> exit */
336 dropbear_exit("Bad listen address");
337 }
338 svr_opts.ports[svr_opts.portcount][0] = '\0';
339 svr_opts.ports[svr_opts.portcount]++;
340 if (svr_opts.ports[svr_opts.portcount][0] != ':') {
341 /* Missing port -> exit */
342 dropbear_exit("Missing port");
343 }
344 } else {
345 /* search for ':', that separates address and port */
346 svr_opts.ports[svr_opts.portcount] = strrchr(myspec, ':');
347 }
348
349 if (svr_opts.ports[svr_opts.portcount] == NULL) {
350 /* no ':' -> the whole string specifies just a port */
351 svr_opts.ports[svr_opts.portcount] = myspec;
352 } else {
353 /* Split the address/port */
354 svr_opts.ports[svr_opts.portcount][0] = '\0';
355 svr_opts.ports[svr_opts.portcount]++;
356 svr_opts.addresses[svr_opts.portcount] = myspec;
357 }
358
359 if (svr_opts.addresses[svr_opts.portcount] == NULL) {
360 /* no address given -> fill in the default address */
361 svr_opts.addresses[svr_opts.portcount] = m_strdup(DROPBEAR_DEFADDRESS);
362 }
363
364 if (svr_opts.ports[svr_opts.portcount][0] == '\0') {
365 /* empty port -> exit */
366 dropbear_exit("Bad port");
367 }
368
369 svr_opts.portcount++;
370 }
371 }
372
373 static void disablekey(int type, const char* filename) {
374
375 int i;
376
377 for (i = 0; sshhostkey[i].name != NULL; i++) {
378 if (sshhostkey[i].val == type) {
379 sshhostkey[i].usable = 0;
380 break;
381 }
382 }
383 dropbear_log(LOG_WARNING, "Failed reading '%s', disabling %s", filename,
384 type == DROPBEAR_SIGNKEY_DSS ? "DSS" : "RSA");
385 }
386
387 /* Must be called after syslog/etc is working */
388 void loadhostkeys() {
389
390 int ret;
391 int type;
392
393 TRACE(("enter loadhostkeys"))
394
395 svr_opts.hostkey = new_sign_key();
396
397 #ifdef DROPBEAR_RSA
398 type = DROPBEAR_SIGNKEY_RSA;
399 ret = readhostkey(svr_opts.rsakeyfile, svr_opts.hostkey, &type);
400 if (ret == DROPBEAR_FAILURE) {
401 disablekey(DROPBEAR_SIGNKEY_RSA, svr_opts.rsakeyfile);
402 }
403 #endif
404 #ifdef DROPBEAR_DSS
405 type = DROPBEAR_SIGNKEY_DSS;
406 ret = readhostkey(svr_opts.dsskeyfile, svr_opts.hostkey, &type);
407 if (ret == DROPBEAR_FAILURE) {
408 disablekey(DROPBEAR_SIGNKEY_DSS, svr_opts.dsskeyfile);
409 }
410 #endif
411
412 if ( 1
413 #ifdef DROPBEAR_DSS
414 && svr_opts.hostkey->dsskey == NULL
415 #endif
416 #ifdef DROPBEAR_RSA
417 && svr_opts.hostkey->rsakey == NULL
418 #endif
419 ) {
420 dropbear_exit("No hostkeys available");
421 }
422
423 TRACE(("leave loadhostkeys"))
424 }
Tomato firmware and modifications.